Assessment of auditor risk can be made by means of model of assessment of risk applied by five leading auditor firms of the world:
GAR = IR * CR * RP , where
GAR - general audit risk;
IR - internal risk;
CR - control risk;
RN - risk of nondetection.
The risk of nondetection is defined by the auditor a settlement way:
RN = GAR / IR * CR
The risk of non-detection consists of the risk of analytical review (RAR) and the risk of test control (RTC), which should be taken into account when assessing it.
Then the model will take such form:
GAR = IR * RC * RAR * RTC
Let's consider indicators of acceptable level of auditor risk.
|Name of audit risk elements
|General audit risk
|Risk of control
||is defined by an expert way
|Risk of nondetection
||is defined by a settlement way
It should be noted that the audit risk model considered is not without disadvantages, namely:
- Estimates of acceptable audit risk, internal risk and control risk are largely subjective;
- This is a planning model, so it is not always possible to use it when evaluating audit results.
Many audit firms, in order to cope with the problem of subjectivity, do not try to apply numerical values to risk levels, but designate them as "high," medium "and" low. "
Audit Risk Assessment Options
|Values of risk elements
||Risk of control
||Risk of nondetection at GAR=0,5
|0,5 - 0,6
||0,33 - 0,28
|0,8 - 0,9
||0,10 - 0,09
With regard to the second flaw of the audit risk model, it should be noted that once all risks have been assessed and a common audit plan has been developed, the internal and control risk plan is not subject to change based on the audit results.
This means that if the auditor finds errors below the minimum error limit, the risk level is considered acceptable for the object.
However, if the auditor finds errors that exceed the maximum allowable error size, then the model should be deviated and sufficient control procedures should be carried out to ensure confidence in the reliability of identifying the detected errors and quantify their value.
Audit Risk Assessment enables you to develop an overall audit plan and programs in the first option.
If the above deviations are detected during the audit, the planning documents shall be adjusted in terms of increasing the scope of audited objects and additional control procedures in order to ensure the level of risk of non-detection corresponding to the acceptable level of general audit risk.
Thus, the procedure of audit risk assessment justifies audit planning in terms of the content of the general plan, audit programs, schedules of audit assistants.
General audit plan shall contain a general list of objects to be audited, indicating the time budget for each of them and in general.
At the same time, the final indicator of the time budget for audit of the client 's activity, indicated in the general plan, should correspond to the terms of performance of works specified in the contract with the client.
In order to implement the general audit plan, it is necessary to further specify each enlarged object, determine the scale of audit procedures, the timing of their implementation, as well as the appointment of specific auditors, which is reflected in the audit programs.
In order to monitor the work of audit assistants, it is advisable to draw up schedules for each of them, where the structural elements of the audit object are divided into appropriate audit procedures so that it is more convenient to apply levels of materiality of errors, to specify in more detail the scope of these procedures, the time frame for their implementation.
As we can see, these documents reflect a systematic approach to the organization of the audit process, allow to monitor the progress of its implementation, to respond in a timely manner to deviations from the specified dates.
In addition, they may have legal effect in case of disagreement with the client at the final stage.
Therefore, it is useful to familiarize the client with their content, to agree on the proposed approaches to assessing the materiality of errors, explaining them to the established levels of audit risk elements, and to sign in a bilateral manner.
Thus, one of the most important procedures in the organization and planning of audits in the enterprise is the assessment of audit risk, which predeterminates the orientation of subsequent works to reasonable volumes of sample studies taking into account the definition of "risk zones."