The concept of this question needs the explanation of inter-relation between business risk and audit risk, which is automatically, must include the risk analysis as an approach to auditing to overcome with the concern of handling these risks. Before entering deeper to the business risk and how an auditor can manage and be aware of these risks, lets define and describe some of the terms which is related to this question as follows:- Business risk is generally defined as the threat posed by an event or action to a business’s ability to achieve its ongoing objective.
For commercial organizations, the primary objective is likely to be the maximization of profit, so business risks can be thought of as anything that will prevent the company making as much profit as possible. Since the opposite of huge profits is huge losses, and companies making huge losses will generally go out of business, I could also think of business risks as being forces pushing a company in the direction of going concern problems. Business risk measurement is the process by which companies determine what risks the business faces for each part of the operation.
There are several different methods used to measure the risk of a business. Every company usually has a department that is responsible for determining the risk of every endeavor in which the company engages. Internal audit – is an independent management function, which involves a continuous and critical appraisal of the functioning of an entity with a view to suggest improvements thereto and add value to and strengthen the overall governance mechanism of the entity, including the entity’s strategic risk management and internal control system.
External audit-is a periodic examination of the books of accounts and records of an entity. It is carried out by an independent auditor if the books of account are accurate and comply with established concepts, principles, accounting standards, legal requirements and give a true and fair view of the financial state of the entity. The objective of an Audit of financial statements is to express an opinion whether the financial statements are prepared, in all material respects, in accordance with an applicable financial reporting framework.
Modern internal Auditing- It is growth from operational and compliance auditing the modern internal audit process assessing how the system is functioning determining that risks and exposures are as minimal as perceived evaluating test data for future impact. Risk Management- is a process of thinking systematically about all possible risks, problems or disasters before they happen and setting up procedures that will avoid the risk, or minimize its impact, or cope with its impact.
It is basically setting up a process where you can identify the risk and set up a strategy to control or deal with it. Audit Risk- According to the IAASB the term audit risk is defined as risk that the auditor expresses an inappropriate audit opinion when the financial statements are materially misstated. Audit risk is a function of material misstatement and detection risk.
The business risk started from the organization itself depending on the structures of internal control system and policies implemented by an entity’s Board of directors, audit committee, management and other personnel to provide reasonable assurance of the entity achieving its objectives related to reliable financial reporting, operating efficiency, and compliance with laws and regulations. Internal auditors are personnel within an organization who test the design and implementation of the entity’s internal control procedures and the reliability of its financial reporting.
If the internal control of the organization is strong it reduces the business risk as well as audit risk for external audit process. A modern internal audit is very important, because the old image still exists to some extent for modern internal auditors. K. H. Spencer Pickett, a noted author in the field of internal audit, has identified the following stages in the evolution of modern internal audit: ( i) As a Sibling of External Audit: In the initial stages, internal audit began as an extended arm of an external/statutory audit of financial statements.
The main, but rather restricted, function of the internal audit at this stage was verifying the reliability of the financial information included in the financial statements. The internal audit function in this stage of evolution could not understandably add much value to functioning of the entity. (ii) As a Cross Check: In this stage of its evolution, internal audit was also re-quired to test non-financial information and transactions in terms of their correctness and compliance with the laid down policies and procedures. iii) As a Probity Police: At this stage of its evolution, the internal audit came to be more concerned about the probity aspects of the transactions especially those involving liquid and highly movable assets such as cash, stocks, etc. (iv) As a Non Financial Systems Police: As the global economy surged forward full steam, the need for having a fully fledged, strategically directed internal audit emerged as an inevitable service that could assist management in decision making, moving away from being merely a police on financial transactions.
Thus, emerged the modern internal audit where the latter was established as a separate function, in house or outsourced, with clearly laid down missions and objectives to be achieved. As of today, internal audit undeniably is the backbone of a sound corporate governance system. It’s true that the major audit problems resulted from risk that is why there is a need of setting or establishment of strong internal control system to reduce the business and audit risk as well as assist the management to make the organization decisions with less risk.
