Review the source and write an essay to answer the following:
Source: Bowlin, K. 2011. Risk-Based Auditing, Strategic Prompts, and Auditor Sensitivity to the Strategic Risk of Fraud. The Accounting Review 86 (4): 1231-1253.
a. What is the issue being addressed in the paper?
b. What are the findings of the paper?
c. Why is this paper important to auditors, and what are the implications of this paper for the auditing profession?
d. Describe the research methodology used as a basis for the conclusions.
e. Describe any limitations of the research.
- Issues addressed in the paper
The paper outlines and addresses the issue of risk-based auditing. Risk-based auditing refers to the methodology, process, approach, and attitude of mind that the management of an organization uses when auditing the greatest risks in their organizations. The organization’s auditor should identify its key risks to establish the basis for risk-based auditing. During the process of conducting a risk-based audit, the internal auditor should fully engage the management in order to establish all the controls in the organization (Feng, & Fei, 2002). The auditor has the duty of explaining the importance of controls to the management in order to create the basis of auditing such controls. By doing so, auditors are in a position to accurately assess misstatement risk at the account level and develop a basis to allocate audit resources effectively. In an organization, there exist observable non-strategic risks and unobservable strategic risks. Most auditors will tend to lay emphasis on the observable non-strategic risks by allocating more resources to them while they neglect the unobservable strategic risks thereby creating opportunities for fraud in the low risk accounts.
- Findings of the paper
The findings of the paper indicate that there are two types of risks existing in an organization that must be audited if the company wants to realize its objectives. The auditor is responsible for detecting any misstatements within the financial statement accounts, which are either low-risk or high-risk. In either of the financial statement, accounts could be misstated due to a non-strategic accounting system error or because a manager may decide to override the accounting system (Griffiths, 2012). To this effect, the auditor allocates a fixed pool of audit resources among the low-risk and high-risk financial accounts together with his or her personal remuneration.
In many organizations, the auditors mainly develop interest in observable non-strategic risks. These high-risk accounts include the capital expenditure, financial systems, adequacy, and the effectiveness of accounting controls, systems under development and physical security of the assets. These areas are very important to the success of the organization and therefore, auditors must incorporate controls and effective risk reduction techniques by allocating more resources. On the other hand, there are certain areas where the auditors do not lay emphasis while conducting their audit functions. For instance, most of the auditors never audit areas such as marketing, human resources, IT strategic planning, corporate planning, investor planning and health and safety. Although these areas are given little concern, they probably represent the higher risks in any organization.
- Importance of the paper to auditors and implications of the paper for the auditing profession
Auditors should understand that they control the organization’s overall risk management framework. Risk based internal auditing allows the internal audit team to provide assurance to the organization’s board that risk management processes are managing risks effectively, relative to the risk appetite. The paper provides the methodology that auditors should use when assessing risks associated with the organization. The information provided is important to the auditor because it helps him or her to choose effective and efficient allocation strategy towards the projected risks (Johnstone, Gramling, & Rittenberg, 2014). The paper also helps the auditor to understand if the manager will anticipate and attempt to exploit the resource allocation program. In addition, it offers a stronger strategic prompt that should begin by asking the auditor to predict the manager’s belief about his or her allocation strategy and then further asks the auditor to predict the manager’s reaction to the beliefs.
- Research methodology used as a basis for the conclusions
An auditor should adhere to a given procedure while conducting a risk-based audit in order to arrive to concrete conclusions in relation to the position of the organization (Eilifsen, Knechel, & Wallage, 2001). The following is the methodology of implementing risk-based audit in an organization:
Objectives of the Auditing
The auditor should define the objectives of the audit before starting the procedure. The successive step should involve obtaining and managing senior management support. The auditor should ascertain the degree, to which the management is performing its monitoring role, then identify, and prioritize the areas to be addressed and the type of risk-based audit to be performed. The auditor should identify vital information systems and data sources to be used incorporated by a keen understanding of the underlying business processes and application control. The successive objective should entail developing good relationships with the IT management before commencing on the audit procedure.
Data Access and Use
The auditor should identify and buy the analysis tools to be used in the risk-based audit process. He or she should then build up access and analysis capabilities to be followed. The auditor should develop and maintain auditor analysis skills and techniques as required by the profession standards. Finally, the auditor should assess data integrity, reliability, and finally analyze and prepare the data.
Continuous Risk Assessment
In analyzing the risk-based audit, the auditor should define the entities to be evaluated, identify the risk categories in the organization, identify data-driven indicators of risk or performance, and then design analytic tests to measure increased level of risks within the organization.
Report and Manage Results
The auditor should prioritize the results and determine the regularity of the continuous auditing activities. He or she should run the tests on a usual, timely basis, identifying control deficiencies or increased levels of the occurrence of risk. The auditor should prioritize the results and then initiate an appropriate audit response thereby making the results known to the management. Finally, the auditor should manage the results through monitoring, tracking, reporting, making follow-ups, and then evaluate the effectiveness of the risk-based audit in order to make conclusions.
- e) Limitations of the research
Although technology has made it easier to access data, computing power makes real time analysis increasingly practicable and challenges remain. There are limitations that are associated with the research. One of the limitation is that the un tabulated results of logistic regression of manager override behavior and indicates that the three way interaction among prompt, account and round is negative thereby implying that the strategic prompt is associated with growing downward pressure on manager’s tendencies to override the low risk account versus the high risk account.
Another limitation is the fact the experimental design does not straighten out the marginal effects of obtaining auditor’s beliefs about the manager’s prospects of auditor strategies and eliciting auditors’ beliefs about managers’ likely reporting choices (Bowlin, 2011). Moreover, the study attempts to capture the strategic essence of auditing using a relatively bare but biddable setting. Several institutional features of real world auditing may in one way or another affect the manager and auditor choices, leaving them as potential avenues for future research. For instance, the amount of resources available in a real world setting of an auditor is likely to be determined through negotiations with the client.
Moreover, the manager is capable of deliberately misstating the financial statement accounts, although practically most of the low risk accounts are hard to manipulate. Lastly, the auditor penalties do not differ between errors and undetected fraud; therefore, while this does not influence the economic predictions of an auditor behavior, the differences could behaviorally affect auditor’s sensitivity to the strategic nature of the auditing setting (Bowlin, 2011).
Did you know that effective analysis of concepts requires professionalism in handling academic research Papers? Do no compromise on your grade choose professional Research writers at elitetutorslab.com