审计过程—风险评估过程( 99页)ppt课件

1、第八章 审计过程风险评价过程 “After Equity Funding and the Cohen Commission, the professionrebuffed societys calls for heightened fraud detection responsibilities,but its different this time. We are in a new era where auditors need tobe more responsible for detecting fraud.Paraphrased from comments by Greg Scates

2、,Associate Chief Auditor,PCAOB Symposium, December 9, 2004.第八章 目录1、风险根底审计概述 2、签约风险管理 3、审计风险管理.风险根底审计概述 风险根底审计的意义 运营风险根底审计的根本特征 风险的本质 运营风险根底审计的根本流程.财务报表审计的目的和普通原那么第十三条 注册会计师按照审计准那么的规定执行审计任务，可以对财务报表整体不存在艰苦错报获取合理保证。第十四条 由于审计中存在的固有限制影响注册会计师发现艰苦错报的才干，注册会计师不能对财务报表整体不存在艰苦错报获取绝对保证。.合理保证的意义缘由：人的有限认知才干和审计的固有局

3、限性意味：社会所要求程度的保证等式：合理保证%=绝对保证100% 审计风险%.风险根底审计方式风险根底审计方式就是审计人将审计风险降至可接受的低程度，使得为审计意见提供合理根底的“合理程度坚持在高程度之上的审计方式。 .Business risk-based auditing根本思绪：艰苦财务报表错报的根源在于被审计企业的运营风险根本概念：审计是一个证据构成、基于判别的风险评价过程Ernst & Young：“全球审计方法Global Audit Methodology：GAM审计方式KPMG：“运营评价过程Business Measurement Process：BMP .根本特征多方位的风

4、险概念多元化的信息源自上而下方式注重分析运营风险的影响.Four critical components of risk 企业风险Enterprise risk 影响企业实现其战略目的的不确定性。 财务报告风险Financial reporting risk与记录买卖以及财务报表披露直接相关的风险。 签约风险Engagement risk与某个特定的客户签署审计业务商定而带来的风险。 审计风险(Audit risk) 审计人在实施审计时没能发现财务报表存在艰苦错报，结果发表了错误审计意见的风险。.证据构架工具软件工具software tools核对表checklist模板templet产业和经

5、济统计等大型数据库其他信息源.Top-down approach合伙人或者工程经理参与以审计方案过程为中心的整个审计业务对高层次控制的评价，比如，直接与运营者讨论企业的风险管理问题.例子现实中的运营风险对企业继续才干的影响.图表9-1 根本流程 初步评价艰苦错报风险把握有关财务报表整体的艰苦错报风险发现要特别对待的风险审计方案编制根据剩余风险的大小确定审计重点和审计程序执行审计程序针对要特别对待风险的审计程序采取措施：添加助理人员、配置专家、保证审计时间等发现要特别对待风险了解企业和企业环境内部控制、运营风险财务报表工程财务报表整体修正审计方案.Risk-based approach to a

6、uditing了解客户的风险管理过程了解客户的运营业务及其面临的风险根据所识别的风险估计账户余额和财务结果；评价风险管理中内部控制的质量；确定剩余风险，更新对账户余额的估计；经过实施必要的账户余额直接测试以管理账户余额错报风险。.COSO defines ERM as a 一个由一个单位的董事会、运营者和其他成员实施的，运用于战略制定并贯穿于整个企业、旨在识别能够影响该单位的潜在事项，管理风险使其控制在风险容量之内，并为单位目的的实现提供合理保证的过程 。 .Understanding ERM Process -1了解客户的风险评价过程复核内部审计所运用的风险根底审计方法与运营者讨论他们的风险

7、管理方式.复核企业的报酬政策以察看其能否符合企业的风险政策复核风险管理的文件等Understanding ERM Process-2 .If The company has strong risk management processes ，the auditor may focus on testing controls and developing corroborative evidence on account balances.If The company does not have a comprehensive risk process, the auditor will ass

