Matriculation No: Identity Card No.: Telephone No.: E-Mail: Learning Centre

Download as docx, pdf, or txt
Download as docx, pdf, or txt
You are on page 1of 14

1

< BACHELOR ACCOUNTING>

< JAN 2021>

< BBAA 4203 >

< AUDIT II >

MATRICULATION NO : <960828016204001>

IDENTITY CARD NO. : <960828016204>

TELEPHONE NO. : <018-4654028>

E-MAIL  : <[email protected]>

LEARNING CENTRE : <JOHOR>


2

                                                    Content                                                  
Pages              

1.0 Definition of business risk ………………………………………….         3

2.0 Review of real cases associated with business risk……………………. 4-9

          
  3.0 Identification of the risk assessment procedures………………… 9-10

4.0 Discuss and analysis on how the audit risk assessment


procedures can improve firm performance………………………………………. 10-12

5.0 References ……………………………………………………………………. 13


3

1.0 Business risk defined as “the risk of financial loss due to changes in the competitive

environment or the extent to which the organization could timely adapt to these changes”

(Doff, 2004). Business risk is an event, circumstance or condition that may result in an

organization failing to achieve its objectives or adversely affect its strategy. For example, a

risk that a company might fail to improve sales, reduce costs or successfully launch a new

product under development. Most business risks impact a company’s financial statements. If

a company doesn’t correctly record the financial impact of business risk, its financial

statements will be materially misstated. Therefore, business risks are assessed by auditors as

part of risks are assessed by auditors as part of risk assessment activities and to design audit

procedures to detect the possible misstatements in the financial statements. Business risk

faced by companies, for example financing. A company may find itself in shortage of cash.

The management of the company may find themselves compelled to show better picture of

the business in the financial statements in order to secure additional financing. There will be a

risk of management bias in estimates and accounting policies. Next, businesses are at risk of

fraud being committed by management, employees or those outside the organization. Fraud

will most likely result in financial impact and therefore may result in a risk of material

misstatement in the financial statements. Furthermore, fierce competition may result in a

company finding it difficult to stay in business. If the company’s financial statements are

prepared to going concern basis, there is a risk that the company might not actually be a

going concern and therefore the financial statements will be materially misstated. Finally,

businesses are exposed to the risk of being in the race for constantly improving technology.

Their methods, techniques and products will become outdated thus resulting in lost sales or

inefficient production. A new method of production may lead to superior quality products

resulting in impairment of inventory already held by a business. The corresponding risk of


4

material misstatement is that inventory is overstated in balance sheet and cost of sales

understated in income statement.

2.0 The increasing diversity of risks is considered one of the most important challenges

facing several organizations, impacting operations and their ability to achieve their

objectives. There are several real cases associated with business risk. First, the risks of CN

Group which is working at software outsourcing projects between Hong Kong and

Guangdong, discovers the casual relationship among the risk factors, and constructs

corresponding risk structure model with Interpretive Structural Modelling. Five original risk

factors are identified, including contracts risk, requirements definition and change, lack of

communication, political and legal environment differences and exchange rate fluctuations.

The analysis on risks of CN Group; the objectivity and universality of risk. As the uncertainty

of loss, a considerable part of the risk of CN Group cannot completely controlled. These

objective risks exist not only in software outsourcing project life cycle, but also in the

operations of CN Group. Although the CN Group wishes to fully understand and control risk,

but until now it can only change the conditions of risk, existence and occurrence, reduces risk

frequency and mitigates risk damage in limited space and time, but cannot eliminate it.

Secondly, the contingency of a particular risk and inevitability of several risks. In the

software outsourcing projects of CN Group, the occurrence of any specific risk is caused by

many risk factors and other factors together, thus it is a random phenomenon. However, some

risks can be controlled and forecasted through observation and statistical analysis of

substantial risk accident data. Next, the variability of risk. This refers to the various risks

changing in terms of quality and quantity in the entire project process. As the project goes on,

some risks will be controlled, some will occur and get handled and at the same time new risks

may rise in every stage of the project. Especially in large projects, due to more risk factors,

the variability of risk is much more pronounced. The diversity and multi-level of risk. These
5

software outsourcing projects have long life cycle, large-scale, broad scope and numerous

risk factors of various types, resulting in that various risks will be confronted in its entire life

cycle. Furthermore, the intrinsic relationships between risk factors are complex and cross-

impacts of various risk factor between and external factors endow the multilevel risks. After

the analysis, the software outsourcing business risks of CN Group constitute of factors in five

level structures which is the lowest level constitute of contract risk, lack of communication

and the risk of requirement definition change. They are the key factors affecting the

successfulness of software outsourcing projects; although political and legal environment

differences and exchange rate fluctuations are in the fourth layer, they are bottom of the risks

of CN Group especially the factors contract risk, lack of communication and the risk of

requirement definition and change occur in the early stages of operation of software

outsourcing projects, having significant impact on the successfulness of CN Group’s project.

