https://ijmri.de/index.php/jmsi
volume 4, issue 2, 2025
628
MAIN APPROACHES TO RISK-BASED AUDIT
Yuldasheva Saodat Khalmurzaevna
PhD and associate professor at International School of
Finance Technology and Science, department of “Accounting”
Abstract:
An audit is a fairly complex process, and it is also limited in time. Therefore, to ensure
high quality work, it is necessary to prepare for it thoroughly. A necessary means of such
preparation is a comprehensively thought-out plan that would create confidence in the
performers that the most effective and efficient audit procedures are used.
Key words:
risk assessment, audit procedures, material misstatements, audit risks, controls,
inherent risk.
Introduction
International auditing standards (ISA) are an important part of the audit sphere of any country
that has a significant number of foreign companies on its territory and/or foreign investors are
interested in domestic companies. It is the international auditing standards that allow for the
formation of a unified approach in the process of auditing companies from different countries,
which enables investors and other interested parties to quickly and most accurately conduct a
comparative analysis. In general, ISAs make the audit process unified in the direction of its goals,
methodology, techniques used, level of responsibility of auditors and audited entities, etc.
International auditing standards should be understood as a set of rules used by auditors to ensure
a level of audit that will be recognized by the world community due to the use of only generally
recognized methods and procedures.
The auditor's goal in conducting a risk-based audit is to obtain reasonable assurance that the
financial statements are free from material misstatements caused by fraud or error. This involves
three key steps:
1. Assessing the risks of material misstatement in the financial statements;
2. Designing and performing further audit procedures that respond to the assessed risks and
minimize the risks of material misstatement in the financial statements to an acceptably low level;
3. Issuing an appropriately worded auditor's report based on the audit findings.
Audit risk consists of two main elements:
– the risk that the financial statements contain a material misstatement (inherent risk and control
risk);
– the risk that the auditor will not detect the misstatement.
To minimize audit risk to an acceptably low level, the auditor should:
– assess the risks of material misstatements and limit the risk of non-detection.
This is achieved by performing procedures that respond to the assessed risks at the financial
statement, class of transactions, account balance, and assertion levels.
Reasonable assurance
is a high, but not absolute, level of assurance. Reasonable assurance is
achieved when the auditor has obtained sufficient appropriate audit evidence to reduce audit risk
(the risk that the auditor expresses an inappropriate opinion about the financial statements when
they contain a material misstatement) to an acceptably low level [5]. The auditor cannot provide
absolute assurance because of the inherent
limitations of an audit
.
ISA generally do not consider inherent risk and control risk separately but together as the risk of
material misstatement. However, the auditor may consider these risk components separately
https://ijmri.de/index.php/jmsi
volume 4, issue 2, 2025
629
based on preferred audit techniques and practical considerations. Many inherent risks arise from
a combination of business risks and fraud risks. For example, a new accounting system may
create the potential for errors (a business risk) but also the potential for someone to manipulate or
misuse the financial results.
If a business risk is identified, it should be considered whether it also creates a fraud risk. Fraud
risks are recorded and assessed separately from business risks. Otherwise, the auditor's response
is likely to focus only on business risks and not on fraud risk.
Fraud is often detected by looking for:
- unusual facts, exceptions and oddities in transactions/events; or persons with the motive,
opportunity and propensity to commit fraud.
If such facts are observed, they should be recorded and assessed as fraud risks, even if they
appear minor at first glance. Recording such risks will help ensure that they are properly
addressed by developing auditor responses.
1. The term “entity level controls” covers many elements of the control environment, risk
assessment elements and internal control monitoring [6].
2. Many business threats can also create a fraud risk. For example, a poorly controlled sales
system can lead to confusion as well as opportunities for fraud. Therefore, it is suggested to
maintain separate lists of fraud risk factors and business risk factors [6].
The audit process is presented in three clear stages:
– risk assessment;
– risk response; and reporting.
Risk-based auditing requires auditors to understand the company and its environment, including
the ICS. The goal is to identify risks. It is important not only to identify them, but also to assess
them correctly.
