3.0 Key business risks to CSIRO
3.1 Identify key business risks
Generally speaking, business risk is mainly the potential possibility when firms cannot meet clients’ key business objectives because of some future events or actions from both outside environment and inside company. It can also show up when firms fail to identify business objectives crucial to the stakeholders. Business risks can be categorized into both short and long term, which reflect the influence to the firm brought by the risks in different time horizon. In this case, short-term business risks are risks that have an effect when our audit opinion is still valid, i.e. in the short term; long-term business risks are, on the other hand, risks that do not show an obvious impact at present but will materially affect the firm’s future operating, i.e. in the long term ( Sultan S.A. M., 2007).
Basically, CSIRO aims to bring innovative solutions to public, government and industry in Australia, and in order to fulfill the task, it depends on the excellence and innovative of the staff. It stages in a quit wide range of industry, from finance to biotechnology. This business model may require a huge professional staff in all kinds of industry, and these staffs have to be excellent enough to be able to give proper advice to its clients. Though not necessarily into very detail, the advisory service should be based on professional knowledge; this may lead to risk.
Another business comes from the model itself, when CSIRO uses scientific method to deliver solutions to the industry. Risks are not hard to find, e.g. health and safety to its clients, impact of science, and biosecurity. All these staffs are caused by innovation, which can certainly provide amazing solution to problems but will also contain huge risk in the downside (Bedard, J. C., and K. M. Johnstone., 2004).
3.2 Impacts on Financial Statements and Audit
The need for professional staff in so many fields may lead to a problem when there is a difficult situation in which CSIRO employees can do nothing. When the new business models come out more quickly today, it is hard to ensure that it can solve all the problems. The trouble will make the revenue growth less than expected. And once the fund is harmed, its strategy to invest in people cannot be realized. Besides, innovation itself means uncertainty, which will be reflected by volatile growth rate and volatile statements structure. The more potential problems exist in a company, the harder for auditors to find all of them from the financial statements.
3.3 Analysis of the Internal Control
Strengths
The corporate governance of CSIRO is open and transparent to communicate with the public on the health and safety issue. The corporate policy also encourages its scientists to communicate the new research outcomes and implications with outside world. This transparency process will enhance people’s faith towards this company. And through the process of communication, innovation can be more active, since the former is the source of the latter.
Weaknesses
The firm can hardly ensure that all the innovative outcomes from the staff will be used on behalf of CSIRO. Since all the scientists work on their own and record the outcomes on their own, it is hard to find whether there are some ideas used for private purposes.
4.0 Potential Fraud
4.1 Measurement of Fraud Risk
In order to measure the risk of fraud, we ought to take a look at the leverage and some ratio of the company. From the balance sheet, we can calculate the current assets and current liabilities, $334584 and $253959 thousand resp. The quick ratio is even more plausible, since the inventory is little. This reflects a safe stand, since current assets are big enough to cover all the current liabilities.
4.2 Further Steps to search Fraud Risk
Another method to seek the fraud risk is to look at the change of all financial ratios in recent few years and also the absolute changes of all the items in the financial statements. If the absolute changes are volatile but the ratio always remains at a safe level, the potential fraud risk is will be huge, and vice versa (Menon, K., and D. D. Williams., 2001).
5.0 Preliminary Audit Risk Components and Approach
5.1 Preliminary Audit Risk Components
Audit risk is defined as the auditor's willingness to accept that the financial statements of the company may be materially misstated as long as the audit has been done and a clean opinion has been issued by the auditor. If the auditor wants a lower audit risk, then the auditor must make sure that the financial statement of the company is far from materially misstatement (Sikka et al, 1998). There is an equation to calculate the auditor risk, which is defines as: AR = IR*CR*DR, where IR represents the inherent risk, CR stands for the control risk and DR is defined as the detection risk.
The inherent risk in the audit is the risk of material misstatement noted by an independent auditor about the financial statement and disclosure without considering error or fraud of the internal control. It is also defined as the susceptibility of an account balance or transaction class of material misstatement, either alone or with other classes or incorrect summary balances, regardless of the internal controls Winograd, S. Gerson, 2000).
Control risk is the risk that a misstatement that could occur in an account balance or transaction class, alone or with other classes or incorrect summary balances, which would not be discovered, investigated, or corrected by the internal control strategy or the accounting procedure on a timely basis. It is also defined as the probability of loss arising from the tendency of internal control systems to lose their effectiveness over time, and thus expose (or fail to prevent exposure of) the assets they were instituted to protect (Sultan S.A. M., 2007).