8、ess engagement risk as high, set audit risk at a lower level, and increase direct testing.Key Business Processes 关键性业务影响关键性业务的行业要素运营者管理这些关键性业务的方式关键性业务能够产生的运营效果和财务效果.Business Risk因企业的内部要素和影响企业活动的不确定的外部要素对企业的开展和运营成果以及继续运营呵斥的危险。根本相等地影响一切企业的宏观层次的风险。只影响某个行业或某个企业的微观层次的风险。.Business Risk前者如经济不景气、通货膨胀、高利率、战争

9、、石油价钱的高涨、政局不稳、技术革新、经济封锁等；后者如原资料价钱的上涨、周转资金缺乏、罢工、消费动向的变化、诉讼、政府控制、债务保证、或有损失、合同不履行、子公司或联营企业的运营恶化、被投资企业收益下降、购货企业或者供货企业的破产等。.Sources of Information智能代理Intelligent agents知识管理系统Knowledge management systems在线搜索Online searches电子数据搜集及检索系统Electronic research- Electronic data gathering and retrieval system：EDGAR

10、 经济统计Economic statistics专业手册Professional practice bulletins股票分析报告Stock analysts reports等.Sources of Information 审计人还可以经过与运营者和前任审计人沟通、阅读前期审计任务底稿和客户的预算、视察消费车间和业务部门、复核数据处理中心、阅读重要的债务条款和董事会记录、确认政府的相关法律以及客户的有关法律责任获得关键性业务的信息。.Developing ExpectationsThe auditor should use information about the companys key

11、processes and risks to develop expectations about its account balances and performance These expectations are compared to recorded book values to identify misstatements.Sources of data commonly used Financial information for prior periodsExpected or planned results from budgets and forecastsComparis

12、on of linked accounts (such as interest expense and debt)Ratios of financial information (such as common-size financial statements)Company and industry trendsRelevant non-financial information .These expectations should beDeveloped independently of managementDocumented, along with a rationale for th

13、e expectationsCommunicated to all audit team members.Techniques commonly used Trend analysisComparative financial statements (horizontal analysis)Common-sized financial statements (vertical analysis)Ratio analysis.What are thepurposes of preliminary analyticalprocedures?- understanding the clients i

14、ndustry- assessing going concern issues- indicating possible misstatements- reducing detailed tests.Examples of key performance indicators Backlog of work in progressAmount of return itemsIncreased disputes regarding accounts receivable or accounts payableSurveys of customer satisfactionEmployee abs

15、enteeismDecreased productivityInformation processing errorsIncreased delays in important processes .Residual risk The remaining risk after management has taken action to alter the risks likelihood or impact.Linkage to direct tests of account balances If the auditor concludes there is a high risk of

16、material misstatement auditor mustSet materiality at an appropriate levelUse procedures appropriate for the level risk to examine the account balance.The auditor is required to assess the appropriateness of the accounting methods used by managementGuidelines to evaluate appropriateness include:Repre

17、sentational faithfulness - does the accounting reflect the economic substance of the transactionsConsistency of application of GAAPAccounting estimates - based on proven models, reconciled to actual results, based on valid economic reasons? Quality of accounting principles used .Managing Detection &

18、 Audit Risk Adjusting audit staff to reflect risk associated with a clientDeveloping direct tests of account balances consistent with detection riskAnticipating potential misstatements likely associated with account balancesAdjusting the timing of audit tests to minimize overall audit risk.签约风险管理签约风

19、险管理的意义签约风险管理中对客户的思索签约风险管理所需信息的获得签约风险管理中对本身要素的思索.审计业务商定书What is an engagement letter?Executory contract between the auditor and clientWhy is it necessary?To document terms of the audit and minimize misunderstandings.Do you know a lawsuit case?The letter is written by the auditor to the client, then s

