MZUMBE UNIVERSITY

DEPARTMENT OF ACCOUNTING AND FINANCE

MSC (ACCOUNTING AND FINANCE) DEGREE PROGRAMME

ACC 5221 AUDITING AND ASSURANCE SERVICES TERM PAPER NAME OF STUDENT: SULEIMAN ALI SULEIMAN REGISTRATION NO: MSC/AF/DCC/126/T.11 LECTURERS: E.S. MALUBI S. R. MNGOYA
QUESTION: The previous audit approach was a systems-based audit, i.e. examination of transactions and systems. Such an audit was expensive and uneconomic. Research showed that processing errors were rarely a cause of audit problems. Major audit problems resulted from risks. Therefore, a modern approach would be to focus audit on the high risk areas. In recent years, the larger firms have extended the concepts of risk analysis as an approach to auditing. The new more embracing concept is that of business risk. Business risk is another major category of risk which the auditor must be aware of. Whereas the audit risk focuses on the financial statements of an entity, the business risk is related to the entity as a whole. Required: Discuss the business risks that may face an organization and the auditors concern about these risks.

DATE OF SUBIMISION: 20TH DECEMBER 2011 1

1.0 Introduction. The audit process involves exercise of professional judgment in designing the audit approach. The approach adopted by an auditor to a specified audit assignment will be a key factor in determining the outcome of the audit. If auditors fail to adopt the correct audit approach then the likelihood of audit failure increases, failure which could lead to a damaged reputation and potentially costly litigation against the auditing firm. In recent years larger firms have been adopted a modern approach of auditing i.e. risk-based approach instead of system based approach. In system-based approach auditors are required to assess the effectiveness of the internal controls of an entity, and then to direct substantive procedures primarily to those areas where it is considered that systems objectives will not be met. However this system does not extensively cover entitys environment as a whole. The idea of risk-based approach therefore has come to overcome some weaknesses already observed in system based approach. This approach requires auditors to identify the key day-today risks faced by a business, to consider the impact these risks could have on the financial statements, and then to plan their audit procedures accordingly. For this reason, the approach is often referred to as the business risk approach.

1.1 Definition of business risk. Business risk is defined as risk resulting from significant conditions, events, circumstances, actions or inactions that could adversely affect an entitys ability to achieve its objectives and execute its strategies, or from the setting of inappropriate objectives and strategies.1 In this view, business risks affect the operations and potential outcomes of organizational activities as it relates mainly to an organizations goals and objectives. It is essentially the potential cost incurred if the business does not achieve its strategic plans.

ISA 230, identify and assess the risks of material misstatement in thefinancial statements,
2

through understanding the entity and its environment, paragraphs 4(b)

2.0 Business risks that may face the organization. There is no way for the organization to skip from facing the business risks. Thus, the business risks in organization may be classified into two main categories. 1. Classification on the basis of relationship to the organization. There are two types of risks: a) Internal risks and; b) External risks 2. Classification based on the cause of the risk; there are three types risks: a) Operational risk b) Financial risk and; c) Compliance risks.

1. Classification on the basis of relationship to the organization. a) Internal risks; these are risks which arise from events, actions, conditions or circumstances taking place within the organization and they can be controlled by the entrepreneur to an applicable extent. The following are factors that giving the rise of internal risks. Human factors are important cause of internal risks. They may result from strikes and lock-outs by trade unions, negligence and dishonesty of an employee, accidents or deaths in the industry, incompetence of the manager or important people in the organization, etc. Also failure of suppliers to supply the material or goods in time or default in payment by debtors may adversely affect the business enterprise. Technological factors are the unforeseen changes in the techniques of production or distribution. They may result in technological obsolescence and other business risks, For example, if there is some technological advancement which results in products of higher quality, then a firm which is using the traditional technique of
3

production might face the risk of loosing the market for its inferior quality product. Physical factors are the factors which result in loss or damage to the property of the firm. They include the failure of machinery and equipment used in the business, fire or theft in the industry, damages in transit of goods e.t.c It also includes losses to the firm arising from the compensation paid by the firm to the third parties on account intentional or damages caused to them.

b) External risks; These are risks which arise due to the events, actions, conditions or circumstances occurring outside the business organization. Such events or actions are generally beyond the control of an entrepreneur. Hence, the resulting risks can not be forecasted and probability their occurrence can not be determined with accuracy. The following are factors that giving the rise of external risks. Economic factors are the most important causes of external risks. They results from the changes in the prevailing market conditions. They may be the form of changes in demand for the product, price fluctuations, changes in tastes and preferences of the consumers and changes in income, output or trade cycles. The conditions like increased competition for the product, inflationary tendency in the economy, rising unemployment as well as the fluctuations in the world economy may also adversely affect the business enterprise. Such risks which are caused by changes in the economy are known as dynamic risks. These risks are generally less predictable because they do not appear at the regular intervals. Also, such risks may not necessarily results in losses to the firm because they may also contain an element of gain for the firm. For instance, due to market fluctuations, as well known product of a firm may either lose its demand or may occupy a larger market share. Natural factors, are the unforeseen natural calamities over which an entrepreneur has very little or no control. They result from events like earthquake, flood, famine, cyclone, lightening, tornado, etc. Such events may cause loss of life and property to the firm or they may spoil its goods. For example, Gujarat
4