Detection risk is defined as the risk that auditors’ detailed tests and analysis of transactions procedures and accounts balances do not discover or find out a misstatement which exists in an account balance or transaction class, either alone or with other classes or incorrect summary balances, regardless of the internal controls. It can be split into two components: Sampling Risk (SR) and Non-Sampling Risk (NSR). SR is a risk by the auditor that the sample selected may not accurately reflect the population data that is being sampled. Therefore the conclusion of such a sample is considered not applicable to represent the whole population. NSR is found other than the risk of SR; it is the risk that auditors will not discover or find out a misstatement because of a large numbers of reasons (Bell,. Marrs. Thomas, 1997).
5.2 Audit Procedures
The purpose of the audit procedures are to provide a detailed inspection in the audit process, which are mean to achieve specific audit objectives. With a combination of risk assessment, audit procedures will be approved prior to the implementation of these audit procedures by audit firms and audit management (Elliott, R., 1994).
5.3 Preliminary Audit Strategies
The auditor sets four components: firstly, the auditors will plan the assessed level of control risk; then they will normally extent the understanding of internal controls; thirdly they will begin to test the controls and last, they are going to plan the level of substantive tests. Preliminary audit strategies are defined as the auditor’s preliminary judgments on the chosen approach related to assertions. Usually they are based on some assumptions (Knecbel, W. R., 2001).
5.4 Primarily Audit Approach
In this approach, auditor slightly relative to the procedure to gain an understanding of the client's internal handling structure. Initially, we plan to evaluate the risks as well as audit the related controls and counter-measures based on the audit plan related with other business and accounts. The results from this evaluation can be used to decide the appropriate substantive procedures of the procedure. My methodology is to reduce to substantive procedures which can minimum the common time-consuming, while at the same time maintain the quality of audit results.
The audit approach diagram is listed below:
source:http://www.deloitte.com/assets/Dcom-Luxembourg/Local%20Assets/Images/Business%20Graphics/Channels/lu_auditapproach_832x580_171011.jpg
6.0 Timetable Development
One of the first things in an audit is the development of the audit plan. For my time table of audit procedure with CSIRO, I would try and list down the things internal audit departments should be doing to get their audit plan ready. I have tried and included some common sense stuff on developing audit plans.
- Consider the development of risk factors in the audit plan is one of the most important things. The audit plan must be based on risk.
- To achieve the first point listed above, the most important criteria is an ongoing risk assessment process.
- Decide to audit the scope and extent of the plan, which is necessary to maintain a large angle.
- Last point, the internal auditors should assess the content of key indicators from point sources of finance, operations and human view.
The timeline of the procedure will be recorded in the timetable constructed below:
Source: self-constructed.
7.0 Conclusion
In conclusion, the business risks that CSIRO will have in the near future are the specialization of the working stuff. Based on the cross-industry research of CSIRO, their stuff must be familiar with the professional knowledge in almost each field, which will result in a business risk of CSIRO. After analyzing the financial statement of CSIRO, the current ratio and other ratios are not obviously indicating a larger fraud risk in the near future, for more precise prediction, it is necessary that further and detailed investigation be made into the financial statement. For preliminary audit risk components and approach, the conclusion and procedures are appropriate based on the current conditions of CSIRO.
Reference
Bedard, J. C., and K. M. Johnstone. (2004). Earnings management risk, corporate governance risk, and auditors’ planning and pricing decisions. The Accounting Review 79 (April): 277–304.
Bell, T. B., F. O. Marrs, I. Solomon, and H. Thomas.(1997). Auditing Organizations Through a Strategic-Systems Lens: The KPMG Business Measurement Process. Montvale, NJ: KPMG Peat Marwick.
Elliott, R. (1994). The future of audits. Journal of Accountancy 178 (September): 74-82.
Knecbel, W. R. (2001). Auditing: Assurance and Risk. Second edition. Cincinnati, OH: South-Western College Publishing.
Menon, K., and D. D. Williams.(2001). Long-term trends in audit fees. Auditing: A Journal of Practice & Theory 20 (March): 115–136.
Sikka et al. (1998).The Impossibility of Eliminating the Expectation Gap: Some Theory and Evidenc, Critical Perspectives on Accounting, Vol. 9, No. 3 pp 299–330.
Sultan S.A. M. (2007). Adoption and Acceptance of AAOIFI Standards. Paper Presented at Workshop on Shariah Review, Audit and Governance for Islamic Financial Institutions on 30–31 January 2007, Kuala Lumpur.
Sultan S.A. M. (2007). Audit for Shariah Compliance: Developing the Audit Program and a Proposed Methodology. Paper presented on Workshop on Shariah Review, Audit and Governance for Islamic Financial Institutions on 30–31 January 2007, Kuala Lumpur.
Winograd, B. N., J. S. Gerson, and B. L. Berlin.(2000). Audit practices at Pricewaterhouse Coopers. AUDITING: A Journal of Practice & Theory (Fall): 175-182.