Pallavi S, Mcom, KSET
Assistant Professor
Department of Commerce & Management
Surana College, Peenya
Unit:2 Risk Assessment and Internal Control 12 Hrs
Introduction – Audit risk – Assessment of risk – Internal Control-Meaning and objectives–
Internal check- Meaning, objectives and fundamental Principles. Internal check with regards
to wage payment, cash sales, and cash purchases.
Meaning of Audit Risk
Audit risk refers to the risk that an auditor may unknowingly issue an incorrect audit opinion
on financial statements that are materially misstated. In simpler terms, it's the chance that the
auditor could mistakenly give a "clean" report on financial statements that actually contain
significant errors or fraud. Audit risk can arise due to errors, incomplete information, or
intentional manipulation of data by the client.
Or
Audit Risk is the risk that auditor issue the incorrect audit opinion to the audited financial
statement
Examples
A business inflates its sales figures to appear more profitable, leading to misleading
financial statements.
Employees manipulating expense reports for personal gain without being caught by
internal controls.
A company overestimates the value of its inventory, leading to an inaccurate
representation of its financial health.
A firm fails to comply with tax regulations, which may go unnoticed during the audit
process.
Lack of supporting documentation for significant expenses, which could hide
unauthorized or erroneous payments.
Types/ Components of Audit Risk
1. Control Risk: The risk that a company’s internal controls will not prevent or detect
material misstatements in financial statements.
Control risk arises when internal controls are insufficient or ineffective at identifying
and addressing inaccuracies.
Example: If a company has weak controls over its revenue recognition process, there
is a risk that errors or fraud might not be caught or corrected.
2. Inherent Risk: The risk of material misstatement in financial statements due to the
nature of the business or its environment, before considering any internal controls.
1
�Pallavi S, Mcom, KSET
Assistant Professor
Department of Commerce & Management
Surana College, Peenya
Inherent risk is associated with the business's inherent characteristics and the nature of
its transactions.
Example: A technology startup might have high inherent risk because of its complex
and rapidly changing operations, making financial reporting more susceptible to
errors.
3. Detection Risk: The risk that the auditor’s procedures will not detect a material
misstatement that exists in the financial statements.
Detection risk is concerned with the possibility that audit procedures might not reveal
significant issues in the financial statements.
Example: If an auditor fails to identify an error in inventory counts due to insufficient
testing, detection risk is present.
How to Manage Audit Risk?
1. Strong Team: The auditor needs a skilled team that understands the business and its
transactions well.
2. Enough Time: The audit team should be given enough time to carefully review and
analyze the financial statements.
2
�Pallavi S, Mcom, KSET
Assistant Professor
Department of Commerce & Management
Surana College, Peenya
3. Assessment of Internal Controls: It's important to check if the company’s internal
control system is strong or weak.
4. Planning: Clear audit plans and procedures should be made before starting the audit.
Audit Risk Assessment
Audit risk assessment is the process of identifying and evaluating the chances of major errors
or misstatements in financial information. This involves understanding how a company's
internal controls work and checking for any risks within those controls that could lead to
mistakes in reporting.
Audit Risk Assessment Procedure
1. Understanding the Business Environment: Auditors must understand the client's
business, its operations, industry, and regulatory environment.
Example: A tech company may face different risks compared to a manufacturing
company. Understanding the business helps identify specific risks related to the industry.
2. Identifying Significant Risks: Determine areas in the business where errors or fraud are
most likely to occur.
Example: If a company recently switched accounting systems, this transition might carry
a higher risk of data entry errors.
3. Evaluating Internal Controls: Assess whether the company’s internal controls
(procedures to prevent or detect errors) are adequate.
Example: If a company has a weak segregation of duties (one person handling cash and
recording transactions), the risk of misstatement or fraud increases.
4. Assessing the Risk of Material Misstatement: Estimate the likelihood and impact of
significant errors in the financial statements.
Example: If a company operates in a volatile market, the risk of valuation errors for
assets (like inventory) might be high.
3
�Pallavi S, Mcom, KSET
Assistant Professor
Department of Commerce & Management
Surana College, Peenya
5. Determining Audit Approach: Based on identified risks, the auditor decides the extent
of audit procedures to mitigate these risks.
Example: If the risk is high, auditors will perform more detailed testing. If the risk is low,
less extensive procedures might be enough.
6. Documenting Risk Assessment: Proper documentation of identified risks and planned
responses is crucial.
