本篇文章主要讲audit risk concept & audit risk assessment procedure。重点是为大家回答审计师评估审计风险时应采取的程序提供了思路。 \Bx�E0GGky
1. What is audit risk? �28PT1�9�&
Audit risk is the risk that the auditor expresses an inappropriate audit opinion when the financial statements are materially misstated. Q::6��|B,G
审计风险是指财务报表存在重大错报而审计师发表不恰当审计意见的风险。 ��_l!TcH+e
Audit risk has two major components. One is dependent on the entity, and is the risk of material misstatement arising in the financial statements (inherent risk and control risk). The other is dependent on the auditor, and is the risk that the auditor will not detect material misstatements in the financial statements (detection risk). Audit risk can be represented by the audit risk model: Wq]Lb:&�{a
审计风险包括两种风险。一种风险是重大错报风险,重大错报风险是指财务报表在审计前存在重大错报的可能性。重大错报风险与被审计单位的风险相关, 且独立存在于财务报表的审计。认定层次的重大错报风险又可以进一步细分为固有风险和控制风险。另一种风险是检查风险,检查风险取决于审计师,是指审计师未能发现这种重大错报的风险。审计风险可以用下面这个审计风险模型来表示: "]D2}E>U;�
Inherent risk is the susceptibility of an assertion to a misstatement that could be material individually or when aggregated with other misstatements, assuming there were no related internal controls. �iK�uS��k~
固有风险是指假设不存在相关的内部控制,某一认定发生重大错报的可能性,无论该错报单独考虑,还是连同其他错报构成重大错报。 �u�E{nnNZy
Control risk is the risk that a material misstatement that could occur in an assertion and that could be material, individually or when aggregated with other misstatements, will not be prevented or detected and corrected on a timely basis by the entity’s internal control. E;^����~�}
控制风险是指某项认定发生了重大错报,无论改错报单独考虑,还是连同其他错报构成重大错报,而该错报没有被企业的内部控制及时防止、发现和纠正的风险。 R}� aHo�0r
Detection risk is the risk that the procedures performed by the auditor to reduce audit risk to an acceptably low level will not detect a misstatement that exists and that could be material, individually or when aggregated with other misstatements. sDvtk]4o-4
检查风险是指某一认定存在错报,该错报单独或连同其他错报是重大的,但审计师未能发现这种错报的可能性。检查风险取决于审计程序设计的合理性和执行的有效性。由于审计师通常并不对所有的交易、账户余额和列报进行检查,以及其他原因,检查风险不可能降低为零。 !���&OybjQ
在既定的审计风险水平下,可接受的检查风险水平与认定层次重大错报风险的评估结果成反向关系。评估的重大错报风险越高,可接受的检查风险越低;评估的重大错报风险越低,可接受的检查风险就越高。 gsp|?�)�]x
2. Why is audit risk so important to auditors? fo30f�=^Gi
Audit risk is fundamental to the audit process because auditors cannot and do not attempt to check all transactions. It would be impossible to check all of these transactions, and no one would be prepared to pay for the auditors to do so, hence the importance of the risk‑based approach toward auditing. Traditionally, auditors have used a risk-based approach in order to minimise the chance of giving an inappropriate audit opinion, and audits conducted in accordance with ISAs must follow the risk‑based approach, which should also help to ensure that audit work is carried out efficiently, using the most effective tests based on the audit risk assessment. hM� @F|�t3
因为审计师不可能检查所有的交易,所以就有审计风险的存在。因此我们必须采用风险导向审计来减少审计师发表不恰当审计意见的风险,使得审计工作能够有效地执行。 F;^GhiQ�VS
