Q1. Is there anything a company can do for employees to reduce the risk of unethical behavior causing harm or even a public relations disaster?
Q2. Involved in risk management are safety concerns not only for the employees but for the business as well. Discuss some of the ways a company can prepare the business for a natural disaster. Also, what can the business do for the employees?
Q3. It is a specific requirement of ISA 315 that the auditor obtains an understanding of the internal control relevant to the audit. This is a crucial step in assessing the risk of material misstatement, as one of the components of audit risk is control risk, defined as the risk that a misstatement that could occur will not be prevented, or detected and corrected, on a timely basis by the entity's internal control. An important part of assessing the risk of material misstatement is that the risks identified should be prioritized. This is because ISA 315 determines that risks which are identified as being significant risks require special audit consideration. It is a matter of judgment as to whether a risk constitutes a significant risk, and matters such as the complexity of the transaction, whether there is a risk of fraud, the involvement of related parties, and whether the transaction is outside the normal course of business should be considered. (ISA 315.28) Any thoughts?
Q4. As we continue to discuss the audit risk model one area that should not be overlooked is engagement risk. This risk is directly associated with the business risk of the client and this risk is used in the initial planning stages to modify acceptable audit risk.
Engagement risk is the risk that an auditor, of firm, will suffer harm after the completion of the audit. The audit report could very well be accurate, but the auditor must consider the clients business risk in setting an acceptable level of audit risk. As we know, clients can have an favorable audit report and then not meet business objectives which in turn may cause hardship, for example, suffering a serious loss and then declaring bankruptcy. This may subject the auditor to lawsuits from the users of the audit report.
Engagement risk can be modified based on the acceptable audit risk that is also modified during the course of an audit. This also plays into the notion that having experienced auditors who will modify the audit based on changes in risk levels is so important. Any thoughts?
Q5. In 2013, COSO issued an update of its framework to include 17 principles. Can any one search and present theses principles to us.