20、igned by both. When should the letter be signed?Before or after the predecessor/successor auditor communication?Before or after the audit procedures?Must an engagement letter be in a written form?.1 Tenants corporation vs. Rothenberg case Tenants are the ownersManaged by third party realtorCPAs main

21、tained accounting books (book keeping)Sued for failure to discover defalcations of management Confusion between the role of CPA and AuditorLessonsCPAs are supposed to audit the financial statements (Expectation Gap) Engagement letterAlert for any sign of defalcationReport any sign of fraud to owners

22、, regardless of services rendered.1 Tenants Corporation CPA firmA realtor (president: Rothenburg)Only book keepingNo Audit serviceRothenburg stole $130,000. The auditor did not report the Rothenbergs fraud to the managements of 1 Tenants CorpororationCompilation fee: $600Courts judgment: pay $230,00

23、0 to the 1 Tenants Corp.Managed byHiredOral agreement.LessonsCPAs are supposed to audit the financial statements (Expectation Gap) Engagement letterAlert for any sign of defalcationReport any sign of fraud to owners, regardless of services rendered.Engagement Risk 签约风险管理是最重要的审计决策之一。被审计企业运营失败或者其财务报表中

24、存在审计人无法发现的艰苦错报，往往引发审计诉讼。签约风险管理的目的是排除高风险客户，从源头控制审计风险。.综合思索 一切的审计都不能够提供100%的保证； 审计人是在猛烈竞争的市场中竞争客户； 审计人有义务满足社会对财务报告以及审计的期望； 审计人应该开展审计方法面对高风险； 审计人可以坚持高度的职业疑心心去发现重要的错报。.Factors AffectQuality of the clients corporate governanceClients financial healthClients economic prospects.Corporate Governance企业外部的一切者

25、和债务人等对企业实施控制并要求企业履行经管责任的过程。公司治理的质量反映了运营者履行经管责任的质量和财务报告的质量。.The key factors an auditor will analyze 运营者的老实性董事会和审计委员会的独立性及才干ERM以及内部控制的质量法律和报告要求的遵守主要利害关系者参与企业运营的程度关联方买卖.Why the financial health审计之后被审计企业恳求破产添加审计人被起诉的能够性审计人需求经过评价了解：运营者能否具有制造财务报表错报的动机识别能够错报的领域识别不正常的账户余额.Economic Prospects High-risk compan

26、ies are generally characterized by 营运资本缺乏；缺乏长期战略和运营方案；市场进入本钱低；依赖于有限的产品提供；依赖于将要过时的技术；未来的现金流量不稳定；有不恰当会计处置的历史；遭到过外部监管机构的调查。.签约管理信息前后任审计人的沟通向其他人员讯问 Any communications between the predecessor and management or audit committee regarding fraud, illegal acts or internal control matte .Why?To identify client

27、s reasons for an audit Competency of the prior auditor Hunting for opinion Prior CPA left the client because of illegal acts. Support beginning balances What if not sure about the beginning balance?Communicate with Predecessor Auditors.Procedures of predecessor and successor auditor communicationthe

28、 successor is required to initiate the communicationthe client must give permission for the communication What if a client does not give permission? Are the predecessor required to respond? What if a predecessor auditor does not respond?.Audit CommitteeAudit committee is responsible for appointment,

29、 compensation and oversight of auditorsArrangements for the audit should be made through contact with the companys audit committeeRequired by NYSE and NASDAQConsists of at least 3 independent (outside) directorsAudit committee members should not receive any consulting, advisory or other compensatory

30、 fees from the companyAudit committee members should be financially literate.Are we independent?Are we technically competent?Is client reputable? client lacking integrity- financially unstable client client unable to pay audit fees- Why do they want us?What would be the major question in client acce

31、ptance? Whatpotentialclient might theauditor turndown?.- training and overall experience- industry and client experience- supervision- need for specialistsAre we technically competent?.Components of Engagement LetterName of the clientstatements to be auditedscope of the services including any limita

