In order to perform an effective audit that results in a set of fairly stated financial statements it is necessary for us (the auditors) to gain an understanding of your business and identify any specific financial reporting risks, referred to as significant risks in an audit.
For the purpose of an audit, a significant risk is an identified and assessed risk of material misstatement that, in the auditor’s judgment, requires special audit consideration. As such, significant risks vary and are dependent on factors such as industry, depth of internal controls, external factors, financial performance, etc. In addition, in most audits, there is a prescribed significant risk related to revenue recognition, due its inherent risk of fraud. Because of this, significant risks require special audit consideration that generally leads to additional procedures being performed in the audit.
In order to identify these risks, we perform procedures such as the following:
- Discussions with key personnel to obtain an understanding of your company and its environment
- Discussions and walkthroughs performed and documented over internal control procedures
- Various analytical procedures
- Discussions amongst the audit team as well as with you about the risks of material misstatement
Some examples of significant risks identified could be highly subjective allowances, critical adjustments or accruals, revenues/accounts receivable, and unique industry specific or unusual, non-recurring transactions. These are just a few examples, and they will vary from company to company. Also, depending on circumstances, the risks identified year over year can change. One external factor that affected many businesses was the impact of COVID-19, which caused going concern and impairment concerns in many businesses. As such, additional risks could be identified for your business that were not significant in prior years and may not be significant in future years.
When there is a significant risk identified, the audit team will come up with a plan to specifically address these risks and will communicate these procedures to you. These generally include a combination of tests of controls, analytical procedures and / or test of details.
It is also important to keep in mind that the audit team will continue to assess any significant risks throughout the audit and will keep open communication with you should any arise. Under the new audit standards effective for 2021 calendar year ends, significant risks need to be communicated to those charged with governance (for example, a board of directors or owner/manager in a smaller company). Accordingly, for all audits going forward, there will be more prevalent communication of these during the audit planning phases and at the conclusion of an audit for anything that arose during the course of performing our audit procedures.
For more information on significant risks in an audit, contact your Henry+Horne advisor.