Talk about risk auditing in business management

I. Problems of risk auditing in business management activities

(I) Lack of risk concepts in the formulation of corporate strategy

Within the general structure of management control, the enterprise in the development of development strategy, business strategy, management strategy and other major strategies in the formulation process have been clearly defined in terms of specific objectives, methods and measures, the fact is that the enterprise in the formulation of the development strategy, there are investment risks and financial risks In fact, there are investment risk and financial risk in the development strategy of enterprises, there are marketing risk, product risk and brand risk in the business strategy, there are organizational risk, business risk, personnel risk in the management decision-making. And any one of the above strategies as long as the formation of risk, will bring the loss of competitiveness to the enterprise, stuck in business difficulties or produce the results of closure, bankruptcy. Such examples abound in the enterprise, the reasons for which vary, but one thing is certain, the enterprise did not carry out risk audits, the possibility of failure is greater than the enterprise has carried out risk audits.

(2) Lack of risk management design in management control

(1) Lack of design for external risks. External environmental factors that have a significant impact on the business activities of enterprises are mainly market factors, policy factors, legal factors and so on. If there is a lack of systematic control of the above risks in the enterprise's internal management control, the enterprise's business risks will certainly increase greatly. (2) Lack of internal risk prevention design. First, the enterprise in the investment, production, marketing, distribution and other aspects of the authorization is improper or out of control, so that the original internal control has been damaged. Secondly, in the people, property, goods and other value management links, some personnel desire for profit, loss of morality, *** with embezzlement, theft of corporate property, collusion, nest cases occur repeatedly, so that internal control is out of action. Third, in marketing, authorization, information processing, integrity and other management control due to the lack of mutual checks, so that the implementation of the management system appears "ineffective" phenomenon. Fourth, individual departments within the enterprise in the implementation of the internal management system, "should be but not for" or "should not be but for" the situation, so that fraud and the phenomenon of loss of control occurred repeatedly, weakening the efficiency of the control, exposing the weakness of the design of risk management.

(3) Unusual activities of the enterprise beyond the scope of the design of management control

(1) associated with business activities. Mainly reflected in the marketing customers to offset the arrears of materials, materials accounted for in the internal control, but after a professional assessment of the price, acceptance and other links; in the production of purchased semi-finished products instead of homemade semi-finished products, in the management process involves the investment, purchasing, production scheduling and other departments of the right to review the change; in the branding on the implementation of the brand name sales are not covered by the normal management control; in the financial large amount of Promissory note discounting beyond the normal scope of internal control; involving mergers, reorganization and bankruptcy liquidation and other acts more independent of the operation. (2) Associated with cost control. Internal control costs shall not be greater than its expected benefits is a basic principle of internal control, but in practice there are control costs and benefits in the design of the need to rely on personal subjective judgment, with uncertainty, subjective judgment errors will make the control of the effect is not good. Such as sales customers more enterprises, in the accounts receivable reconciliation process, most do not take the method of account-by-account reconciliation, often to determine the amount of risk acceptable to management for reconciliation, but this will inevitably increase the risk of internal control. In addition, in the parent-subsidiary company authorization, in order to avoid the centralization of power brought about by the internal transaction costs are too high, the parent company will generally adopt the practice of increasing decentralization, increasing internal control risk.

Two, how to effectively implement risk auditing of internal control activities

(a) a correct view of the role of risk auditing in business management activities

Since the enterprise is in different environments at different times and spaces, it faces a wide variety of risks, which have a varying degree of impact on the achievement of organizational goals. Risk-oriented auditing is precisely from the perspective of the risks faced by the organization to judge the design and implementation of the internal control system, to measure the corporate governance program, and from the impact of various systematic and non-systematic risks on the achievement of organizational goals, on the internal control design is sound, the effectiveness of the key control point mechanism, the control of weaknesses, and the feasibility of the governance improvement measures put forward to determine, evaluate the risk management and control Evaluate the extent of the impact of risk management and control on the achievement of the organization's objectives. At the same time, the risk audit work, from the starting point to the follow-up tracking review, is coordinated with the organization's system objectives from beginning to end, to ensure and improve the quality of the audit of the management effect.

(ii) to establish a risk audit framework from the perspective of strategic development

1, the establishment of risk audit structure. The current risk audit theory of the structural model is: determine the scope, identify risks, evaluate risks, deal with risks, communication and consultation, monitoring and auditing. From the point of view of the management activities of the enterprise and the decision-making in the control process, there are strategic and tactical. However, from the perspective of strategic development of enterprises, strategic decisions on investment, market, financing and other strategic decisions need to be risk management and auditing, but also must be established in these areas of risk auditing structure, the limit to resolve the risks of various types of business decisions of enterprises.