The factors of the second layer are the direct risk factors resulting CN Group to crisis,

including software outsourcing project risk, acquisition risk and marketing risk. Three risks

separately belong to the project management, marketing management and enterprise

management but they are significant and correlative closely. The software outsourcing project

risk mainly due to losing control of milestones, research and development risk, after service

risk, cultural risk, The deeper reasons are CMMI implementation risk, the lack of client

support, human resources risk, contract risk, financial risk, inaccurate evaluation criteria,

contract risk and client risk. Furthermore, marketing risk mainly due to enterprise decision

making blunders risk, market risk, research and development risk and service risk. The

deeper reasons are financial risk, human resources risk, client risk, political and legal

environment differences and exchange rate fluctuations. Finally, merger/acquisition risk

mainly due to cultural differences, enterprise decision making blunders risk and market risk.
6

2.1 Jordan Valley Authority was founded in 1977 in accordance with Jordan Valley

Development Act No. 18 of 1977 and subsequently replaced by Law No.11 of 1988,

bestowing the authority with wide powers to carry out acts of integrated economic and social

development in the Jordan area. The analysis of the risk of Jordan Valley Authority noted as:

no scale is used to prioritize risk which there is no indication used to categorize risk based on

importance or effect, no relationships have been established between risk and its effect on

organization objectives, the degree of risk is identified based on meetings conducted by

managers without consensus support of quantitative indicators to show the accuracy ad

objectivity of the risk, most of the risks described by a formula reflect problems rather than

actual risk : 2 examples which is corruption and nepotism- a problem becomes a risk if a

certain percentage of staff become corrupted or perform nepotism, resulting in a negative

effect on organization objectives. The observation can be generalized to most risks. The

second example is increasing demand for water- a problem turns into risk if demand for water

reaches a certain level determined by the Water and Electricity Authority’s management.

Furthermore, most risk indicators were formulated in a way that does not help in detecting

risk, mainly because the indicators are descriptive and too general, most risk indicators do not

show the effect applied to reduce the level of risk or process when it occurs, responsibility for

funding is a risk that is not clearly defined because it involves external and internal actors

with no standard specifying the size of the risk and the lack of funding and budgeting for risk

management. In addition, the obstacles and difficulties faced by risk management in the

Jordan Valley Authority which is lack of understanding of risk and its measurement tools,

and the inadequate application of some of the risk management tools in operation, no

database for risk to date which there is no fixed database that hold information about possible

risks, problems that the organization encountered or how they were resolved, lack of clarity

in understanding how to apply the methods needed to address a threat; the small amount of
7

knowledge the organization had about facing threats was implicit in the minds of managers

where there is no documentation of these experiences, no clear philosophy for how to deal

with risk in Authority departments, lack of procedural plans to translate the general risk-

management plan to describe the roles and responsibilities of everyone before, during, after

the risk became a problem and at last no section or group responsible for managing risk in

preventing and treating plans; no way to monitor risk management implementation.

2.2 The Santander Group is a banking group centred on Banco Santander, the largest bank

in the Eurozone and one of the largest banks in the world in terms of market capitalisation. It

originated in Santander, Cantabria, Spain. Banco Santander’s operations are subject to a

variety of risks. The Bank is exposed to market risk mainly as a result of the following

activities; Trading in financial instruments, which involves interest rate, foreign exchange

rate, equity price and volatility risks, engaging in retail banking activities, which involves

interest rate risk because a change in interest rates affects interest income, interest expense

and customer behaviour, investing in assets whose returns or accounts are denominated in

currencies other than the real, which involves foreign exchange rate risk, investing in

subsidiaries and other companies, which subjects the Bank to equity price risk and all trading

and non-trading activities, which involve liquidity risk. Furthermore, the perimeter for

measuring, controlling and monitoring the area of Financial Risks covers those operations

where equity risk is assumed. The risk comes from the change in interest rates, exchange

rates, shares, the spread on loans, raw material prices and from the volatility of these

elements, as well as the liquidity risk of the various products and markets in which the group

operates. The finality of the risk, activities are segmented in following way: Trading this