32、tionsthe auditors responsibility for detecting fraudobligation of the clients staff in preparing schedules and statementsfees or method of determining feeprovisions for clients acceptance signature and date The more specific, the better .审计风险管理审计风险概述审计重要性审计风险评价和控制.审计风险概述审计风险的概念 审计风险的要素审计风险的实际模型 审计风险

33、模型的界限 .What is audit risk? Audit risk is the risk that an auditor may issue an unqualified opinion on materially misstated financial statements.审计风险的要素 固有风险 控制风险 环境风险 检查风险.Inherent Risk财务报表工程受会计偏向、如错误或舞弊影响的能够性，指假定被审计企业不存在相关内部控制政策或程序的情况下，某一账户或买卖类别产生艰苦错报的能够性。 some accounts, components, cycles are inhe

34、rently riskier than others.Control RiskThe risk that material misstatements will not be prevented or detected by internal controls.控制风险的特点控制风险程度与被审计企业的内部控制程度有关。控制风险不能够为零。不同买卖循环的控制风险的程度能够不同。.Sampling riskauditor samples Non-sampling riskauditors may select ineffective audit proceduresauditors may app

35、ly procedures ineffectivelyauditors may incorrectly evaluate the results of proceduresDetection Risk a risk that material misstatements will not be detected by the audit procedures.抽样风险抽样风险是审计人根据抽样结果得出的结论与审计对象总体特征不相符合的能够性，原因于抽样的不确定性，与样本不能代表总体有关。 .非抽样风险非抽样风险是指审计人因采用不恰当的审计程序或方法，或因误解审计证据等而未能发现艰苦误差的能够性，

36、原因于证据评价错误等察看上的问题。.Non-Sampling Risk is the Primary Culprit 2003年SEC公布的SOX704条报告分析审计失败的缘由后指出对非经常性事项、期末买卖或者关联方买卖未能坚持应有的职业疑心心professional skepticism，没有获得充分适当的证据资料支持他们关于财务报表的意见是审计人被指控的最主要缘由。.图表8-2 SEC的审计失败缘由分析Failure to obtain sufficient, competent evidential matter to support audit opinion（37）Failure t

37、o exercise professional skepticism on unusual, last minute, or related party transactions(30)Failure to maintain independence(19)Failure to respond adequately to red flags(16)Failure to communicate adequately with predecessor auditor6Failure to supervise assistants(4)Failure to respond adequately to

38、 internal controls deficiencies)(3)Failure to perform appropriate inventory observations(2)Failure to confirm account receivables Sufficiently(2). the greater the certainty the auditor wants to achieve98%thegreaterthe amountof auditevidenceandcoststhelowerthe audit risk2%.Audit Risk VS. Engagement R

39、isk审计风险和签约风险之间存在着反向关系。假设审计人接受了具有较高签约风险的审计业务，审计人需求执行相应严厉的审计，为此审计人需求把审计风险程度设置在较低的程度上。反之，假设签约风险比较低，那么审计人可以设置较高的审计风险程度。.audit risk model =xxaudit riskinherent riskcontrol riskdetection riskRisk that material misstatements has occurredRisk that auditors do not detect the misstatement.检查风险的特点 DR =AR IR x

40、CR检查风险与环境风险之间存在着反比的关系。因此，虽然审计人无法控制环境风险，但审计人可以经过必要的审计程序来分析和判别固有风险程度，根据被审计企业的内部控制的健全性和有效性情况，估计控制风险程度，方案可接受的检查风险程度，使审计风险降低到可接受的程度。检查风险的程度直接决议本质性审计的严厉程度。检查风险程度越低，本质性测试的严厉程度越高。 .例子 审计人关于某个特定财务报表工程所能接受的审计风险程度为3%，并估计该财务报表工程的固有风险为90%，当控制风险分别为80%和20%时： 第一种情况 第二种情况 AR: 3% 3% IR: 90% 90% CR: 80% 20% DR: 4.17%

