Matriculation No: Identity Card No.: Telephone No.: E-Mail: Learning Centre
Matriculation No: Identity Card No.: Telephone No.: E-Mail: Learning Centre
Matriculation No: Identity Card No.: Telephone No.: E-Mail: Learning Centre
< BACHELOR ACCOUNTING>
< JAN 2021>
< AUDIT II >
MATRICULATION NO : <960828016204001>
E-MAIL : <[email protected]>
Content
Pages
3.0 Identification of the risk assessment procedures………………… 9-10
1.0 Business risk defined as “the risk of financial loss due to changes in the competitive
environment or the extent to which the organization could timely adapt to these changes”
(Doff, 2004). Business risk is an event, circumstance or condition that may result in an
organization failing to achieve its objectives or adversely affect its strategy. For example, a
risk that a company might fail to improve sales, reduce costs or successfully launch a new
product under development. Most business risks impact a company’s financial statements. If
a company doesn’t correctly record the financial impact of business risk, its financial
statements will be materially misstated. Therefore, business risks are assessed by auditors as
part of risks are assessed by auditors as part of risk assessment activities and to design audit
procedures to detect the possible misstatements in the financial statements. Business risk
faced by companies, for example financing. A company may find itself in shortage of cash.
The management of the company may find themselves compelled to show better picture of
the business in the financial statements in order to secure additional financing. There will be a
risk of management bias in estimates and accounting policies. Next, businesses are at risk of
fraud being committed by management, employees or those outside the organization. Fraud
will most likely result in financial impact and therefore may result in a risk of material
company finding it difficult to stay in business. If the company’s financial statements are
prepared to going concern basis, there is a risk that the company might not actually be a
going concern and therefore the financial statements will be materially misstated. Finally,
businesses are exposed to the risk of being in the race for constantly improving technology.
Their methods, techniques and products will become outdated thus resulting in lost sales or
inefficient production. A new method of production may lead to superior quality products
material misstatement is that inventory is overstated in balance sheet and cost of sales
2.0 The increasing diversity of risks is considered one of the most important challenges
facing several organizations, impacting operations and their ability to achieve their
objectives. There are several real cases associated with business risk. First, the risks of CN
Group which is working at software outsourcing projects between Hong Kong and
Guangdong, discovers the casual relationship among the risk factors, and constructs
corresponding risk structure model with Interpretive Structural Modelling. Five original risk
factors are identified, including contracts risk, requirements definition and change, lack of
communication, political and legal environment differences and exchange rate fluctuations.
The analysis on risks of CN Group; the objectivity and universality of risk. As the uncertainty
of loss, a considerable part of the risk of CN Group cannot completely controlled. These
objective risks exist not only in software outsourcing project life cycle, but also in the
operations of CN Group. Although the CN Group wishes to fully understand and control risk,
but until now it can only change the conditions of risk, existence and occurrence, reduces risk
frequency and mitigates risk damage in limited space and time, but cannot eliminate it.
Secondly, the contingency of a particular risk and inevitability of several risks. In the
software outsourcing projects of CN Group, the occurrence of any specific risk is caused by
many risk factors and other factors together, thus it is a random phenomenon. However, some
risks can be controlled and forecasted through observation and statistical analysis of
substantial risk accident data. Next, the variability of risk. This refers to the various risks
changing in terms of quality and quantity in the entire project process. As the project goes on,
some risks will be controlled, some will occur and get handled and at the same time new risks
may rise in every stage of the project. Especially in large projects, due to more risk factors,
the variability of risk is much more pronounced. The diversity and multi-level of risk. These
5
software outsourcing projects have long life cycle, large-scale, broad scope and numerous
risk factors of various types, resulting in that various risks will be confronted in its entire life
cycle. Furthermore, the intrinsic relationships between risk factors are complex and cross-
impacts of various risk factor between and external factors endow the multilevel risks. After
the analysis, the software outsourcing business risks of CN Group constitute of factors in five
level structures which is the lowest level constitute of contract risk, lack of communication
and the risk of requirement definition change. They are the key factors affecting the
differences and exchange rate fluctuations are in the fourth layer, they are bottom of the risks
of CN Group especially the factors contract risk, lack of communication and the risk of
requirement definition and change occur in the early stages of operation of software
The factors of the second layer are the direct risk factors resulting CN Group to crisis,
including software outsourcing project risk, acquisition risk and marketing risk. Three risks
management but they are significant and correlative closely. The software outsourcing project
risk mainly due to losing control of milestones, research and development risk, after service
risk, cultural risk, The deeper reasons are CMMI implementation risk, the lack of client
support, human resources risk, contract risk, financial risk, inaccurate evaluation criteria,
contract risk and client risk. Furthermore, marketing risk mainly due to enterprise decision
making blunders risk, market risk, research and development risk and service risk. The
deeper reasons are financial risk, human resources risk, client risk, political and legal
mainly due to cultural differences, enterprise decision making blunders risk and market risk.