earthquake caused irreparable damage not only to the business enterprises but also adversely 2) Classification based on the cause of the risk. a) Operational risks, these are risks caused by underlying flaws in the way the business is carried on, its process and systems. The failure to correct poor process affecting customers service has adversely affected many service-based organization. The business risks includes failure to modernize products and processes, poor labour relations, weak marketing, loss of key employees, breakdown of relationships with key suppliers or customers, reliance on few product, customer or suppliers, lack of research and development. b) ) Financial risks, these are risks arising both from the structure and financing of the business and the operation of financial systems. Auditors have to consider not only the detail of the financial process within the business but the appropriateness of its structure and the ability of the finance its operations so as to achieve its objectives for unforeseeable future. Financial risk includes inadequate finance for future operations or development of new products and markets, high levels of gearing at a time of rising interest rates, overtrading resulting in cash flow difficulties, related parties involved in the business with no obvious commercial motive or inappropriate terms of trading, system failures and loss of records, internal control weaknesses and fraud. c) Compliance risks, This is the risk arising from non compliance with laws and regulations, most organizations are capable of ensuring compliance with the tax or VAT rules but many still have, judging by the number of cases still coming before the courts and tribunals, inadequate procedures for complying with employment law or health and safety legislation.

Meaning of Auditing. Audit is an independent examination and expression of opinion on the financial statements of an entity by an appointed auditor in pursuance of that appointment is in compliance with any relevant statutory or other provisions included in Tanzania Statement of Standard Guidelines. Audit can be classified into two, Internal audit and External audit. Internal audit, this is the one conducted by internal auditor who is an employee of the organization. The main purpose of Internal auditor is to find out whether the internal control system is working successfully or not. External Audit is the one carried out by an independent auditor who is not employee of the organization. She/he is appointed by the owner of the business with the main purpose of submit an audit report of financial statement of a business enterprise. The concern of an Auditor about business risks. Business risk provides auditors with a more comprehensive foundation for analyzing conditions that could impair the clients ability to execute strategic business processes effectively .Auditors with knowledge of business risks are more likely to recognize patterns of changes in accounts that are not consistent with competitive industry forces, the clients strategic alliances, and market conditions than auditors who have not analyzed business risks (Bell et al. 1997; Bell, Peecher, and Solomon 2002). The concern of internal auditor to Business risks Internal auditor has the responsibility of assessing and monitoring the risks that the organization faces, recommending the controls required to mitigate those risks, and evaluating the trade-offs necessary for the organization to accomplish its strategic and operational objectives. The internal auditor evaluates the adequacy and effectiveness of how business risks are identified and managed in the organization. She/he also assess other aspects such as ethics and values within the organization, performance management, communication of
6

risk and control information within the organization in order to facilitate a good governance process and hence reduce the business risks. The internal auditor can monitor the overall risk management policies and other organization directives relating to business risks to ensure they operate effectively and efficiently. Internal Auditor is also concerned with bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes. In other hand the External Auditor has these concerns to Business risks. The external auditor is concerned with the risk assessment that might be misstated in the companys financial statement, but actually is not concerned about setting standard of business risks at the audit clients. If a company has good standard risk of errors in the financial statements, the risk is reduced. Knowledge of business risks could influence auditor skepticism about other evidence such that, when business risks are perceived to be relatively high, auditors will be more sensitive to evidence that could reflect potential problems, and their judgment will reflect that increased sensitivity. However, when business risks are perceived to be relatively low, auditors will be less sensitive to evidence that could reflect potential problems and their concern will diminish (Ballou et al. 2004; ODonnell and Schultz 2005). External Auditor has the responsibility of identifying risks, assessing them and relate to what can go wrong at the assertion level, taking account of relevant controls that the auditor intends to test. In General, the External auditors focus on business risks is much narrower compared to Internal auditor. An external auditor is concerned only with financial aspects of the entity; normally, compliance and operational issues are not examined. The external audit process culminates in an opinion on the fair presentation of the financial statements. Shareholders and others with a financial interest in the entity utilize the opinion and published financial statements in making economic decisions
7

Conclusion A business risk approach emphasizes judgment, and broad skills to be able to assess the position of a business in its environment, matters of compliance, operations and finance. In this scene, Management should develops controls to address the risks of not achieving such objectives. In turn, the auditor will ascertains both the entity's objectives and risk. If the auditor perceive high level of business risk may recognize as a factor that could lead an auditor to do more audit work than would normally appear necessary to satisfy minimum audit procedures stipulated in ISA 315 and other related ISAs, but under no circumstances should an assessment of low business risk lead an auditor to do less work than that suggested by ISAs. However, a workable model of business risk applicable to all circumstances encountered by a firm would be extremely difficult to develop because the factors which influence the level of business risk interact and function uniquely in particular circumstances. Therefore, it might be possible to educate a firm's personnel regarding the concept of business risk and how to use the factors that indicate relative levels of business risk so that they could evaluate the level associated with a potential client. Notwithstanding other considerations, prospective clients with perceived low levels of business risk could be accepted and audited.

REFERENCES Colbert, J. L (1995) Risk: internal and external auditors operate from two different official definition of risk, internal auditor. Advanced Auditing and Investigation, Students Manual. Acomprehensive text for professional studies and applications by F.M.H Mhilu, NBAA

The Association of Chartered Certified Accounts PAPER F8/NT/UK. AUDIT AND ASSURANCE.