AUDIT ANALYTICS AUDIT
x8YaD9
x8YaD9
- No tags were found...
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
ESSAY 6: MANAGING RISK AND THE <strong>AUDIT</strong> PROCESS<br />
instance, if historical findings suggest that a product specifications<br />
conformity rate of 99.999 percent is minimally acceptable from both<br />
product quality and customer satisfaction standpoints, then this might be<br />
perceived as a legitimate threshold value. Performing this type of<br />
analysis for each risk indicator will help ensure that functional threshold<br />
values are structured so that management, internal auditors, and external<br />
auditors are all able to proactively monitor and respond to the changing<br />
risk environment.<br />
Once KRIs and associated thresholds have been created and compiled by<br />
the project team and relevant stakeholders, auditors begin linking each<br />
KRI with the related subset of accounts and assertions to be tested (Moon<br />
2014b). Objectives in this phase pertain mainly to understanding KRI<br />
impacts on financial statement information and, consequently, how audit<br />
activities should be modified in response to changing KRI levels when<br />
significant business risks are detected. As an example, one important<br />
audit assertion relates to valuation of assets. In an embedded component<br />
of testing this assertion, the auditor will seek to determine the<br />
reasonableness of any pertinent estimates such as depreciation,<br />
amortization, and allowances. For instance, imagine that a KRI and<br />
related set of tolerance limits based upon historical experience are<br />
implemented to monitor depreciation levels on fixed assets. When the<br />
KRI moves near or outside the acceptable boundary, auditors are alerted<br />
about an emerging risk relative to the valuation assertion for fixed assets.<br />
The accounts primarily affected in this case are non-current assets of a<br />
depreciable nature. In addition, an income statement account (that is,<br />
depreciation expense) is also affected, thus impacting net income in a<br />
potentially questionable manner. In response to increasing risk in this<br />
area, auditors would adjust the audit plan and testing activities so as to<br />
more heavily emphasize examination of depreciable assets as well as the<br />
reasonableness of depreciation amounts currently being recognized. If<br />
problems of a material nature are unearthed, then timely remedies can be<br />
proposed and implemented. In so doing, the auditor is positioned to<br />
productively modify the audit plan and related testing routines<br />
dynamically as changes in the risk landscape are reported by the CRMA<br />
system.<br />
The final step in figure 6-4 encapsulates the implementation phase for<br />
CRMA. In the auditing domain, the entire set of KRIs are continuously<br />
measured and reported by the CRMA system. When emerging risks are<br />
detected, auditors use this information to adjust the audit plan so that<br />
appropriate emphasis is placed on examining and testing the assertions,<br />
accounts, and controls that are most likely to be impacted.<br />
To ensure ongoing system relevance and reliability, KRIs are regularly<br />
maintained so that new measures are created, existing metrics are<br />
modified, and obsolete KRIs are eliminated as the risk profile dictates.<br />
141