Audit assessment of audit risk: types, methods, calculation

In the modern world of business and commercial enterprise development, external audit services are becoming increasingly important. Audit activity is an integral element of controlling the legitimacy of a particular firm's business procedures. Therefore, the audit, as the first basis of an independent extra-departmental audit by external auditors-specialists of the financial situation of a legal entity, is aimed at expressing a recommending opinion with a view to improving and optimizing the financial and economic side of the company’s development.

The audit was marked by the achievement of the main goal - the expression of an independent opinion on the reliability of the reporting (both financial and accounting) of the audited entity and the compliance of the accounting procedure with the current legislation of the Russian Federation. The main economic essence of the audit is to increase the needs of users of financial statements in a qualitative assessment by experts of its reliability. In view of this, an important aspect is the audit assessment of audit risk, its methods and methods of implementation. But for this it is worth familiarizing yourself with the concept of audit risk.

Audit risk

In the broad sense of audit risk, it is assumed that an independent auditor can express a false (erroneous) opinion based on incorrect calculations due to significant distortions in the content of the financial statements. The audit process is characterized by its inherent risk of issuing an incorrect (erroneous) conclusion due to objective circumstances that directly affect the conduct of a planned or sudden audit. In other words, this is the responsibility that the auditor assumes when issuing an opinion on the full and open reliability of the information contained in the external reporting, although in fact there may be errors and omissions that occurred, but did not fall into the scope of the inspector's view.

At the same time, risks are distinguished in the following areas:

• Auditor's professional ability - it means that each specific enterprise is provided with a specialist, taking into account the strict approach to the selection of the company being verified, its reputation, honesty and decency, as well as the degree of risk of operations carried out at that company.
• Expectations of the customer - there is always a danger that the control and audit service in the person of a commercial audit company may not meet the requirements of the customer company. It is also natural that in those cases when the selected audit company did not meet the expectations of the customer, the latter has the right to refuse to provide its services in the future.
• Quality of the audit - assumes that the conclusion of the audit service may turn out to be incorrect for any objective reason. This may be the failure to identify significant errors in the financial statements of an economic entity or a distortion after confirmation of its proven reliability. This is called audit risk. The assessment technique in this case can be determined based on specific situational indicators.

Regulation

At the legislative level, the concept of audit risk is described in the requirements defined at the level of Federal rule (standard) No. 8 “On assessment of audit risks and internal control carried out by the audited entity”. This legislative act was approved by the decree of the Russian government under number 405, issued 04.07.2003. Based on the content of this rule, the auditor agrees to use his own professional judgment in order to objectively assess audit risks. At the same time, he needs to develop those control and audit procedures that are needed to reduce the level of error to an acceptable level. The specific value, which is recognized as acceptably low, is not defined by this regulation. But in practice, this is considered a level of 5%. Simply put, out of hundreds of signed opinions, five audit opinions often contain distorted, incorrect information on controversial issues. A higher false reporting rate may adversely affect the competitiveness of a particular audit firm.

Audit risk factors

Examples of assessing the pathological dangers of issuing an incorrect or incorrect conclusion are reduced to the fact that it all depends on the variety of risks. In turn, each of them arises on the basis of any individual situations that contribute to the fact that the independent auditor makes a mistake, oversight, and skips distortion. For example, the following factors are considered factors affecting the occurrence of audit risks:

• insufficient qualifications of the internal auditor;
• short-term experience in external auditing;
• work in a narrow specificity (a single audit area), which does not allow comprehensive development and qualification in other areas of the audit;
• negligent attitude of management towards conducting a planned internal audit;
• lack of special literature on economic issues with audit and tax accounting audit features;
• irregular preparation and implementation of scheduled inspections for a certain period;
• management inaction regarding audits in problem areas of accounting.

AR assessment methods

International audit standards (ISAs) in the assessment of audit risk and the methodology for its implementation are based on the key points of the assessment based on the specific audit area. So, based on the level of assumptions and reporting, the auditors are guided by clause 5 of the international standard under number 315. Based on the types of operations performed, the specialist uses clauses 25 and 26 of ISA 315, and when it comes to business processes and, accordingly, business risks, 11, 37 and 40 points of the same standard are taken into account.

Audit risk assessment methods, in turn, are divided into quantitative and qualitative.

The first involves the calculation of the existing danger of distortion or incorrect interpretation of the information received during the audit, which is based on the total addition of all existing risks. The second method proceeds from those indicators that are not expressed in numbers, but also somehow affect the implementation of the verification. For example, the auditor is based in the course of audit activities on three main evaluation grades - low, medium, high. At the same time, it takes into account the qualifications and experience of the chief accountant of the audited company, the workload of him and his assistants, the scale of the business, the characteristics of managing and so on. Of the above, some of the factors receive a low rating, while others are medium or high. Of course, with such a plan of evaluation there is always an element of subjectivity. But this kind of methodology for summing up the results of verification activities still takes place and continues to be actively used among auditors.

