Risk-based auditing

Risk-based auditing is a style of auditing which focuses upon the analysis and management of risk.

In the UK, the 1999 Turnbull Report on corporate governance required directors to provide a statement to shareholders of the significant risks to the business. This then encouraged the audit activity of studying these risks rather than just checking compliance with existing controls.^[1]

Standards for risk management have included the COSO guidelines and the first international standard, AS/NZS 4360.^[2] The latter is now the basis for a family of international standards for risk management — ISO 31000.

A traditional audit would focus upon the transactions which would make up financial statements such as the balance sheet. A risk-based approach will seek to identify risks with the greatest potential impact. Strategic risk analysis will then include political and social risks such as the potential effect of legislation and demographic change.^[3]

An experiment suggested that managers might respond to risk-based auditing by transferring activity to accounts which are ostensibly low risk. Auditors would need to anticipate such attempts to game the process.^[4]

References

Citations

↑ Griffiths 2005, p. 2.
↑ Griffiths 2005, p. 40.
↑ Eilifsen, Knechel & Wallage 2001, p. 199-201.
↑ Bowlin 2011.

Sources

Bowlin, Kendall (July 2011), "Risk-Based Auditing, Strategic Prompts, and Auditor Sensitivity to the Strategic Risk of Fraud", The Accounting Review, Vol. 86 (4): 1231–1253
Eilifsen, Aasmund; Knechel, W. Robert; Wallage, Philip (2001), "Application of the Business Risk Audit Model: A Field Study", Accounting Horizons, Vol. 15 (3): 193–207, doi:10.2308/acch.2001.15.3.193
Griffiths, Phil (2005), Risk-based auditing, Aldershot: Gower, ISBN 0566086522

This article is issued from Wikipedia - version of the 7/26/2016. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.