An audit is a type of licensed business. It is carried out by certified independent physical and legal entities. The purpose of this activity is to confirm the reliability of tax, financial and accounting statements to reduce information risk to an acceptable level. This allows the company and interested parties to more effectively use the data. Consider this area in more detail and analyze the concept of audit risk.
Basic principles
The above definition reflects:
- The sole purpose of the exercise, which is to confirm the reliability of reporting.
- Requirements for conducting business - availability of licenses and certificates.
- A prerequisite is the work of independent entities.
An audit of financial statements is a check carried out by a competent organization, after which the service expresses its opinion on the level of reliability of the data provided in the accounting documents.
Performers Independence
It is determined by:
- The contractual relationship that is established between the company or an individual specialist and the client. This allows the auditor to choose the customer at his discretion and not depend on the orders of various government agencies.
- Opportunity to refuse to issue a conclusion to a customer before eliminating identified shortcomings.
- Freedom to choose an auditor or company entity.
- The inability to carry out checks during business or family relations with a client that go beyond the scope of the contract regarding control activities.
The law prohibits auditors from engaging in financial, commercial and other business activities not related to audits, consultations and other services permitted by the standards. The purpose of the measures is established by legal acts ensuring the regulation of this area, contractual obligations of the specialist and the customer.
General characteristics of the procedure
An audit is conducted for:
- Confirmation of the reliability of the submitted reports or a statement of their inconsistency.
- Monitoring compliance with the law and regulations through which the regulation of reporting and accounting rules, equity and liabilities, methodology for assessing the assets used.
- Establishing the completeness, accuracy and reliability of the reflection in the documentation of financial results, income and expenses in the course of the enterprise for a certain period.
- Identification of reserves for the most efficient use of own circulating and fixed assets, loans and other financial resources.
The audit objectives may be supplemented by the tasks stipulated in the contract with the customer. They can be, in particular:
- Development of measures to improve the profitability of the enterprise.
- Analysis of the correctness of tax assessment.
- Optimization of costs and performance and so on.
Tasks of specialists
In their activities, auditors:
- They analyze the preparation of reports and bookkeeping, the compliance of business transactions with the requirements of the law, and also assist in the restoration of information.
- They provide the necessary recommendations for the most effective tax planning and calculation.
- Advise on a number of issues related to reporting and accounting.
- Perform expert assessment and analysis of economic results.
- They explain legal and financial, technological and environmental issues, advise in the field of management, marketing.
- Assist in the development of constituent documentation.
- Provide information services.
Audit risk and materiality in an audit
During the analysis, specialists are far from always able to identify inaccuracies and deviations of the reported data from the real situation. This probability is called audit risk. It allows you to subjectively establish the possibility of recognition that, according to the results of the audit, reporting:
- May contain undetected significant misstatement after its reliability is confirmed.
- Includes significant inaccuracies, while they actually are not.
The specialist should use his own professional judgment in the analysis of such a probability. Accordingly, it should develop procedures to reduce audit risk. The occurring probability acts as the subject of insurance. The basis for its occurrence as a whole is the possible inefficiency of the accounting system, internal control of the customer, the risk of non-detection of errors in the documentation.
Requirements for the analysis of probability and its elements
They are established in Federal Rule No. 8, approved by government decree No. 405. The standard does not establish what the optimal audit risk should be. This issue is disclosed in the provisions directly related to the work of a particular specialist or company. In practice, the audit risk of 5% is considered optimal. This means that five out of a hundred expert-signed opinions contain incorrect data on contentious issues. A lower level of audit risk may adversely affect the competitiveness of the company conducting the analysis of the documentation.
Main methods
Risks of audit activity are identified in quantitative and qualitative ways. In the first case, the following model is applied: Ra = Rnm * Rk * Rnwhere:
- Rn is the probability of non-detection;
- Rnm - inherent risk;
- Rk is the risk of control funds.