2, strict operational procedures for risk audit. The risk audit program of the enterprise is mainly through the risk scope, risk identification and assessment, risk control, risk report and other procedures to complete. First of all, we should pay attention to the scope of risk, comprehensively understand and master the enterprise's organizational structure, business scope, business objectives, looking for risk points; secondly, design the risk evaluation system, through quantitative and qualitative indicators to determine the size of the degree of risk; thirdly, actively prevent the risk, risk avoidance, risk control, risk transfer, and other methods of preventing the occurrence of environmental risk, process risk, information risk.

(C) the key aspects of risk audit

Modern enterprise risk mainly comes from changes in the business environment, hiring new personnel, adopting new or improved information systems, the application of new technologies, the development of new industries, products, or business activities, corporate restructuring, overseas operations, the application of new accounting methods, and so on. Combined with the current reality of the enterprise, the risk audit should focus on the following aspects:

1, marketing. Marketing risk mainly comes from changes in demand, environmental changes, competitors, marketing personnel and so on. Audit must first do to identify the risks, that is, what external factors will cause a decline in market share and customer dissatisfaction increased; what internal factors will affect the sales management behavior, reduce the effectiveness of internal control, etc.. After the risk is identified, the risk level assessment should be carried out, that is, the risk is not to take control, corrective measures brought about by the loss will be how big, the damage is fatal, or general. Marketing risk audit focuses on control and reporting. Marketing risks that pose a significant danger to the enterprise must be reported in a timely manner, and preventive and corrective measures should be proposed, and management should be alerted to general or ordinary risks.

2, capital control. Capital risk is mainly manifested in the capital structure is unreasonable, debt is greater than own capital, blind financing, the use of funds without a plan, backlog, precipitation of funds and so on. Risk audit is to suggest that the entire capital flow of the enterprise operation process facing the risk of capital and potential triggers, especially for the high debt, unstable operations, long-term shortage of funds for the enterprise, should essentially identify the source of the risk, assess the degree of risk, and put forward targeted preventive measures. That is, check whether to achieve strict control on investment, fund management, whether the implementation of paid occupation system, receivables control whether the total amount of control and bad debt compensation system is clear, the daily scheduling of funds whether the implementation of the funds income and expenditure plan, and so on.

3, brand expansion. At present, a part of the enterprise in order to expand product awareness and sales, the use of labeling sales, and some enterprises in the brand value and trademark value is not equal to the case of the product's trademark as a brand extension. The risk of brand extension comes from the creation of the brand, the market positioning of the brand, and the operation of the brand. Risk audit task is to objectively assess the existing brand and product trademark in the market recognition and customer acceptance; second is to analyze the brand and trademark in the market whether there is a conflict or mutual damage to the situation; third is the brand in the operation of the establishment of the quality assurance chain system with the product supplier, and the sales agent signed with the brand use of the constraints of the system.

4, organization and human resources. The strengths and weaknesses of the corporate organizational structure and the quality of staff is an important reflection of the intrinsic motivation of the enterprise. Risk audit to achieve the following purposes: First, the role of departmental functions, mainly to check the organizational structure design, management range is in line with the enterprise centralization, decentralization needs, departmental functions have no cross, duplication or disconnect phenomenon, management activities after appropriate authorization, etc.; the second is the situation of teamwork, evaluation of the individual quality of the senior management of the department's ability to adapt to the work of the individual quality of the work of the department and the up and down and horizontal communication and collaboration capabilities; check the team's ability to work together; check the team's quality of each department. The second is teamwork, evaluating the individual quality of middle and senior managers' ability to adapt to the work of their own departments and their up-down and horizontal communication and collaboration ability; checking whether the teamwork and work ability of each department is relatively strong and how the overall work efficiency is; evaluating the loyalty of employees to the enterprise, the degree of acceptance of the enterprise's culture and its performance, the means of motivating and punishing employees, and the play of the employees' potential ability.

5, cost control. Cost is the current enterprise to enhance market competitiveness of the development strategy, in the cost control of different enterprises used different control methods. Such as standard cost control method, fixed cost control method, target cost control method, job cost control method. Regardless of the method, risk audit is to review whether the indicator set advanced, reasonable, through the comparison with the enterprise calendar and industry advanced indicators, in the cost control indicators to fully reflect its advanced and reasonable, otherwise can not achieve the effect of control; the second is to review the control indicators whether to reflect the scientific and technological reduction of costs, various forms of technological innovation, process innovation, material refinement is an important way to reduce costs, should be accounted for To cost reduction of more than 60%; Third, review the cost assessment is rigid and timely, any system can only reflect the effect of strict and timely assessment.

