Upload
ghdava
View
792
Download
4
Embed Size (px)
DESCRIPTION
Difination of Risk assessment
Citation preview
1
Risk Management&
Audit Risk
Dr. Gholamhossein DavaniDr. Gholamhossein DavaniMember of High council of Iranian Association of Member of High council of Iranian Association of Certifeid Public Accountants (IACPA )Certifeid Public Accountants (IACPA )IICA,IMA,AAA,CFE,IIA,BAA,EAA,CAAAIICA,IMA,AAA,CFE,IIA,BAA,EAA,CAAA
2
Generally, Risk Management is the process of measuring, or assessing risk and developing strategies to manage it. Strategies include transferring the risk to another party, avoiding the risk, reducing the negative effect of the risk, and accepting some or all of the consequences of a particular risk. Traditional risk management focuses on risks stemming from physical or legal causes (e.g. natural disasters or fires, accidents, death, and lawsuits).
3
The Risk Assessment and Management Summary should include:
A methodology section explaining the risk definition and process used;
The identification of the parties involved in the process ;
A Risk Matrix o explain the criteria and define the levels of impact and likelihood; Identification of sources of risk, assessment of the likelihood and impact of
those risks, including the underlying assumptions made and a discussion of risk
mitigation actions (including management controls) taken and planned; and A summary of the key risks and a discussion of how they will be used to inform decisions
on the nature and extent of monitoring (including performance measurement), recipient and internal
auditing and evaluation .
4
What is an RBAF?
• The Risk-Based Audit Framework (RBAF is a management document that explains how risk concepts are integrated into the strategies and approaches used for managing programs that are funded through transfer payments.
• The RBAF provides: • background and profile information on the transfer
payment program including the key inherent risk areas (internal and external) that the program faces;
• an explicit understanding of the specific risks which may influence the achievement of the transfer payment program objectives;
• a description of existing measures and proposed incremental strategies for managing specific risks; and
• an explanation of monitoring, recipient auditing, internal auditing, and reporting practices and procedures
5
Audit Process
• Understanding of the entity & its environment
• Assessing the entity’s business risks
• Evaluate how entity responds to these risks
• Assess the risk of material misstatement• due to error or fraud
6
SOX Audit OpinionManagements Report on International Control (IC)
IC Weakness:
Material Misstatements could occur
IC Weakness:
Misstatements
DID Occur
No Identified IC Weakness
Auditor’s Report on
Management’s Assessment of
IC
Auditor’s Report on IC Effectiveness
Financial Statement Audit
Opinion
Restate financial
statements
Audit
Audit Opinion # 1
Audit
Opinion # 2
Audit Opinion #3
7
Potential Audit Opinions
Audit Opinion #3Financial
Statement Audit Opinion
Audit Opinion # 1Auditor’s Report on Management’s Assessment of IC
Unqualified “Fairly Stated”
Not Unqualified*Audit Opinion #2Auditor’s Report on IC Effectiveness
“Fairly Stated”
No Deficiencies“Maintained Effective Controls”
“Not Fairly Stated”
No Opinion
“Fairly Stated”163 FirmsDeficiencies“Not Maintained Effective Controls”
“Not Fairly Stated”
No Opinion7 Firms
8
Risk Interrelated Factors
• Audit risk (AR) is the risk that the auditor may unknowingly fail to appropriately modify his or her opinion on financial statements that are materially misstated. Audit risk is the product of the following three interrelated factors:
• IR = Inherent risk (the risk that an assertion is susceptible to a material misstatement, assuming there are no related controls)
• CR = Control risk (the risk that a material misstatement that could occur in an assertion will not be prevented or detected on a timely basis by the entity's internal control)
• • DR = Detection risk (the risk that the auditor will
not detect a material misstatement that exists in an assertion)
9
Thus, the "mathematical" depiction of the audit risk model in simple terms is
AR = IR x CR x DR Despite the precision implied by
rendering the model in mathematical terms, in reality it
is highly judgmental. The objective in an audit is to limit audit risk (AR) to a low level, as judged by the auditor.
10
Audit Risk Model
AR = IR x CR x DR
Set a planned level of audit riskAssess inherent risk and control riskDetermine appropriate level of
detection risk
11
Types of Misstatements
– Difference between a reported Financial statement (F/S) element and what would have been reported under GAAP
– Omission of a F/S element– F/S disclosure that is not presented in
accordance with GAAP.– Omission of information required to
be disclosed in accordance with GAAP.