includes financial services for customers and the buying and selling and positioning mainly in

fixed-income, equity and currency products. Balance Sheet Management interest rate and

liquidity risk comes from mismatches between maturities and repricing of assets and
8

liabilities. It also includes active management of credit risk inherent in the groups balance

sheet. Besides, structural risks: exchange rate risk, due to the currency in which the

investment is made, both companies that consolidate and exchange rate risk arising from the

hedging of future results generated in currencies other than the euro. Structural equity covers

equity stake investments in financial and non-financial companies that do not consolidate,

generating risk in equities, The treasury area is responsible for managing the taking of these

structural risks, applying standardised methodologies, adapted to each market where the

group operates in the are of convertible currencies, financial management directly manages

the parent bank’s risks and coordinates management of the rest of the units which operate in

these currencies. The management decisions for these risks are taken by each country’s

ALcO committee and, in the last instances, by the markets committee of the parent bank. The

aim of financial management is to inject stability and recurrence into the net interest margin

of commercial activity and the group’s economic value by maintaining appropriate levels of

liquidity and solvency. Each of these activities is measure and analysed with different tools in

order to show in the most precise way their risk profile. Finally, Santander’s credit risks as

the risk transfer understood as the possibility of barriers in the currency exchange of values

received, the possibility of disbursements to honour guarantees, sureties, commitments credit

contracts or other transactions of a similar nature and the possibility of losses associated to

the failure of contractual financial obligations in accordance with the case by the

intermediated.

2.3 Incorporating Enterprise risk in the business model innovation process, Professor

Robert S. Kaplan linked the financial crisis with firm’s behaviour and argued that apart from

interest rates and regulatory problems virtually all the failures at those firm’s were because of

the failure of their risk management function. That is, CEO were fired, and companies

collapsed because they took higher risks than they could afford and were not prepared for or
9

failed to identify and respond adequately to the magnitude of the crisis. Business is more

difficult to than ever, economic trends and market changes are hardly predictable, and

globalization has created ever more complex business environments. Most innovation efforts

have traditionally been focused on developing new products to a lesser extent, process

technologies, companies are increasingly considering their entire business model as an object

for innovation. The IBM global CEO study 2006 held among 765 top CEO’s indicated that

competitive pressures had pushed business model innovation much higher the expected on

industrial priority lists and 30 percent of CEO were pursuing business model innovation

initiatives. Finally, Enterprise Risk Management attempts to capture and reduce the effects of

business complexity and uncertainly by providing a broad framework for managing risks.

3.0 Risk assessment procedures are performed to obtain an understanding of a company and

its environment, including the firm’s internal control to identify and assess the risks of

material misstatement of the financial statements, whether due to fraud or error. These

procedures usually take place before your fiscal year has been completed and include various

procedures such as inquiries with management and other selected employees, analytical

procedures, observations of controls in operation and inspection of documents to show

controls have been implemented. First, making inquiries of management and others within

the entity which auditors may have discussions with then client’s management about its

objectives and expectations and its plans for achieving those goals. Furthermore, auditors’

judgment may have information that is likely to assist in identifying risks of material

misstatement due to fraud or error. Much of the information obtained by the auditor’s

inquiries is obtain from management and those responsible for financial reporting. However,

the auditor may also obtain information or a different perspective in identifying risks of

material misstatement, through inquiries of others within entity, internal audit personnel,

production and other employees with different level of authority. In deciding others within
10

the entity to whom inquiries may be directed and the extent of those inquiries, the auditor

considers what information may be obtained that could help the auditor in identifying risks of

material misstatement. For example, inquiries of employees involved in initiating, processing

or recording complex or unusual transactions may help the auditor in evaluating the

appropriateness of the selection and application of certain accounting policies, inquiries

directed towards marketing or sales personnel may relate to changes in the entity’s marketing

strategies, sales trends or contractual arrangements with its customers. Secondly, the

analytical procedures performed as risk assessment procedures may identify aspects of the

entity of which the auditors were unaware and may assist in assessing the risk of material

misstatement in order to provide a basis for designing and implementing responses to the

assessed risks. Analytical procedures performed as risk assessment procedures may include

both financial and non-financial information, for example, the relationship between sales and

square footage of selling space or volume of goods sold. Analytical procedures performed as

risk assessment procedures and help the auditor in identifying unusual transactions or

positions, amounts, ratios and trends that might indicate matters that have financial statement

and audit implications. The third and fourth risk assessment procedures are observation and

inspection. Observation and inspection procedures may support inquiries of management and

others, may also provide information about the entity and its environment. Examples of audit

procedures include observation or inspection such as; the entity’s operations, documents

such as business plans and strategies, records, internal control manuals, reports prepared by

management such as quarterly management reports and interim financial statement, charged

with governance such as minutes of board of directors meetings and the entity’s premises and

plant facilities.