Thus, not only quantitative indicators can affect the verdict being issued by the regulatory body, the accompanying nuances are also taken into account in the methodological study of the activities of a particular company, since often a lot depends on them.

Types of risks and calculation formula

Every experienced entrepreneur who has been carrying out his business activity for several years already knows that audit risk includes several of its subtypes. So, inherent components of this phenomenon are considered inherent threats, the risk of controls and the danger of non-detection. The specialist must assess the audit risk at the initial planning stage. Already during the audit, he receives additional information about the audited object and may make changes to his assessment, which was obtained at the preparatory stage.

Calculation of audit risk is carried out according to the formula:

- OAR = HP + PH + RSK, where:

OAR - general audit risk,

HP - inherent risks,

PH - risk of non-detection,

DSC is the risk of controls.

Inherent risk

This part in the general list of potential threats characterizes the susceptibility of residual amounts on the balance sheet of the accounting accounts to significant distortions that arise due to the failure of the company to exercise proper internal control during the audit assessment. In this case, the risk and audit methods of its analysis are based on its inseparability from the direct process: it is understood that of all possible potential threats, the verification procedure is accompanied by the probability of an error in the data.

Based on the clauses of Federal rule (standard) number 8, which describes the concept, types and assessment of audit risk, the specialist auditor takes measures to develop a general audit plan. He is also involved in the preparation of an audit program.

The general plan provides for the formation by the auditor of an opinion on the assessment of the components of audit risk, that is, in this case, when examining the financial statements, he relies on his own professional judgment. At the same time, it is mandatory to take into account:

• The depth and duration of the management experience of the audited entity, as well as the rotations held in the management team for a specific period of time.
• Gender and type of activity of the entrepreneur.
• External and internal factors that directly affect the market segment in which the audited company carries out its business functions.

In turn, the overall program of the auditor is correlated with the subject of the audit risk assessment and the reasons for possible discrepancies. Therefore, the specialist should compare the estimated indicators with real ones, assuming in advance that the inherent risk in this regard will be unambiguously high. And again, during the audit, the auditor will rely on his own professional opinion, guided by the following factors:

• the information content of the accounts of the audited company, which may be distorted for any reason;
• difficulties in certain segments of the accounting for business transactions and other events that often require the involvement of an expert person;
• the factor of subjectivity of the judgment, which is necessary for the correct comparison of the balance in the accounts of the audited client with the expected true value;
• belonging of assets to the threat of loss or misappropriation;
• features of the end of the reporting period, which is often accompanied by the completion of freelance and complex business operations;
• the presence of procedures that are usually not affected by the usual standard processing.

Thus, an inherent risk is characterized by the possibility of distortion of fund balances in the accounts of the audited firm. And most importantly, these inconsistencies can be significant.

Materiality level

Considering the fact that the target orientation of audit activities closely borders on assessing the reliability and veracity of the accounting and financial statements of a person undergoing audit, it should be understood that in the course of its work, the auditor is not required to confirm these statements and its reliability with absolute and steady accuracy. It is understood that the regulation establishes such a possible accuracy of the reporting indicators of the audited company, which provides the qualified user with the opportunity to draw correct conclusions and make appropriate economically reasoned decisions. Moreover, the establishment of the level of materiality plays a huge role. Assessment of audit risk and improvement of methods for assessing expected erroneous judgments is carried out by understanding how serious the possible deviations are.

The materiality of the identified information during the audit in accounting is the property of information to influence the adoption of economic decisions by external users of this information. Materiality itself provides for the inclusion of two aspects in its content: quantitative and qualitative.

Quantitative is a comparison of the analyzed indicators with regulatory data, suggesting the implementation of settlement measures to determine certain ratios, amounts, costs for the corresponding planned and unforeseen expenses, and so on.

The qualitative factor of determining the level of materiality on the example of assessing audit risk (and accounting, respectively, too) is used primarily to assess the degree of possible disclosure of specific information. As a rule, in such cases, a quantitative assessment is not applied, and the qualitative aspect is in this case an indispensable method for identifying the veracity and reliability of information obtained during accounting. This includes factors that the auditor assesses the level of materiality of the violations found regarding the requirements of legislative and regulatory documents at the time the business entity carries out business activities.

It is noteworthy that it is the materiality of the information that plays a direct role in the risk of non-detection.

