Auditing Ritter 审计学基于的环境变化的概念ch04.pptVIP

Chapter 4 Audit Risk and Business Risk Define the Nature of Risk In this chapter, we identify four critical components of risk that affect the audit approach and audit outcome Enterprise risk - those that affect the operations and potential outcomes organization activities Engagement risk - comes with association with a specific client Financial reporting risk - those that relate directly to the recording transactions and the presentation of the financial statements Audit risk - risk an auditor may provide an unqualified opinion on financial statements that are materially misstated Each of these components can be managed The effectiveness of risk management processes will determine whether the company continues to exist Enterprise Risk Management (ERM) COSO defines ERM as a process effected by an entitys board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risks to within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives. Enterprise Risk Management (ERM) (Continued) COSO elements: Risk management environment: management culture and attitude towards risk Event identification: of events that may affect organizations ability to implement strategies or achieve objectives Risk assessment: to determine response Risk Response Control activities: policies and procedures designed to reduce risks and to assure managements directives and strategies are implemented Information and communication Monitoring An effective ERM process within an organization is designed to provide assurance that risks are identified, understood, and addressed Discuss Organizational Risk Responses Once risk has been identified and assessed, an organization has four choices: - Control the risk - Share or transfer the risk - Diversify against or avoid the risk - Accept the risk Depending on the circumstances, each of these