6, tax risk. Most enterprises in the non-subjective factors each year by the tax department to audit the tax from tens of thousands to millions of dollars, to prevent the formation of tax risk loss is the risk of audit "top priority". First of all, strict VAT payment behavior. Check whether the payment of output tax is standardized, from the formation of sales revenue or the realization of sales behavior to review the payment of the tax is complete, full; check whether the input tax credit is accurate, there is no "should not be offset against the offset, the offset is not offset" and other phenomena. Second, standardize income tax behavior. Audit can be designed through a special form, according to the cost elements of the project-by-project review, there is no pre-tax expenditure costs that do not comply with the provisions of the national tax law. Thirdly, carry out tax saving and planning. Risk audit in addition to preventing tax risks, but also to actively increase the enterprise's tax-saving revenue, in compliance with the tax law, under the premise of carefully identifying the inconsistency of business practices and tax behavior, so as to reasonably save tax, reduce tax costs; especially for some mixed sales behavior, joint venture behavior, asset restructuring and other aspects of tax behavior to be carefully analyzed, seeking tax-saving space.

7, accounting information. Accounting information is false distortion is plagued by a "persistent problem", so that the accounting statements appear "insiders do not understand, the leadership look at the figures, outsiders do not believe that" the situation. The risk of auditing the authenticity of accounting information is to audit the authenticity of business results, mainly using traditional auditing methods to determine the authenticity of revenue, profit, cost indicators to objectively reflect the business performance of the enterprise; the second is to audit the authenticity of the financial position of the enterprise's assets, liabilities, shareholders' equity is real, there is no man-made adjustments; the third is the audit of the basic standardization of the work, focusing on the accounting use of technical means such as accounting policies, accounting estimates and other measures. Means such as accounting policies, accounting estimates and other adjustments to costs, profits, overestimation or underestimation of assets and liabilities, accounting in the internal control system is sound, accounting business processing whether to adhere to the incompatible job separation system.

8, risk and benefit. Enterprises in the management control of a cost-benefit principle should be adhered to neither because of cost savings to weaken the internal control, increase the risk, but also can not be uncontrolled pursuit of the system to improve and increase costs. In the event of the following circumstances, must adhere to the risk audit first, cost-effectiveness second, one is the social benefits, environmental benefits greater than the direct economic benefits of the enterprise, such as the enterprise in certain raw material resource allocation investment in spite of the fact that it can obtain a great return, but will destroy the national comprehensive utilization of the resource; there are products with high profits, but the pollution generated to the country and the masses caused great damage. In this case, it is necessary to make an assessment of social and environmental benefits through risk auditing. The second is the emergence of "insider" control, such as enterprises in foreign branches of the bank accounts are unclear and confusing. If the cost-effectiveness point of view alone can not be risk audit, just strict system, standardize behavior can be. But from the point of view of preventing deep-seated risks, it is necessary to completely eliminate fraud or "insider" control phenomenon through risk audit. Third, to eliminate the "transparency" is not high in business activities in the major hidden dangers of the current business activities, in the material procurement bidding, backdoor operations and accompanied by the bidding, bidding from time to time; in the recruitment of staff there are still "only relatives do not rely on the wise"; in the approval of the use of funds In the approval and use of funds, "power and money transactions" are common, and there is a strange phenomenon of "the more transparent the more opaque the place". Therefore, in these business activities, no matter how much the cost, the risk of audit should be carried out normally, to expose the problem, to avoid the occurrence of major fraud, affecting the development of enterprises.

(D) risk audit and internal management control to form a complementary relationship

1, improve the management system to reduce audit risk. Although each enterprise in the internal organizational structure control, authorization and approval control, personnel quality control, budget control, risk control, information systems control and other aspects of control focus is not the same, but one thing is the same, that is, in order to achieve the management objectives of the enterprise internal control. In the case of the market changes, a variety of variables to increase the situation, the enterprise internal management system should be the risk control as the primary content of the continuous improvement, because the more sound internal control system, the smaller the scope of the audit test, the smaller the risk. This relationship determines the enterprise must improve the construction of all internal management system to improve the effect of internal control.

2, the establishment of the two "strong" complementary relationship. From the role of internal management control is the basis of enterprise management work, risk audit is to prevent enterprise risk early warning system, to gradually establish a kind of "control in the management process, in the risk before the occurrence of preventive" mode of operation, through the internal management system of the hard "foundation" to provide a risk management platform. Through the hard "foundation" of the internal management system to provide a platform for risk management. At the same time, through the risk audit to find all kinds of risk resolution, to solve the internal control system "by the rules of ineffective" and "should be, but not for the" shortcomings. Make the two in regulating business behavior, to protect the safe operation of the economy to play a "strong" joint role in promoting.

3, risk audit to promote the development of internal management control. An effective risk audit system to promote the development of internal management control from three aspects. First, the establishment of the internal management system may be expected to occur through the risk system to prevent the risk; second, the internal management system to implement the process of deviation behavior to be revealed, and timely corrective action; third, in the implementation of the results of the internal management system errors in a timely manner to correct and reduce losses.