A highly qualified specialist is required to conduct a correct assessment. That is why in practice
such a procedure is carried out jointly with the audit partner and senior operational personnel.
Only through joint efforts can various risks be identified, assessed and appropriate measures
developed to prevent them or reduce adverse effects.
Let us formulate an algorithm of actions for assessing audit risk.
First, initial work with the customer. At this stage, it is possible to accept a new client or
continue working with the previous customer.
Second, drawing up a work plan. Third, the risk assessment procedure itself. This stage allows
you to assess the real state of the business at a specific point in time. And also to identify the
likelihood of possible risks. Fourth, analysis of internal control procedures. Particular attention is
paid to controls that can prevent the occurrence of material distortions at early stages. And also
allow you to eliminate the consequences of such distortions. Fifth, assessment of the risks of
material distortions in financial statements. Sixth, identification of risks for which audits alone
are not enough. Seventh, provide detailed information to the customer about the entire company.
As well as about the shortcomings of the existing control system in it [13]. And finally,
assessment of the risks of material distortion at the level of financial statements.
Risk assessment is not tied to a calendar year. That is, some of its stages can be carried out and,
accordingly, completed before the end of the calendar year.
Risk assessment is a complex and lengthy process. However, it allows you to reduce, and
sometimes completely eliminate, control work where the risk level tends to zero. The results
obtained from the audits allow the company's management to make decisions to minimize
possible risks or reduce their negative impact.
The risk assessment process involves a certain number of people. The quality of the result will
depend on their coordinated and qualified work. Only if the members of the audit team
communicate effectively will the audit results be objective. For example, group meetings. Within
the framework of such events, the general line of the audit and its structure are usually discussed.
Consider possible fraud schemes and the likelihood of their use by employees of the enterprise.
After completing the audits, members of the audit team discuss not only the results obtained, but
https://ijmri.de/index.php/jmsi
volume 4, issue 2, 2025
630
also the identified facts of fraud. It is at this stage that a decision is made on the feasibility of
future audits.
The second stage of the audit will consist of research, as well as the implementation of additional
audit operations aimed at preventing discounted risks of significant distortion and providing the
required confirmation to support the auditor's views.
Among the tasks that the auditor must take into account when planning audit operations.
1. Assumptions for which there are few checks of elements. Such a situation is possible,
provided that the processing of transactions was carried out with manual intervention.
2. The presence of internal control at the enterprise. This allows to reduce the number of various
checks.
3. The ability to carry out various analytical operations. Thus, other procedures can be
implemented in a significantly smaller volume.
4. The need to take into account the component of unpredictability in the procedures carried out.
5. The need to organize additional checks in order to identify fraud.
Audit operations created as a result of existing risks may well contain a combination of:
– checking the performance of the ICS; also
– basic operations such as detailed checks and analytical procedures.
The final stage of the audit involves assessing the data obtained. And also determining the
sufficiency of these data in order to reduce the negative impact of the facts of misstatement of
the reporting. In this case, establish:
- whether a change in the assessed risk level was recorded;
- whether the conclusions obtained based on the work results are correct;
- whether the facts of fraud have been proven.
The likelihood of any additional risks occurring in the future requires prompt work.
Based on the results of the work done, specialists usually formulate conclusions.
- Information on the results must be provided in full to interested parties. First of all, to the
manager and owner of the company.
- an auditor's report must be drawn up and the proper conclusion of the audit decision must be
established.
Conclusion
The task of ensuring confidence based on risk assessment will require auditors to understand the
company. This will help them to correctly assess possible risks of distortion of accounting
documentation in the future. Thus, in turn, this ensures prompt actions by auditors.
1. Incomplete, incorrect or completely absent information in accounting reporting documents.
For example, unrecorded assets or assets that were received "in circumvention" of the
requirements of legislation in this area
2. Certain areas of the company's activities in which strict reporting is not regulated by the
management of the enterprise. For example, entries in journals.
3. Other inaccuracies and violations in the current control system.
Reference
1.
Vasiltsova N.T. Audit of financial statements according to international standards // Actual
problems of socio-economic development of Russia. 2020. No. 1. Pp. 11-13.
