FALCUTY OF ACCOUNTING AND AUDITING GRADUATION THESIS Topic: COMPLETING THE AUDIT RISK ASSESSMENT PROCESS IN FINANCIAL STATEMENT AUDITING BY MOORE AISC AUDITING AND INFORMATION SERVIC
URGENCY OF THE TOPIC
In the context of an increasingly developed and deeply integrated market economy, financial statements (FS) play an important role in providing reliable economic and financial information to investors, management agencies and stakeholders FS not only reflect the financial situation of enterprises but also serve as a basis for investors to make decisions, help credit institutions assess credit risks, and support management agencies in monitoring and regulating the market However, in reality, the risk of material misstatements in FS always exists due to many different causes, including fraud, unintentional errors, or issues related to the application of accounting and auditing standards This places increasing demands on auditing work to ensure the transparency and reliability of financial information
One of the key factors to improve audit quality is to accurately assess risks right from the audit planning stage Identifying, analyzing and assessing risks not only helps auditors develop effective audit strategies but also supports them in focusing resources on high-risk areas, thereby minimizing the possibility of missing material misstatements In particular, in the process of auditing financial statements at AISC, risk assessment plays an important role in determining the appropriate audit scope and method, contributing to improving the quality and effectiveness of the audit
Completing risk assessment during the audit planning stage not only helps improve audit quality but also increases the value of audit services for clients A rigorous and effective risk assessment system helps auditors not only detect errors in financial statements but also make useful recommendations to help businesses improve their internal control systems and better manage their finances At the same time, this also contributes to enhancing AISC's reputation in the auditing industry, building trust with clients and stakeholders
Therefore, this study is necessary to propose solutions to improve the effectiveness of risk assessment in the audit planning stage Through analyzing the current situation, identifying existing limitations and proposing improvement measures, the study is expected to contribute positively to the audit of financial statements at AISC as well as provide a useful reference for other auditing firms in the industry
RESEARCH OVERVIEW
Many domestic and foreign studies have focused on risk assessment in auditing, especially in the planning stage Studies by Arens & Loebbecke (1997), Knechel (2013) and Lobo & Zhao (2013) have pointed out the importance of audit risk assessment for audit quality These authors have emphasized that identifying and assessing risks from the beginning helps auditors plan appropriately, allocate resources effectively and minimize the possibility of missing material misstatements Furthermore, these studies also mention the influence of the business environment, internal control system and the level of compliance with accounting standards on audit risk
In Vietnam, some studies by Tran Manh Dung (2018), Nguyen Van Tuyen
(2020) have mentioned risk assessment models in financial statement audits These studies have analyzed traditional risk assessment methods and factors affecting audit risks at Vietnamese enterprises Some risk assessment models such as risk matrix models and risk scoring models have been proposed to improve the accuracy of audit risk assessment However, these studies have not yet gone into the practical application of risk assessment at specific auditing firms such as AISC, especially in the context of the constantly changing auditing environment with the development of technology and increasingly high legal requirements
Furthermore, current studies have not fully addressed the challenges in the practical application of audit risk assessment at auditing firms in Vietnam, nor have they proposed specific solutions to optimize this process in each auditing organization Therefore, this study will focus on analyzing the current status of risk assessment in the audit planning stage at AISC, thereby proposing complete solutions to improve audit efficiency and quality in the current context.
RESEARCH OBJECTIVES
The research aims at the following specific objectives:
- Systematize the theoretical basis for risk assessment in the financial statement audit planning stage, including concepts, principles, methods and factors affecting the risk assessment process
- Evaluate the current status of audit risk assessment at AISC, including the methods currently being applied, the existing difficulties and limitations and factors affecting the effectiveness of risk assessment
- Propose solutions to improve risk assessment in the audit planning stage at AISC, including improving auditor capacity, applying technology in risk assessment, improving the internal control system and building a more effective risk assessment process.
RESEARCH OBJECT, SCOPE OF RESEARCH
Moore AISC Company Limited Independent member of Moore Global Network Limited - a global network of consulting and auditing from independent companies - headquartered in London Moore Global Network Limited is ranked by International Accounting Bulletin as the 12th largest accounting network in the world, the entire auditing process in general and the audit risk assessment process in particular applied at the company are taken from International Auditing Standards (ISA) and Vietnamese Auditing Standards (VSA) After a long period of application, AISC has made adjustments that are more suitable for customers, improvements to the assessment method to adapt to the economic environment and customers in Vietnam Currently, AISC Vietnam is applying a consistent audit risk assessment process, specifically in each stage of the audit
Recognizing the importance of assessing audit risks in auditing Financial Statements, and having the opportunity to intern at Moore AISC Vietnam Co., Ltd., I chose the topic " Completing the audit risk assessment process in Financial
Statement Auditing by Moore AISC Auditing and Informatics Services Co., Ltd " to write my graduation thesis.