6
2.1 Jordan Valley Authority was founded in 1977 in accordance with Jordan Valley
Development Act No. 18 of 1977 and subsequently replaced by Law No.11 of 1988,
bestowing the authority with wide powers to carry out acts of integrated economic and social
development in the Jordan area. The analysis of the risk of Jordan Valley Authority noted as:
no scale is used to prioritize risk which there is no indication used to categorize risk based on
importance or effect, no relationships have been established between risk and its effect on
objectivity of the risk, most of the risks described by a formula reflect problems rather than
actual risk : 2 examples which is corruption and nepotism- a problem becomes a risk if a
effect on organization objectives. The observation can be generalized to most risks. The
second example is increasing demand for water- a problem turns into risk if demand for water
reaches a certain level determined by the Water and Electricity Authority’s management.
Furthermore, most risk indicators were formulated in a way that does not help in detecting
risk, mainly because the indicators are descriptive and too general, most risk indicators do not
show the effect applied to reduce the level of risk or process when it occurs, responsibility for
funding is a risk that is not clearly defined because it involves external and internal actors
with no standard specifying the size of the risk and the lack of funding and budgeting for risk
management. In addition, the obstacles and difficulties faced by risk management in the
Jordan Valley Authority which is lack of understanding of risk and its measurement tools,
and the inadequate application of some of the risk management tools in operation, no
database for risk to date which there is no fixed database that hold information about possible
risks, problems that the organization encountered or how they were resolved, lack of clarity
in understanding how to apply the methods needed to address a threat; the small amount of
7
knowledge the organization had about facing threats was implicit in the minds of managers
where there is no documentation of these experiences, no clear philosophy for how to deal
with risk in Authority departments, lack of procedural plans to translate the general risk-
management plan to describe the roles and responsibilities of everyone before, during, after
the risk became a problem and at last no section or group responsible for managing risk in
2.2 The Santander Group is a banking group centred on Banco Santander, the largest bank
in the Eurozone and one of the largest banks in the world in terms of market capitalisation. It
variety of risks. The Bank is exposed to market risk mainly as a result of the following
activities; Trading in financial instruments, which involves interest rate, foreign exchange
rate, equity price and volatility risks, engaging in retail banking activities, which involves
interest rate risk because a change in interest rates affects interest income, interest expense
and customer behaviour, investing in assets whose returns or accounts are denominated in
currencies other than the real, which involves foreign exchange rate risk, investing in
subsidiaries and other companies, which subjects the Bank to equity price risk and all trading
and non-trading activities, which involve liquidity risk. Furthermore, the perimeter for
measuring, controlling and monitoring the area of Financial Risks covers those operations
where equity risk is assumed. The risk comes from the change in interest rates, exchange
rates, shares, the spread on loans, raw material prices and from the volatility of these
elements, as well as the liquidity risk of the various products and markets in which the group
operates. The finality of the risk, activities are segmented in following way: Trading this
includes financial services for customers and the buying and selling and positioning mainly in
fixed-income, equity and currency products. Balance Sheet Management interest rate and
liquidity risk comes from mismatches between maturities and repricing of assets and
8
liabilities. It also includes active management of credit risk inherent in the groups balance
sheet. Besides, structural risks: exchange rate risk, due to the currency in which the
investment is made, both companies that consolidate and exchange rate risk arising from the
hedging of future results generated in currencies other than the euro. Structural equity covers
equity stake investments in financial and non-financial companies that do not consolidate,
generating risk in equities, The treasury area is responsible for managing the taking of these
structural risks, applying standardised methodologies, adapted to each market where the
group operates in the are of convertible currencies, financial management directly manages
the parent bank’s risks and coordinates management of the rest of the units which operate in
these currencies. The management decisions for these risks are taken by each country’s
ALcO committee and, in the last instances, by the markets committee of the parent bank. The