2.
Gorodilov M.A. Limits of application of international auditing standards // Economic
environment. 2021. No. 2 (36). Pp. 27-32. DOI 10.36683 / 2306-1758 / 2021-2-36 / 27-32
3.
Zaslavskaya I.V., Smagina I.V. Accounting. Moscow: MISI-MGSU, 2019. 120 p. URL:
https://www.iprbookshop.ru/95515.html
4.
Kirichenko E.A., Selyutina S.V., Smagina M.N. International standards of audit. Tambov:
Publishing house of FGBOU VPO "TSTU", 2014. 136 p.
5.
Kirichenko E.A., Smagina M.N. Audit of industrial enterprise. Part 1. Tambov: Publishing
house of FGBOU VO "TSTU", 2017.
6.
Kirichenko E.A., Smagina M.N. Audit of industrial enterprise. Part 2. Tambov: Publishing
house of FGBOU VO "TSTU", 2017.
https://ijmri.de/index.php/jmsi
volume 4, issue 2, 2025
631
7.
Kirichenko E.A., Smagina M.N. Practical audit. Tambov. Publishing house of FGBOU VO
"TSTU", 2019.
8.
International Standard on Auditing 230 "Audit Documentation"
9.
Xalmurzayevna, Y. S., Karimovich, S. S., Zairjanovich, Y. S., & Qizi, X. M. I. (2021, June).
HYBRID TEACHING AND LEARNING TIPS FOR Teachers. In Archive of Conferences (Vol.
28, No. 1, pp. 12-14).
10.
Mahamadali Turdaliyevich Toshxonov, Sherzod Zairjanovich Yuldashev. (2022, October)
THEORETICAL AND PRACTICAL ISSUES OF TEACHING FOREIGN LANGUAGES IN
INSTITUTE OF PHARMACEUTICAL EDUCATION AND RESEARCH. INTERNATIONAL
SCIENTIFIC AND PRACTICAL CONFERENCE "THE TIME OF SCIENTIFIC PROGRESS
11.
Shakabil Karimovich Shayakubov, Saodat Khalmurzayevna Yuldasheva, Sherzod
Zairjanovich Yuldashev, Dilnoza Anvarovna Akhmedova. (2022, 5 November) THE ROLE OF
ASSESSMENT ON ENGLISH FOR THE INSTITUTE OF PHARMACEUTICAL
EDUCATION AND RESEARCH. INTERNATIONAL SCIENTIFIC CONFERENCE"
INNOVATIVE TRENDS IN SCIENCE, PRACTICE AND EDUCATION"
12.
Saodat Khalmurzayevna Yuldasheva, Mahamadali Turdaliyevich Toshxonov, Sherzod
Zairjanovich Yuldashev. (2022, 3 January) USING MOBILE APPS FOR TEACHING
ESL&EFL IN HIGHER EDUCATION INSTITUTIONS. Vol. 2 No. 8 (2023): YOUTH,
SCIENCE, EDUCATION: TOPICAL ISSUES, ACHIEVEMENTS AND INNOVATIONS
13.
Khalmurzayevna, Y. S., Nuritdinovich, F. S., & Karimovich, S. S. (2023). RISK
ASSESSMENT OF THE INTERNAL CONTROL SYSTEM AND THE APPLICATION OF
AUDITING PROCEDURES IN AUDIT OF ENVIRONMENTAL COSTS. International Journal
Of Management And Economics Fundamental, 3(05), 15-27.
14.
Yuldasheva Saodat Khalmurzayevna, Ganiev Shakhriddin Vakhidovich, Yuldashev Sherzod
Zairjanovich (2023/6/9). 21st Century Modern English Teacher’s Professional Competences.
Best Journal of Innovation in Science, Research and Development, 8-13
15.
Yuldasheva Saodat Khalmurzayevna, Yuldashev Sherzod Zairjanovich (2023/9/20) The
Perspectives of English Teachers' Pedagogic Competence In Teaching English Through Online
and Offline Tools. American Journal of Language, Literacy and Learning in STEM Education
(2993-2769), 111-121
