What are the differences between modern risk-oriented audit and traditional risk-oriented audit?

The traditional risk-oriented audit risk model transforms the risk of material misstatement of accounting statements into audit risk, and further makes audit risk = inherent risk × control risk × inspection risk.

However, the traditional risk-oriented audit is only an extension of the system-based audit, and its method is still the basic method of the system-based audit, but the content of quantitative risk analysis is added through the audit risk model, and quantitative risk assessment is used as a means of audit risk control.

The premise of traditional risk-oriented audit is to assume that inherent risk, control risk and inspection risk are independent of each other. However, both inherent risk and control risk are influenced by the internal and external environment of the enterprise, and they also influence each other. The connotation and extension of the concept of inherent risk are inconsistent, and the logic is inconsistent. Inherent risk refers to the possibility of material misstatement or omission of an account or transaction category alone or together with other accounts and transaction categories without relevant internal control. When evaluating the inherent risks (involving the level of accounting statements), we must start with internal control (control environment). The inconsistency between the connotation and extension of inherent risk greatly damages the scientific nature of the traditional risk-oriented audit model (Chen Zhiqiang, 1998). Therefore, with the close relationship between enterprises and internal and external environment, the reliability of this assumption is increasingly questioned.

June, 5438+October, 2003 10, IAASB issued a series of new auditing standards, and the risk model was also revised as: audit risk = material misstatement risk × inspection risk. This is not a simple combination of inherent risk and control risk into a major misstatement risk, but a major substantive improvement. It requires certified public accountants to properly evaluate the risk of material misstatement before designing and implementing audit tests, and shall not blindly conduct audit tests without evaluating the risk of material misstatement; Nor can we simply set the risk of material misstatement to a high level as before and directly implement a wider range of substantive tests.

The risk of material misstatement mainly comes from three aspects: (1) management fraud risk; (2) the risk of employee fraud; (3) the risk of error.

Thus, the risk of material misstatement is decomposed and a reconstructed audit risk model is obtained: audit risk = management fraud risk × (employee fraud risk+error risk )× inspection risk.

How to assess the risk of material misstatement?

According to the requirements of International Auditing Standards No.315, "Understand the audited entity and its environment and assess the risk of material misstatement". The idea of "knowing the auditee and its environment" expands the scope of risk assessment, and requires other risks of the auditee to be considered, including control risks, account and transaction risks, such as business risks, industry risks and fraud risks. In short, it can be understood as all kinds of risks that may lead to major misstatement risks, not only at the micro level, but also at the macro level.

The "risk" in traditional risk-oriented audit is inherent risk and control risk, which can be extended to the business risk or commercial risk of the audited entity;

The "risk" in the modern risk-oriented audit mode is the "risk of material misstatement" of the audited entity, which further fully considers various risk factors that may lead to the risk of material misstatement of the audited entity, and expands the connotation and evaluation scope of the risk.