How is audit risk related to engagement risk?
Risk is the defining concept of an audit. Auditors examine businesses primarily to identify operational and financial risks. Both of these risk categories factor into a broader risk category, engagement risk. The 1995 Audit Risk Alert introduced the term engagement risk. It consists of three interrelated components: entity business risk, auditor business risk and audit risk. Show
Entity Business RiskAn company's business risk is the risk associated with its ongoing operation. This may include outside business and industry factors, macroeconomic variables or failed speculative ventures. The decisions of a company and its management factor heavily into this risk assessment. Audit Risk and Auditor’s Business RiskAudit risk is the risk that an auditor will provide an unqualified or clean opinion on financial statements that have been materially misstated or are otherwise inaccurate. Statement of Accounting Standards Number 47 defines an auditor’s business risk as the risk that the auditor “may be exposed to injury or loss … from litigation, adverse publicity, or other events arising in connection with financial statements that he has examined and reported on.” Engagement RiskEntity business risk, auditor business risk and audit risk threaten the reputation and effectiveness of the audit firm and contribute to overall engagement risk, which is the risk that an audit faces from association with a particular client. This includes the risk of material misstatement, the risk to one's reputation from being associated with a particular client, the inability of the client to pay the firm, or potential financial losses. Mitigating Engagement RiskWhen choosing whether to accept or continue serving a client, the audit firm should consider engagement risk and its three components. If a client is accepted, the audit must be planned so that the component risks are held to an acceptable level. Management integrity is a key factor in acceptable engagement risk. Reviewing prior-year audits, talking with previous auditors, and consulting independent sources such as industry and trade publications allow the auditor to assess management competence. Auditors should also consider the independence and composition of the board of directors. Auditors must evaluate risk processes and controls and regulatory reporting requirements. When reviewed alongside past financial reports, the auditor should begin to understand the financial health and integrity of the organization. If engagement risk is thought to be too high, the auditor should not serve the client. If an engagement is accepted, the auditor should continue to monitor engagement risk and react accordingly.
I am a corporate finance professional, with over ten years of experience in all facets of business management. I also have extensive experience with personal investment strategies, analysis, and planning. I have served as a bank examiner with the Federal Reserve, as a personal trust officer, and more recently as a corporate controller and senior financial analyst. I hold a BA in accounting and economics as well as an MBA in finance. Our sites
Useful links
Most popular
Auditing is a riskier profession than people realize. Every time you agree to take on an auditing engagement, it comes with potential risks: The risk you'll make a mistake, the risk the client will go out of business and the risk that someone will sue you. When considering a new engagement, or even one with an established client, you should evaluate the risks before taking the job. Audit Risk
Client Business Risk
Auditor Business Risk
Decisions
|