Business risk
Actions or inactions that could adversely affect an entity’s ability to achieve its objectives and execute its strategies
Financial risks
Risks arising from the financial activities or financial consequences of an operation eg overtrading
Operational risks
Risks arising with regard to operations eg risk that a major supplier will be lost
Compliance risks
Risk that arises from non-compliance with laws and regulations
Why is assurance required for business risk management
The risk that the company accepts has a direct impact on the risk of the investment that anyone purchasing shares in a company or lending memory to a company is making
Business risks in relation to cliamte change
Risk of the business not complying with climate change regulation which could lead to fines, loss of licences or being forced to close
May lose major investors if not climate change friendly
Risk that a traditional business is unable to adapt
Direct threat as a result of climate change
Audit risk
The risk of giving an inappropriate opinion in relation to the FS
Risk of material misstatement exists at two levels
The overall FS level
The assertion level for classes of transactions, accounts balances and disclosures
Indications of risks at the FS level
Lack of personnel with the appropriate accounting and financial reporting skills
Control deficiencies
Past misstatements, history of errors or a significant amount of adjustments at period end
Risk of material misstatement at the assertion level consist of two components
Inherent risk
Control risk
The auditor is required to perform risk assessment procedures to understand
The entity and its environment
The financial reporting framework and accounting policies
Inherent risk
How likely that an account balance or transaction will be wrong and how likely is it that as a result the FS will be misstated by a material amount
Examples of inherent risk factors
ISA 315
How significant an inherent risk is =
How big the potential misstatement could be
Position on spectrum of inherent risk =
Likelihood x magnitude
Control risk
Risk that a misstatement could occur in an assertion about a class of transactions, accounts balances balance or disclosure and that could be material or when aggregated with other misstatements, will not be prevented, detected and corrected on a timely basis by the entity’s controls
Limitations of internal control
Cost>benefit
Human error
Management override
Changed in procedures
If the auditor believes they cannot rely on the entity’s controls after taking an initial inspection
Control risk is not relevant and the audit will be conducted as if there were no controls in place ie so that the only risk of material misstatement is inherent risk
If the auditor expects to be able to rely on controls
They will make an assessment of control risk. Ie how risky the system is
Detection risk
The risk that the procedures performed by the auditor to reduce audit risk to an acceptably low level will not detect a material misstatement either individually or in the aggregate
Non sampling risk
Lack of understanding of the nature of the clients business
Use if invakid sampling techniques
Failure to investigate a particular class of assets, liabilities or transactions
Significant risk
Risks that are at the upper end of the spectrum of inherent risk Control
Increase upon control risk =
If IR also high, increased testing required to render DR low
If IR low, control weaknesses may not be as significant on audit risk, may increase work required to reduce DR to ensure AR is acceptable
Provided DR is managed, control weaknesses should not affect AR
Meaning and implication of inherent risk
Risk of material errors arising is high
Detection risk must be rendered low
