Understanding the difference between these two terms and other risk related terminologies is vital if students want to acquire the conceptual understanding of the Risk-based Audit approach.
According to the glossary accompanying the IAASB pronouncements on assurance engagement and related Services business risk has been defined as follows:
- In order to understand how business risk has implications on auditor’s work, we need to ask ourselves a series of questions as follows:
A risk resulting from significant conditions, events, circumstances, actions or inactions that could adversely affect an entity’s ability to achieve its objectives and execute its strategies, or from the setting of inappropriate objectives and strategies.
In simple words business risk is the risk that business will not be able to achieve its objectives because of:
- certain situations that affected the abilities of the entity
- objectives were impossible to achieve at first instance
The risk that business is facing problems in achieving business objectives have important implications on auditor’s work. And thus ultimately business risk gets connected with audit risk.
Audit risk is the risk that auditor will express an inappropriate opinion when the financial statements are materially misstated i.e. auditor will express an opinion that financial statements are giving true and fair view where in fact the financial statements are materially misstated and thus are not giving true and fair view of the business.
In order to understand how business risk has implications on auditor’s work, we need to ask ourselves a series of questions as follows:
Why audit risk arises?
Audit risk arises because of existence of material misstatements which auditor’s procedures were unable to detect.
Why material misstatements enter in financial information/financial statements?
Material misstatements exist because of two reasons:
- EITHER there are no controls to stop such misstatements to creep in the financial information of the entity
- OR Controls are in place but they are not effective against misstatements and thus are unable to prevent such misstatements to enter in the financial statements. And after they have entered control system is unable to detect and correct such misstatements.
How material misstatements come into existence?
Material misstatements can come into existence because of number of reasons. There is no particular reason which initiates the material misstatements. However, there are certain reasons which we can believe render material misstatements. One of the reason is Business Risk. Because of this risk, if not catered appropriately, we expect that financial statements may be materially misstated.
Business risks can arise from any situation for example, government banned the use of particular raw material to be used as it cause pollution. This example fulfills the definition of the business risk given above as because of this governmental order, entity might not be able to achieve its target profits which is one of the business objectives. Thus, unable to achieve business objectives.
Now let’s understand how this governmental order will raise inherent risk. Because of this order certain machinery may be rendered useless as we cannot use any other raw material and thus carry no value.Now this event requires adjustments in the amounts of asset and this event must be detected by the internal control system.
If internal control system is not designed to adjust the values of asset in such situations then it will not be able to stop overstatement of assets from happening.
- Overstatement in the example is an Inherent problem initiated because of change in governmental policy.
- Inability to prevent this overstatement from happening at first place or inability to detect such overstatement and not adjusting it is a Control problem
- And lastly, inability of the auditor to detect this overstatement is a detection problem. And in presence of this auditor may express an inappropriate opinion.
So, in this way Business risk gets connected with the audit risk