Difference Between Audit Risk and Business Risk

Business actions are subjected to various risks that can reduce the positive effects they can bring to the organization. Audit risk and business risk are two main types of risks that should be controlled and continuously monitored. The key difference between audit risk and business risk is that audit risk is the risk that an auditor expresses an inappropriate opinion on the financial statements whereas business risk is the possibility of loss and the occurrence of any event that could pose a risk due to unforeseen events which will negatively affect the business.

CONTENTS
1. Overview and Key Difference
2. What is an Audit Risk
3. What is a Business Risk
4. Side by Side Comparison – Audit Risk vs Business Risk
5. Summary

What is an Audit Risk?

Audit risk is referred to as the risk that the financial statements are materially incorrect and the malfunctioning and ineffectiveness of the internal control system are overlooked while the auditors form an opinion stating that the financial reports are free of any material errors and a sound internal control system is in place. In other words, the auditor expresses an unfitting opinion on the financial statements.

An internal audit committee is appointed by the board of directors to review the effectiveness of internal control system of the company. The audit committee should have at least three members and should meet at least twice a year to conduct their review. The board of directors should also review the effectiveness of the audit committee on an annual basis.

Main duties of the audit committee involves,

  • Monitoring the integrity of financial statements and provide an opinion that they have been prepared in a true and fair manner.
  • Reviewing the company’s internal control and risk management systems
  • Monitoring and reviewing the effectiveness of the internal audit function
  • Reporting to the board and making appropriate recommendations on how to improve the company’s internal control system

Lack of segregation of duties, lack of verification of transactions and lack of transparency in selecting suppliers are some examples of compromising the quality and effectiveness of internal control. The outcome of such compromises may be very costly and even threaten the business continuity. In addition to the internal audit committee, companies are also required by the law to appoint an external auditor to minimize an audit risk from materialising.

Figure 01: Role of the auditors are to provide an opinion that the financial reports are prepared according to the required standards and internal control system is functioning as expected. 

What is a Business Risk?

Business risk is the uncertainty of obtaining profits or possibility of loss and the occurrence of any event that could pose a risk due to unforeseen events which will negatively affect the business.

Types of Business Risks

Five main types of business risks are identified. They are,

Strategic Risk

Strategic risk is any type of a risk that challenges the core business activity. Change in customer tastes and preferences, which makes the company’s products and services obsolete or less desirable is the main strategic risk businesses can face.

Financial Risk

Financial risk arises when there are issues in fund management with regard to cash deficits, granting credit periods to customers and obtaining credit periods from suppliers. They also include interest rates and foreign exchange rates if the company is conducting international trade

Operational Risk

Operational risk results from internal inefficiencies and failures in the production floor such as defects and production delays. Operational risks can also result from unforeseen external events such as supplier delays in delivering raw materials

Reputation Risk

This is the risk resulting from loss of reputation through customer complaints, negative publicity, and product failures. Reputation risk is a severe risk that companies should avoid since the reputation built up for a number of years can be destroyed within a matter of few hours.

Other Risks

Any risk that cannot be categorized according to the above can be included in this category. The risks each company faces depends on the nature of the business and the industry.

To continue the business as a going concern and to ensure higher profits, the company must identify the business risks in advance and implement the necessary actions in order to mitigate them.

What is the difference between Audit Risk and Business Risk?

Audit Risk vs Business Risk

Audit risk is referred to as the risk that the financial statements are materially incorrect and the malfunctioning and ineffectiveness of internal control system are overlooked while the auditors form an opinion stating that the financial reports are free of any material errors and a sound internal control system is in place. Business risk is the uncertainty of obtaining in profits or possibility of loss and the occurrence of any event that could pose a risk due to unforeseen events which will negatively affect the business
Review of Risk
Audit risk is reviewed at the time of preparing audit reports. Business risk should be reviewed continuously due to its recurring nature.
Responsible Personal for Risk Identification
Internal and external auditors are responsible for identifying audit risk. Business risk should be identified by the management.

Summary – Audit Risk vs Business Risk

The difference between audit risk and business risk mainly depends on the nature of the respective risk. Audit risk arises from the inefficiency of the internal and external audit process while business risk can arise due to a number of reasons relating to strategic, financial, operational, and reputational or any other industry specific aspects. Both these risks can have severe damaging effects on a company. Thus, sound risk management practices should be in place to identify and mitigate the risks in a timely manner.

Reference:
1. “Answeing audit risk questions.” Audit risk | F8 Audit and Assurance | ACCA Qualification | Students | ACCA Global. N.p., n.d. Web. 18 May 2017. <http://www.accaglobal.com/lk/en/student/exam-support-resources/fundamentals-exams-study-resources/f8/technical-articles/audit-risk0.html>.
2. “Publications.” Gelman Rosenberg Freedman RSS. N.p., n.d. Web. 18 May 2017. <http://www.grfcpa.com/resources/publications/audit-committee-responsibilities/>.
3. “Business Risk.” Investopedia. N.p., 11 May 2015. Web. 18 May 2017. <http://www.investopedia.com/terms/b/businessrisk.asp>.
4.”Types of Business Risk.” Chron.com. Chron.com, 26 Oct. 2016. Web. 18 May 2017. <http://smallbusiness.chron.com/types-business-risk-99.html>.

Image Courtesy:
1. “audit checklist” by Boris Dzhingarov (CC BY 2.0) via Flickr