Deck 2: Managing Risk: The Role of Auditing and Assurance

Although all eight components of enterprise risk management according to COSO's 2004 ERM framework are important, which is most critical and why?

The internal environment is critical because it lays the foundation for all other elements of risk management. Specifically, the internal environment reflects the attitudes, approach, and competence of management with regard to enterprise risk management. If owners can hire competent and honest management whose personal goals are aligned with the owners, many other forms of control may be reduced.

Describe three different auditing standards and their source.

a. In general, audits in the United States are conducted under the guidance of Generally Accepted Auditing Standards promulgated by the American Institute of CPAs (AICPA).
b. Audits of publicly-listed companies in the United States are conducted under Auditing Standards issued by the Public Company Accounting Oversight Board (PCAOB).
c. International Standards on Auditing are established by the International Auditing and Assurance Standards Board (IAASB).

Why is external auditing important to risk management?

The external auditors provide an objective check on the reliability and fairness of financial information. However, they also provide assurance over other aspects of an organization such as providing owners with corroborative evidence that control is operating effectively, and giving managers feedback on improving internal control over financial reporting for their own purposes. Auditors are uniquely qualified to provide such assurance because they possess the professional skills to provide highly diagnostic services, while maintaining objectivity.

Because management is responsible for providing reliable financial information to stakeholders, management, management must implement an effective process for maintaining control over financial reporting. What must management do in achieving this?

What are some indications of ineffective risk management that the auditor may see as signs of potential risks?

Compare the management perspective of risk management to the auditor's perspective of risk management.

What are the eight components of enterprise risk management according to COSO's 2004 ERM framework? Define each component.

Compare the management perspective of performance measurement to the auditor's perspective of performance measurement.

What is a control activity? What factors influence the effectiveness of a control mechanism?

What management activities are the focus of the auditor when evaluating internal control over financial reporting?

What fourth broad objective applied to audits of SEC-registered public companies in the United States?

To achieve effective risk management, what must be recognized about the nature of risks?

What determines the extent to which an auditor is expected to examine internal control over financial reporting?

Describe the three phases of an integrated audit.

What is the auditor's primary concern when testing the effectiveness of internal control over financial reporting?

Distinguish between risk, information risk and business risk.

Auditors must assess whether management has identified and tested appropriate controls. What are these controls?

Compare the management perspective of information reliability to the auditor's perspective of information reliability.

Depending on the nature of the risk and the resources available, an organization can deal with risks in four ways. Identify and explain these four responses to risk.

What are the three broad objectives of a traditional audit conducted under generally accepted auditing standards?

Explain the evolution from the traditional financial statement audit to the modern integrated audit.

In a business environment, risk can be addressed four ways: avoidance, acceptance, sharing, and reduction. For Taco Bell, identify how each of the following risks can be addressed by one of these four options.
a. Customers might not want to buy deep fried products.
b. Lawsuits might be brought upon the company should customers contract e-coli.
c. Franchisees might not follow corporate guidelines for advertising and promotion.
d. Food preparation could differ from location to location.

Define and describe enterprise risk management.

Why are external auditors interested in risk management?

Explain compliance risks, using the example of a paint manufacturing company.

Compare and contrast management controls and business process controls using a national grocery store chain as an example.

Depending on the nature of the risk and the resources available, an organization can deal with risks in four ways. Identify and explain these four responses to risk using a local as an example.