All this increases and increases the risk for the auditor in the accounting system of the client company.
The inherent risk is assessed by the auditor at the preparatory, initial stage of the audit, when he only gets acquainted with the activities of the enterprise, the structure and organization of management, the location of its components and other issues. For this purpose, the auditor uses both information provided by the client company and information from external sources.
When assessing the inherent risk, the auditor should pay attention to those points that may affect the quality of financial statements, ie the risk is assessed at the level of financial statements. This means that the range of risks of the company, not related to the preparation of financial statements, which must be confirmed by the auditor, is separated from the whole set.
The next component of audit risk is control risk. The risk of control is the fear that inaccurate information that may arise and be material in isolation or in combination with other inaccurate information will not be detected or timely detected by the internal control system. It will be recalled that based on foreign experience, an error is considered significant or material, which alone or in combination with others distorts the financial statements by 4-5% of the total financial statements, or in itself insignificant, but changes the financial result to the opposite – loss of profit, and vice versa.
Control risk in Scotland is called control risk, and in France it is called the risk associated with the nature of the operations being processed, as well as with the creation and operation of systems that differ slightly from international standards. From the above definition of control risk, we can conclude that it consists of two components – the risk of the accounting system and the risk of internal control systems, as shown in Fig. one.
Fig. 1. Audit risk scheme.
According to Scottish experts, there is a risk that mistakes will not be prevented in advance and that they will be made or will not be detected after they occur. There is little that the auditor can do to correct this situation in the short term, but he or she must evaluate it in order to plan the audit properly. Therefore, when determining the risk of control, the auditor must assess the reliability, efficiency and effectiveness of accounting systems and internal control of the client.
The risk of the accounting system is that errors or fraud may be made as a result of documenting business transactions, misrepresenting them in the accounting records and preparing financial statements. In other words, this means that the accounting system is inefficient, not completely reliable. Assessing such risk is especially important today for Ukraine’s auditors. Now the accountants of Ukraine are faced with the task of proper accounting in a situation where the legislation and regulations are often changed.
This requires a lot of attention, honesty, honesty of auditors, while increasing the amount of accounting work, which, in turn, increases the possibility of errors due to lack of understanding of the essence and arithmetic inaccuracies, omissions, etc. All this increases and increases the risk for the auditor in the accounting system of the client company.
To assess the magnitude of the risk of the accounting system, the auditor must examine the nature of the client’s business, business transactions (ordinary), which are often repeated, as well as identify unusual, non-traditional, extraordinary transactions and the reasons that led to them; to study the accounting system used in the enterprise, and the process of accounting and reporting; the composition and qualifications of the accounting staff, especially the chief accountant, as well as job descriptions and the division of responsibilities between the accounting staff and other important issues.
The amount of control risk is also affected by the fact that during the previous audit errors, inaccuracies in accounting, which reduces the credibility of it and increases the risk (this should be taken into account by auditors in subsequent audits).
In foreign literature and practice, in particular in the United States, the concept of relative risk is highlighted in terms of conditions under which the efficiency and reliability of accounting increases or decreases, and the assets and liabilities of the balance sheet are highlighted, which are a risk area, ie than for other articles or indicators. High-risk items include, for example, the following: "Cash", "Current account", "Inventories", "Debtors", "Creditors", "Intangible assets", etc. Therefore, the audit should be conducted more carefully on relatively high-risk items, especially in the case of low assessment of the overall effectiveness of accounting systems.
However, even if the system is reliable in its structure, according to French auditors, it may be defective in its operation. Regardless of any desire to go beyond the system, it may malfunction.
In this regard, it is important for the auditor to assess the risk of the client’s internal control system itself, but above all to ensure its existence, existence and use. The assessment of the effectiveness of the internal control system is based on the auditor’s prediction that the existing internal control system will not be able to detect significant errors in the accounting system or will not be able to prevent them.
In order to reach a definite conclusion on this issue, the auditor must study in detail (even at the preparatory stage of the audit) the system of internal control. To this end, he studies the order of data processing in the enterprise and establishes how the internal control (manual or automated) and its effectiveness. This is very important, because narrative essay topics for college the auditor in his work can largely rely (trust) on the results of internal control, if he has a high degree of confidence in him.
From the practical experience of French audit firms, the auditor evaluates the following components of internal control (having previously determined its focus and impact on the accounting system and the quality of financial reporting):
Organizational system – the distribution of powers between the management of the enterprise, the qualifications and competence of the staff, the performance of duties, as well as mutual control over the work of management staff; The system of documentation and information – the correctness of the documentation of business transactions, their reflection in the accounting registers; tracing the path of the document from the moment of obtaining a permit for a business transaction and its compilation before submission to the archive; preliminary numbering of document forms, etc.; form of dissemination, processing and classification of information; the ability to quickly search for the necessary information, analyze the available information and use the extracted data to make management decisions; control over possible inaccuracies or errors; Material means of protection – the presence of specially equipped premises, reliable walls, doors, safes, fences, alarms, security, signs, which gives a guarantee of preservation of the assets of the enterprise (stocks of inventory, finished products, cash); use of a system of codes, passwords and other means of unauthorized access to information in personal automated workplaces; Staff – the company’s policy regarding the qualifications and competence of specialists; recruitment procedure (preferably on a competitive basis); measures to improve staff skills; the amount of wages; verification of performance of assigned duties; Surveillance system – measures to verify the effectiveness of the control system, which provides for its continuous operation, adaptability to situations that arise, updating tasks and problems to be solved by internal control, for example, by changing the strategy of the client company.
All these areas of evaluation of the internal control system are extremely important for Ukrainian auditors, because, in addition to determining its effectiveness and the degree of confidence in it, they must first of all during the preliminary acquaintance with the company to help properly organize such a system for the client. is at the proper level of organization and use, and in this regard there are many problems that could be avoided with a reliable system of internal control.
After evaluating the internal control system (which is often evaluated by the auditor together with the accounting system due to their close relationship), the auditor may begin to plan the audit, already having a reasonable choice of audit areas and methods and techniques required for its implementation, the number of audit procedures required. , the most acceptable types of audit evidence (obtained by the auditor as a result of independent audit procedures; from third parties; provided by the client company).
An auxiliary tool in assessing the systems of accounting and internal control, as evidenced by foreign experience, are the so-called internal control questionnaires, which set out the questions that the auditor should ask during the audit of these systems. The structure of such questionnaires, a set of questions are not standard. As a rule, each audit firm develops basic questionnaires, which are then specified by the auditor according to each specific client company. Such questionnaires are especially important as auditor’s working papers when using internal control data.
Note that in accordance with international auditing standards, the auditor is not subject to those decisions and procedures within the accounting and internal control systems that do not relate to financial information.
If the auditor inspects the company for a long time (for 4-6 years), the determination of the degree of risk of accounting and internal control systems is somewhat easier, but it is likely that the auditor will not notice a decrease in the effectiveness of such control as a whole or in its individual directions, using data on the internal control system obtained during previous inspections.