مقاله ترجمه شده با عنوان حسابداری بر مبنای ریسک در فرمت ورد و شامل ترجمه متن زیر می باشد:
Risk-Based
Auditing:
A New
Approach
opponents in a chess match, each seeing the playing field (in this case, the business) from his or her particular point of view.
In a risk-based audit, the auditor sits on the same side of the desk as the client. Now the client has a partner, an ally, since both are viewing the business from the same perspective.
The Limitations of the Traditional Approach
Now, let’s get specific about the business of construction. In a traditional audit, auditors typically make all of their audit decisions on the basis of materiality, which is a percentage (or a fraction of a percentage) of a contractor’s volume. The inter¬nal controls established by the contractor are not extensively evaluated for audit-efficiency purposes because the focus is on verifying the numbers presented in the financial state¬ments. In the end, the auditor verifies what the contractor already knows – the company made money on some jobs and lost some on others. Then, the contractor gets a bill and the process repeats itself again next year.
In some situations, this is the only approach auditors can take because of the weak control environment present in the com¬pany. Generally, when weak internal controls exist, manage-ment has made a conscious decision that internal controls are not as important as other aspects of the business. However, a weak control environment is a glaring risk in and of itself, and is something which should be brought to the attention of man¬agement. While the traditional audit approach works within a weak control environment, a risk-based audit identifies these weaknesses so that management can take the proper steps to strengthen internal controls.
September/October 2006
The Advantages of the Risk-Based Approach
While a risk-based audit focuses on the numbers, it also focus¬es on understanding the business activity that drives those numbers. It involves “getting into the heads” of key person¬nel and understanding how they think and what information they use to make their decisions. Here are some of the issues typically addressed in a risk-based audit:
. • How is this particular construction business distinguished from its competition – what is its competitive edge?
. • Strategically, what are the contractor’s short-
and long-term goals?
. • What are the short- and long-term obstacles (such as labor or material shortages) the com¬pany must overcome to reach its goals, and how does it plan to do so?
. • What are the day-to-day operational problems encountered by key management?
. • How has management addressed any opera
¬tional weaknesses?
. • What operational controls are in place to
ensure that contracts are being executed, and
that work is being performed in accordance
with internal policies and procedures?
. • What internal controls are in place to ensure
that the financial accounting and reporting
function is without error or fraud?
. • How does management ensure the accuracy of the financial information used to make impor¬tant decisions?
. • Historically, what personnel within the company are inexperienced or have performed at a lower level than their peers?
In other words, in a risk-based audit, it is incumbent upon the auditor to understand all the particulars of the construction business being audited.
The Steps in a Risk-Based Audit
Providing this new level of service requires new ways of preparing for and conducting the audit itself. When adopting the risk-based audit approach, we auditors find ourselves doing more up-front planning and preliminary analysis. We spend more time understanding the company’s operational controls, as well as the internal controls as they relate to the financial reporting function. From an auditor’s standpoint, this preliminary work is very rewarding; by the time we actu¬ally get into the fieldwork, we often know the answers to many of these questions before we ask.
Here are the three basic steps of a risk-based audit:
Step 1: Question All Key Players
As soon as possible, the auditor sits down with the President/CEO/owner – the person who can talk about the short- and long-term risks and goals for the company. We want to know:
. • What is the biggest risk facing the company in the next year? The next 5 years?
. • Are there plans to mitigate those risks?
. • What problems has the business encountered this year?
. • Are there any specific concerns which we should be aware of as we conduct this audit?
. • What should we expect to see in the numbers?
In addition, we follow up on issues from the prior year’s audit. Then, we go down the line, talking to key members of management, starting with the CFO, asking similar questions relating to their area of responsibility. It can also be helpful at this stage to talk with the bonding agent and other profes¬sional support providers. Even the client’s attorney can pro¬vide useful information in the planning stage.
From an auditor’s standpoint, this initial process helps in for¬mulating the audit procedures. At this stage, we are develop¬ing audit expectations and, hopefully, getting corroborating audit evidence to use when performing the actual audit. We’re also learning what’s new in the company and assessing how we can be of the most value to our client.
