Your company audit – no replacement for risk management

Disclaimer: Please note that this article is at least 12 months old.
Any information herein was accurate when published on 4 July 2008

Subscribe to the Industry News newsfeed

The undertaking of a statutory audit does not preclude the need for a company to ensure they have a comprehensive risk management process in place according to Ursula van Eck, partner: BDO Spencer Steward. This makes new “risk management” legislation in the Companies Act exceptionally good news both for auditing firms and the businesses they audit. “While auditing will assist companies to identify potential areas of risk, the primary role of an auditor is to ensure that the financial statements of a company are representative of the company's financial position at a specific time. Audit firms therefore cannot, and should not, take on the responsibilities of risk management of a business, as this is the duty and responsibilities of the directors and management – why this new legislation couldn't come at a more opportune time.”

With an increased focus on compliance, auditors have found their role under increased scrutiny and far more heavily regulated. When it comes to risk management however, van Eck maintains that an audit should not be confused with risk management – something that has happened in certain instances in the past. “Although auditors are required to assess risk in the context of the work they perform during an audit, detection of risk (particularly fraud risks) is not our primary role.”

Van Eck explains that while auditors are attentive to factors within an organisation that mitigate risk, it should be understood that sampling is used in many areas of an audit and consequently risk an inherent part of the process. “An auditor's responsibility is to reduce the risk of misstatement to ‘an acceptable level' during the course of an audit to enable us to express an opinion on the financial position of a company. If effective risk management processes and procedures are in place at a company this provides auditors with additional reassurance that the directors and management are taking a pro-active approach to business risks. This in turn creates an overall environment where risk could be considered lower than in an organisation where such risk management is not in place.”

In van Eck's view the new Companies Act will do much to ensure that risk management becomes a corporate priority and responsibility and could go some way to rectify misperceptions around auditors' responsibilities. “Companies will have to implement the King Code of corporate governance which includes having properly constituted risk management and audit committees, as well as being required to report on risk management policies and procedures. Listed companies will also be required by law to review operational and strategic risks of their businesses. As auditors we seek to gain an understanding of these risks and adapt our audit procedures accordingly.”

While most audit firms, including BDO Spencer Steward, can assist corporates with risk management, directors and management should differentiate between their own and their auditor's responsibility in this regard. By managing their own risk and implementing systems and procedures, businesses will go a long way in proactively partnering with their auditing firms to mitigate risks in an ever increasingly complex and changing business environment. Ends.

Disclaimer: Please note that this article is at least 12 months old.
Any information herein was accurate when published on 4 July 2008