4.0 Risk assessment procedures enhance the company’s understanding of exposures that are

expected to potentially challenge the firm and treating risk as an opportunity than as a threat
11

only. The procedures support a sound decision making, which ultimately improve firm’s

performance. The better the firm understand its inherent risks the greater confidence it will

develop in order to pursue opportunities. Risk assessment has many benefits for firms,

including helping with future planning, saving money, gaining operational benefits and more.

Audit risk assessment procedures improve firm performance by analytics financial statement.

Before delivering financial statements to the company being audited, auditors evaluate

whether the overall financial statement presentation appears reasonable considering financial

and nonfinancial data. Analytical procedures are often more efficient than traditional, manual

audit testing procedures, which tend to require the company being audited to produce

significant paperwork. Traditional procedures also typically require substantial time to verify

account balances and transactions. Next, firm performance improve by assessing fraud

risks.The auditor has determined that there is evidence that there is evidence that fraud may

exist, that matter be brought to the attention of an appropriate level of management. This is

appropriate even if the matter might be considered inconsequential, such as a minor

defalcation by an employee at a low level in the entity’s organization. Fraud involving senior

management or other employees that causes a material misstatement of the financial

statements reported directly to the audit committee in a timely manner and prior to the

issuance of the auditor’s report. The auditor reaches an understanding with the audit

committee regarding the nature and extent of communications with the committee about

misappropriates by lower level employees. If the auditor, as a result of the assessment of the

risks of material misstatement, has identified fraud risks that have continuing control

implications whether transactions or adjustments that could be the result of fraud have been

detected, the auditor consider whether these risk represent significant deficiencies that

communicated to senior management and the audit committee. The auditor evaluates whether

the absence of or deficiencies in controls that address fraud risks or otherwise help prevent,
12

deter and detect fraud represent significant deficiencies or material weaknesses that should be

communicated to senior management and the audit committee. Besides, firm performance

improves by looking at the process or procedure being performed by others so that evidence

about the actual performance is obtain. However, observation provides evidence that is

limited to the point in time when it takes place and by the fact that being observed may

influence how the process or procedure is performed on such occasion. Examples of

observation are the auditors’ attendance at the inventory counting by the entity’s staff and

observing the performance of control activities, Furthermore, firm performance improve by

examining records or documents whether internal or external, that held in various forms, such

as paper, electronic or similar, on the physical assessment of an asset. The inspection of

records and documents provides audit evidence whose reliability depends on their nature and

source. Inspecting certain documents provide direct audit evidence of the existence of an

asset, for instance a financial instrument like a share or a bond where document itself

constitutes the asset. The inspection of tangible assets provides reliable audit evidence about

their existence. For example, the inspection of an executes contract provide evidence in

respect of entity’s application of accounting policies like revenue recognition. Finally, firm’s

performance improves by external confirmation, audit evidence that is obtained as a direct

written response to the auditor from a third party in paper form, electronic medium or other

medium. External confirmation is normally used when confirming assertions relating to

account balances, payables and receivables but should not be restricted to such items only.

The auditors ask confirmation of the terms of agreements and transactions with third parties,

whether any changes to existing agreements has occurs or whether no additional conditions

are attached to an agreement, perhaps in a separate document.


13

5.0 References

Wan, Jiangping. (2010). Case study on Business Risk Management for Software Outsourcing

Service Provider with ISM. Technology and Investment. 01. 257-266.

10.4236/ti.2010.14033.

Kot, Sebastian & Dragon, Przemysaw. (2015). Business Risk Management in International

Corporations. Procedia Economics and Finance. 27. 102-108. 10.1016/S2212-

5671(15)00978-8.

Ridha, Mahmood. (2015). Analysis and Measurement of Risks in Business: A Case Study on

the Jordan Valley Authority. European Journal of Business and Management.

Yariv, Taran, Harry Boer & Peter Lindgren (2013). Incorporating Enterprise Risk

Management in the Business Model Innovation Process. Journal of Business Model, Vol 1

No. 1, pp 38-60.
14

Doff, Rene (2008). Defining and measuring business risk an economic-capital framework.

Journal of Risk Finance. 9. 317-333. 10.1108/15265940810894990.

You might also like