RESEARCH QUESTIONS
The essay aims to answer the questions: “How is risk assessment performed in the audit planning stage at AISC?”; “What are the difficulties and limitations in the audit risk assessment process at AISC?”; “What solutions can be applied to improve risk assessment in the audit planning stage at AISC?”
RESEARCH METHODS
The research uses a combination of qualitative and quantitative methods to ensure comprehensiveness and objectivity Specifically:
- Qualitative method: Synthesize theories, analyze and evaluate risk assessment models in auditing through research documents, auditing standards and related legal regulations
- Data collection method: Secondary data: Collected from audit reports, internal documents of AISC, related studies, financial statements and current accounting and auditing standards.
THESIS STRUCTURE
In addition to the Introduction, Conclusion, References, etc., my graduation thesis is divided into 3 chapters as follows:
Chapter 1: Theoretical basis of risk assessment in Financial Statement Audit
This section will introduce theoretical issues of Auditing risks including a general overview of Financial Statement audit, the concept of risk, the relationship between them, Auditing risk assessment model, etc
Chapter 2: Current statement of the audit risk assessment process performed by Moore AISC Company Limited
This section will introduce general information about Moore AISC Vietnam Company Limited and also introduce, present and comment on the audit risk assessment process in the Financial Statement Audit of ABC Company
Chapter 3: Solutions and recommendations for improving the audit risk assessment process in Financial Statement Auditing at Moore AISC LLC
This section will be the future development orientations of the company and solutions to improve the company's audit risk assessment process for customers, and some recommendations.
THEORETICAL BASIS OF RISK ASSESSMENT IN
GENERAL OVERVIEW OF FINANCIAL STATEMENT AUDIT
1.1.1 Concept of Financial Statement Audit
502 Bad GatewayUnable to reach the origin service The service may be down or it may not be responding to traffic from cloudflared
502 Bad GatewayUnable to reach the origin service The service may be down or it may not be responding to traffic from cloudflared
502 Bad GatewayUnable to reach the origin service The service may be down or it may not be responding to traffic from cloudflared
One of the important results of the audit process is the audit report According to ISA 700 - "Forming an opinion and reporting on financial statements", the audit report must clearly express the auditor's opinion on whether the financial statements fairly and fairly reflect the financial situation of the enterprise This report plays an important role in providing reliable information to stakeholders, including investors, management agencies, credit institutions and other entities with economic interests related to the enterprise
Thus, auditing financial statements not only helps verify the accuracy of financial information but also contributes to improving the transparency of the financial market, protecting the rights of investors and ensuring compliance with legal regulations in the field of accounting and auditing
1.1.2 Objectives of Financial Statement Audit
The main objective of auditing financial statements (FS) is to provide an independent opinion on the truthfulness and fairness of the financial information disclosed by the enterprise According to the International Standards on Auditing (ISA
200) and the Vietnamese Standards on Auditing (VSA 200), the overall objective of the auditor when auditing financial statements is to obtain reasonable assurance that the financial statements are free of material misstatements, whether due to fraud or error, and thereby help improve the transparency and reliability of financial information Auditing financial statements aims to achieve the following specific objectives:
- Ensuring transparency and accuracy: One of the core objectives of auditing financial statements is to ensure that the financial figures presented in the financial statements honestly reflect the financial situation, business results and cash flows of the enterprise during the accounting period According to IFRS and VAS, financial statements must be presented honestly and reasonably according to accepted accounting principles Auditors will check and compare the figures with the audit evidence collected to assess the accuracy and reasonableness of financial information
- Verify compliance with accounting, auditing and legal standards: Auditing financial statements not only evaluates the figures but also considers the level of compliance of the enterprise with accounting standards and current legal regulations According to ISA 250 - "Review of legal regulations in auditing financial statements", auditors are responsible for assessing whether the enterprise complies with regulations that directly affect the financial statements, such as accounting laws, tax laws, business laws and industry regulations If non-compliance is detected, the auditor needs to consider the level of impact on the financial statements and report to management agencies if necessary
- Enhance trust among stakeholders: Audit reports play an important role in providing reliable financial information to stakeholders, including investors, credit institutions, state management agencies and customers According to ISA 700 -
"Forming opinions and reporting on financial statements", audit results help users of financial statements have a basis to make appropriate financial and business decisions For investors, an audited financial report increases the level of trust when making investment decisions For credit institutions, auditing helps assess the financial capacity of enterprises before deciding to provide capital At the same time, for management agencies, auditing helps increase transparency and control of financial activities of enterprises in accordance with legal regulations
The financial statement audit process is a systematic set of steps to collect and evaluate audit evidence, helping the auditor to express an opinion on the truthfulness and reasonableness of the financial statements According to ISA and VSA, the audit process must comply with general auditing principles and be carried out in a strict order to ensure the reliability of the audit report The typical audit process includes three main stages: audit planning, audit implementation and audit completion
The audit planning stage is the first step and plays an important role in the entire audit process According to ISA 300 - "Planning an audit of financial statements", auditors need to establish a suitable audit plan to ensure the effectiveness and quality of the audit In this stage, auditors perform the following main tasks:
- Collect information about the enterprise: Auditors research business operations, organizational structure, internal control system, industry and factors affecting the financial statements of the enterprise This helps auditors have an overview of audit risks that may arise
- Audit risk assessment: According to ISA 315 - “Identifying and assessing the risks of material misstatement through understanding the audited entity and its environment”, auditors need to analyze inherent risks, control risks and detection risks to determine the overall risk level of the audit
- Audit planning: Based on the risk assessment, auditors establish an audit strategy, including determining the scope of the audit, key areas, audit methods to be applied and necessary resources Thorough audit planning helps auditors focus on high-risk areas and optimize the audit process
GENERAL OVERVIEW OF AUDIT RISK IN FINANCIAL STATEMENT AUDIT
1.2.1 Basis concept of audit risk
Audit risk in financial statement audits is the possibility that the auditor will give an inappropriate audit opinion when the financial statements contain material misstatements According to ISA 200 - “Objectives of Independent and the Conduct of Auditor”, audit risk is defined as:
“The risk that the auditor expresses an inappropriate audit opinion when the financial statements are materially misstated.” and Vietnamese Standards on Auditing (VSA) 200 also defines audit risk as:
“Audit risk is the possibility that the auditor will give an inappropriate opinion when the financial statements contain material misstatements that are not detected during the audit”
Audit risk can arise from many different factors, including the complexity of economic transactions, the level of accounting judgment, the internal control system of the audited entity and the auditor's ability to detect errors Thus, audit risk includes factors that lead to the possibility that the financial statements do not fairly and fairly reflect the financial situation of the enterprise without being detected or corrected during the audit process
1.2.2 Role of audit risk assessment
Audit risk plays a key role in the audit planning process, as risk assessment helps the auditor identify the key areas to focus on to ensure the effectiveness of the audit According to ISA 300 – “Planning an Audit of Financial Statements”, auditors must conduct a risk assessment at the outset to develop an appropriate audit strategy, design effective audit procedures, and minimize the risk of not detecting material misstatements in the FS
1.2.2.1 The Importance of Risk Assessment in Audit Planning
The audit planning stage is not only to determine the scope and method of the audit, but also to provide the basis for the auditor to make decisions on the appropriate allocation of resources Accurately assessing audit risk provides important benefits:
- Identifying high-risk areas: Some items in the financial statements may contain a higher risk of material misstatement than others, such as revenue, inventory, receivables, or accounting estimates Correctly identifying these areas helps the auditor focus resources on the most important areas
- Choosing the appropriate audit strategy: If the risk is high, the auditor may apply a substantive approach, while if the risk is low and the internal control system is strong, the control-based approach may be preferred
- Minimize errors during the audit process: If risk assessments are inaccurate, auditors may spend too much time on less important areas or miss items with a high risk of error This reduces audit quality and may result in an inappropriate audit opinion
1.2.2.2 Consequences of Inaccurate Risk Assessment
In practice, if the auditor fails to conduct a full risk assessment or misjudges the level of risk, it can lead to a number of serious consequences:
- Improper resource allocation: If the auditor underestimates the risk in some important items, he may not perform all the necessary audit procedures, increasing the risk of not detecting a material misstatement Conversely, if the risk is assessed too high in less important items, it can lead to a waste of resources without bringing real audit value
- Failure to detect material errors or fraud: Poor risk assessment can cause the auditor to miss signs of fraud or serious errors in the financial statements, especially for businesses that have the motive to manipulate business results or conceal unfavorable financial information
- Reduced reliability of audit opinion: If the auditor fails to detect material misstatements due to incorrect risk assessment, the audit opinion may not accurately reflect the financial situation of the enterprise, affecting stakeholders such as investors, shareholders and regulators
1.2.2.3 Benefits of Accurate Audit Risk Analysis
Accurate audit risk assessment helps auditors not only improve audit quality but also bring many practical benefits:
- Develop an effective audit strategy, optimize resources: Auditors can choose the appropriate audit method (control-based audit or detailed audit) to achieve the highest efficiency with available resources Minimize unnecessary audit work, focus on high-risk areas to optimize time and costs
- Increase the ability to detect material errors or fraud: When auditors correctly identify risk factors, they can apply more detailed audit procedures, use data analysis or cross-checking to detect abnormalities Focusing on high-risk areas helps auditors improve their ability to detect financial fraud or serious accounting errors
- Minimize the risk of giving an incorrect audit opinion: Auditors have sufficient basis to give an appropriate audit opinion, avoiding the case of wrongly assessing the truthfulness and reasonableness of the financial statements This helps increase the reliability of the audit report, protecting the interests of stakeholders
- Provide added value to the enterprise through recommendations to improve internal control: Through the risk assessment process, auditors can detect weaknesses in the enterprise's internal control system Auditors can make recommendations to help the enterprise improve its accounting process, strengthen control and minimize future financial risks
According to the audit risk model of ISA 315 - "Identifying and assessing the risk of material misstatement", audit risk includes three main components: inherent risk, control risk and detection risk The combination of these three factors creates the overall risk of the audit
AUDIT RISK ASSESSMENT PROCESS IN FINANCIAL STATEMENT
- If the inherent risk and control risk are high, the auditor needs to perform more audit procedures to reduce the detection risk
