Audit risks are errors and frauds that may arise due to miscalculations during the time of preparing a financial statement of a company. An audit risk may be intentional or unintentional by the employee or the management. It can also come up as a result of the internal or external auditors’ actions. Therefore, financial statements should be free from any risks because they may affect the general picture of the company and the users of the company’s financial statements. The users of the company’s audited financial statements are concerned with the company’s financial statements, especially when making investment decisions. Other parties who may be interested in audited financial statements include the government when assessing whether the CSR Limited Company has complied with the set standards of maintaining books of accounts. Others include the shareholders, especially during payment of dividends, and the tax collectors, who are interested in knowing how much corporate tax should be deducted from the company. This is later audited by an internal or external auditor to assess the amount of tax paid by the company. However, the company can minimize tax deduction liabilities by having some other subsidiaries. the company’s management can decide to declare a loss in their financial statements to enable minimal tax deduction of the holding company.
CSR Limited should avoid audit risks to build investors’ confidence. It should ensure that their books of account are free from risks and are accurate. Therefore, the management claims should be considered during auditing. The auditors always consider assertion by the company and then prove whether it is correct by auditing various accounts. These include auditing revenue account, audit of acquisition and payments trends, audit of cash and other liquid assets, and also audit of fixed assets and related expenses accounts.
The auditor’s independence should be adhered to during auditing. This means that the external auditor, who is not an employee, should conduct the auditing freely without any intervention by the management. However, he should look for an explanation from the internal auditor or the management when need arises.
The company should have followed all aspects of International Standards on Auditing (ISA) and also the Generally Accepted Accounting Principles (GAAP). These are bodies that lay special guidelines for auditing and accounting for different types of accounts to avoid audit risks.
According to ISA 315, the assertion is grouped into three different categories:
- Transactions and event assertion. This involves an occurrence where the transactions and events should be recorded when they occur. It also involves completeness in recording, classification in the proper accounts, accuracy in the recording of information in the correct accounts, and the cut-off where all transactions should be considered (Puttick, Esch & Kana 2008).
- Account balances at the end of the accounting period assertion. This entails the existence of all assets and liabilities balances at the end of the accounting period. There is also valuation and allocations, which implies that all assets and liabilities should be valued and allocated properly. Completeness involves the recording of all the assets, interests, and liabilities in a financial statement. Rights and obligations mean that only assets that a company owns should be recorded in financial statements.
- Presentation and disclosure. This involves the occurrence, completeness, and classification and understandability. It also involves the valuation and accuracy of financial and non-financial information in the financial statements.
Different assertions are given to different accounts in various financial statements which the company maintains.
Audit risks that may have a significant impact on the audit of CSR Limited are discussed below. The key assertion and accounts state that an auditor should always assess the risks when working for the client like CSR Limited Company. The auditor should ignore the presence of internal control by the client.
This involves all risks that arise from misstatements which are material and cannot be detected or prevented in time by the company’s internal auditor. Therefore, a strong internal control system should be put in place. In CSR Limited, any misstatement in the revenue account can only be detected by the internal auditor upon preparation of the final financial statement. The auditor should consider the strength of the internal control system in order to mitigate the control risks in accounts. These include the receivable, which the management may overstate or understate. Before auditing, the auditor needs to interview members of that company and the management and see how they do their jobs. This helps to assess and control any risks. The management has the responsibility of producing financial statements. Therefore, the internal control system should be effective and should give accurate reports.
In the efficient control environment, the control activities and procedures should be put in the place. These are;
- Duties segregation by the management. Duties like record-keeping, file keeping, computer installation, purchase orders, and paying orders should be done by a separate person.
- Enough records and documents. CSR Limited should maintain proper documents like invoices, purchases, and customer orders in proper files. The records should be numbered so that it will be easy to identify a missing file or record.
- Assets and records can be controlled physically. This involves the safety of assets like furniture and equipment which may have been misplaced or lost. The management should put in place all physical control measures like locking assets in a room or electric fences to protect them.
This is a risk where an auditor is not able to detect material misstatement. Therefore, it is hard for the auditor to determine what is material or immaterial. This risk mostly affects cost accounts on the firm’s income statement, and the internal auditor may fail to detect the misstatements and express an unfavorable opinion (David 2010).
This risk entails suspicions by the auditor of assertion of misstatement assuming that there is no control. Mostly, inventory accounts are the ones that are prone to inherent risks. The misstatement may be individual or aggregated. For instance, double counting of sales, bad valuation of stock, and failure to cater for any accounting changes could lead to misstatements. The inherent risk can be assessed in audit. Auditors must determine risks when working with clients. Auditors should ignore the internal control system of the company in order to detect the inherent risks. The auditor’s job in assessing inherent risks is evaluating the suspicion of the financial statements’ assertions, depending on the nature of the company and the material misstatement. Inherent risks can be contributed by:
- External environmental factors. These factors lead to an increase in inherent risks, rapid alteration in business inventory especially depreciation, and short expiry dates of the products, which may result in stiff competition in the market (Maire 2006). The factors may also affect the general level of state economy and the availability of sources of revenue. If the sources are limited, there may be inherent risks that may lead to the collapse of the business.
- Misstatements done in the previous financial period can lead to material effects in the existing financial year. This may be because of understatement and overstatement. In auditing, the overstatement or understatement do not offset each other.
- Fraud suspicions. If the company management suspects theft of assets and cash, the incidence of inherent risks is high. For instance, if the customers pay in cash, the financial position of the business and cash account is prone to inherent risks associated with fraud or theft.
Residual risks are also referred to as secondary risks. These risks are those that remain in the company’s internal auditing environment, even after setting controls to prevent the inherent risks of the auditing elements in CSR Limited. The residual risks occurring in the company are high due to fraudulent payments, financial result manipulation, inaccurate record revenue, internet protocol address, inadequate information technology security, inadequate investors, rules changes, planning succession, pricing of products wrongly, and integrations acquisition.
In conclusion, audit opinion differs depending on the kind of risk that has been assessed. The impact of the risks to the financial statements may cause the auditor to give either qualified reports or unqualified reports. The opinion by audit will be used by the management and other interested parties to make informed decisions. Therefore, CSR Limited should put in place the correct internal control system to detect and prevent all kinds of risks, fraud, and errors.
David, K 2010, Risk Types from Auditing. Web.
Maire, L 2006, How to Assess Inherent Risk in an Audit – For Dummies. Web.
Puttick, G, Esch, S, & Kana, P 2008, The Principles and Practice of Auditing, Juta and Company Ltd, UK.