Explain the four steps of the risk-based audit approach, and discuss how they ap

Question

Explain the four steps of the risk-based audit approach, and discuss how they apply to the overall security of a company. You are involved in the audit of accounts receivable, which represent a significant portion of the assets of a large retail corporation. Your audit plan requires the use of the computer, but you encounter the following reactions:
   For each situation, state how the auditor should proceed with the accounts receivable audit.
a.   The computer operations manager says the company’s computer is running at full capacity for the foreseeable future and the auditor will not be able to use the system for audit tests.
b.   The computer scheduling manager suggests that your computer program be stored in the computer program library so that it can be run when computer time becomes available.
c.   You are refused admission to the computer room.
d.   The systems manager tells you that it will take too much time to adapt the auditor’s computer audit program to the computer’s operating system and that company programmers will write the programs needed for the audit.

Explanation / Answer

The risk based audit approach is an overall approach that is directed towards that area of the financial statements that may contain misstatements as a consequence of the risk faced by the organisation .The Four Steps involved in risk based audit approach involves

1) Understanding of the Enviornment in which the BUsiness operates which means understanding the Industry , ownership Structure, regulatory envoirnment , Competitors etc.Understanding of the Internal control system is also important.

2) Identifying and Assessing the risk of MAterial Mismanagement through understanding the Entity and its Environment.

3) Responding to Identified risk - which reqires obtaining audit evidence regarding the assessed risk of MAterial Mismanagement and identifying the overall risk it may have on the financial report.

4) Concluding on the areas of risk - When Sufficient Appropriate risk has been obtained, the auditor can conclude on the overall risk of material mismanagement to financial report as a whole.

a)The Auditor should not buy this explanation and should arrange with company officials for access to the computer system.

b) Again it should not be permitted because the essential information and reports can easily be altered without the Auditor's Knowledge.

c) The Auditor should have access to all areas and records of the organisation and thus he cannot be refused access to the Computer room.

d) Again the auditor should insist on using their own computer audit programme as someone can conceal falsified data or records to their own benefit.

Related Questions

Navigate

• Browse (All)
• Browse E
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.