Standards No.17: Relevance and Audit Risk
Introduction
Audit risk assessment is a critical part of the internal audit process. In Part I, Internal Audit Standards No.17 explains the purposes of, and the criteria for assessing audit risk and relevance. This article will provide an overview of the concepts of relevance and audit risk, and consider how these concepts can be applied to the internal audit process.
Relevance
The important concept of relevance is often overlooked in assessing audit risk. Relevance is the value which an audit adds by addressing the particular audit objectives, and the importance which is attached to the results of the audit in managing the organization. In order to ensure that the audit adds value, relevance must be determined at the planning stage of the audit.
Relevance can be measured in two ways:
1. by assessing the objectives, scope and methodology and verifying that they are relevant in achieving the desired results;
2. by assessing the results of the audit and their impact on the organization.
Audit risk
Audit risk is the possibility that the auditor will unknowingly fail to modify or detect a material misstatement in an audited financial statement. It is a risk that is inherent in any audit process and is generally calculated as a combination of three components:
1. Control Risk - this is a measure of the risk of fraud or error due to inadequate systems of internal control.
2. Detection Risk - this is a measure of the risk of fraud or error due to inadequate detection techniques.
3. Inherent Risk - this is a measure of the risk of fraud or error due to the complexity or novelty of the transaction.
In assessing audit risk, the auditor is responsible for analyzing the potential misstatement in the financial statements, evaluating the potential impact on the financial statements, and taking steps to reduce the risk that a material misstatement will remain undetected.
Applying relevance and audit risk
The application of relevance and audit risk to the internal audit process is essential. Relevance helps to ensure that the audit adds value by addressing the specific audit objectives, while audit risk ensures that the auditor is able to detect any misstatements that may affect the financial statements.
At the planning stage, the internal auditor must determine the relevance of the audit objectives, scope and methodology. This can be achieved by:
• Identifying the potential audit risks, particularly control, detection and inherent risks.
• Taking into account the company’s relevant information systems and processes, which may influence the assessment.
• Considering the potential impact of the outcome of the audit on the organization’s operations.
• Evaluating the potential impact of the audit findings on the financial statements.
The assessment of audit risk should take place throughout the audit process and should be part of the audit reporting process. The auditor should consider the nature of the audit risk and its potential impact on the financial statements. The auditor must also assess the extent to which the audit process was able to reduce the inherent risk of misstatement.
Conclusion
Audit risk assessment is a critical part of internal audit. The concepts of relevance and audit risk should be applied to the internal audit process to ensure that the audit is effective and adds value to the organization. This article has provided an introduction to the concept of relevance and audit risk and discussed its application to the internal audit process.