审计过程之风险评估过程分析.pptx

《审计过程之风险评估过程分析.pptx》由会员分享，可在线阅读，更多相关《审计过程之风险评估过程分析.pptx（98页珍藏版）》请在淘文阁 - 分享文档赚钱的网站上搜索。

1、第八章 审计过程风险评估过程 “After Equity Funding and the Cohen Commission,the “After Equity Funding and the Cohen Commission,the professionprofession rebuffed societys calls for heightened fraud rebuffed societys calls for heightened fraud detection responsibilities,detection responsibilities,but its different

2、this time.We are but its different this time.We are in a new era where auditors need toin a new era where auditors need to be more responsible for be more responsible for detecting fraud.”detecting fraud.”Paraphrased from comments by Greg Paraphrased from comments by Greg Scates,Scates,Associate Ass

3、ociate Chief Auditor,Chief Auditor,PCAOB Symposium,PCAOB Symposium,December 9,2004.December 9,2004.第八章 目录1、风险基础审计概述 2、签约风险管理 3、审计风险管理风险基础审计概述l l 风险基础审计的意义l l 经营风险基础审计的基本特征 l l 风险的本质l l 经营风险基础审计的基本流程财务报表审计的目标和一般原则l l第十三条 注册会计师按照审计准则的规定执行审计工作，能够对财务报表整体不存在重大错报获取合理保证。l l第十四条 由于审计中存在的固有限制影响注册会计师发现重大错报的能力

4、，注册会计师不能对财务报表整体不存在重大错报获取绝对保证。合理保证的意义l l原因：人的有限认知能力和审计的固有局限性l l意味：社会所要求水平的保证l l等式：合理保证（%）=绝对保证（100%）审计风险（%）风险基础审计方式l l风险基础审计方式就是审计人将审计风险降至可接受的低水平，使得为审计意见提供合理基础的“合理水平”保持在高水平之上的审计方式。Business risk-based auditingl l基本思路：重大财务报表错报的根源在于被审计企业的经营风险l l基本概念：审计是一个证据形成、基于判断的风险评估过程l lErnst&Young：“全球审计方法”（Global Au

5、dit Methodology：GAM）审计模式l lKPMG：“经营评估过程”（Business Measurement Process：BMP）基本特征l l多方位的风险概念多方位的风险概念l l多元化的信息源多元化的信息源l l自上而下方式自上而下方式l l注重分析经营风险的影响注重分析经营风险的影响Four critical components of risk 企业风险（企业风险（Enterprise riskEnterprise risk）影响企业实现其战略目标的影响企业实现其战略目标的不确定性。不确定性。财务报告风险（财务报告风险（Financial reporting risk

6、Financial reporting risk）与记录交易以及与记录交易以及财务报表披露直接相关的风险。财务报表披露直接相关的风险。签约风险（签约风险（Engagement riskEngagement risk）与某个特定的客户签订审与某个特定的客户签订审计业务约定而带来的风险。计业务约定而带来的风险。审计风险审计风险(Audit risk)(Audit risk)审计人在实施审计时没能发现财务审计人在实施审计时没能发现财务报表存在重大错报，结果发表了错误审计意见的风险。报表存在重大错报，结果发表了错误审计意见的风险。证据构架工具l软件工具（software tools）l核对表（chec

7、klist）l模板（templet）l产业和经济统计等大型数据库l其他信息源Top-down approachl合伙人或者项目经理参与以审计计划过程为中心的整个审计业务l对高层次控制的评价，比如，直接与经营者讨论企业的风险管理问题例子现实中的经营风险对企业持续能力的影响图表9-1 基本流程 初步评价重大错报风险把握有关财务报表整体的重大错报风险发现要特别对待的风险审计计划编制根据剩余风险的大小确定审计重点和审计程序执行审计程序针对要特别对待风险的审计程序采取措施：增加助理人员、配置专家、保证审计时间等发现要特别发现要特别对待风险对待风险了解企业和企业环境内部控制、经营风险财务报表项目财务报表整

8、体修改审计计划修改审计计划Risk-based approach to auditingl l了解客户的风险管理过程了解客户的风险管理过程l l了解客户的经营业务及其面临的风险了解客户的经营业务及其面临的风险l l根据所识别的风险估计账户余额和财务结果；根据所识别的风险估计账户余额和财务结果；l l评估风险管理中内部控制的质量；评估风险管理中内部控制的质量；l l确定剩余风险，更新对账户余额的估计；确定剩余风险，更新对账户余额的估计；l l通过实施必要的账户余额直接测试以管理账户余额错报风险。通过实施必要的账户余额直接测试以管理账户余额错报风险。COSO defines ERM as a 一个