- If the internal control system is effective and the control risk is low, the auditor can reduce the number of detailed audit procedures
- Detection risk can be adjusted by the auditor by designing appropriate audit procedures, but cannot be completely eliminated
1.3 AUDIT RISK ASSESSMENT PROCESS IN FINANCIAL STATEMENT AUDIT
1.3.1 Audit risk assessment in the Audit planning stage
Audit risk assessment is the first task of an audit that plays a very important role, influencing the overall quality and effectiveness of the audit The audit risk assessment process consists of 4 steps:
Step 1: Identify risks through the process of understanding the client and the client's operating environment
Step 2: Assess the identified risks, conclude whether these risks are related to the overall financial statements or not
Step 3: Link the risks to issues that may be erroneous at the assertion level
Step 4: Consider the possibility that the risks are material (Significant risk)
1.3.1.1 Identify risks through the process of understanding the client and the client's operating environment a Understanding the client and the operating environment
When a client needs to use auditing services, the company needs to determine whether they are new or old clients to have an appropriate approach For new clients, the auditor conducts an investigation to assess potential risks involved Meanwhile, for old clients, reviewing the previous cooperation process helps identify issues that may affect the decision to continue providing services In addition, the auditor needs to consider the impact of accepting the client on both the individual and the audit firm
The assessment process requires the auditor to have an overall view of the client's business operations, from the field of operation, financial policies, business size, to organizational structure and financial stability This information can be collected from previous audit results, online data, third-party reports or related documents If the risk is determined to be low or controllable, the company will proceed to sign an audit contract and carry out the next steps in the process
The auditor needs to analyze the characteristics of the industry to identify potential risks such as seasonality, capital requirements, profitability, competition level and technology application At the same time, specific factors such as labor safety, food hygiene, liquidity or environmental requirements can also affect the level of risk Understanding the production process and business operations helps the auditor identify weaknesses that can affect the reliability of financial statements This includes the production cycle, development strategy, capital sources and financial flows In addition, the enterprise needs to comply with legal regulations such as business licenses, tax policies and supervision regulations Non-compliance can increase audit risks The macroeconomic context is also an important factor Changes in monetary policy, interest rates, political situations and raw material prices can affect the financial performance of an enterprise Ownership structure and interest relationships need to be considered to detect internal transactions that may lead to conflicts of interest or financial fraud Information management systems and the level of technology application in accounting also play an important role in ensuring the accuracy of financial statements In addition, auditors need to evaluate the development strategy, market expansion plans, changes in business models, as well as management and delegation mechanisms within the enterprise These factors can affect internal control and the level of risk during operations Finally, measuring performance through financial indicators such as revenue, profitability and market share helps auditors assess the reasonableness of financial statements b Performing analytical procedures
Auditors use preliminary analytical procedures to analyze the financial statements as a whole to identify significant fluctuations, unusual events, or transactions that appear to be unreasonable These fluctuations may reflect potential issues that affect the audit, including the risk of material misstatement, especially misstatements arising from fraud
To ensure a comprehensive and accurate risk assessment, the preliminary analysis of financial statements is carried out in three main steps:
(1) Identifying correlations between data: Auditors consider the relationships between items in the financial statements as well as in each business cycle, such as the relationship between purchases - payments, sales - collection, revenue - cost of goods sold, etc Identifying these rules of motion helps auditors detect abnormalities in financial data
(2) Data analysis: The auditor compares the current year's data with previous years to determine whether there are any significant or unusual fluctuations The analysis can be done vertically (comparing the proportions of items on the financial statements) and horizontally (comparing the fluctuations of each item over the years)
This helps to identify areas of potential risk that need to be examined more closely
(3) Assessment and determination of audit scope: After having preliminary results on unusual fluctuations, the auditor needs to assess the items that are likely to contain material misstatements Based on these results, the auditor determines the content, schedule and scope of subsequent audit procedures to ensure the most effective audit c Risk Determination
The determination of audit risk is mainly based on the auditor's professional judgment about the level of honesty and fairness of the financial statements after completing the audit In the case where the auditor gives an unqualified opinion, it means that they assess that the financial statements are free of material misstatements When the auditor determines the audit risk to be low, this reflects the expectation that the financial statements do not contain material misstatements that could influence the decisions of users The level of audit risk is often determined based on the level of interest of the users of the financial statements The more stakeholders use financial information, the higher the requirement for the reliability of the financial statements, leading to the need for audit risk to be controlled at a lower level to ensure accuracy and transparency In practice, determining a specific level of audit risk is often only directional and is done in a general way Typically, audit risk is set at a low level, ranging from 0% to 5%, depending on the characteristics of each audit and the auditor's risk tolerance
