Risk Based Auditing

Risk Based Auditing

DEFINITION AND MEANING OF RISK-BASED AUDITING

Risk based auditing in its simplest form is a relatively new way of independently and objectively obtaining evidence regarding assertions about a process for the purpose of forming an opinion about the process and subsequently reporting on the degree to which the assertions are implemented. Auditors literally start the audit process by equipping themselves with knowledge of the nature of the business of the entity and its business environment. Auditors arm themselves with sufficient information about a business and its environment so as to assess risk before making a decision of either performing a compliance test or a substantive test.

COMPLIANCE TESTING VS SUBSTANTIVE TESTING

Compliance test: this is simply an act of gathering evidence for the purpose of testing an organization’s compliance with control procedures and processes in relation to external rules, legal requirements, and regulations. Compliance gives the auditor an insight into the level of compliance with policies and procedures by the management. The aim of a compliance test is to give the auditor reasonable assurance that the internal control structure which the auditor plans to rely on is in fact operating as the auditor had already perceived it to be from the preliminary stage of the audit process.

Substantive test: this is the process of gathering evidence in order to evaluate the integrity of individual transactions, processes, data, and other information. This is to say that a substantive test lives up to its name by substantiating the integrity of actual processing. For example, auditors through substantive test, gathers evidence regarding the validity and integrity of the balances found in the financial statements of a company and the balances that supports them.

Auditors perform substantive test when control testing (compliance test) indicate that there is no control or the presence of weak controls. Make sure you take home the difference between compliance and substantive testing.

The sole aim of this comprehensive process is to ensure that company objectives are met. Risk-based approach is used to develop and continually improve the continuous audit process. It is worth stressing that risk based approach to auditing helps auditors determine the nature and extent of auditing that needs to be done in an efficient manner. In business valuation, this process is similar to the fundamental analysis process that an equity analyst perform in order to help him or her come up with an intrinsic value of a company. The next section of this article will take you through the process of effectively and efficiently performing a risk-based audit.

RISK-BASED AUDIT APPROACH OR PROCESS

Risk based auditing is generally composed of five broad stages. There is no hard and fast rule of what constitute each stage, but, the most importance facets of those stages are covered in this section.

FIVE (5) STAGES OF RISK BASED AUDIT

  1. INFORMATION GATHERING AND PLANNING STAGE
  2. MASTERY OF INTERNAL CONTROL STAGE
  3. COMPLIANCE TEST STAGE
  4. SUBSTANTIVE TEST STAGE
  5. CONCLUSION AND PRODUCTION OF REPORT STAGE

IMPORTANCE OF RISK BASED AUDIT

The fact that risk based auditing encourages auditors to have integrated knowledge of businesses makes the whole process of auditing less daunting as it used to be. By understanding the fundamentals of the business models of a company, auditors can easily identify and categorize risks which will in turn help better determine the risk model or approach that would be most suitable for the audit. Other benefits of following the risk based approach of auditing are listed below:

  • Better understanding of business and its environment
  • Increased chance of achieving audit objective
  • Saves resources
  • Makes audit planning easier

TYPES OF AUDIT RISK

In as much as audit risks shouldn’t bother an auditor that approaches that audit procedure from the risk-based perspective (auditors are not just relying on risk when following the risk-based auditing, they also rely on internal and operational controls as well as the knowledge of the company), this article will not be complete without drawing your attention to the types of audit risks that an auditor might face and when such audit risks surfaces. Audit risk can be categorized as:

  • Inherent risk
  • Control risk
  • Detection risk
  • Overall risk

Who's Online

We have 260 guests and no members online

C.A.S.E Calendar

Last month November 2024 Next Month
S M T W T F S
week 44 1 2
week 45 3 4 5 6 7 8 9
week 46 10 11 12 13 14 15 16
week 47 17 18 19 20 21 22 23
week 48 24 25 26 27 28 29 30