aim of financial management is to inject stability and recurrence into the net interest margin
of commercial activity and the group’s economic value by maintaining appropriate levels of
liquidity and solvency. Each of these activities is measure and analysed with different tools in
order to show in the most precise way their risk profile. Finally, Santander’s credit risks as
the risk transfer understood as the possibility of barriers in the currency exchange of values
contracts or other transactions of a similar nature and the possibility of losses associated to
the failure of contractual financial obligations in accordance with the case by the
intermediated.
2.3 Incorporating Enterprise risk in the business model innovation process, Professor
Robert S. Kaplan linked the financial crisis with firm’s behaviour and argued that apart from
interest rates and regulatory problems virtually all the failures at those firm’s were because of
the failure of their risk management function. That is, CEO were fired, and companies
collapsed because they took higher risks than they could afford and were not prepared for or
9
failed to identify and respond adequately to the magnitude of the crisis. Business is more
difficult to than ever, economic trends and market changes are hardly predictable, and
globalization has created ever more complex business environments. Most innovation efforts
have traditionally been focused on developing new products to a lesser extent, process
technologies, companies are increasingly considering their entire business model as an object
for innovation. The IBM global CEO study 2006 held among 765 top CEO’s indicated that
competitive pressures had pushed business model innovation much higher the expected on
industrial priority lists and 30 percent of CEO were pursuing business model innovation
initiatives. Finally, Enterprise Risk Management attempts to capture and reduce the effects of
business complexity and uncertainly by providing a broad framework for managing risks.
3.0 Risk assessment procedures are performed to obtain an understanding of a company and
its environment, including the firm’s internal control to identify and assess the risks of
material misstatement of the financial statements, whether due to fraud or error. These
procedures usually take place before your fiscal year has been completed and include various
procedures such as inquiries with management and other selected employees, analytical
controls have been implemented. First, making inquiries of management and others within
the entity which auditors may have discussions with then client’s management about its
objectives and expectations and its plans for achieving those goals. Furthermore, auditors’
judgment may have information that is likely to assist in identifying risks of material
misstatement due to fraud or error. Much of the information obtained by the auditor’s
inquiries is obtain from management and those responsible for financial reporting. However,
the auditor may also obtain information or a different perspective in identifying risks of
material misstatement, through inquiries of others within entity, internal audit personnel,
production and other employees with different level of authority. In deciding others within
10
the entity to whom inquiries may be directed and the extent of those inquiries, the auditor
considers what information may be obtained that could help the auditor in identifying risks of
or recording complex or unusual transactions may help the auditor in evaluating the
directed towards marketing or sales personnel may relate to changes in the entity’s marketing
strategies, sales trends or contractual arrangements with its customers. Secondly, the
analytical procedures performed as risk assessment procedures may identify aspects of the
entity of which the auditors were unaware and may assist in assessing the risk of material
misstatement in order to provide a basis for designing and implementing responses to the
assessed risks. Analytical procedures performed as risk assessment procedures may include
both financial and non-financial information, for example, the relationship between sales and
square footage of selling space or volume of goods sold. Analytical procedures performed as
risk assessment procedures and help the auditor in identifying unusual transactions or
positions, amounts, ratios and trends that might indicate matters that have financial statement
and audit implications. The third and fourth risk assessment procedures are observation and
inspection. Observation and inspection procedures may support inquiries of management and
others, may also provide information about the entity and its environment. Examples of audit
procedures include observation or inspection such as; the entity’s operations, documents
such as business plans and strategies, records, internal control manuals, reports prepared by
management such as quarterly management reports and interim financial statement, charged
with governance such as minutes of board of directors meetings and the entity’s premises and
plant facilities.
