Risk Assessment: Recognizing the Nature of the Company
You can make some preliminary judgments about the nature of the company as part of your pre-planning activities (getting ready for your first meet-and-greet with the client). Checking out the company in public records is a good place to start. You’d be surprised how much information you can find out about a business merely by typing its name into a search engine.
Here are some crucial questions to ask the client during your risk assessment process:
What’s the company’s market overview? For example, if the client is a bank, in how many states does it operate? What’s its primary lending focus: homeowner mortgages, car loans, or commercial loans?
Who (if anyone) regulates the client? Many businesses don’t have an outside regulatory agency, but any publicly traded company is required to file its financial statements with the Securities and Exchange Commission (SEC). (A publicly traded company is one whose shares are bought and sold on the stock exchanges, such as the NASDAQ.)
What’s the company’s business strategy? Most business strategies are to maximize shareholder value by increasing profitability and serving the community in which they’re located. However, ask the question and see what the client has to say. The answer may lead you to more probing follow-up questions.
Use the answers to these and similar questions that you tailor to your client, its industry, and its environment while evaluating all components of audit risk: inherent, detection, and control. For example, if your client is subject to outside regulation, it affects your assessed level of control risk — usually lowering your assessed level.
However, this is subjective and based upon the type of regulatory agency and the type of audit you’re performing.