THE CONTROL ENVIRONMENT OF A COMPANY (四)

ACCA P7考試：THE CONTROL ENVIRONMENT OF A COMPANY （四）

4 Management’s philosophy and operating style

A company’s board of directors will comprise of individuals each with a different mind – set as to philosophy and operating style, manifested in characteristics such as their:

approach to taking and managing business risk

attitudes and actions toward financial reporting

attitudes toward information processing and accounting and functions personnel.

Each of the above characteristics underlie a company’s control environment and it is crucial for an auditor to have an understanding of them. Dealing with each in turn:

Approach to taking and managing business risk. Business risk is the risk inherent in a company as a consequence of its day-to-day operations and it comprises several components. The first of these is financial risk – for example, the risk that the company may have insufficient cash flow to continue in operation. The second component is operational risk – for example, the risk that the company’s product lines may decline in popularity leading to a sharp decline in sales and profitability. The final component of business risk is compliance risk – for example, the risk that the company may be in breach of health and safety regulations, leading to the possibility of hefty fines or even the closedown of operational activity. Candidates should be aware that a risk-based approach to an audit requires the identification and assessment of inherent risk factors and then of the control risk pertaining to these, in order to determine the risk of material misstatement, prior to carrying out substantive procedures. By adopting a top-down approach to the audit and first identifying business risks, auditors should be able to identify the associated inherent risks arising. They can then progress through the audit using the audit risk model (audit risk = the risk of material misstatement x detection risk) to determine the amount of detailed testing required in each area of the financial statements. To illustrate this approach, referring to the compliance risk example above, an inherent risk arising from the risk of a breach of health and safety regulations. As a consequence, there is a risk that the company’s liabilities may be understated due to the omission of a provision required in the financial statements, in respect of a fine for a non-compliance.

The directors’ approach to taking and managing business risk has obvious ramifications on a company’s financial statements, and the auditor should be aware of the various factors that influence directors in this area, and of applicable controls in place. It is often the case that a newly established company with young entrepreneurial directors and a flat management structure will have a more liberal approach to taking and managing business risk than a well-established company with more experienced directors, and a steep hierarchical management structure.

Consequently, it is likely that there would be a lower level of a risk of material misstatement in the financial statements of the latter company. Attitude and actions toward financial reporting. Financial Reporting Standards exist to help facilitate fairness, consistency and transparency of financial reporting. However, some determinants of profitability such as the measure of depreciation, the valuation of inventory or the amount of a provision remain open to the subjective judgment of management. Consequently, the auditor needs to gain an understanding of directors’ attitudes and actions to financial reporting issues and then make a judgment as to the extent of reliance that can be placed upon these. It may be that a company that is struggling in a faltering economy, and in another driven by a culture to report increasing profits, there is a tendency to adopt aggressive (as opposed to conservative) accounting principles, in order to meet profit expectations. Clearly, on such audit engagements it is important for the auditor to remain resolute in exercising appropriate levels of professional sceptism throughout.

Attitude towards information processing and accounting functions and personnel.Properly financed and resourced with sufficient numbers of appropriately qualified staff and contemporary information and communications technology, the financial reporting (accounting) and information processing functions of a company are vital to a company’s ongoing existence. They are key to the facilitation of compliance with laws and regulations, transactions with third parties, administration and control systems and in the provision of information for decision making. In most very large companies many aspects of the accounting function are inextricably intertwined with specific aspects of the company’s information processing systems, and there is an ongoing programme of investment in these, to ensure that the accounting and information processing systems are contemporary and fit for purpose. This is reflective of a situation where directors recognise that business risk will be significantly reduced, if the company has effective information processing and accounting functions. However, this situation does not apply to all companies. In some, both functions may be seen by the directors merely as necessary functional overhead areas of the business and, as such, they become under-funded and inadequately resourced in terms of staffing and equipment. An auditor engaged on an audit in such a company should be aware that there is an increased risk of material misstatement in the financial statements.