What is business risk in auditing and who is responsible to control such risk. Also explain how is that controlled and what importance it has for auditor to conduct audit engagement?
Doing day to day business involves carrying out numerous activities of different nature. It involves all kinds and sorts of business transactions. Some of these activities gets accounted for and some are simply dealt out of books.
However, everything business do has inherent benefits and inherent problems. And it is the job and responsibility of the management to counter the problems inherent in the events, activities or transactions of the business and cash-in only benefits implicit in such activities. Management has to face problems in everything it does and if it is too scared of problems they will never be able to get even the benefits.
Business risk is simply inability of the business to achieve its objectives due to inherent problems in any business activity or event. In other words possibility that inherent problems will not be controlled on time and will therefore effect the entity?s ability to achieve its business objectives is known as business risk.
Looking at it from another perspective, it is inherent risk (possibility that inherent problems of such nature exist that may cause problems) that causes business risk i.e. if inherent risks are not controlled then they will end up disturbing organisation?s ability to get its objectives and the possibility that inherent risk will increase to such extent that business wont be able to reach its objectives is called business risk.
Therefore, to control business risks, inherent risks are needed to be controlled and this is the responsibility of the management to control such inherent risks and to do this entity implements internal control system and this internal control system in turn keep the inherent problems from disturbing entity?s operations. That is why it is said that internal control system helps entity achieving its objectives.
The whole inherent risk-internal control system-business risk relation can be understood with one simple day to day example.
Drinking milk is beneficial for health but one glass of milk has thousands of harmful bacteria as well. But to fight such bacteria we have inbuilt immune system that controls the harmful germs in milk from spreading diseases in our body. Once the germs are controlled body can benefit from the goodness of milk. But if we are too afraid of germs in milk we will never be able to have its benefit as well. So getting scared is not the option. Having a strong immune system is the only feasible choice we have.
Similarly in business, if management is too scared of inherent problems and their resultant effect, they will never be able to get any benefits and thus no profitable business. So solution of not getting problems is not doing anything rather do what is necessary but control its inherent problems by having efficient and effective internal control system.
So cutting it short, we understand that business risk increases if inherent risk increases but to keep the inherent risk low internal control system must be working efficiently and effectively. This way business risk will be kept at low level.
However, there is no guarantee that internal control system will be able to counter the effects of all the inherent problems as it also has its limitations arising out of several reasons. Possibility that internal control system will not counter inherent problem is called control risk. So even if the control risk is high business risk increases again.
So we understood that it is not only the inherent risk that cause business risk to increase, if control risk has increased business risk will increase as well. Because if internal control fails to correct the problem it will again disturb entity?s ability to achieve its objectives. So business risk is the product of inherent and control risk and this can be written in the equation as following:
Business Risk = Inherent risk x Control risk
Entity or management is responsible to meet several different business objectives and each objective has associated business risk. One of the business objective of the business is to provide timely and accurate financial information of the entity?s performance and position of its operations to its users. And the risk that this information is materially misstated i.e. risk of material misstatement is one kind of business risk.
Now auditor?s job is to express opinion on financial statements as to whether they are true and fair and he is interested in all such business risk or activities which can translate into risk of material misstatement. The reason is that all such risks are indirectly connected with auditor?s work.
If auditor expresses an opinion that financial statements are true and fair when they are actually materially misstated then it is said that auditor has expressed an inappropriate opinion. The possibility that auditor may express inappropriate opinion is called audit risk.
Audit risk arises when auditor is unable to detect material misstatements in the financial information. This is how risk of material misstatement becomes important for auditor as well. Because if he is unable to assess the risk of material misstatement correctly i.e. unable to assess inherent and control risks properly then the chances are that he will end up giving inappropriate opinion. That is why he is required to gain understanding of the entity, environment and its internal control system.
Source: http://pakaccountants.com/what-is-business-risk/
marco rubio nerlens noel Chris Kyle Mark Balelo Dorner Dorner Manifesto Real Madrid Vs Manchester United
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.