Audit & Assurance Service Risk Based Audit

Question: Discuss about theAudit Assurance Servicefor Risk Based Audit. Answer: Introduction to Risk Based Audit The Risk based auditing is a modern, independent, and neutral way of collecting and analyzing the evidences with regard to the assertions of a process. The opinion then formed leads to the report forming process in which all the contentions and assertions are put into implementation. The auditors in order to form an effective report, gathers sufficient and appropriate information about the business and its environment. There are two major tests performed, which are undertaken after the collection of sufficient data and information (Mohammadi et al. 2014). There are various forms of risks, which form part of an organization and include risks like inherent, control, detection and overall risk. In order to gain proper knowledge about the risks present, the compliance and substantive tests are undertaken. Compliance Test is the gathering of facts and data to know the compliance status of the organization with the legal requirements, rules and regulations. The procedure helps the auditor in attaining the confidence in the structure of internal control of the company. Substantive Test aims at evaluation of the transactions, data and other important information, on an individual basis (Uludag? 2016). The integral aim of the process is to get an assurance that, the objectives of the company are being met effectively and effectively. The risk-based approach is commonly followed, as it encourages the auditors to attain knowledge of the business as a whole (Johnstone et al. 2013). The auditors on following the models can easily enhance their identification and categorization procedure, which can help them in the better determination of risks, and most suitable approaches accordingly. Difference Between Business Risk and Risk of Material Misstatements Business risks are the risks present in the organization, which can be wide and diversified in nature. The risks present in an organization may contribute and result towards the failure of the business, therefore being the ultimate risk for an organization. Thus, the risks that affect the going concern of a business falls under the business risks. The risks also include the increment in the cost of production, competition in the market, frauds and thefts and other such risks (Wright 2016). Audit risks or the risk of the material misstatements represents the risks, which are expressed by the auditor. An inappropriate opinion on financial statements after the audit procedure comprises the audit risks. The risk of material misstatement comprises of two major components, inherent and control risk and third being detection risk (Knechel and Salterio 2016). The auditors majorly focus on the factors of inherent and control risks. The risk of detection is not an integral part of the material misstatement risk. The misstatements can lead to economical losses and they comprise the information, which is not easily visible or traceable. Thus, with the increase in the risk of the statements of finance can lead to an increment in the overall risk. The identification and assessment of the risks of the misstatements, which are material in nature and helps in the understanding of the organization and its environment is necessary to be carried out by the auditor. Such process helps to earn the knowledge about the likelihood and the present risks, which are being faced by the organization. Such business risks have the likelihood of identification of the material misstatements but it is not necessary that the material misstatements are the same as the business risk. Therefore, an auditor must undertake essential precautions to measure the nature and consequences of the various risks (Brown-Liburd et al. 2014). While, the risk of business relates merely to the entity and the stakeholders; the risk of audit i.e. material misstatements relates to the auditor only. Even though, the business risks and audit risks are not fully similar to each other, they still connect. The recognition and classification of the business risks guide towards the detection of the audit risks (Ruhnke and Schmidt 2014). Discussion on Business Risks Ferrywise Ltd is a company, which is operating the car and ferry route for the passengers after purchasing the rights of operating the same until the year 2022. It operates across a large lake in Ireland and due to recession, they are unable to build another bridge, which would allow an extra 125 kilometers drive. In addition, Ferrywise Ltd had purchased boats for the routes but as per the Environmental rules and regulations, they are unable to meet the emission standards required as per the rules and regulations. Thus, the company is not meeting the compliance requirements as per the audit standards and regulations, which comes easily under the focus of an auditor. The non-compliances are a part of a great business risk as they majorly form part of the future concern of the company (Sadgrove 2016). The Company is also unable to fulfill the requirement of carrying the passengers in the required number of vehicles per year, which means it has the risk of going concern as the passengers are not looking forward to such travelling and the vehicles are unavailable at the required time. Furthermore, it is unable to get the advantage of the subsidies, which are provided once the company increases the number of vehicles for the travelling across the route. The Safety at sea certificate is also required to be verified by the independent auditor, which if negative would create an unstable position for the company. It is mainly about the safety measures and precautions taken against the accidents, which might take place within the sea or anytime during the travel. On the assessment procedure carried on by a group of independent auditors, it was found that there are a huge number of deficiencies and paucity in the measures and operations undertaken by the Company. Lastly, the main problem constitutes the claim about the contaminated food provided by the company. The passengers had been complaining that they had been suffering from health issues like food poisoning after having the refreshments provided by the company. Even though, the company is denying the fact and responsibilities related to such refreshments, the goodwill of the company has gone down drastically and the same problem has been covered under the coverage of media. There has been a bad public image formed after such news spread by the media. Therefore, from the above we can easily make the numerous risks, which the business is facing, and the ones, which would affect and harm the company, which can even damage the going concern of the company (Epstein and Buhovac 2014). The auditor will undertake tests in which the company will surely fail, as they do not meet the compliance procedures and there are no internal controls present, which can save the company from being ruined in the near future. The Company will also not pass the substantive test, as the individual process of the companies is also not up to the mark, as per the discussions above. There are various failures of processes undertaken by the company and thus the auditor may give inappropriate opinion about such practices. The opinions matter and will decide the smooth continuation of the company. An auditor tries to attain a proper knowledge and detect the overall risks present inside the organization to provide the required opinion. Conclusion and Recommendation on Internal Control The existing system must be reviewed carefully by the management and ensure that there must be implementation of proper controls and procedures. As per the problems, which are seen above, there are various discrepancies in the existing system of the organization. Each aspect of the company is checked i.e. the checks and financial transactions undertaken by the company. There are many safety and other compliance and legal issues, which must be put under stringent controls to remove the inappropriate opinion of the auditors. The controls can simply include the implementation of checklists about the precautionary measures undertaken by the company. The various compliance procedures like the meeting of the emission standards as per the Environmental protection regulations must be highlighted to the management (Pahuja 2013). The compliance test would require the company to follow, as it will seriously affect the companys reputation and goodwill. There are decreased numbers of vehicles, which must be increased to gain proper amount of advantage of the subsidies, which are provided from the authority of the local transportation. There must be a maintenance report of the number of vehicles available and the requirement, if fulfilled or not. The requirement of the vehicles per year is not met and in order to fulfill the same, the manager, to provide appropriate answer to the auditor, must do enquiries. The company is losing the subsidy, as it does not meet the requirements, so it should take steps to increase the subsidies. The company has various issues, which also include the safety measures of company, which includes the safety of the passengers and ship from accidents, breakdown and collisions. They require the review of the safety documents, which the independent auditors found illegal. The Safety at Sea Certificate which becomes valid for five years down the row, was not approved by a set of independent directors, as there were numerous discrepancies found in the procedures and measurement undertaken by the company. Thus, the auditor must take steps to make the management take steps on controlling the same by making proper documents and questionnaire to be filled for perfection. The management also needs to take measures to correct such inconsistencies and continue the proper supervision on the activities carried on by the company (Benn et al. 2014). The last and major deficiency of the company is the improper and unsatisfied food supply to the passengers. The customers are not happy as they think the refreshments supplied are contaminated and therefore they are facing the problems of food poisoning and other such health issues. Though the company is denying the fact that their food is contaminated, the media has distorted their image as bad and unethical. The auditor must detect the reasons of such risk along with the management and other experts. After the detection procedure, the auditor must take into consideration the measures which will help the company get rid of the bad publicity in which the company is involved. The detection procedure helps in the reduction of the operational risks by creating firewalls in technologies and other personal business (Layton 2016). The auditor must help the management to make an effective risk plan and have sufficient insurance for the protection against the losses and other symptoms of destruction. He must also act as a professional and as he is an outsider, he must view all the situations in a more objective and effective manner (Peltier 2016). The auditor must issue written communication to the management with relation to the overall environment of the entity. It would be appropriate if the communication is first done in an oral manner to the management and those charged with the governance. Thus, the auditor must be in a continuous communication with the management and those charged with the governance (Bain and Band 2016). References Bain, N. and Band, D., 2016.Winning ways through corporate governance. Springer. Benn, S., Dunphy, D. and Griffiths, A., 2014.Organizational change for corporate sustainability. Routledge. Brown-Liburd, H., Mason, S. and Shelton, S., 2014.The effect of reliance on third-party specialists under varying levels of internal control effectiveness on the audit of fair value measurements. Working paper, Rutgers, The State University of New Jersey. Epstein, M.J. and Buhovac, A.R., 2014.Making sustainability work: Best practices in managing and measuring corporate social, environmental, and economic impacts. Berrett-Koehler Publishers. Johnstone, K., Gramling, A. and Rittenberg, L.E., 2013.Auditing: a risk-based approach to conducting a quality audit. Cengage Learning. Knechel, W.R. and Salterio, S.E., 2016.Auditing: assurance and risk. Routledge. Layton, T.P., 2016.Information Security: Design, implementation, measurement, and compliance. CRC Press. Mohammadi, J., Kalali, A. and Najafzadeh, A., 2014. Risk-Based Auditing.Asian Journal of Research in Business Economics and Management,4(11), pp.366-372. Pahuja, S., 2013. Environmental Audit. InEncyclopedia of Corporate Social Responsibility(pp. 969-979). Springer Berlin Heidelberg. Peltier, T.R., 2016.Information Security Policies, Procedures, and Standards: guidelines for effective information security management. CRC Press. Ruhnke, K. and Schmidt, M., 2014. Misstatements in financial statements: The relationship between inherent and control risk factors and audit adjustments.Auditing: A Journal of Practice Theory,33(4), pp.247-269. Sadgrove, K., 2016.The complete guide to business risk management. Routledge. Uludag?, S., 2016. The importance of control environment in an organization for an independent auditor to determine nature, timing, and extent of substantive tests: An application in Turkey.JABS,2(6), pp.294-303. Wright, W.F., 2016. Client business models, process business risks and the risk of material misstatement of revenue.Accounting, Organizations and Society,48, pp.43-55.