The form of development of the audit risk model

Modern audit risk model on the basis of the traditional audit risk model has been improved, the form has been simplified, but the connotation and extension of audit risk has been expanded. The risk of material misstatement (risk of material misstatement) includes two levels: the overall financial statement level (all financial statement level) and determination level (assertion level). The risk of material misstatement consists of two levels: the overall financial statement level and the assertion level. The risk of material misstatement at the overall financial statement level refers to the strategic business risk. The integration of strategic risk into the modern audit model can establish a more comprehensive audit risk analysis framework.

1. From the definition of strategic risk: strategic risk is a high-level component of audit risk, is the risk that the accounting statements as a whole do not reflect the actual situation of business operations. This risk stems from the objective business risk or the top management's complicity in fraud and fictitious transactions. The traditional audit risk model addresses the enterprise's transactions and events in itself on the basis of the real, how to find the existence of accounting statements misstatements, the audit focus on all types of transactions and account balances at the level of the macro-level consideration of the accounting statements may be the risk of material misstatement, which is likely to find only small errors in the enterprise, but ignoring the big problems; modern audit risk model addresses the process of business operations, management fraud, fictitious transactions, and the risk of the enterprise's management. The modern audit risk model solves the problem of how to audit the misstatements in the accounting statements caused by the management's complicity in fraud, fictitious transactions or events.

2. From the point of view of audit strategy: modern audit risk model is a major innovation based on system theory and strategic management theory. Starting from a strategic perspective, through the business environment - business products - business model - the basic idea of residual risk analysis, the risk of misstatement of accounting statements can be strategically linked to the business environment and business model of the enterprise, so as to analyze and discover misstatements of accounting statements at the source and on a macro level. Grasp the audit risk. The introduction of environmental variables into the model also introduces and creates a strategic audit view of auditing.

3. From the point of view of the audit methodology and procedures: the modern audit risk model focuses on the use of analytical procedures, including both financial data analysis, including the analysis of non-financial data; and diversified analytical tools, such as strategic analysis, performance analysis. For example, in order to apply the concepts and methods of the modern audit risk model, KPMG International (KPMG) has developed the Business Measurement Process (BMP), which is specialized in analyzing the operation of enterprises in the complex market and industrial environments, in order to determine how the key operational risks affect the financial results. analytical framework that impacts the flow of financial and non-financial information.

4. In terms of audit objectives: modern audits are designed to eliminate material misstatements in accounting statements and enhance the credibility of accounting statements. In order to achieve this goal, the CPA should assume that the accounting statements as a whole is not credible, so as to introduce a full range of professional skepticism, in the audit process to question one by one to exclude. And the model fully embodies this notion.

Analytical Application Framework of Modern Audit Risk Model

The use of the modern audit risk model to perform audits, first, to expand the audit perspective from the accounting system to a wider range of business management; second, to determine the level and distribution of the risk of material misstatement; and, third, to optimize the allocation of audit resources, to avoid over- or under-auditing in certain areas. Its analytical framework can be considered as follows: Audit risk can be categorized according to the degree of likelihood of its occurrence as essentially certain, probable, possible, and extremely unlikely. Likelihood is generally expressed in terms of probability, such as the probability of very small possibility is greater than 0, but less than or equal to 5%.

The public has high expectations of CPAs, and the value of the existence of independent audits lies in the elimination of errors and uncertainties in accounting statements. The gap between the reasonable expectations of the public is narrowed or eliminated (Tom Lee, 1993). Independence principle is to make the CPA free from conflict of interest, so as to lay the foundation of integrity and objectivity in practice, but independence is ultimately embodied in the CPA's independent responsibility to bear the audit risk, and thus reduce the audit risk is the "soul" of the CPA. Audit risk is the possibility of audit failure, it can only be controlled in a very small degree of probability below, with mathematical probability should not exceed 5%. "Generally, the public perception is that this rate should be less than 5%, with an audit assurance level of 95%." Having established that the overall audit risk probability should be kept below 5%, the strategic risk should be fully analyzed. Taking the business model of the enterprise as the core, a combination of top-down and bottom-up approaches are used to understand the enterprise's internal and external business environment and business products, and on this basis, analysis is conducted to determine the effectiveness of the enterprise's operations and the reasonableness and legality of key determinations in the accounting statements. The new International Standards on Auditing (ISA) lists 28 environments and matters that may suggest the risk of fraud (IAASB, 2003). Combined with the audit practice, we propose the following key points: 1. Analyze the business environment. Mainly analyze the economic and technological environment in which the client's main products are located, and understand the stage of the client's product life cycle, how competitors are doing, and what the future development prospects are.

2. Analyze the business products. The customer's main products are analyzed to understand what the customer's products; their economic value and how the value of use; profitability; with the industry or similar industries to compare their profit margins are reasonable; such as no comparison with the industry, compared with the general average profitability of the community, whether there is a rationality for its existence.

3. Analyze the business model. Analysis of the customer business model is to analyze its product supply, production and marketing process is how to organize and implement; what are the various aspects of its business process; important buyers and customers of the substantive relationship; whether the customer is seriously dependent on a small number of important purchasers or some important buyers; important suppliers and customers of the substantive relationship; whether the customer is seriously dependent on a small number of important suppliers; whether the existence of both customer buyers and suppliers of the unit (whether there is self-selling and self-service). unit (whether there is a possibility of self-selling and buying).

Through the above analysis and research, the strategic risk assessment decision-making framework is established to make judgment on the effectiveness of the enterprise's operations, to anticipate the overall determination at the level of the accounting statements and compare it with the results reported by management, so as to make a professional judgment on the appropriateness of the overall determination made by management under the relevant operating model and business processes, and to make a professional judgment on the existence of whether there is the existence of the enterprise's transactions and events from the beginning of the occurrence of transactions and events in the production and operation of the enterprise. To make professional judgment on whether the enterprise has committed fraud or fictitious transactions and events from the beginning of the production and operation in order to make up the statement.

The existence of strategic risk implies the negation of the accounting statements as a whole. Assessing strategic risk is a matter for the CPA from start to finish. Especially during the pre-investigation of the project, if the judgment is appropriate, accurate assessment, not only can overcome the lack of a comprehensive view of the audit risk, but also conducive to saving audit costs. If the analysis concludes that the likelihood of the occurrence of strategic risk is probable, likely or basically certain, that is, the probability of its strategic risk is greater than 5%, this project can not be undertaken; if it is already in the audit process, it can be withdrawn from the project as early as possible without incurring significant audit costs, in order to avoid audit failures due to the strategic risk; if the probability of the strategic risk of the project is less than or equal to 5%, the project is initially acceptable and then If the probability of strategic risk of the project is less than or equal to 5%, then the project is initially acceptable, and then a comprehensive and in-depth audit will be conducted on this basis, and the possibility of failure can be greatly reduced. After assessing the probability of strategic risk, the probability of risk at the determination level can be analyzed according to the traditional method, and the combination of the two is the probability of risk of material misstatement. Finally, based on the overall probability of audit risk and the assessed probability of risk of material misstatement, the probability of residual audit risk, or inspection risk, is derived, and the nature and scope of substantive testing can be determined accordingly to reduce the audit risk to a satisfactory level. The above analysis process can be represented in Figure I.