9、由一个单位的董事会、经营者和其他成员实施的，应用于战略制定并贯穿于整个企业、旨在识别可能影响该单位的潜在事项，管理风险使其控制在风险容量之内，并为单位目标的实现提供合理保证的过程。Understanding ERM Process-1l l了解客户的风险评估过程l l复核内部审计所使用的风险基础审计方法l l与经营者讨论他们的风险管理方式l复核企业的报酬政策以观察其是否符合企业的风险政策l复核风险管理的文件等Understanding ERM Process-2 If The company has strong risk management processes，the auditor ma

10、y focus on testing controls and developing corroborative evidence on account balances.If The company does not have a comprehensive risk process,the auditor will assess engagement risk as high,set audit risk at a lower level,and increase direct testing.Key Business Processes l l关键性业务l l影响关键性业务的行业因素l

11、l经营者管理这些关键性业务的方式l l关键性业务可能产生的经营效果和财务效果Business Riskl l因企业的内部因素和影响企业活动的不确定的外部因素对企业的发展和经营成果以及持续经营造成的危险。l l基本相等地影响所有企业的宏观层次的风险。l l只影响某个行业或某个企业的微观层次的风险。Business Riskl l前者如经济不景气、通货膨胀、高利率、战争、石油价格前者如经济不景气、通货膨胀、高利率、战争、石油价格的高涨、政局不稳、技术革新、经济封锁等；的高涨、政局不稳、技术革新、经济封锁等；l l后者如原材料价格的上涨、周转资金不足、罢工、消费动后者如原材料价格的上涨、周转资金不足

12、、罢工、消费动向的变化、诉讼、政府管制、债务保证、或有损失、合同向的变化、诉讼、政府管制、债务保证、或有损失、合同不履行、子公司或联营企业的经营恶化、被投资企业收益不履行、子公司或联营企业的经营恶化、被投资企业收益下降、购货企业或者供货企业的破产等。下降、购货企业或者供货企业的破产等。Sources of Informationl l智能代理（智能代理（Intelligent agentsIntelligent agents）l l知识管理系统（知识管理系统（Knowledge management Knowledge management systemssystems）l l在线搜索（在线搜

13、索（Online searchesOnline searches）l l电子数据收集及检索系统（电子数据收集及检索系统（Electronic research-Electronic research-Electronic data gathering and retrieval systemElectronic data gathering and retrieval system：EDGAR EDGAR）l l经济统计（经济统计（Economic statisticsEconomic statistics）l l专业手册（专业手册（Professional practice bulletin

14、sProfessional practice bulletins）l l股票分析报告（股票分析报告（Stock analysts reportsStock analysts reports）等）等Sources of Information 审计人还可以通过与经营者和前任审计人沟通、阅读前期审计工作底稿和客户的预算、视察生产车间和业务部门、复核数据处理中心、阅读重要的债务条款和董事会记录、确认政府的相关法律以及客户的有关法律责任获得关键性业务的信息。Developing Expectationsl lThe auditor should use information about the co

15、mpanys key processes and risks to develop expectations about its account balances and performance l lThese expectations are compared to recorded book values to identify misstatementsSources of data commonly used l lFinancial information for prior periodsFinancial information for prior periodsl lExpe

16、cted or planned results from budgets and forecastsExpected or planned results from budgets and forecastsl lComparison of linked accounts(such as interest expense and Comparison of linked accounts(such as interest expense and debt)debt)l lRatios of financial information(such as common-size financial

17、Ratios of financial information(such as common-size financial statements)statements)l lCompany and industry trendsCompany and industry trendsl lRelevant non-financial information Relevant non-financial information These expectations should bel lDeveloped independently of managementDeveloped independ

18、ently of managementl lDocumented,along with a rationale for the expectationsDocumented,along with a rationale for the expectationsl lCommunicated to all audit team membersCommunicated to all audit team membersTechniques commonly used l lTrend analysisTrend analysisl lComparative financial statements

19、(horizontal analysis)Comparative financial statements(horizontal analysis)l lCommon-sized financial statements(vertical analysis)Common-sized financial statements(vertical analysis)l lRatio analysisRatio analysisWhat are thepurposes of preliminary analyticalprocedures?-understanding the clients indu

20、stry-assessing going concern issues-indicating possible misstatements-reducing detailed testsExamples of key performance indicators l lBacklog of work in progressBacklog of work in progressl lAmount of return itemsAmount of return itemsl lIncreased disputes regarding accounts receivable or accounts