41、16.70%.解释第一种情况表示，要使审计风险控制在3%以内，必需将检查风险控制在4.17%以内，也就是说，所方案的测试范围要足够大到至少要保证审计有效性的水准到达96%。在第2种情况下，同样的审计风险水准所必要的审计程序有效性只需到达84%即可，相对于第1种情况而言测试范围可以大幅度地减少。.Audit Risk Model: Limitations Inherent risk is difficult to formally assessAudit risk is subjectively determinedThe model treats each risk component as

42、separate and independent when clearly, this is not the caseAudit technology is not so precise that each component can be accurately assessed.Materiality重要性的意义重要性的概念 重要性及其运用 .Audit Risk VS. Engagement Risk审计风险和签约风险之间存在着反向关系。假设审计人接受了具有较高签约风险的审计业务，审计人需求执行相应严厉的审计，为此审计人需求把审计风险程度设置在较低的程度上。反之，假设签约风险比较低，那么审

43、计人可以设置较高的审计风险程度。. the greater the certainty the auditor wants to achieve98%thegreaterthe amountof auditevidenceandcoststhelowerthe audit risk2%.Materiality is the magnitude of omitted or misstated information that probably would have made a difference in the judgment of someone relying on that infor

44、mation (FASB 2).What ismateriality?.three significant dimensions错报的金额：重要性的程度和金额的大小有关；对照环境：重要性的程度取决于被审计企业的运营规模和业务性质。对信息运用者的影响：impact on potential users and the type of judgments made.$1000 - WOW!$1000.peanutsFactors affecting the preliminary judgment about materiality .Circumstances and User impact ：

45、舞弊或违法行为呵斥的错报比同样金额的错误呵斥的错报重要；与合同条款例如债务协议中的比率有关的细小差别也能够是重要的；单个账户的不重要的错报能够累计为重要的财务报表错报。 Factors affecting the preliminary judgment about materiality.SEC staff accounting bulletin #99 故意的错误计量引起的错报； 改动收益趋势的错报； 到达扭亏为赢或者相反目的的错报； 重要分部或业务发生的错报； 违反法规的错报； 借以满足债务契约的错报； 关系到管理者报酬的错报； 隐蔽非法买卖的错报。.重要性及其运用确定财务报表层次的重要

46、性 确定账户买卖层次的重要性程度 .Set Planning Materiality for the Statements as a Whole Not required to quantify Judgmental Rules of thumbs5% to 10% of net income before tax% to 1% of total asset% to 1% of total revenue1% of total equityMultiple bases of materialityE.g., net income is not misstated by $100,000, an

47、d total assets is not misstated by $300,000.materiality VS. volume of audit evidence (Audit cost)?“Investigate mis- statements over $1.A small materialityestimate will resultin more/less evidence.A large materialityestimate will resultin more/less evidence.“Investigate misstate- ments over $1,000,00

48、0.Allocate Planning Materiality Auditors initially set planning materiality for the statements as a whole, and then allocate this to individual accounts based on their susceptibility to misstatement .性质上的重要性判别普通应思索的事项包括：发生舞弊或者损失的能够性客观判别或者人为支配的容易程度账户本身的性质、如在建工程账户等数据计算以及记账的复杂性买卖本身的性质、如关联方买卖.图表8-3 财务报表

49、层次和账户买卖层次的重要性判别F/S项目金额金额重要总分类账户明细分类帐户性质重要综合重要性B/S货币资金 10,000现金本公司A子公司银行存款-其他货币资金-短期投资 1,000短期投资-跌价准备-应收票据 10,000应收票据-应收账款 35,000应收账款国内应收账款国外应收账款坏账准备预付账款400预付账款-存货8,000产成品-存货跌价准备-其他流动资产1,500内部往来- .Steps in Risk Assessments了解被审计企业的运营业务以及行业情况评价被审计企业所面临的风险及其对财务报表的影响初步评价被审计企业的财务报告内部控制.to identify related parties