What is the audit risk model and its evolution?

Generally speaking, audit risk is influenced by the risk factors of audit subject and audit object. The basic mode of audit risk consists of two elements: the subject and the object of audit activities. From the audit object, all the operating results and assets and liabilities of the audited entity must be reflected through financial statements. However, untrue and reliable financial statements will lead to audit failure and audit responsibility, so the risks of financial statements themselves will lead to audit risks. Ill from the perspective of the audit subject, if the auditors do not comply with the requirements of the auditing standards, or the auditing standards they follow have lagged behind the development requirements of the social and economic environment, they will also lead to audit failure and audit responsibility, thus forming audit risks. Therefore, the basic mode of audit risk can be expressed as:

Audit risk = audit object risk × audit subject risk = financial statement risk × inspection risk

However, due to the different roles and influences of social and economic environment on audit development in different historical periods, the audit methods in different periods are also different. The following will analyze the development and evolution of the audit risk model from these three stages.

1. Audit risk model in the accounting audit stage

In the early stage of audit development, due to the simple organizational structure and single business nature of enterprises, the audit of certified public accountants is mainly to satisfy the independent inspection of accounting by property owners and urge the entrusted responsible persons (usually managers or subordinates) to act honestly and reliably in the process of authorized operation. Certified public accountants are mainly responsible to customers, and their responsibilities to third parties are not clear, so the audit risk is relatively small. Its audit focuses on the balance sheet, with the purpose of finding and preventing errors and fraud. Certified public accountants check every item of financial statements, including checking supporting documents, evaluating the value (usually cost) of reported assets, and determining the correctness of accounting for inventory purchase and delivery by the entrusted person in charge. It can be said that the audit risk model in this period is a simple expression of the basic audit risk model. At this time, the risk of financial statements mainly refers to the inherent risk of each item in financial statements, so the audit risk at this stage can be expressed as: audit risk = inherent risk x inspection risk. that is

Based on the analysis of inherent risks, focusing on the control of inspection risks, detailed audit or large sample spot check audit methods are mainly adopted.

2. Audit risk model in the stage of system-based audit With the increasing scale of enterprises, the contents of economic activities and transactions are constantly enriched and complicated, the audit workload and audit cost of certified public accountants are rapidly increasing, and it is more difficult to implement detailed audit. Therefore, the professional circle will gradually turn to sampling audit. However, the adoption of sampling audit requires certified public accountants to estimate the enterprise risk, sample selection, error range and even error rate, which has inherent limitations. At the same time, the professional circles gradually realize that reasonable design and effective internal control can ensure the reliability of accounting statements and prevent major mistakes and fraud. So,

Certified public accountants combine internal control with sampling audit to form a system-based audit method, focusing on understanding, testing and evaluating the rationality of internal control design. If an enterprise establishes an effective internal control system, it can effectively control and prevent inherent risks, so the financial statement risks are affected by both inherent risks and control risks. The mode of this stage can be expressed as:

Audit risk = inherent risk × control risk × inspection risk

The characteristic of this model is that its constituent elements are changed from two to three, which increases the control risk, and takes the test and evaluation of control risk as the most important aspect of audit risk control.

3. Audit risk model in risk-oriented audit stage.

After the 1970s, the appearance of fraud in western management and the randomness of sampling audit made the limitations of system-based audit methods more and more obvious. System-based audit pays too much attention to the internal control system of the audited entity, that is, controlling risks, while relatively ignoring other factors and reasons that cause audit risks, failing to realize the rational allocation of audit resources. In this case, the risk-oriented audit method came into being. Its traditional model is:

Audit risk; Inherent risk × control risk × inspection risk

Among them, audit risk is determined by the risk management strategy of accounting firms, and prudent accounting firms often determine it as a low level, while risk sharing and risk control are related to enterprises. Certified public accountants can evaluate the enterprise and its environment and evaluate internal control, and then determine the inspection risk, and design and implement substantive procedures to control the audit risk at the level determined by accounting firms. Although this mode and system-based audit mode are formal

The same, but in theory, it solves the randomness of CPA's sampling audit based on the system, and also solves the problem of audit resource allocation, that is, it requires CPA to allocate audit resources to areas that are most likely to lead to major misstatement of accounting statements. Its characteristic is that the implementation of audit procedure depends on the evaluation of election risk.

Second, the new development of risk-oriented audit

When using the traditional risk-oriented audit method, it is usually difficult for certified public accountants to accurately evaluate the inherent risk, and they often simplify the inherent risk.

As a high level, audit resources input control test (if necessary) and substantive test. That is to say, the traditional risk-oriented audit method pays attention to the low-level risk assessment such as account balance and transaction level, but ignores the macro-level understanding of the enterprise and its environment (such as industry status, regulatory environment and other factors that currently affect the enterprise); The nature of the enterprise, including property right structure, organizational structure, operation, financing and investment; Major mistakes that may occur in the enterprise's objectives, strategies and accounting statements.

Related business risks reported; Measurement and evaluation of enterprise financial performance); At the same time, audit risk is the result of the comprehensive effect of internal audit environment and external audit environment. Enterprise is a kind of social and economic organization, which exists in a certain social and economic environment. It should be related to its environment and regarded as an open system. With the advent of the information society and knowledge economy era, the relationship between enterprises and the diverse and rapidly changing internal and external social environment has been strengthened sharply, and the internal and external business risks will soon turn into the risk of misstatement of accounting statements. Therefore, auditors also deeply realize that if the audited entity is divorced from its extensive economic network, it is impossible to effectively understand the transactions of the audited entity and its overall performance and financial situation. In order to reduce the risk of auditing accounting statements, auditors must study the enterprises reflected in the statements and the whole "system" in which they are located in order to have a full understanding of them.