Step 2: Document the Controls
Next, the contractor’s internal and operational controls are documented in detail. For a construction company, the con¬trols at the jobsite and the flow of information from the job-site to the office (and vice versa) can be as important as the internal controls within the office. At this stage in the pro¬cess, we auditors are constantly asking, “Why?” Why is this policy in place? Why is that superintendent not held to the same deadlines as the others? What risk has management un¬knowingly accepted and why?
All of this questioning may seem very painful from manage-ment’s perspective. No one likes to talk about policies, pro¬cedures, and internal controls. However, internal controls aren’t limited to ensuring that the company has adequately segregated the duties in the accounting department; there are other controls occurring well outside the accounting area that must also be evaluated. In order to properly conduct a risk-based audit, we must have a thorough understanding of the standard operating procedures of the business. By asking the hard questions, significant weaknesses can be identified. Some of the questions an auditor might ask include:
. • What kind of monitoring or oversight is in
place for the estimating process?
. • Do estimators submit bids without a second
review of their take-offs?
. • How does management ensure that equipment charges are fairly allocated to the jobs where the equipment is being used?
. • Is the company relinquishing profits on a
T&M or cost-plus contract by not providing
for equipment rental charges?
These types of questions, and the answers received, are criti¬cal to the success of the risk-based audit.
CFMA Building Profits • September/October 2006
Step 3: Analyze the Information
In the third phase of a risk-based audit, the financial infor¬mation undergoes an initial analytical review, and audit procedures are developed. The goal here is to perform as much of the audit as possible using an analytical approach, instead of tests of details. If we, as your auditors, believe that internal controls are operating effectively, we may do a test of controls and limit some other detail tests. If risks and controls have been adequately identified and evaluated, we can then develop our analytical procedures based on expectations about what the financial information should indicate.
Because we have already made inquiries and accumulated information from the key members of management, we can base our analytical procedures on this information. If the numbers don’t meet our expectations, we would then have an obligation to perform further procedures.
As an example, the job schedule for standard contractors is a key piece of information and one that we need early in the audit for risk analysis. In fact, we may have this information in front of us before we do Steps 1 and 2 above. No matter what our analysis of risk in the preliminary stages of the audit reveals, estimates of management (which are in the job schedule) always become the focal point when we talk about risk. So, the job schedule is analyzed separately to determine which jobs represent the most risk. The following are some of the factors used in making these decisions:
. • Percent complete at balance sheet date
. • Size of contract
. • Type of contract (fixed-price, T&M, cost-plus)
. • Experience of contractor in type of contract
. • Key personnel on contract (superintendent, pro¬ject manager)
. • Estimated profit margin
. • Amount of labor costs in contract
. • Presence of contract stipulations, such as penal¬ties for late completion
. • Presence of overruns or other problems noted
from other inquiries
Our analytical procedures usually allow us to reduce the more time-consuming detail tests to a minimum. Since analytical procedures provide more valuable audit evidence than many other audit procedures, we are not only being more effective, we are also being more efficient. The risk-based audit is truly an example of a win-win situation – something you’re not likely to hear being said about a traditional audit!
Conclusion
A properly performed risk-based audit allows everyone to walk away at the end of the process feeling good about what was accomplished. The auditors feel they have provided a ser¬vice of real value to the client. The clients feel (and rightly so) that they have received valuable information they can use to strengthen their companies. Ultimately, I believe that risk-based auditing can transform the entire audit process into a rewarding experience for all parties.
Thomas E. Bayer, CPA, is a Manager for Sikich, Gardner & Co., LLP in Spring¬field, Illinois (e-mail: tomb@sikich gardner.com or phone: 217-793-3363). Tom has seven years of expe¬rience in construction accounting.
He holds a BS from Eastern Illinois University and obtained his CPA in2006. Tom has also been published in the “CICPAC Quarterly Newsletter” and the Journal of Construction Accounting and Taxation.
Builders Association.
مقاله ترجمه شده با عنوان حسابداری بر مبنای ریسک