In practice, this model can be used in different ways:
1. When establishing the values of the elements, the specialist can identify the level of materiality and audit risk.
2. By shifting emphasis to the value of the probability of non-detection and the corresponding number of necessary evidence. This method is considered the most effective. In this case, the model will look as follows:
Rn = Ra / (Rnm * Rk).
3. Tracking the relationship between the degree of probability and its elements, the quality and quantity of supporting information.
Quality method
In this case, the determination of audit risk is based on the knowledge of the customer, relevant experience and on the basis of reporting data in general or specific categories of operations. The identified value is subsequently used in event planning. If the audit risk indicators are determined at the planning stage, and during the analysis of documents the specialist received additional information, then he can change the indicators identified at the preparatory stage.
Main elements
Assessment of audit risk is carried out by analysis of the complex of its components. Let's consider them in more detail. An inherent risk is the exposure of the remaining funds or groups of transactions of the same nature to the distortions that may be material in the absence of certain means of ensuring compliance. According to the Federal rule indicated above, the specialist performing analytical work relies on his own professional judgment at the planning stage. This allows him to consider the following factors:
- The knowledge and experience of the management of the company, which analyzes the documentation, changes in the composition of the administrative apparatus for a specific time.
- Unusual pressure on the management structure of the client.
- The nature of the activities carried out by the customer.
- Factors influencing the industry in which the client works.
Preparatory stage
In the course of planning the analysis of documentation, the specialist must balance the materiality and audit risk. The first element is set for account balances and groups of operations of the same type. The correlation is carried out when the prerequisites for the preparation of financial statements appear or by the assumption that the inherent audit risk with respect to a certain premise will be high. In the analysis, the specialist must take into account a number of factors. In particular, they include:
- Customer accounts that are potentially prone to misstatement.
- The complexity of the statements on which the accounting of transactions and other events is based and which may require the involvement of an expert.
- The value of subjective judgment, which is necessary to establish balances on customer accounts.
- Exposure to assets of misappropriation or loss.
- The end of complex and unusual operations, especially the end of the reporting period.
- Events not subject to normal processing.
Conformity Tools
The risk of control methods is the likelihood that a misstatement that may appear with respect to funds or groups of transactions of the same kind remaining on the accounts and be significant, will not be prevented in a timely manner or identified and corrected using accounting and internal supervision systems. The indicators can be characterized as high if the analysis of accounting systems and management supervision is impractical or their functioning is ineffective. It should be noted that the audit risk of internal control is always present. This is due to the current limitations of accounting and management supervision systems. The indicator can be characterized as average in the following cases:
- The specialist has evidence that specific tools contribute to the prevention, detection, maintenance and subsequent correction of significant distortions.
- The auditor planned to test controls to confirm the analysis.
In the working documentation, the specialist should indicate:
- Understanding accounting and supervision systems.
- Analysis of these elements.
- Justification for risk assessment.
The smaller the score, the more arguments you need to provide.
Information processing
The federal rule contains methods for documenting information related to accounting and internal control systems. In particular, questionnaires, narrative descriptions, flowcharts, and lists are provided. Means tests include:
- Direction of requests.
- Observation.
- Checking the documentation.
- Reuse of controls.
In the course of studying the effectiveness of the application of management supervision methods, the specialist takes into account the sequence and model of their implementation. For his work, it is also important to establish the subject who used them. Based on the test results, the audit risk of management supervision tools is calculated. The specialist must establish whether he is in compliance with the initial indicators and how the detected difference can affect the upcoming analytical work.
Non-detection probability
It poses a risk that the procedures planned by the auditor do not allow to correct distortions in the remaining funds in the accounts or in groups of operations. It can have an independent or complex (with balances for other items) value.When developing an approach to conducting analytical work, the specialist takes into account preliminary measures during which the risks of the audit were identified. Taking into account that he should have the minimum acceptable indicators, he should plan the forthcoming analytical procedures. Regardless of what will be the inherent audit risk and the degree to which the means of managerial oversight are subject to distortion, the specialist should take certain measures with respect to the means and categories of operations that remain on the accounts.
