The term ’audit risk’ refers to the possibility that the auditors may unknowingly fail to appropriately modify their opinion on financial statements that are not well stated. It can also be stated that audit risk means the chance of damage to the audit firm as a result of giving an audit opinion that is wrong in some particular. Damage to the audit form may be in the form of monetary damages paid to a client or third party as compensation for loss caused by the conduct (for example, negligence) of the audit firm or simply loss of reputation with the client (and perhaps also the audit) or the business community.
Audit risk is reduced by gathering evidence – the more the evidence gathered, the less the audit risk assumed.
In this unit, you will be considering the following topics.
- Types of audit risks;
- Audit firm organisation and audit risk;
- Particular audits and audit risk;
- Risk-based audit methodology.
At the end of this unit, you should be able to:
- define audit risk
- explain the types of audit risk
- describe the features of audit firm organisation
- minimise risk
- explain the risk-based audit methodology.
3.0 MAIN CONTENT
3.1 Audit Risks – Types
There are three types of audit risks, namely:
- normal audit risk
- higher than normal audit risk and
- audit work risk
3.1.1 Normal Audit Risk
All audits involve risk. However strong the audit evidence and however careful the auditor, there is always a possibility of an error or fraud being undetected. In general, if there are indications that audit risk is normal and there are no indications of higher than normal risk, then the auditor could be regarded as one that:
- organises his office and staff in a competent manner;
- follows the auditing standards and guidelines; he is unlikely to be found negligent and to have to pay damages as a consequence of fraud or error not discovered by him.
Indications that risk is normal may include the following:
- Past experience indicates risk is normal;
- The management and staff of the client are competent and have integrity;
- The accounting system is well designed, it works and it is subject to strong internal controls;
- The client is old established and is not subject to rapid change;
- The board of directors is actively engaged in the company and control and its leadership is of good quality;
- The board of directors has competent non-executive directors and better still, an audit committee.
audit risk is normal, then the auditor may approach his audit by relying on:
- key controls;
- substantive tests;
- analytical review.
3.1.2 Higher than Normal Risk
Some audit assignments involve high audit risk. Some audits contain at least one area of high risk.
Indications of higher than normal audit risk are as follows:
- Previous experience;
- Future plans of the enterprise which include sale or flotation on the Stock Exchange of the company;
- High gearing;
- Liquidity problems;
- Poor management;
- Lack of controls and/or poor book-keeping;
- Recent changes of ownership/control;
- Dominance by a single person;
- Rapid staff turnover;
- In small companies, non-involvement of the proprietor or conversely over-reliance on management for control;
- Changes of accounting procedures or policies;
- Evidence from background research;
- Over-reliance on one or a few products, customers, suppliers;
- Recent high investment in new ventures or products;
- Problems inherent in the nature of the business e.g. stock counting or valuing difficulties, difficulty in determining the extent of liabilities, warranty claims, cut-off;
- The existence of ‘put upon enquiry’ situation.
The audit approach in high risk situations must be:
- to use high caliber audit staff;
- collection of a wide range of audit evidence in each area;
- meticulous preparation of audit working papers;
- probing of all high risk areas to the bottom;
- extreme care in drafting the audit report.
3.1.3 Audit Work Risk
All audit work involves normal risk and some audit works involve higher than normal risk. This is because there is always a possibility of the accounts containing a misstatement due to error or fraud.
In addition to the audit risk arising from client activity, there is also a risk that the audit work may be of an inadequate standard.
The risk arising from audit work may include the following:
- Failure to recognise ‘put upon enquiry’ situations;
- Failure to draw the correct inferences from audit evidence and the analytical review;
- Use of the wrong procedures in a particular situation;
- Failure to perform necessary audit work because of time or cost considerations;
- Failure to detect error or fraud because of poor sampling method or inadequate sample sizes.
SELF-ASSESSMENT EXERCISE 1
- What is audit risk?
- What factors might indicate that risk is normal?
3.2 Audit Firm Organisation and Audit Risk
It is essential that an audit firm should organise its affairs in such a way as to minimise the risk of paying damages to clients or others arising out of negligent work.
Features of organisation, which may minimise risk are as follows:
- Proper recruitment and training of all personnel;
- Allocation of staff with appropriate ability to particular audits;
- Planning of the work of the firm in such a way that each audit can be approached in a relaxed but disciplined way and timing problems can be accommodated;
- Two-way communication with staff on matters of general concern and in connection with specific audits;
- Use of audit manuals which conform to the audit standards and guidelines;
- Use of audit documentation which is comprehensive and yet which allows for special situations;
- Use of budgetting and other techniques to ensure that audits are remunerative and yet risk- minimising;
- Use of precise and frequently updated letters of engagement;
- Use of review techniques for all audits;
- Existence of technical section so that all new developments (accounting, law, audit procedures) are rapidly incorporated into the firm’s actions.
3.3 Particular Audits and Audit Risk
Risks arising from a particular audit can be minimised by:
(a) techniques for recognising the existence of audit risk;
(b) segregating normal risk areas from high risk areas;
(c) allocating staff who are competent to do the work especially in high risk areas;
(d) extensive background research into the client and its industry;
(f) comprehensive documentation;
(g) good briefing of audit staff;
(h) emphasis to staff on the need for recognition of high risk situations and good communication when high risk or put upon enquiry situations are discovered;
(i) particular attention to the conclusions reached from audit evidence;
(j) special emphasis on the analytical review;
(k) review of the audit work by a senior auditor unconnected with the
(l) emphasis on materiality considerations and sample sizes.
3.4 Risk- based Audit Methodology
Audit costs have been rising steadily in the last few years. At the same time, audit fee resistance has risen due to competition, low growth in the market and the growth of competitive tendering for audits. Consequently, audit firms are continually trying to reduce audit costs while at the same time reducing audit risk. This has led to the idea of risk-based auditing being in some sense a distinct approach to auditing. Historically, auditing has progressed from being a largely substantive testing process, through a largely systems based process into a risk based method which uses a range of audit techniques including: substantive testing, internal control compliance, analytical review and the use of inherent factors. Inherent factors include background knowledge of the client and past audit record indicating no special difficulties. According to Mautz and be material and the risk factors assessed, the following set of figures might be assembled: