In recent years, risk audit has become a hot topic, attracting the attention of the majority of audit workers. In the "Regulations on Internal Audit Work", the National Audit Office has included risk management review into the scope of responsibilities of internal audit work. Researching and discussing risk audit is of great significance to promote the development of internal audit and better serve modern enterprises. Risks are prevalent in market economic systems. Any business or any economic activity is accompanied by risks from beginning to end. There are both internal risks and external risks; there are both explicit risks and implicit risks. For example, there is a repayment risk in fundraising that is difficult to repay when due; there is a loss risk in investment operations that may not result in expected returns or even all the money lost; there is a credit risk in pre-purchasing on credit that the customer delays performance or suffers bad debt losses; in foreign trade there is an exchange rate risk, and mutual Guarantees carry the risk of joint and several payment liability...the risks are too numerous to enumerate, and economic risks are everywhere and everywhere.
When risk factors reach a certain level or meet appropriate conditions, the possibility turns into reality and becomes a risk accident, bringing risk losses. Major losses caused by risks can create a loss crisis and make the company become an "ST company" (that is, "ST" is marked on the stock market chart to indicate that the company has suffered losses or serious losses for two consecutive years); repayment difficulties caused by risks can cause If a company has a financial crisis, it will cost a lot to deal with it, and it may even be in danger of being merged or acquired; if the risk loss reaches a certain level, an insolvent bankruptcy crisis will occur, which will deal a devastating blow to the company. For some enterprises belonging to our supply and marketing cooperative system, serious losses occurred in the past few years. Although it is related to the unsatisfactory management system, ineffective operating mechanism, and heavy historical burden, heavy risk losses are also an important reason. Due to a lack of awareness of risk prevention, it is not uncommon for investments not to be recovered, being deceived is common, and operating losses are common.
However, risks coexist with opportunities and are related to returns. High-risk industries and projects can often yield high profits; without risks, companies will have no chance of development. Successful companies can grow from small to large, from weak to strong, by taking risks and winning amid uncertainty. Companies that dare not take certain risks have no future; leaders who are afraid of risks are not good entrepreneurs. The key issue is whether risks can be predicted correctly, avoided appropriately, and resolved in a timely manner.
Risk management is the core content of modern enterprise management. The basic method is to establish a risk management mechanism and information feedback system, predict risks that may be encountered in economic activities, correctly assess the extent of losses that risks may bring, formulate risk management plans, and take various measures to prevent risks, such as controlling risk factors Accumulation, elimination of risk factors becomes a necessary condition for reality, dispersion, transfer and resolution of risks, etc., so that risks are controlled within the level that the enterprise can bear, thereby ensuring the normal operation of the enterprise's economic activities and the realization of the enterprise's business objectives. Risk audit is an important part of the enterprise risk management mechanism. It is responsible for the review, evaluation and supervision of enterprise risk management, and plays an irreplaceable role for other functional departments. This is because the internal audit institution is not engaged in direct operating activities and can predict risks objectively and truly; the internal audit institution takes the entire enterprise as the audit object and can systematically and comprehensively assess risks from an overall perspective; the internal audit institution directly reports to the board of directors and the general manager Managers are accountable, allowing risks to be dealt with quickly and decisively. Carrying out risk audit is of great significance for strengthening modern enterprise management and improving economic efficiency. As a functional department of enterprise management, internal audit develops with the changes in the environment of the enterprise and the expansion of its business scale. The staged development of social economy and enterprise scale determines that the development of internal audit also exhibits staged characteristics. If we abstractly divide the social and economic environment in which enterprises are located into three stages: simple commodity economy, developed commodity economy, and modern market economy, and divide the business scale of enterprises into three stages: small enterprises, medium-sized enterprises, and large joint-stock companies, then Internal audit can accordingly be divided into three stages: account-oriented audit, system-oriented audit, and risk-oriented audit.
In a simple commodity economy, when the scale of enterprises is small, due to simple economic connections, fewer account records, and business leaders can implement direct management that is hands-on, internal auditing is accordingly Implement account-oriented audits. The basic method is to start with the original vouchers, carry out a detailed review item by item, check whether the accounting certificates, account items, accounts and accounting statements are consistent, and strive to find problems through voucher review to achieve the purpose of error detection and fraud prevention. This is the initial stage of the development of internal auditing. This audit method can achieve a comprehensive and accurate audit within the scope of auditable accounts and reveal errors and demerits to the maximum extent, but it consumes a lot of time and energy. With the changes in the social and economic environment and the expansion of business operations, the limitations of account-oriented auditing have become increasingly prominent, and it has gradually withdrawn from its dominant position.
When a simple commodity economy develops into a developed commodity economy and the business scale of enterprises develops to a certain extent, due to the diversification of financing and investment channels and methods, the gradual complexity of economic relations, the voluminous economic accounts, the increase in corporate management levels and the Once a certain management system is established, internal audit will naturally develop into system-oriented audit. The basic method is to start with reviewing the company's internal control system to find out its weak links that are prone to errors; then decide on the focus scope of the audit and conduct some detailed account audits.
This method can improve audit efficiency, reduce audit costs, and prevent future errors by improving the internal control system. Although system-oriented auditing is a big step forward than account-oriented auditing, it can only prevent errors and fraud within the scope of the system, but cannot prevent risks outside the system.