4.0 Risk assessment procedures enhance the company’s understanding of exposures that are
expected to potentially challenge the firm and treating risk as an opportunity than as a threat
11
only. The procedures support a sound decision making, which ultimately improve firm’s
performance. The better the firm understand its inherent risks the greater confidence it will
develop in order to pursue opportunities. Risk assessment has many benefits for firms,
including helping with future planning, saving money, gaining operational benefits and more.
Audit risk assessment procedures improve firm performance by analytics financial statement.
Before delivering financial statements to the company being audited, auditors evaluate
whether the overall financial statement presentation appears reasonable considering financial
and nonfinancial data. Analytical procedures are often more efficient than traditional, manual
audit testing procedures, which tend to require the company being audited to produce
significant paperwork. Traditional procedures also typically require substantial time to verify
account balances and transactions. Next, firm performance improve by assessing fraud
risks.The auditor has determined that there is evidence that there is evidence that fraud may
exist, that matter be brought to the attention of an appropriate level of management. This is
defalcation by an employee at a low level in the entity’s organization. Fraud involving senior
statements reported directly to the audit committee in a timely manner and prior to the
issuance of the auditor’s report. The auditor reaches an understanding with the audit
committee regarding the nature and extent of communications with the committee about
misappropriates by lower level employees. If the auditor, as a result of the assessment of the
risks of material misstatement, has identified fraud risks that have continuing control
implications whether transactions or adjustments that could be the result of fraud have been
detected, the auditor consider whether these risk represent significant deficiencies that
communicated to senior management and the audit committee. The auditor evaluates whether
the absence of or deficiencies in controls that address fraud risks or otherwise help prevent,
12
deter and detect fraud represent significant deficiencies or material weaknesses that should be
communicated to senior management and the audit committee. Besides, firm performance
improves by looking at the process or procedure being performed by others so that evidence
about the actual performance is obtain. However, observation provides evidence that is
limited to the point in time when it takes place and by the fact that being observed may
observation are the auditors’ attendance at the inventory counting by the entity’s staff and
examining records or documents whether internal or external, that held in various forms, such
records and documents provides audit evidence whose reliability depends on their nature and
source. Inspecting certain documents provide direct audit evidence of the existence of an
asset, for instance a financial instrument like a share or a bond where document itself
constitutes the asset. The inspection of tangible assets provides reliable audit evidence about
their existence. For example, the inspection of an executes contract provide evidence in
respect of entity’s application of accounting policies like revenue recognition. Finally, firm’s
written response to the auditor from a third party in paper form, electronic medium or other
account balances, payables and receivables but should not be restricted to such items only.
The auditors ask confirmation of the terms of agreements and transactions with third parties,
whether any changes to existing agreements has occurs or whether no additional conditions
5.0 References
Wan, Jiangping. (2010). Case study on Business Risk Management for Software Outsourcing
10.4236/ti.2010.14033.
Kot, Sebastian & Dragon, Przemysaw. (2015). Business Risk Management in International
5671(15)00978-8.
Ridha, Mahmood. (2015). Analysis and Measurement of Risks in Business: A Case Study on
Yariv, Taran, Harry Boer & Peter Lindgren (2013). Incorporating Enterprise Risk
Management in the Business Model Innovation Process. Journal of Business Model, Vol 1
No. 1, pp 38-60.
14
Doff, Rene (2008). Defining and measuring business risk an economic-capital framework.