Non-detection risk

International auditing standards provide specific definitions of this aspect of the audit conducted by the enterprise. Thus, according to ISA, the assessment of audit risk of non-detection provides for the possibility that the conduct of specific audit activities and the proper collection of evidence does not allow to identify errors that can exceed the acceptable level. In other words, this is a kind of indicator of the quality and effectiveness of the auditor. But it is worth noting that this indicator is directly proportional to the specific order of the audit, on the establishment of a representative sample, on the use of sufficient and necessary audit procedures, as well as on factors reflecting the qualifications of the audit company’s specialists and the level of their preliminary acquaintance with the business of the audited business entity.

Relying on the audit assessment of audit risk, the center and benchmark during which is directly the reliability, quality and impartiality of the auditor, it is possible to judge the degree of increase in the risk of non-detection. The auditor should determine it in his work and subsequently try to minimize it by planning an appropriate series of audit procedures. If we talk about this aspect in comparison with the risk of control or on-farm risk, the level of which can only be assessed, the risk of non-detection can be controlled by changing the nature, time and extent of separately conducted substantive checks. That is, these risks can be affected.

But there is also a feedback of these compared indicators.

• If the on-farm risk and the risk of controls are high, their growth requires the auditor to ensure that the audit is conducted in such a way as to minimize, as much as possible, the risk of non-detection, thereby narrowing the scope of the overall audit risk to an acceptable indicator.
• If the risk of controls and on-farm risk are low, this enables the auditor to have the right to assume a slightly higher risk of non-detection, while receiving an acceptable and adequate value in determining the value of the overall audit risk.

Audit assessment is carried out in order to identify distortions and determine their level of materiality. Thus, summing up the results of this type of audit threats during the audit, it is possible to make a logical conclusion. In assessing the components of audit risk, control measures do not make it possible to detect one or another distortion of fund balances on the balance sheet of accounting and changes in other groups of operations, the discrepancies in which together or individually can be considered significant. But at the same time, the human factor and the auditor’s actions, which may vary depending on the level of his skills, experience, and qualifications, remain a rather important link.

Audit Subjectivity

, , . , « », № 24 16.03.2001, .

, , – , , . . , , - .

. . , . , - - . . .

– . , , , , . .

, . , .

?

• They are able to convince the auditor of the reliability of the work envisaged by the enterprise and aimed at implementing controlling procedures over accounting and financial accounting, which are fundamental aspects of housekeeping that are often distorted.
• With their help, the auditor finds out whether such measures are effectively carried out to prevent the occurrence of significant violations of financial statements.
• Thanks to testing, you can determine whether certain controls are equally effective during the reporting period.

In addition, testing involves the inclusion of:

• The official verification of documents reflecting the conduct of business financial transactions, as well as the receipt in this connection of audit evidence that the controls worked and functioned with full dedication.
• Surveys and monitoring the execution of operations in order to obtain the proven usefulness of controls in cases where it is not possible to obtain direct documentary evidence of this.
• The results of other audit procedures to obtain data on the performance of various controls.

Moreover, when analyzing the effectiveness of testing control tools and assessing audit risk on a materiality scale, the auditor should pay particular attention to the fact that some of these tools may be quite effective in general, but not be separate in certain periods of time. With what it can be connected?

• The ineffectiveness of one or another means of control can be affected by illness, vacation, or another kind of short-term absence of an accountant who is responsible for the implementation of a specific audit section.
• It can also be a feature of the bookkeeping of a certain business entity, which reflects the seasonality of periods of performance in conditions of increased intensity.
• There are possible one-time, single or random errors made by specialists in their work areas.

The meaning of a correct audit is that the auditor must necessarily look at the audit comprehensively, providing for every possible factor that can affect the results of the audit study. So, his main goals include the need to analyze the negative results of testing controls with an adjustment in planning for these features. A competent specialist initially sees possible problem areas in the enterprise, and because of his experience, he often finds flaws and distortions due to his auditory instinct.

Instead of a conclusion

It is important to note that the auditor performs mandatory testing in almost all standard cases, except for those when he has to assess the risk of controls as high. As a result, when the auditor prepares the final stage of the audit with the adoption of his opinion, he needs to pay special attention to those means of control, which in his conclusions will bear the character of important arguments and aspects of the evidence base. Therefore, the more he plans to rely on them in his decision, the more carefully he needs to investigate their effectiveness, reliability and reliability.

Another interesting point: when conducting a scheduled audit, the auditor has the right to rely on the information base of previous periods. However, here it is also necessary to make sure that the assessment of the risk value made in the early period is also valid for the current year.