Feedback
It exists between the probability of non-detection and a complex that includes inherent audit risk and exposure to misstatement of controls. The high degree of the last two elements in the aggregate obliges the specialist to conduct analytical work in a special way. In particular, he needs to reduce the likelihood of non-detection (as much as possible). So he can bring the overall audit risk to an acceptable value. With minimal indicators, a specialist can admit a higher probability of non-detection. Moreover, he can get the optimal value of the overall risk.
Plan changes
Valuation of items may change during the audit process. In this regard, necessary adjustments should be made to the planned procedures. If the auditor needs to reduce the risk of non-detection, he should:
- Review the measures taken, while providing for an increase in their number or a change in their content.
- Increase the lead time.
- To expand the volume of checked samples.
At the end of the work, the specialist should establish whether the initial indicators were confirmed. If the auditor finds that he cannot reduce the risk of non-discovery regarding the relevant balance sheet items or groups of transactions of the same type to the optimum minimum indicator, this may serve as the basis for the preparation of a modified opinion.
Important point
The auditor should provide the same degree of confidence. This is necessary so that with respect to the financial statements prepared in both small and large business entities, he could express an unconditionally positive opinion. It should be noted that a number of controls that can be used for large entities are inappropriate to use in small business. For example, in small companies, accounting may be carried out by a limited number of persons. They can fulfill the duties of both processing and storage of documentation. The separation of functions of employees may thus be limited or absent altogether.
Audit Risks: Examples
For a practical illustration of the above information, we take a hypothetical company that provides travel services. The average number of employees is about 50 people. The provision of services in the field of recreation is the main activity. Additionally, the company carries out the transportation of passengers, provides parking spaces, and rents property. The company is quite popular in its region, but in winter suffers losses due to lack of demand for services. There are three specialists in the accounting department. One of them is a cashier. The chief accountant carries out tax calculation, fills in magazines, orders, compiles reports, keeps statistics and the general ledger.
Almost all documents are executed manually. Magazines orders are filled in Microsoft Excel. The first accountant makes accounting for salaries, social benefits, performs other calculations with other employees. He also monitors the movement of materials, with the exception of fuel and lubricants and food, fixed assets, IBE. Work is automated to the bare minimum.The cashier keeps track of the implementation and use of the vouchers, fuels and lubricants and food products provided. The company lacks an internal audit department and an audit committee. Employees use special print media, no computers. The chief accountant does not conduct methodological work. Employees independently review periodically literature. The company does not have a workflow schedule, and there is no systematic work with local regulations. To calculate the level of materiality, the following indicators were taken as the main ones:
- Total costs.
- Gross sales volume.
- Reserves and capital.
- Accounts payable.
Since the company sells leisure services, the volume of sales will be considered the most important indicator. The degree of significance is 5. In addition, it is known that in winter the company suffers losses. In this regard, the second important indicator is the amount of debt. Its degree of significance is also 5. Equally important is the correct reflection of expenses. Its degree of significance is 4. There are no significant changes in equity. Therefore, it has a degree of 1. Since the value that is used to establish the level of materiality in terms of total expenses practically coincides with the calculated one, the value for this indicator will be low (3). Significant deviations are noted in debt.
In this regard, this indicator is assigned a value of 1. Relative to other elements, the value will be 2. The inherent risk at the enterprise is at the level of 50%. This indicates a mediocre organization of accounting. Since there is no audit service at the enterprise, the risk of control assets is 100%, or 1. This indicator does not in any way affect the decrease in the overall value. The probability of non-detection was estimated by the audit company at 17.99%. This value is due to insufficient experience in working with enterprises of this profile as a whole. The overall audit risk, taking into account the above indicators, was 6.65%. The optimal value is 5%. A decrease in the indicator could be achieved by attracting a specialist who has extensive experience in checking documentation at enterprises of a similar profile, conducting a continuous rather than selective analysis.