Skip to main content

How do external auditors evaluate audit risks?

As calendar-year entities wrap up financial reporting for the year, their external auditors work behind the scenes to prepare for audit season. Here’s what you can do to help facilitate the audit planning process.

The audit risk assessment

During fieldwork, auditors can’t test every transaction, recalculate every estimate or examine every external document. Instead, they tailor their procedures and assign audit personnel to keep audit risks as low as possible.

So the process starts with evaluating “audit risks.” This refers to the likelihood that the auditor will issue an adverse opinion when the financial statements are in accordance with U.S. Generally Accepted Accounting Principles or (more likely) an unqualified opinion when the opinion should be either modified or adverse.

2 types of audit risks

First, auditors assess the inherent risk of material departures in the financial statements. Examples of inherent risk factors include complexity, volume of transactions, competence of the accounting personnel, company size and use of estimates.

Second, they assess control risk. This is the risk that the entity’s internal controls won’t prevent or correct material misstatements in the financial statements.

Separate risk assessments are done at the financial statement level and for each major account — such as cash, receivables, inventory, fixed assets, other assets, payables, accrued expenses, long-term debt, equity, and revenue and expenses. A high-risk account (say, inventory) might warrant more extensive audit procedures and be assigned to more experienced audit team members than one with lower risk (say, equity).

Risk assessment process

External auditors use auditing checklists and, for existing clients, last year’s workpapers to evaluate audit risks. However, new risk assessments must be done each year, even if the company has had the same auditor for many years. That’s because internal and external factors may change over time. For example, new government or accounting regulations may be implemented, and company personnel or accounting software may change, causing the company’s risk profile to vary. As a result, audit procedures may differ from year to year or from one audit firm to the next.

Auditors can’t assume the status quo; they must conduct in-depth procedures to determine current risk levels. In addition to researching public sources of information, including your company’s website, your auditor may call you with a list of open-ended questions (inquiries) and request to visit your facilities to evaluate whether your internal controls are operating as designed. Timely responses can help auditors plan their procedures to minimize audit risks.

Help us get it right

Audit fieldwork is only as effective as the risk assessment. Evidence obtained from further audit procedures may be ineffective if it’s not properly linked to the identified risks. You play a critical role in helping your audit team understand the risks your business faces and the challenges you’ve experienced reporting financial performance. Let’s work together during the planning stages to help ensure your audit runs smoothly and your company’s financial statements accurately reflect its results for 2024.

© 2024