21、Increased disputes regarding accounts receivable or accounts payablepayablel lSurveys of customer satisfactionSurveys of customer satisfactionl lEmployee absenteeismEmployee absenteeisml lDecreased productivityDecreased productivityl lInformation processing errorsInformation processing errorsl lIncr

22、eased delays in important processes Increased delays in important processes Residual risk The remaining risk after management has taken action to The remaining risk after management has taken action to alter the risks likelihood or impact.alter the risks likelihood or impact.Linkage to direct tests

23、of account balances If the auditor concludes there is a high risk of material If the auditor concludes there is a high risk of material misstatement auditor mustmisstatement auditor mustl lSet materiality at an appropriate levelSet materiality at an appropriate levell lUse procedures appropriate for

24、 the level risk to examine the Use procedures appropriate for the level risk to examine the account balanceaccount balancel lThe auditor is required to assess the appropriateness of the The auditor is required to assess the appropriateness of the accounting methods used by managementaccounting metho

25、ds used by managementl lGuidelines to evaluate appropriateness include:Guidelines to evaluate appropriateness include:l lRepresentational faithfulness-does the accounting reflect Representational faithfulness-does the accounting reflect the economic substance of the transactionsthe economic substanc

26、e of the transactionsl lConsistency of application of GAAPConsistency of application of GAAPl lAccounting estimates-based on proven models,reconciled Accounting estimates-based on proven models,reconciled to actual results,based on valid economic reasons?to actual results,based on valid economic rea

27、sons?Quality of accounting principles used Managing Detection&Audit Risk l lAdjusting audit staff to reflect risk associated with a clientAdjusting audit staff to reflect risk associated with a clientl lDeveloping direct tests of account balances consistent with Developing direct tests of account ba

28、lances consistent with detection riskdetection riskl lAnticipating potential misstatements likely associated with Anticipating potential misstatements likely associated with account balancesaccount balancesl lAdjusting the timing of audit tests to minimize overall audit Adjusting the timing of audit

29、 tests to minimize overall audit riskrisk签约风险管理l l签约风险管理的意义l l签约风险管理中对客户的考虑l l签约风险管理所需信息的获得l l签约风险管理中对自身因素的考虑审计业务约定书审计业务约定书What is an engagement letter?Executory contract between the auditor and clientWhy is it necessary?To document terms of the audit and minimize misunderstandings.Do you know a law

30、suit case?The letter is written by the auditor to the client,then signed by both.When should the letter be signed?Before or after the predecessor/successor auditor communication?Before or after the audit procedures?Must an engagement letter be in a written form?1136 Tenants corporation vs.Rothenberg

31、 case l lTenants are the ownersTenants are the ownersl lManaged by third party realtorManaged by third party realtorl lCPAs maintained accounting books(book keeping)CPAs maintained accounting books(book keeping)l lSued for failure to discover defalcations of Sued for failure to discover defalcations

32、 of management management l lConfusion between the role of CPA and AuditorConfusion between the role of CPA and Auditorl lLessonsLessonsl lCPAs are supposed to audit the financial CPAs are supposed to audit the financial statementsstatements (Expectation Gap)(Expectation Gap)l lEngagement letterEnga

33、gement letterl lAlert for any sign of defalcationAlert for any sign of defalcationl lReport any sign of fraud to owners,regardless of Report any sign of fraud to owners,regardless of services renderedservices rendered1136 Tenants Corporation CPA firmA realtor(president:Rothenburg)Only book keepingNo

34、 Audit serviceRothenburg stole$130,000.The auditor did not report the Rothenbergs fraud to the managements of 1136 Tenants CorpororationCompilation fee:$600Courts judgment:pay$230,000 to the 1136 Tenants Corp.Managed byHiredOral agreementLessonsLessonsl lCPAs are supposed to audit the financial stat

35、ementsCPAs are supposed to audit the financial statements (Expectation Gap)(Expectation Gap)l lEngagement letterEngagement letterl lAlert for any sign of defalcationAlert for any sign of defalcationl lReport any sign of fraud to owners,regardless of Report any sign of fraud to owners,regardless of s

36、ervices renderedservices renderedEngagement Risk l l签约风险管理是最重要的审计决策之一。签约风险管理是最重要的审计决策之一。l l被审计企业经营失败或者其财务报表中存在审计被审计企业经营失败或者其财务报表中存在审计人无法发现的重大错报，往往引发审计诉讼。人无法发现的重大错报，往往引发审计诉讼。l l签约风险管理的目的是排除高风险客户，从源头签约风险管理的目的是排除高风险客户，从源头控制审计风险。控制审计风险。综合考虑l l 所有的审计都不可能提供所有的审计都不可能提供100%100%的保证；的保证；l l 审计人是在激烈竞争的市场中竞争客户；

