Many of us think that the job of an auditor is very fascinating and easy, but it is not so, the job of an auditor is very hectic and involves lot of hard work and commitment. It involves checking whether the financial statements of the entity are free from material mis-statement, are in accordance with the applicable accounting standards, checking the internal controls of the entity which are relevant for the audit, and lastly to express an opinion on the financial statements
The work of an auditor is very time consuming and it is not possible to 100% check the Books of Accounts of the entity. So, the auditor adopts Sampling and judgement based on his past experience and knowledge. But there is always the risk of presence of the material mis-statement in the Books of Accounts that may remain undetected. So, the auditor needs to follow Risk Based Audit Approach.
The Risk Based Audit Approach is designed and implemented by the auditor to focus the nature, timing and extent of the audit procedures on those areas which have high potential of material mis-statement. The auditor should focus on those areas where there is high risk of material mis-statements as compared to those where there is low possibility of risk.
SA 315 Identifying and Assessing the Risks of Material Misstatement through Understanding the Entity and its Environment and SA 330 The Auditors’ Responses To Assessed Risks are the two Standards on Auditing among others that concentrate on this topic.
The Risk Based Audit Approach first requires an auditor to understands the entity and its environment. By doing this he is able to identify the risks that may result in material mis-statement. Next, he performs assessment of the identified risks. It involves considering the nature of risks, areas which could be affected, considering whether it is pervasive or not, gathering audit evidence for the same.
NEED FOR RISK BASED AUDIT PLAN
Every audit assignment presents a different challenge to an auditor because two audit assignments cannot be same. For example two entities differ from each other in the terms of their structure, ownership and nature. There is no specific approach to audit, but it is normally believed that the risk based approach to audit will minimize the chances of the risks that are present in the financial statements and will present the true and fair view. Since time is the limiting factor and it is not possible to review each and every account, transaction and balance, hence the auditor adopts risk based audit approach and plans his work accordingly.
It is the risk that the auditor might express an wrong opinion on the financial statements. For example, the auditor might say that the financial statements gives an unqualified opinion without knowing that the financial statements are materially mis-stated. Three elements of the audit risk are as follows:-
Generally the following steps are involved in the Risk Based Audit Approach:
1. Understanding : It means understanding the entity and its environment for identifying and assessment of the risks. An auditor should have the knowledge about the entity and its environment like the nature, the structure, the ownership and the internal controls of the entity. This information can be obtained by observation, enquiry, inspection, documentation, and performing analytical procedures.
Understanding the entity’s internal control framework is often problematic for auditors, particularly in knowing what controls to focus on, and what type of information, and how much information, to obtain on the controls. Auditors need to understand those controls (individually or in combination) that are considered likely to be relevant to the audit (for example controls related to financial reporting) – not all the controls the entity employs in managing its business.
2. Risk Assessment : Understanding the entity and its environment helps the auditor to identify those areas where there can be risk of material mis-statements. With his skill, knowledge and experience he is able to detect those accounts, balances and transactions where the risks exist. After identifying the risks then he has to assess the risks ie evaluate the impact of the risks, whether they are material or not, whether they are pervasive or not. Then accordingly he plans his audit procedures ie Substantive and Compliance Procedures.
The initial risk assessment is performed at the audit planning stage, with it being reassessed and revised if new risks are identified during the audit. The auditor exercises professional judgement in evaluating and classifying each risk according to its potential to create a material misstatement in the financial report as a whole or at the account and assertion levels.
3. Response : Responding to risks involves obtaining Sufficient and Appropriate Audit Evidence regarding the assessed risks of material mis-statement. An auditors needs to design his response to the assessed risks after evaluating the following points:
4. Conclusion : Once the audit procedures have been performed to the assessed risks the auditor now evaluates that whether the audit evidence that are obtained are sufficient and appropriate or not and if he thinks that appropriate evidences have not been obtained then he needs to revise his audit procedures and perform them again.
The design of the audit program to address identified risks involves:
DIFFERENCE : (Between Traditional Approach and Risk Based Approach of Audit)
BENEFITS OF RISK BASED AUDIT
Following are the benefits of the risk based audit approach:-
Lastly we can say that with the growing size of the entities and increase in the number of frauds and errors, Risk Based Audit Approach of auditing is really helpful for the auditors because it saves time, efforts and minimizes the risks that are present in the financial statements of an entity.
Contributed By : Deepika Agarwal (CA Final Student)