In a nutshell, audit risk is the fateful risk that we'll issue a wrong opinion on the financial statements. This is a nice and clean definition. But in the real world, this fails to consider overall engagement risk. It fails to consider what will happen to us if we issue an incorrect opinion on the financial statements.

It's this understanding of risk that should guide you in countless decision during an audit. Every auditor needs to know the answer to this question: what's the overall risk? Take a look at the two companies in the adjacent graphs. Risk-based auditors would not audit these entities in a similar manner. Why? Because the consequences of a poor audit are far less damaging at company ABC. But if we blow it at Company XYZ, the repercussions may be fatal.

Don't misunderstand folks. This doesn't mean that you perform a substandard audit (one that is not conducted in accordance with generally accepted auditing standards) at company ABC. It does mean, however, that you can probably back off in testwork in numerous areas. For example, let's assume that you're testing deferred revenue. At XYZ (the client with the greater overall risk), you perform extensive detailed testwork to ensure that the balance is fairly stated. At ABC, however, you may decide that a broad analytical review (e.g., year-to-year comparison of deferred revenue divided by total revenue) is sufficient. Same industry. Same materiality thresholds. Same type of account. Different audit procedures. Why? The overall risks are significantly different. You'd probably be overauditing at ABC if you did the same procedures as those performed on XYZ.

Another Forgotten Risk
In his book Financial Shenanigans, Howard Schilit describes the various ways that companies manipulate the bottom line. Quite frequently companies want to make the results look better than they actually were. Why? Bank covenants, stockholder pressures, bonus programs, and other factors. The primary risk in these audits is overstatement of assets and revenues as well as understatement of expenses and liabilities. In other cases, companies may want their results to appear worse than they really are. A common example is an "S" corporation that is interested in minimizing tax liabilities. The primary risk here is overstatement of expenses and liabilities as well as understatement of assets and revenues.

So, my friends, we must absolutely understand our clients' motivations. And don't forget, their motivations can change from year to year depending on budgets and other factors. Here's one example. A calendar year-end corporation hires a new president in November. In many instances, this executive will want to write-off any questionable assets, load up on expenses, defer revenue, etc. Why? The president wants to ensure his/her first full year (i.e., next year) looks great.

When auditors ignore these important concerns, they are often auditing "in the dark," performing substandard as well as grossly-inefficient audits (since efforts are spent in areas that don't matter).

Now some of you are probably wondering; what if the primary risk is not clear? Good question. It's true; the motivations of management aren't always obvious. Usually, however, you can find the answer if you're asking the right question of the right persons. In most cases, you'll learn that a primary audit risk does exist. Even if you can't find the answer with certainty, you can't ignore this issue if you're serious about audit quality.

How Does This Impact Our Procedures?
If a client is obsessed with minimizing taxes, how much value is added by performing a search for unrecorded liabilities? Isn't the real risk that the client recorded payables that relate to the subsequent year? What are the odds that we'll find invoices that should be accrued? That's right, this testwork could be a waste of time. But how many times have you seen an auditor pass (or significantly scale back) on the search for unrecorded liabilities? In many, many cases, the answer is never.

Want another example? All rightie then (a little Ace Venture lingo, there) A manufacturer is aggressively attempting to boost its bottom line so that key executives receive hefty bonuses. When testing inventory cut-off, what's most critical: examining shipments for five days prior to year-end, or five days after year-end?

But wait. Don't auditors often use the same scope? Yes, so it's time for one of the many though-provoking questions in this wonderful newsletter. Does this make sense? You decide...because we're not gonna give the answer. Don't rush on to the next paragraph yet! Does using the same scope make sense? Think about this for a few minutes because it's very important.

Forms, Checklists, and Clueless Auditors
The truth is that most auditors in the field are oblivious to the issues described above. Sure, they've completed or read the audit programs and planning documents. Sometimes they've completed a bunch of forms and checklists to identify risks. But, they are often missing the boat. Even if they can recite these important risks, the procedures in the workpapers do not always correspond appropriately.

Critically thinking about producers and whether they address real-world risks can have a huge impact on your audits. Not only can a slew of efficiently opportunities be identified, you'll find that audit quality will improve at the same time.