37、审计人是在激烈竞争的市场中竞争客户；l l 审计人有义务满足社会对财务报告以及审计的期审计人有义务满足社会对财务报告以及审计的期望；望；l l 审计人应该发展审计方法面对高风险；审计人应该发展审计方法面对高风险；l l 审计人可以保持高度的职业怀疑心去发现重要的审计人可以保持高度的职业怀疑心去发现重要的错报。错报。Factors Affectl lQuality of the clients corporate governanceQuality of the clients corporate governancel lClients financial healthClients fina

38、ncial healthl lClients economic prospectsClients economic prospectsCorporate Governancel l企业外部的所有者和债权人等对企业实施企业外部的所有者和债权人等对企业实施控制并要求企业履行经管责任的过程。控制并要求企业履行经管责任的过程。l l公司治理的质量反映了经营者履行经管责公司治理的质量反映了经营者履行经管责任的质量和财务报告的质量。任的质量和财务报告的质量。The key factors an auditor will analyze l l经营者的诚实性l l董事会和审计委员会的独立性及能力l lERM

39、以及内部控制的质量l l法律和报告要求的遵守l l主要利害关系者参与企业经营的程度l l关联方交易Why the financial healthl l审计之后被审计企业申请破产增加审计人被起诉的可能性l l审计人需要通过评估了解：l l经营者是否具有制造财务报表错报的动机经营者是否具有制造财务报表错报的动机l l识别可能错报的领域识别可能错报的领域l l识别不正常的账户余额识别不正常的账户余额Economic Prospects High-risk companies are generally characterized by High-risk companies are general

40、ly characterized byl l 营运资本不足；l l缺乏长期战略和经营计划；l l市场进入成本低；l l依赖于有限的产品提供；l l依赖于将要过时的技术；l l将来的现金流量不稳定；l l有不恰当会计处理的历史；l l受到过外部监管机构的调查。签约管理信息l l前后任审计人的沟通l l向其他人员询问 Any communications between the predecessor and management or audit committee regarding fraud,illegal acts or internal control matte.Why?1.To i

41、dentify clients reasons for an audit-Competency of the prior auditor-Hunting for opinion-Prior CPA left the client because of illegal acts.2.Support beginning balances-What if not sure about the beginning balance?Communicate with Predecessor AuditorsProcedures of predecessor and successor auditor co

42、mmunicationl lthe successor is the successor is required to initiaterequired to initiate the the communicationcommunicationl lthe client must give permission for the communicationthe client must give permission for the communicationl l What if a client does not give permission?What if a client does

43、not give permission?l lAre the predecessor required to respond?Are the predecessor required to respond?l l What if a predecessor auditor does not respond?What if a predecessor auditor does not respond?Audit Committeel lAudit committee is responsible for appointment,compensation Audit committee is re

44、sponsible for appointment,compensation and oversight of auditorsand oversight of auditorsl lArrangements for the audit should be made through contact Arrangements for the audit should be made through contact with the companys audit committeewith the companys audit committeel lRequired by Required by

45、 NYSE NYSE and and NASDAQNASDAQl lConsists of at least 3 independent(outside)directorsConsists of at least 3 independent(outside)directorsl lAudit committee members should not receive any Audit committee members should not receive any consulting,advisory or other compensatory fees from the consultin

46、g,advisory or other compensatory fees from the companycompanyl lAudit committee members should be financially literateAudit committee members should be financially literate-Are we independent?-Are we technically competent?-Is client reputable?-client lacking integrity-financially unstable client-cli

47、ent unable to pay audit fees-Why do they want us?What would be the major question in client What would be the major question in client acceptance?acceptance?Whatpotentialclient might theauditor turndown?-training and overall experience-industry and client experience-supervision-need for specialistsA

48、re we technically competent?Are we technically competent?Components of Engagement Letterl lName of the clientName of the clientl lstatements to be auditedstatements to be auditedl lscope of the services including any limitationsscope of the services including any limitationsl lthe auditors responsib

49、ility for detecting fraudthe auditors responsibility for detecting fraudl lobligation of the clients staff in preparing schedules and obligation of the clients staff in preparing schedules and statementsstatementsl lfees or method of determining feefees or method of determining feel lprovisions for

50、clients acceptance signature and dateprovisions for clients acceptance signature and datel l The more specific,the better The more specific,the better 审计风险管理l l审计风险概述l l审计重要性l l审计风险评估和控制审计风险概述l l审计风险的概念 l l审计风险的要素l l审计风险的理论模型 l l审计风险模型的界限 What is audit risk?Audit risk is the risk that an auditor may