What are the defects of traditional risk-oriented audit?

Audit mode is a combination of audit objectives, scope and methods. Its development has experienced accounting digital basic audit method, internal control-oriented audit method, traditional risk-oriented audit method and risk-oriented strategic system audit method. Based on my own learning experience, the author summarizes the characteristics and differences between risk-oriented audit and internal control-oriented audit, and shares them with colleagues.

Comparison of audit modes

Risk-oriented audit

Internal control-oriented audit

Content and scope of audit risk consideration

Risks in accounting systems and procedures, risk factors in control environment and external risks faced by enterprises.

Inherent risk, control risk and inspection risk, but do not consider the risks existing in the control environment.

Determine the basis of key audit areas

Results of risk assessment

the system of internal controls

procedure

First of all, analyze the inherent risk and control risk, determine the influencing factors of the reported items, and thus determine the time, nature and scope of the substantive procedures.

First evaluate the internal control system, and then determine the nature, time and scope of substantive procedures.

Audit focus

Analysis and Evaluation of Audit Risk

Analysis and Evaluation of Internal Control System

Application of internal control

Overall framework of internal control

Part of internal control

Handling of audit risk

Audit risk assessment runs through the whole audit process.

When sampling and implementing substantive procedures, consider controlling risks and checking risks.

Key points of validation and testing

Methods and behaviors adopted by management departments to reduce business risks

Control activities, and put forward relevant suggestions by testing internal control.

The focus of the report

Adequacy and effectiveness of risk reduction

Adequacy and effectiveness of internal control

Audit findings

Put forward appropriate suggestions to reduce risks.

Propose a new or improved control system.

Impact on the audited entity

On the basis of comprehensive evaluation of enterprises, the audit focus is determined, and suggestions are put forward for the main problems existing in the audited units.

It is suggested to strengthen internal control or add new internal control. It is suggested to add more control points, which may hinder the normal operation of the program.

Audit method

Understand the accounting system, internal control system and procedures, and consider the risks existing in the internal control environment and business environment.

I don't pay enough attention to analysis and testing, but only know the internal control parts, such as accounting system, internal control system and procedures.