3. ISA 200, Overall objectives of the independent auditor and the conduct of an audit in accordance with ISAs ��t9�B�]�V
References to audit risk are frequently made by ISA 200, and the standard also requires that the auditor shall plan and perform an audit with professional scepticism, recognising that circumstances might exist that may cause the financial statements to be materially misstated. �:3Hr�:�~
ISA 200要求审计师在计划和执行审计时保持职业怀疑的态度,识别可能导致财务报表重大错报的情况。 5n�'C6q "
Professional scepticism is an attitude that includes a questioning mind, being alert to conditions which may indicate possible misstatement due to error or fraud, and a critical assessment of audit evidence. N!&�$fh�Y)
职业怀疑态度是指审计师以质疑的思维方式评价所获取审计证据的有效性,并对相互矛盾的审计证据,以及引起对文件记录或管理层和治理层提供的信息的可靠性产生怀疑的审计证据保持警觉。 �l~�V��^
�
4. ISA 315 Identifying and assessing the risks of material misstatement through understanding the entity and its environment hZ@W�l6FG;
ISA 315 deals with the auditor’s responsibility to identify and assess the risks of material misstatement in the financial statements through an understanding of the entity and its environment, including the entity’s internal controls and risk assessment process. There are four stages in detail: Ad:)5R ��o
国际审计准则第315号《了解被审计单位及其环境和评估重大错报风险》关注的是审计师通过了解被审计单位及其环境,包括被审计单位的内部控制和风险评估的过程,来识别和评估财务报表的重大错报风险的责任。它主要包括四个步骤:
tMWs�gK.B
1.Risk assessment procedures Lg[_9���`\
风险评估程序 Ju�"*�>66�
ISA 315介绍了一个审计师应该遵循的整体步骤去对被审计单位有个充分的了解,来评估被审计单位的风险,并且在设计审计计划时考虑到这些风险。ISA 315同时也要求审计师执行评价风险程序来评估财务报表层次和认定层次的重大错报风险。在进行风险评估程序是有以下几种方式进行(这就是我们通常所说的’AEIOU’) a��m�K.H�"
a)Making inquiries of management and others within the entity {qHf%�y�&[
询问被审计单位管理层和内部其他相关人员 �F7zB�m53
询问被审计单位管理层和内部其他相关人员是审计师了解被审计单位及其环境的一个重要信息来源。审计师可以向管理层和财务负责人询问: �71ctjU`U2
管理层所关注的主要问题 &\,� ZtaB
被审计单位最近的财务状况、经营成果和现金流量 'rw���n�Ar
可能影响财务报告的交易和事项,或者目前发生的重大会计处理问题 0*KU"J
cXd
被审计单位发生的其他重要变化 m# ]V�dO'f
b)Analytical procedures J9
i�Q��W
实施分析性程序 ��OK}+:Y��
分析程序是指审计师通过研究不同财务数据之间以及财务数据与非财务数据之间的内在关系,对财务信息做出评价。分析程序还包括调查识别出的、与其他相关信息不一致或预期数据严重偏离的波动和关系。 n�-7�|{�1U
c)Observation and inspection �3t�lA!��e
观察和检查 3+��/{}r�v
观察和检查可以印证对管理层和其他相关人员询问的结果,并可提供有关被审计单位及其环境的信息。审计师应当实施下列观察和检查程序: r-$S�F�5uv
观察被审计单位的生产经营活动 �g&30��@D"
检查文件、记录和内部控制手册 D20n'>ddg�
阅读由管理层和治理层编制的报告 b�^X�q(q>5
实地察看被审计单位的生产经营场所和设备 ?�Rj)x%fN�
追踪交易在财务报告信息系统中的处理过程(穿行测试) *V��F�UC:
2.Understanding an entity ,nELWz�z%{
了解被审计单位及其环境 Gdd lB2L)x
ISA 315要求审计师了解被审计单位及其环境,包括被审计单位的内部控制系统。了解被审计单位及其环境非常重要,因为它能够帮助审计师识别重大错报风险,并设计和执行审计师针对风险评估水平应采取的程序。 �df�BTx6/F
3.Identification and assessment of significant risk and risks of material misstatement K�X�P^F6@l
识别和评估重大风险和重大错报风险 M#V�l�{ b
在确定风险的性质时,审计师应当考虑下列事项: C�1@6�r%YD
风险是否属于舞弊风险; E}V8�+f54S
风险是否与近期经济环境、会计处理方法和其他方面的重大变化有关; �O)qedy*�&
交易的复杂程度; �k��%?��fy
风险是否涉及重大的关联方交易; (@H��'7�,�
财务信息计量的主观程度,特别是对不确定事项的计量存在较大区间; :b&O{>�M]Y
风险是否涉及异常或超出正常经营过程的重大交易。 Jm�|eZD�p�
4.ISA 330 and responses to assessed risks }l/��!thzC
国际审计准则330号和针对风险评估水平应采取的程序 sILk�Tzs�w
指导审计师针对财务报表整体层次的重大错报风险评估水平做出整体反应,并且设计和执行针对交易或账户层次重大错报风险评估水平的审计程序。
tU02�t�#8