Inherent risks arise from the audited entity itself and are assessed based on the auditor's professional judgment From the business perspective, this risk reflects factors inherent in the business environment, including industry characteristics, organizational structure and financial situation From the item and transaction perspective, the auditor considers the nature of each item to determine the level of risk, especially for complex items that are susceptible to fraud or error Accurately assessing inherent risks helps the auditor develop an effective audit strategy, ensuring the integrity of financial statements
Auditors evaluate internal control systems using questionnaires, flowcharts and narratives, combining interview and observation methods Control risk represents the possibility that a material misstatement could occur despite the implementation of an internal control system This assessment depends on the extent to which the system is designed, operated, and maintained to prevent and detect risks If the internal control system is not established or operates ineffectively, the control risk will be high Conversely, if the auditor obtains sufficient evidence that the system is designed and operated effectively, the control risk will be assessed lower, and tests of controls may be performed to confirm this assessment
After identifying and assessing audit risk, including inherent risk and control risk, the auditor will use an audit model to determine detection risk Based on that, they decide on the workload, size, scope, time, and cost of the audit to ensure that audit risk is reduced to an acceptable level
1.3.1.2 Assess the identified risks, conclude whether these risks are related to the overall financial statements or not
Once the auditor has identified potential risks during the preliminary analysis of the financial statements, the next step is to assess the impact of these risks and determine whether they impact the financial statements as a whole or only affect a specific part The assessment process is carried out in the following steps: a Determine the materiality of the risk
The auditor needs to consider each identified risk and assess its materiality based on factors such as:
- Financial impact: Does the risk affect the total value of assets, revenue, expenses, profits? If so, is the impact significant or insignificant?
- Pervasiveness: Does the risk affect only a specific transaction or item or affect many items in the financial statements?
- Probability of material misstatement: Is the probability of error or fraud related to the risk high or low? b Determine the scope of the risk
After determining the level of materiality, the auditor will assess the scope of the risk to determine whether it affects the financial statements as a whole or only relates to a specific part This is done by:
- Comparing the identified risks to the entire financial reporting system to consider whether the misstatement affects many important items
- Assessing whether the risk affects the accounting principles, accounting estimates or accounting policies of the enterprise If the risk affects the way the enterprise prepares financial statements, it may cause misstatements in the entire report
GENERAL OVERVIEW OF MOORE AISC COMPANY LIMITED
2.1.1 Formation and development process of Moore AISC LLC
Moore AISC Auditing and Informatics Services Company Limited (Moore AISC) was established in 1994, one of the first three auditing companies in Vietnam, initially operating under the management of the Ho Chi Minh City Department of Finance In 2000, the company expanded its operations to the field of auditing securities issuing and trading organizations In 2005, Moore AISC became a member of the Vietnam Association of Certified Public Accountants (VACPA) and in 2006 joined the International Accounting and Auditing Organization Inpact Asia Pacific An important turning point took place in 2022 when Moore AISC officially became a member of the international auditing network Moore Global Network Limited and changed its name to Moore AISC Auditing and Informatics Services Company Limited Currently, the company is headquartered in Ho Chi Minh City, with two branches in Hanoi and Da Nang, and two representative offices in Hai Phong and Can Tho With a team of more than 200 employees, Moore AISC is in the top 10 auditing firms in Vietnam in terms of revenue, number of clients and number of auditors
With the view of the highest benefit of customers, the direction of Moore AISC Company is to continue to promote the provision of specialized services and reliable information to help customers make management, financial and economic decisions accurately and effectively Based on this, in the coming time, the company will support customers to solve problems better and more promptly that few specialized service organizations can do to quickly become the leading auditing company in Vietnam, with great influence
To achieve the set goals, the first thing AISC thinks about is the human factor The company will not only focus on employees who have worked and have experience, but also on students who are still in university by organizing competitions to award scholarships At the same time, the company is also in the process of developing a plan to expand the services provided to diversify the types of services to promote revenue and increase profits In particular, the company also has a plan to market the company to businesses nationwide to attract more customers to use the company's services
2.1.2 Production and business characteristics of Moore AISC LLC
Moore AISC Auditing and Informatics Services Co., Ltd operates in many important economic sectors:
- Industrial products and consumer goods
With a wide range of activities, Moore AISC provides professional services, meeting the needs of many businesses in different industries
Currently, the company provides a range of important financial, accounting and auditing services, helping businesses ensure transparency and efficiency in business operations
One of Moore AISC's core services is financial statement auditing, including auditing in accordance with legal regulations and auditing for internal management purposes The company also provides accounting services, helping businesses perform financial accounting operations in accordance with regulations, optimizing the process of recording and reporting finances
In addition, Moore AISC also provides tax consulting services, supporting businesses in effective tax planning, complying with legal regulations and optimizing tax obligations The company also has strengths in the field of financial consulting and transfer pricing, helping businesses ensure compliance with transfer pricing regulations and build sustainable financial strategies In addition, valuation services are also one of Moore AISC's strengths, helping businesses accurately evaluate assets, real estate and investments
