Boring definition :
According to ISA 315 Identifying and Assessing the Risks of Material Misstatement through Understanding the Entity and its Environment “A business risk is one resulting from significant events, conditions, circumstances, actions or in-actions that could adversely affect an entity’s ability to achieve its objectives and execute its strategies”.
Any future event that might prevent the company in making money & challenges its going concern.
Significance of Business Risk in Audit Process:
In real life audit process has changed drastically due to severe competition, tendering process as well as pressure of reducing audit fees. Hence audit process has to be efficient, quick and effective since firms cannot afford to spend huge amount of time or provide large audit team for any assignment.
Consequently ‘Top-down Approach’ has been introduced in audit practice where the main idea is to look for the future risks; the business is going to face to its continuing operations. Therefore in modern audit process an auditor would identify those ‘risky areas’ which might prevent the company in making profit, before conducting any other detail audit procedures. The auditor than would focus mainly on those risky areas and adopt procedure to detect material misstatement in those areas alone.
So business risk identification makes the audit process easy, efficient, less time consuming and precise. Looking at business risk makes auditor aware about the strength of company’s internal control as well as corporate governance policies and procedures. Any weakness or non-compliance might indicate areas auditor should concentrate in finding misstatement. That is why ‘top-down approach’ is so popular among auditors now-a-days and that makes it very very important for the exam.
Internal Risks (CFO):These risks are entirely related to company’s internal business process.
Compliance (C) – fraud, not complying with local GAAP, rules and regulations, stock exchange or corporate governance best practice
Financial (F) – cash flow difficulties, rapidly increasing gearing
Operational (O) – employees going for strike, failure to modernize products, processes, labor relations or marketing; excessive reliance on dominant CEO
External Risks (PESTEL):These are mainly related to the industry company is operating.
Political (P) – political issues
Economic (E) – changing interest rates, exchange rates
Social (S) – change in public opinion, attitudes, fashions
Technological (T) – untried technologies and ideas
Environmental (E) – natural hazards
Legal (L) – changing legislation
Common Business Risks for Exam:
Wide geological operation
Control + Regulation + Tax
Volume of transaction + Security + Data protection
Revenue + Liquidity + Gearing + Margin
One piece of advice, please do not try to memorize examples of business risk because the case study of the question will be ‘freshly made’ for you. Just remember three words: Future, Money & Going concern. Practice some past exam questions in time pressure. Your nightmare regarding business risk will be over.