Under this condition, the need for internal audit is very important to ensure that the organization can avoid business risk as well as audit risk depending of the nature of business as follows:- (i) Increased size and complexity of businesses. Increased size and business spread dilutes direct management oversight on various functions, necessitating the need for a full time, independent and dedicated team to review and appraise operations. (ii) Enhanced compliance requirements. Increase in the geographical spread of the businesses has also led to crossing of political frontiers by businesses in a bid to tap global capital.
This has thrown up compliance with the laws of the home country as well as the laws of that land as a critical factor for existence of businesses abroad. (iii) Focus on risk management and internal controls to manage them. Internal auditors can carry out their job in a more focused manner by directing their efforts in the areas where there is a greater risk, thereby enhancing the overall efficiency of the process and adding greater value with the same set of resources. (iv) Un-conventional business models. Businesses today use unconventional models and practices, for example, outsourcing of non-core areas, such as accounting. v) Intensive use of information technology. Information technology (IT) is invariably embedded in all spheres of activities of a modern business enterprise today, from data processing to resource planning to online sales and ecommerce. Use of IT has, however, increased the threat of data thefts or losses on account of systems failure or hacking/ espionage, as well as the need to comply with the cyber laws, etc. (vi) Stringent norms mandated by regulators to protect investors. The regulators are coming up in a big way to protect the interests of the investors.
The focus of the latest regulations being ethical conduct of business, and enhanced corporate governance and financial reporting requirements, etc. (vii) Increasingly competitive environment. Whereas deregulation and globalization have melted the political as well as other barriers to entry in the markets for goods and services, free flow of capital, technology and knowhow among the countries as well as strong infrastructure has helped in bringing down the costs of production and better access to the existing and potential consumers.
This in turn, has lured more and more players in the existing markets, thereby, stiffening the competition. In modern business environment, the internal audit function has become a major support function for management, the Audit Committee, the Board of Directors, the external auditors, and other key stakeholders. When properly designed and implemented, the internal audit function can play a key role in promoting and supporting effective organizational governance. Relationship with the Audit Committee.
Audit committees need to oversee accurate financial reporting and disclosure, and help to sustain regulatory compliance, strengthen internal controls, and improve risk management. Aligning audit committee objectives with those of internal audit helps to unify oversight and allocate limited resources in the most efficient and effective ways. Internal audit is likely to appreciate a closer working relationship in assessing risks, planning the audit process, and interacting with experienced board members about emerging business risks.
The internal audit function provides audit committees with relevant reports and ongoing updates. They identify new risks and are entrusted to conduct high-level reviews in strategic ways. Audit committees have a great deal to gain by developing and empowering internal audit, and by working more closely with internal auditors to improve organizational oversight. Relationship with the Management. The early internal audit literature, e. g. , Sawyer, often portrayed internal auditors as the “eyes and ears of management”.
The basic role of internal audit service to management starts with understanding management problems and needs. Management often calls upon internal auditors to provide them assurance that risks are effectively identified and monitored organizational processes are effectively controlled, and organizational processes are efficient or effective. The internal auditor while performing audit provides timely observations arising from internal audit that are significant and relevant to their responsibility, as described in the scope of the engagement, to the management.
For this purpose, it is essential that internal auditor establishes communication channels with management through its planning process, through participation in various advisory meetings and boards, and through frank discussions with management over the results of audit. Relationship with the External Auditor. At no other time have the roles and relationships between internal and external auditors been so important. Both have a key role to play in helping to maintain confidence in the governance of an organization.
Both internal and external auditors need to operate alongside each other more effectively to meet the expectations of the stakeholders. Frequent and enhanced communication and co-ordination between internal auditors and the external auditors is critical to ensure that collective efforts are in the best interests of all stakeholders. An internal audit function can contribute positively to success and competitive advantage by helping management to ensure that there are effective processes in place to manage risk to an acceptable level and to achieve objectives.
In organizations where there is strong corporate integrity and a high regard for governance, internal audit makes a significant contribution. On the other hand, external auditor provides assurance to shareholders, and to the Board, that financial performance, as reported in the financial statements, is true and fair. While external auditors start with financial statement ending result, internal auditors start with the basic activities and work forward to achieve organizational objectives. Co-ordination of internal and external audit work increases economy, effi-ciency, and effectiveness of the overall audit process.