Example: This includes recording potential risks, how they were identified, and what
audit steps will be taken.
Internal Control V/S Internal Check
Internal Control Internal Check
A broader system covering all policies and A specific part of internal control focusing on
procedures for ensuring efficiency. continuous checking of work by employees.
Applied across the entire organization. Applied within specific departments or
functions.
Involves both management and employees. Primarily involves employees in daily work
processes.
Includes various elements like audits, reviews, and Primarily concerned with cross-checking
checks. work during its processing.
Aims to safeguard assets, ensure accuracy, and Aims to prevent errors and fraud by dividing
promote operational efficiency. tasks among employees.
Internal Control
4
�Pallavi S, Mcom, KSET
Assistant Professor
Department of Commerce & Management
Surana College, Peenya
Internal Control refers to the policies, procedures, and measures put in place by an
organization to ensure efficient operations, safeguard assets, prevent fraud, and ensure the
accuracy and reliability of financial reporting.
Objectives of Internal Control:
1. Safeguarding Assets: Protecting the organization’s assets from theft, fraud, or misuse.
2. Accuracy of Financial Records: Ensuring that financial transactions are properly
recorded and that financial reports are reliable.
3. Operational Efficiency: Promoting efficient and effective operations to achieve business
objectives.
4. Compliance with Laws and Regulations: Ensuring the organization follows all
applicable laws and regulations.
5. Preventing and Detecting Fraud: Establishing mechanisms to prevent and detect errors,
irregularities, or fraudulent activities.
6. Evaluate the efficiency of the Performance: to evaluate the effectiveness of the
performance in various activities.
Internal Check
Internal Check is a system of organizing the work within a company in such a way that no
single person handles a transaction from start to finish. Instead, work is divided among
different individuals, which helps prevent errors or fraud because one person’s work is
automatically checked by another.
“Internal check means practically a continuous internal audit carried on by the staff itself, by
means of which the work of each individual is independently checked by other members of
the staff.”
- F.R.M. De PAULA',
Objectives of Internal Check:
1. Prevent Fraud and Errors: By dividing tasks, it becomes harder for one person to
commit fraud or make mistakes without being noticed.
2. Increase Efficiency: It ensures that the work flows smoothly and is done on time
since tasks are handled by specialized individuals.
3. Ensure Accuracy: Regular cross-checking helps maintain the accuracy of financial
records and business processes.
4. Safeguard Assets: By monitoring transactions and responsibilities, the company’s
assets are better protected.
5
�Pallavi S, Mcom, KSET
Assistant Professor
Department of Commerce & Management
Surana College, Peenya
5. Reliable Financial Reporting: It ensures that the information used in financial
reports is accurate and trustworthy.
Fundamental Principles of Internal Check:
1. Separation of Duties: No one person should control all aspects of a financial transaction.
Different people should handle different stages.
2. Cross-Checking: One person's work should be verified by another person to detect errors
or irregularities.
3. Authorization: Important transactions should require approval from a responsible person
before they are carried out.
4. Documentation: Every transaction should be properly documented so there is a clear
record that can be referred to later.
5. Timely Reviews: The internal check system should include regular and timely reviews of
transactions to spot issues early.
Internal check with regards to wage payment, cash sales, and cash purchases.
1. Internal Check for Wage Payment:
Segregation of Duties: Different employees should be responsible for preparing the
payroll, approving it, and disbursing wages.
Timekeeping System: Ensure a reliable system for tracking attendance and hours
worked, such as biometric systems or timesheets.
Payroll Authorization: Wages should only be paid after the payroll is reviewed and
authorized by a senior officer.
Verification of Payments: Regularly compare payroll records with actual payments to
ensure that wages are being paid to real employees.
Periodic Audits: Conduct internal audits to identify any discrepancies or potential fraud
in wage payments.
Example: In a company, one department tracks employees' working hours, another
department prepares the payroll, and a third department issues the payments after verifying
everything.
2. Internal Check for Cash Sales:
6
�Pallavi S, Mcom, KSET
Assistant Professor
Department of Commerce & Management
Surana College, Peenya
Issue of Receipts: Ensure that every sale is recorded, and a receipt is issued for all
cash transactions.
Daily Reconciliation: At the end of each day, reconcile cash sales records with the
actual cash on hand to identify any discrepancies.