(A) the improvement of risk-oriented auditing standards

In June, 2003, the International Auditing and Assurance Standards Committee (|AASB) under the International Federation of Accountants (IrAc) issued a series of audit risk standards, including the objectives and basic principles of statement A audit, the standards of understanding the audited entity and its environment and evaluating the risk of material misstatement, the standards of certified public accountants' response to risk assessment and the standards of audit evidence. These standards have been formally implemented since 2004 12. The new standards have great influence on the audit risk model and the corresponding

The company's audit procedures were revised and adjusted, emphasizing that certified public accountants should have a deep understanding of the audited entity and its environment, effectively carry out risk assessment, pay attention to the high-risk areas of financial statements misstatement, and closely link risk assessment with audit procedures. The implementation of the new standards will effectively improve the audit quality, enhance public confidence in audited financial statements, and help protect public interests.

1 A new audit risk model is established. The audit risk model widely used in the audit field was put forward by the American Institute of Certified Accountants in 1983: 9 audit wind l profit = inherent risk × control risk× inspection risk (that is, the traditional audit risk model): under a given audit risk, inspection risk = audit risk/inherent risk× control risk, accordingly, the inherent risk and control risk are evaluated first, and then the acceptable inspection risk is calculated to determine the importance. With the development of audit practice, the traditional audit risk model gradually shows its defects and deficiencies. Therefore, the new standard has formulated a new audit risk model: audit risk = material misstatement risk x inspection risk. Among them, the risk of material misstatement includes two levels: one is the overall level of accounting statements; The second is the transaction category, account balance, disclosure and related statements. The risk of material misstatement on the whole level of accounting statements refers to the risk of material misstatement that is closely related to the whole accounting statements or has potential influence on many determinations. Usually related to the control environment and other environmental factors. The risk of material misstatement at the level of transaction category, account balance, disclosure and related statements includes inherent risk and control risk. As for the assessment level of the risk of material misstatement in the overall level of accounting statements, the new standards require certified public accountants to make an overall response. For example, the audit team should maintain professional skepticism in the process of collecting and evaluating evidence; Assign some people or experts with more experience or special skills to the audit team; Strengthen the supervision of the audit team; Add more unexpected factors when choosing to implement audit procedures; When necessary, consider adjusting the nature, time and scope of the audit procedure. For the risk assessment level of material misstatement at the transaction or account level, certified public accountants should determine the nature, time and scope of the next audit procedure, conduct control tests, implement substantive procedures, and test the adequacy of expression and disclosure. The new audit risk model comes into being with the development of audit environment and audit practice, which is more in line with the actual audit work and is beneficial to the implementation of risk assessment procedures by certified public accountants.

2. Certified public accountants are required to fully understand the audited entity and its environment, as well as the elements of internal control, so as to identify and evaluate the risk of material misstatement. From today's most audit cases, it can be seen that many of them are due to the lack of sufficient understanding of the basic situation of the audited units by certified public accountants, and they "rushed into battle". A certified public accountant shall obtain information to identify and evaluate the risk of material misstatement through various channels, especially the information on the operating environment of the audited entity, the information of the audited entity and the internal control information. Business environment information includes external factors such as macroeconomic environment, industrial environment and legal environment. The more depressed the industry is, the greater the possibility that the audited entity's accounting statements are untrue and the greater the audit risk; The more perfect the legal system related to audit is, the greater the audit risk borne by the audit subject. For the audited entity, we should mainly consider its operation, investment and financing, and at the same time pay special attention to the conduct and reputation of the management of the audited entity, whether the enterprise is in financial difficulties and litigation disputes, as well as the relationship between the audited entity and the original accounting firm, major accounting problems and abnormal matters. Internal control mainly includes control environment and control procedures. The new standard lists all these related information in detail, which has played a good guiding role for certified public accountants to collect information from all aspects and enhanced their operability.

(=) The development of modern risk-oriented audit in audit practice was as early as the early 1990s, in order to cope with the information society and

With the challenge of knowledge economy to the audit industry, the audit industry began to explore new audit methods. The top five international accounting firms (only four at present) are in the forefront. From 65438 to 0997, the research team of KPMG published the research report "Organizing Audit with Strategic System View". Ji proposed the BMP audit model of KPMG. This audit method first analyzes the business model of the enterprise and understands the internal and external business environment of the enterprise through the combination of top-down and bottom-up; Then, five principles (strategic analysis, business link analysis, risk assessment, performance measurement and continuous improvement) are used to analyze the business risks of enterprises, and the conclusions about residual risks and their impact on auditing are drawn. Finally, the residual risk is used to guide the substantive test, so as to complete the bottom-up audit work. It can be said that KPMG's audit mode has reflected the idea of paying attention to the internal and external environment of enterprises. At the same time, other large accounting firms have begun to develop new auditing methods together with the academic circles. Andersen Certified Public Accountants has developed a modern risk-oriented audit technology in the name of "management audit". Ernst & Young developed modern risk-oriented audit in the name of "audit innovation" and formed a systematic method to analyze the business environment of enterprises, which is called BEAT (Business Environment Analysis Template) for short. PricewaterhouseCoopers accounting

The company has developed a modern risk-oriented audit method called "PricewaterhouseCoopers Audit Method". Deloitte Touche Tohmatsu has developed a modern risk-oriented auditing method called "AS/2". Although there are some differences in the specific structural framework, the basic principles of these audit models are the same. It can be said that the exploration of the improvement of traditional risk-oriented auditing methods in foreign professional circles provides a good idea for certified public accountants to grasp audit risks from a macro perspective and promotes the emergence and development of modern risk-oriented auditing. On the basis of absorbing existing research results and summarizing audit practice, IASB revised the original audit risk model and improved the risk-oriented audit method.