Moore AISC also provides basic construction auditing services, helping to control costs and ensure the legality of construction investment projects In particular, the company also provides operational consulting services, supporting businesses to improve management efficiency, optimize operating processes and improve competitiveness in the market With a variety of services provided and a team of experienced experts, Moore AISC has become one of the leading auditing companies in Vietnam, trusted and cooperated by many large enterprises
2.1.3 Organizational structure of Moore AISC LLC
The management apparatus of MOORE AISC Auditing and Informatics Services Co., Ltd is tightly organized, ensuring efficiency in operations, management and service provision to customers The company's organizational structure includes the Board of Directors and functional departments, each department has its own tasks and responsibilities to support the company's business and development activities
- Partner: Is the head of the company, fully responsible for all activities of Moore AISC in Vietnam The General Director has the role of developing short-term and long-term development strategies, business orientation and ensuring that the company operates in accordance with legal regulations and professional standards In addition to directly managing activities at the head office in Ho Chi Minh City, the General Director also indirectly manages branches in Hanoi, Da Nang and representative offices through Branch Managers In addition, the General Director is also responsible for maintaining and developing relationships with domestic and international customers and partners to expand the market and improve the quality of auditing, accounting and financial consulting services
- Deputy General Director (Partner): Assists the General Director in the management and operation of the company, especially in implementing and supervising the implementation of business plans and development strategies set forth by the Board of Directors The Deputy General Director is responsible for urging, inspecting and regularly reporting on the performance of departments, and is directly responsible for the work at each branch as assigned by the General Director In addition, the Deputy General Director also participates in the process of controlling service quality, ensuring that the company provides financial and auditing solutions that meet the needs of customers
- Administrative Department: This is the department that plays a role in supporting and maintaining the internal operations of the company, including departments such as:
+ Accounting Department: Responsible for performing internal accounting, financial management and making financial reports of the company
+ Information Technology Department: Providing technical support, ensuring that the software system, database and tools supporting auditing and accounting activities are always operated stably and safely
+ Office Department: Responsible for administrative work, documents, human resources, internal communications and supporting the organization of internal activities of the company
- Business Department: This is the core department that brings revenue and profit to the company This department includes specialized departments that directly provide auditing, financial consulting, tax and valuation services to customers:
+ Auditing Department: Performs financial statement auditing, basic construction auditing and compliance auditing services according to customer requirements This is the most important department of the company, responsible for ensuring transparency and accuracy in the financial reports of the enterprise
+ Financial Accounting Consulting Department: Provides accounting, financial consulting and business operations consulting services, supporting customers to optimize financial and operational efficiency This department helps businesses comply with accounting regulations and at the same time build financial strategies suitable for the business situation
+ Tax Consulting Department: Specializes in providing tax consulting services, supporting customers in optimal tax planning, complying with legal regulations, and performing transfer pricing consulting services to help businesses minimize tax risks and maximize legal profits
+ Valuation Department: Undertakes asset valuation and investment project appraisal, helping businesses determine the value of assets, real estate, brands and investments accurately and objectively
Diagram 2.1: Organizational chart of the company's management apparatus
(Source: internal circulation document of Moore AISC LLC) Moore AISC's Auditing Department is organized according to diagram 2,
Info rma tion Tec hnol ogy Dep art men t
Audi ting Depa rtme nt
Fina ncial Acco untin g Cons ultin g Depa rtme nt
Tax Cons ultin g Depa rtme nt
Valu ation Depa rtme nt
Office Depar tment including the following positions and positions:
- Partner: Is a key shareholder and also the most experienced auditor in the company The person holding this position is directly responsible for managing a department, regularly monitoring the operating situation, reviewing and approving audit reports presented to clients
- Director: The professional director is responsible for directly managing specialized audit projects, ensuring that tasks are performed in accordance with professional standards and meet client requirements
- Manager/Senior Manager: The audit manager or senior auditor is often assigned to be the team leader in audit tasks, responsible for coordinating and supervising the entire working process of the team
- Senior: The supervisor is responsible for assigning specific tasks to audit assistants, and monitoring and checking the progress to ensure the quality of the work
- Staff: Audit assistants perform support tasks as assigned by the team leader, contributing to the completion of audit tasks effectively and on time
Diagram 2.2: Organize of Audit Department
(Source: internal circulation document of Moore AISC LLC)
2.1.4 General Financial Statement Audit process performed by Moore AISC LLC
Moore AISC implements the audit process based on the VACPA Model Audit Program According to this method, each audit conducted by AISC is divided into three main stages:
- Audit planning stage: This stage includes collecting information, assessing risks and making a detailed plan for the audit
- Audit implementation stage: At this stage, audit procedures are conducted to collect evidence and check related data
- Audit completion and reporting stage: Finally, the audit results are summarized, evaluated and opinions are presented in the final audit report
Each stage contains many specific tasks which are detailed below However,
Staff depending on the conditions and characteristics of each client, Auditors can adjust, omit or add some tasks to achieve optimal efficiency for the audit
CURRENT STATEMENT OF AUDIT RISK ASSESSMENT PROCESS
2.2.1 General audit risk assessment process of Moore AISC LLC
AISC conducts the audit risk assessment process right from the first step, which is audit planning, with the aim of improving the quality of the audit AISC has developed an audit risk assessment process according to the guidance in the VACPA Model Audit Program document, and this process is carried out throughout all 3 stages of the audit
2.2.1.1 Audit planning stage a Consider accepting clients and planning the initial Audit
+ For new clients: When a client requests AISC to provide Financial Statement audit services, to assess the ability to accept new clients, AISC starts by researching and synthesizing basic factors about the client: Auditors (Auditors) will collect information via the internet, assess the position of the business and conduct interviews (for example: the audit situation of the previous year, the reason for changing the auditing company, opinions on the Audit Report of the previous year, the time of issuing the report, ) with this information must be completed before signing the Audit contract After that, the Board of Directors sends a preliminary information sheet to the head/deputy head of the department in charge to conduct a risk assessment
+ For old clients: For existing clients, AISC considers whether to continue maintaining the audit service or not Auditors combine information from audit data of previous years and collect and learn more about the changes and new updates of the client Any changes or fluctuations that pose risks are recorded to assess the ability to continue maintaining audit services for old clients
- Establish an Audit team and sign an Audit contract: After collecting the initial basic information about the client and having considered and accepted, AISC proceeds to establish an audit team and sign a contract to provide audit services
- Learn about the business characteristics and industry of the client: Auditors conduct detailed research on the business industry of the client and present it in the section - Learn about the client's operations Information to be collected includes: date of establishment of the enterprise, business industry; Board of Directors, Board of Management; organizational structure; information about suppliers and customers; production and business processes; charter capital; development trends; as well as impacts from the legal aspect, political environment, etc
- Preliminary analysis procedure: In this step, the Auditors begin to make a preliminary analysis of the overall Financial Statements Thereby, the Auditors will analyze indicators of solvency and financial leverage; evaluate the efficiency of using the client's assets; as well as analyze the balance and the arising numbers to identify large and unusual fluctuations between the current year and the previous year Through this analysis, the causes of the fluctuations are investigated, thereby determining the risks and providing appropriate Audit procedures b Inherent Risk Assessment
Moore AISC conducts potential risk assessments through the process of collecting and analyzing information related to the client's business operations This process is carried out with appropriate adjustments according to the specific characteristics, scale and nature of each client's business, to ensure that risks that may affect the financial results of the business are assessed
During the implementation process, the company's auditors apply audit procedures that have been developed according to internal processes, including:
- Understanding the client and the business environment: Auditors collect information about the industry, operating characteristics, financial situation and external factors that may affect the business, such as legal policies, economic fluctuations or market trends
- Preliminary analysis of financial statements: Auditors compare data between periods, assess unusual fluctuations in important financial indicators such as revenue, profit, inventory, receivables and payables to identify signs of irregularities
- Evaluation of the enterprise's accounting policies: Auditors review the accounting policies that the enterprise is applying, compare them with current accounting regulations to detect the possibility that the enterprise is applying accounting policies in a way that distorts financial results
- Interviewing the board of directors and key personnel: Discussions with the board of directors and related departments help auditors understand the business strategy, the risks the enterprise is facing, as well as changes in the management system or operating procedures that may affect the financial statements
- Industry risk analysis: Auditors consider the risks specific to the industry in which the business operates, such as the cyclicality of the industry, the level of competition, dependence on large suppliers or customers, and specific legal compliance requirements
For small businesses, auditors often conduct direct interviews with the Board of Directors and key employees of the business Through these interviews, they collect important information about the business's operations, management, and challenges, thereby having an overall view of the level of risk that exists
Conversely, for large businesses with complex organizational structures and diverse business factors, auditors will use a combination of support tools such as questionnaires, in-depth interviews, and on-site investigations In addition, they also apply quantitative and qualitative analysis techniques to collect preliminary information in a complete and detailed manner Through this, auditors can clearly identify areas with high risk, thereby developing appropriate audit procedures to control and minimize these risks
In the assessment process, the bases used include the business performance of the enterprise, internal management and application policies, as well as factors from the macro environment and business environment Based on the information collected, the level of potential risk is classified into three levels: low risk, medium risk and high risk This classification not only helps auditors clearly orient the audit procedures to be performed but also plays an important role in audit planning, ensuring that the audit process is conducted effectively, objectively and fully meets professional standards c Understanding the Internal Control System and Assessing Control Risks
COMMENTS ON AUDIT RISK ASSESSMENT PROCESS AT MOORE AISC
During the internship at AISC Company and participating in a specific audit at a client unit, I witnessed the current status of the audit risk assessment process in the financial statement audit planning stage of Moore Company AISC has the following advantages:
First, the Audit Risk Assessment Process is built on the basis of Vietnamese Auditing Standards and at the same time complies with the regulations of international auditing organizations This process is developed scientifically, systematically and can be flexibly applied to each individual client, suitable for the characteristics and business conditions of different industries and fields
Second, the Process has been developed and issued by the company through detailed instructions These instructions help auditors clearly grasp the implementation steps, thereby improving their understanding of the process and making accurate and reliable assessments based on the reality of the client company
Third, the results of the audit risk assessment are presented on a working paper with a clear code and specific references This demonstrates the scientific and rigorous nature of the system and facilitates management levels to monitor and re-check the work that has been performed
Fourth, the implementation of the audit risk assessment is clearly assigned to optimize time and minimize audit costs The audit team leader develops a specific audit plan and assigns tasks to audit assistants, helping them identify items that need attention and work that needs to be performed During the process of collecting and synthesizing information, the assistants perform their tasks, then the audit team leader reviews and makes the final conclusion
Fifth, the monitoring process is closely carried out by higher management levels Auditors regularly discuss with department leaders to ensure that the implementation measures are the most reasonable Audit results are reviewed at two levels, including department level and company level, helping to minimize audit risks In parallel, the internal control system operates effectively, tightly and thoroughly, contributing to minimizing risks to the lowest level, while ensuring the quality of audits in most stages
Sixth, Auditors always update the latest regulations and changes, and apply those changes to the actual process This helps to ensure that issues are handled accurately, reasonably and always in compliance with current standards and regulations
Finally, the Audit Team Leader closely monitors and regularly communicates with assistants throughout the implementation process Thereby, auditors can promptly grasp the client's errors and supplement necessary audit procedures to minimize the risk of detection At the same time, regular meetings and discussions with clients help unify audit results, minimizing unnecessary disputes during the audit report preparation process
In addition to the advantages of the audit risk assessment process in the financial statement audit planning stage at AISC, this process still has some limitations in practice as follows:
- Understanding the characteristics and business lines of customers: For customers who are regular businesses of AISC, the documents collected from each unit are stored in the general audit file and have been updated according to fluctuations and changes over the years However, auditors mainly focus on collecting information from each individual customer without collecting data from competing companies in the same industry This leads to limitations in comparing and assessing whether the customer's fluctuations are significantly different from the general level of the business industry As a result, when auditors need to review the audit files of previous years to support risk assessment or perform other tasks, the comparative information is not complete and comprehensive
- Understanding the internal control system: AISC Company has developed a questionnaire to collect information about the client's internal control system However, this questionnaire is constructed in a general manner and is not tailored to each enterprise or specific business sector Therefore, auditors have difficulty in understanding and fully grasping information about the client's internal control system Furthermore, when completing the questionnaire to assess the client's control risk, the auditor's judgment and experience play a major role, leading to subjective and inconsistent assessments among different auditors This directly affects the conclusion about the effectiveness of the internal control system In addition, some of the collected information is not fully presented and updated on the working paper, making it difficult to review the audit documents
- Preliminary financial statement analysis procedures: In the process of performing preliminary financial statement analysis procedures, auditors often only compare the data of the current year with previous years without comparing over a certain period of time or with businesses in the same industry or field The lack of comparison according to these criteria limits the overview of data fluctuations After identifying fluctuations, auditors can rely on individual subjective assessments to isolate areas with high risks, leading to an unobjective assessment and difficulty in drawing accurate conclusions about audit risks This directly affects the development of audit programs for each section of the financial statements
+ Assessing inherent risks: At AISC, we have established a basis for assessing potential risks, with levels classified into high, medium and low, as well as dividing high-risk business areas However, there are no separate regulations for assessing new and regular customers, which may lead to the application of the same assessment method to subjects with different characteristics, thereby affecting the accuracy of the assessment
+ Assessing control risks: After collecting the results of assessing control risks across the entire enterprise through questionnaires, for large corporate clients, auditors conduct control risk assessments for each specific cycle However, for small business clients, determining control risks for each cycle is often overlooked, causing auditors to move directly to performing detailed testing procedures Furthermore, in some audit files of small enterprises, it can be seen that the assessment of control risk is carried out at low, medium, high levels but without clear basis and the presentation is sketchy The assessment of control risk mainly focuses on the control environment, while other factors are less focused
+ Assessment of detection risk: The assessment of detection risk depends on the experience of the auditor after assessing the potential risks and control risks, thereby delimiting the high-risk items However, this assessment process is often not fully presented on documents and is carried out manually, which is highly subjective If the auditor assesses incorrectly, it will reduce the quality of the entire audit