In the modern market economy period, economic connections are more extensive and economic relationships are very complex. The enterprise system and scale have developed to limited liability companies, joint stock companies, and even enterprise groups; the scope of activities has expanded to the vast domestic market, and has joined the WTO to integrate into the world economic integration; financing methods include bank loans, issuance of bonds and stocks, and compensation trade ; Commodity circulation has developed to forward trading and futures trading; the business industry also includes chain operations, distribution centers, general distribution, general agents, etc. Market competition is becoming increasingly fierce, and enterprises are faced with a variety of risk factors, resulting in increasing risk losses. In this environment, internal audit must be led by risk audit. The basic method is to conduct a comprehensive analysis and assessment of the enterprise's decisions, goals, plans, policies and control systems, responsibility systems, supervision systems, and risk factors in the external environment of economic activities, and to review the enterprise's measures to prevent and resolve risks. Whether it is complete and thoughtful, and suggestions and measures for improvement are proposed to improve the overall management effect of the enterprise and ensure the safety of enterprise operations and the realization of goals.
Our country has a vast territory and uneven economic development. The environment and business scale of each enterprise are different, so the development stage of internal audit is also inconsistent. The audit methods at three different stages are not mutually exclusive, but can be combined with each other without conflict. However, in the social environment with the rapid development of market economy, risk-oriented auditing should be in a dominant position, and the three auditing methods should be carried out in combination, each with its own focus. For smaller companies, detailed audits should mainly focus on account audits. Internal control system reviews and risk predictions can also be conducted to help companies improve their internal control systems and prevent risk losses. For larger enterprises, system-oriented auditing should be the main focus, accounting audits should be carried out in a focused manner, and risk prediction and prevention should also be carried out. For large joint-stock companies, they should focus on risk audits, while also conducting internal control system reviews and focused account audits, which not only help companies avoid risks, but also help companies improve internal control systems and find errors and fraud.
Currently, risk-oriented auditing in our country is still in the preliminary understanding and exploration stage. The national auditing agencies have begun to conduct fiscal risk and financial risk audits on fiscal and financial departments. Some accounting firms are also trying to audit large enterprises or listed companies. Risk-based audit. On the whole, audit concepts and methods are still dominated by the traditional audit model, and account-oriented auditing and system-oriented auditing are widely used. However, it is foreseeable that in the near future, risk-oriented auditing will inevitably replace traditional account-oriented auditing and system-oriented auditing. Risk auditing is developed on the basis of account-oriented auditing and system-oriented auditing, but risk-oriented auditing has many characteristics that are different from traditional auditing models. It has made a big step forward in various aspects such as audit concepts, audit objects, and audit methods. Many problems that are difficult to solve under the traditional audit model can be better solved. The development of risk audit will surely lead to the comprehensive development and deepening of internal audit.
Risk audit fully embodies the policy of "comprehensive audit and key assurance". Under the traditional audit model, it is difficult to combine the focus of comprehensive audit and assurance, and they are often separated, or one is neglected and the other is neglected. Risk audit essentially combines the two organically. The universality of economic risks determines that risk audit must be based on a comprehensive audit. It is necessary to audit not only the internal operations and management of the enterprise, but also the external environment and relationships of the enterprise, and understand the relevant situations of enterprises and customers that have economic ties with the enterprise; it is necessary to audit not only the decisions and strategies of the top management, but also the operations and operations of the grassroots level. operations; it is also necessary to audit all aspects of business operations to grasp risks at the interfaces between organizations, departments, and business processes. It can be said that risk audit is an audit without boundaries. Only through a comprehensive audit can risks be accurately predicted. On the basis of comprehensive audit, risk audit must be based on the principle of materiality and focus on the severity of risks and their impact on corporate goals. In terms of funds, we must focus on auditing the investment and operation of major funds, and predict, prevent and resolve risks to ensure the safety and efficiency of funds. In terms of business operations, it is necessary to focus on auditing the operating conditions of the main business, predict, prevent and resolve market risks in operations, and ensure the realization of the company's main profit targets. In terms of management, we should focus on auditing key parts and weak links, because these are the places where risks are most likely to occur. The entire process of risk audit reflects the policy of "comprehensive audit and key assurance".
Risk audit truly realizes the concept of "moving the audit threshold forward and taking precautions before things happen".
For many years, people have proposed that "the audit gate should be moved forward and the combination of pre-event, ongoing and post-audit should be implemented." However, it is difficult to do this under the traditional audit model. A large amount of audit work is still post-event audit, and the purpose of audit is still to reveal the errors and fraud that have occurred. Risk-oriented audit aims to prevent risks and moves the audit threshold forward. Risk prediction is a proactive audit.
To predict operating risks, we need to have a comprehensive understanding of factors such as product supply and demand, price trends, etc.; to predict financial risks, we need to analyze the balance sheet, income statement, and cash flow statement, and analyze the financing structure, financing costs, debt ratio, and quick ratio. , capital flow and other indicators for comprehensive assessment; to predict credit risk, it is necessary to evaluate and monitor the customer's credit rating, economic strength, operating conditions and other aspects. These are prior audits. The review of risk prevention also fully reflects the concept of advanced auditing. Whether it is taking measures such as changing business objectives and plans to avoid risks, implementing methods such as equity financing and portfolio investment to diversify risks, or adopting futures hedging, foreign exchange options trading, property insurance and other forms to transfer risks, as well as taking control measures. Measures such as commercial credit lines and the implementation of mortgage clauses to prevent risks fall within the scope of prior auditing, which focuses on preventing problems before they occur.
Risk audit will also promote the modernization of audit methods. Conducting risk audits requires extensive collection of economic information and an in-depth understanding of the operations of various businesses, which requires computer networking and querying through the Internet. Without mastering computer skills and network knowledge, auditing will be difficult and unable to undertake the task of risk auditing. The development of risk audit will inevitably promote and accelerate the process of modernization of audit methods.