Separation of Duties: The person handling the cash should not be the same person
recording sales. This reduces the risk of theft or fraud.
Cash Registers: Use cash registers that lock after each transaction to ensure all sales
are recorded properly.
Surprise Cash Counts: Conduct unannounced cash counts to detect any
wrongdoings.
Example: A retail store ensures that cashiers issue receipts for each transaction and perform
daily reconciliations of cash sales against the receipts.
3. Internal Check for Cash Purchases:
Approval Process: All cash purchases should be pre-approved by a designated person
or department.
Documentary Evidence: Ensure that proper invoices or receipts are obtained for all
cash purchases.
Reconciliation of Records: Regularly check the cash purchase records against actual
cash balances and invoices to detect any discrepancies.
Limited Access to Cash: Only authorized personnel should handle cash for purchases
to reduce the risk of misuse.
Frequent Review: Periodically review cash purchase transactions to ensure they are
valid and properly accounted for.
Example: In a business, small cash purchases are only made after getting approval from the
finance manager, and receipts are submitted for verification.
Internal Audit
Internal Audit is an independent evaluation of a company’s processes, controls, and systems
to ensure everything is working correctly and to help the company improve. It’s done by
internal auditors who are part of the company but are separate from the daily operations.
Objectives of Internal Audit:
1. Ensure Compliance: Make sure the company follows laws, regulations, and internal
policies.
2. Assess Risk: Identify and evaluate risks that could affect the company’s goals.
7
�Pallavi S, Mcom, KSET
Assistant Professor
Department of Commerce & Management
Surana College, Peenya
3. Evaluate Controls: Check if the internal controls (policies and procedures) are effective
in managing risks.
4. Improve Processes: Find areas where processes can be improved for better efficiency
and effectiveness.
5. Safeguard Assets: Ensure company assets (like cash, equipment) are protected from theft
or misuse.
6. Verify Accuracy: Confirm that financial records and reports are accurate and reliable.
7. Enhance Accountability: Make sure employees and managers are responsible for their
actions and decisions.
8. Support Management: Provide advice and recommendations to help management make
informed decisions.
9. Promote Efficiency: Look for ways to reduce waste and increase productivity within the
company.
10. Prevent Fraud: Detect and prevent fraudulent activities and ensure proper procedures are
followed to avoid dishonest practices.
Similarities and Common Interests of Internal Auditor and Independent Auditor
Similarities:
1. Purpose: Both types of auditors aim to ensure that an organization’s financial
information is accurate and that its operations are running smoothly. They check for
errors, fraud, and compliance with laws.
2. Standards: Internal and independent auditors both follow professional standards and
guidelines to carry out their audits. These standards ensure that the auditing process is
thorough and reliable.
3. Reporting: Both internal and independent auditors provide reports on their findings.
Internal auditors report to management within the organization, while independent
auditors usually report to external stakeholders like investors or regulatory bodies.
Common Interests:
1. Accuracy: Both want to ensure that the financial statements and records are accurate
and reflect the true state of the organization.
2. Fraud Detection: They both work to identify and prevent fraud or misuse of
resources within the organization.
8
�Pallavi S, Mcom, KSET
Assistant Professor
Department of Commerce & Management
Surana College, Peenya
3. Compliance: Both types of auditors check if the organization is following relevant
laws, regulations, and internal policies.
Fundamental Difference Between Internal Auditor and Independent Auditor
Aspect Internal Auditors Independent Auditors
Scope Focus on improving internal processes and Focuses on providing an external
controls within the organization. opinion on the financial statements of
the organization.
Appointment Hired by the organization’s management or Appointed by shareholders or external
board. stakeholders.
Status Part of the organization; employed full- External to the organization,
time or part-time. independent of its management.
Qualification Typically have professional certifications Usually have professional
like CIA, or CISA; often hold degrees in certifications like CPA or CA; often
accounting or finance. have specialized experience in
auditing.
(Certified Internal Auditor). (Charted Accountant)
(Certified Information Systems Auditor) (Certified Public Accountant)
Approach Works continuously and is involved in day- Works on a periodic basis, often
to-day operations. annually, to review financial
statements.
Responsibilit Ensures internal controls are effective and Provides an independent opinion on
y recommends improvements. the accuracy and fairness of financial
statements.
Procedure Conducts regular audits, reviews internal Performs audits based on standards
controls, and offers advice on process and regulations, and issues an audit
improvements. report on the financial statement