Audit Risk Management
Businesses survive and thrive by making smart and informed decisions. Understanding the risks behind something is the smartest way to ensure that all risks are accounted for, and the activity is carried out using the best practices.
Every business activity carries a certain amount of risk. Whenever there is an audit there are several risks that need to be managed. The audit risk model classifies the risks that can happen, specially when an external auditor is being used.
What is an audit risk model?
The audit risk model is a model that divides the risks that have to be managed in an audit into three basic parts. The three basic components of an audit risk model are:
- Control Risk
- Detection Risk
- Inherent Risk
The audit risk model has been designed to help businesses identify the problems that can occur in audits. There are many major accounting related scandals which highlight the importance of these audits. Enron is perhaps the most well-known auditing scandal – and all three of these risks show up in the Enron scandal. Enron was regularly audited by what was perhaps the most respected auditing organization in the world, but it was still able to misreport figures and ended up losing money for hundreds of thousands of people.
The components of audit risk model
Let’s look at the three components in detail.
If a company hires an auditing company, the auditor from the external company will use the facts and figures provided by the company. There are many companies which have poor internal controls when it comes to data. People may misreport data or outright hide evidence of misdeeds from auditors because there were no internal controls to stop them, and the auditor will accept the data, assuming it can from a source of truth. When the audit is completed it will be based on the wrong numbers, which means that the audit itself will be wrong as well.
Control risk played a major part in the Enron scandal – the people providing the misleading numbers were widely respected and some of the most senior people in the organization. The audits were thus being carried out on the wrong numbers and no one knew until it was too late to do anything about it.
Have a look at how the risk mapping, predictions, live holistic view, dashboards, and much more will help your business manage risk better than ever before.
Detection risk is also an important component of the audit risk model. Detection risk is the risk that the auditors will unintentionally not discover major problems and create a report which paints a good picture of the company. Every audit report carries a detection risk. We cannot guarantee that an audit has found all the major problems within the organization. External auditors can often miss major red flags, because they may not even realize how big the problem was or that something wrong was being done.
Going back to Enron, we can easily see how detection risks work. The people at the accounting firm who failed to detect the many problems in Enron’s books were not paid off or bribed in any way – they genuinely failed to discover any major problems in Enron. There are many reasons this happened – the major one being that no one really had a problem with Enron. The government was happy, the stockholders were happy, and Enron itself was happy with the audits being carried out, thus the auditing company had no reason to rethink their approach towards Enron.
Inherent risk is perhaps the hardest component of the audit risk model to mitigate. Sometimes, even with the best intentions and the right controls, the audit ends up missing vital information and does not uncover problems. There is an inherent risk of inaccuracy in audits due to the complex nature of businesses and the business environment. Sometimes the audit may make the right recommendations for the time when the audit was being performed, but those recommendations may no longer be viable once the audit report is published.
Managing all these components of the audit risk model isn’t easy. Want to see a better way of managing audits? Look at the functionality offered by the Predict360 Audit management solutionand learn how your organization can do audits at a better pace with fewer resources.