The Risk Management of the Accounting Firms Research Based on the COSO Risk Management
Framework
JIANG Jingqing
School of Finance and Economics, Liaoning University of International Business and Economics, Dalian, China, 116052
Abstract—"Enterprise risk management –integrated framework", which was issued by the Committee of Sponsoring Organizations of the Treadyway Commission in 2004, is applicable in different enterprises for their risk management. Based on the framework, the research focuses on the crucial parts of the risk management so as to analyze the risk monitoring and risk response of the accounting firms, and it also studies the risk matters about which should be concerned in the risk monitoring process of the accounting firms, puts forward some suggestions that the accounting firms should deal with the matters considering about the risk appetite and risk tolerances. At last the research analyzes specifically how to avoid, reduce, share and accept four kinds of the risk management measures.
Keywords-COSO framework; risk management; accounting firms
I.I NTRODUCTION
In recent years, many enterprises have paid more attention to the risk management. They have started to co-ordinate the management of risk and transformed the original ideas which only care about risk controlling into how to use risk in order to gain profit. In his article Thomas Stewart[1]indicates that the main purpose of risk management is not to eliminate risk, because it will lose the opportunity to gain return. What the Risk management needs to do is to "manage" the risk and take the initiative to select risks which are able to gain. In September 2004, COSO formally issued "enterprise risk management framework", which outstanding the theoretical value and practical significance make it arouse widespread concern.
COSO[2]is the English abbreviation of Committee of Sponsoring Organizations of the Treadyway Commission. COSO issued some main research reports one after another, including "Fraudulent financial reporting: 1987-1997, an analysis of US Public companies", "The internal control problems of using derivation tool ", " Internal Control-Integrated Framework " and "enterprise risk management framework" etc. " enterprise risk management –integrated framework " is called "COSO risk management mode." The mode [3] has eight interrelated elements; they are the internal environment, objective setting, event identification, risk assessment, risk response, control activities, information and communication, and monitoring. COSO gives each part its clear explanation.
Accounting firm is an institution established by law which organizes certified public accountant business. Although it is different from other enterprises and institutions in general, the risk exists in the whole business activities of accounting firm. Accounting firm must not only manage the risk of each issue, but also care the overall risk management. When establishing its internal control system, accounting firm should reasonably use the mode of the internal control and risk management of enterprises and institutions for reference. Based on the status of audit industry in China and the condition that accounting firms are lack of rick management, it should be urgent to strengthen the risk monitoring and risk response in the risk management of accounting firms.
This template, modified in MS Word 2003 and saved as “Word 97-2003 & 6.0/95 – RTF” for the PC, provides authors with most of the formatting specifications needed for preparing electronic versions of their papers.
II.R ISK M ONITORING OF A CCOUNTING F IRMS
A.COSO Risk Monitoring Framework
COSO risk monitoring framework includes the following four aspects (as shown in Figure 1):
Internal environment-that is the resources and capabilities of the organizations, which sets the basis for the entity’s people to know how to understand and deal with the risk.
Objective setting-An enterprise should have an objective so that the managers can identify the potential events which will affect the achievement of the goal. Risk management helps the administrators to ensure appropriate procedures to set a target and ensure the selected goal to support and meet the entity’s mission in order to make it consistent with the risk appetite.
Event identification-that is the identification of major risk issues which identify the impact of the internal and external matters to the entity and distinguish risk and opportunity.
Risk Assessment-risk analysis by considering its possibility and impact, and as a basis that how to proceed management. Risk assessment should be based on the inherent risks and residual risks.
It is clear that there are relationships between internal environment and the business objectives. It is an important task for the manager to match the internal environment and the business objectives. To view it statically, the internal environment and the business goals determine the identification of risk issues. A certain extent, to identify risk issues is the managers’ "risk perception" which bases on the enterprise environmental and business goals in the business activities, From the dynamic point ,such "risk perception" will affect the administrators of the enterprise to re-plan the resources and capacity and adjust the business goal. Internal environment, business objectives and matter identification have the complexity of the interaction.
In a certain stage of Enterprise development that is in a relatively static condition the risk matters will be determined. Management authorities need to pay close attention to the matters selected for more detailed assessment, classify the possibility and the impact of various risks and analyze the interaction of the risk matters if necessary.
Risk monitoring is the chief part of the risk management in the process of achieving the objective. It is the process that the accounting firms make their classification and identification when facing the uncertain factors as well as the potential ones. In general, the risk faced by accounting firms mainly comes from two audit responsibilities: the audit professional responsibility and audit legal liability. The identification of audit risk is therefore mainly associated with the risk from professional responsibility and legal liability, in addition, the identification of risk also includes the one comes from the defects of the accounting firm's internal governance structure. B.The Risk Matters Voncerned by the Accounting Firms
As a special kind of the entity in the enterprises, accounting firm must be confronted with the risk as well and has a duality. it has to study and evaluate the operating risk of the company audited, at the same time it must make a reasonable planning to prevent the operational risks of the firm itself, so there is a certain degree of particularity to monitor the risk of the accounting firms.
Figure1. Framework of COSO risk monitoring
z Audit Professional Responsibility
In the audit business, the Certified Public Accountants’
most crucial work is to identify the factors which would make
the audit object report its financial accounting statements
wrongly. Modern enterprises have the tendency to study the
business strategy. The strategy management of an enterprise
not only will affect the day-to-day business operations, but
also impact the reliability of the accounting statements
reflecting the business results. Therefore a certified public
accountant should start with the strategic analysis of the
enterprise. Through the basic ideas "strategic analysis --
operating analysis – residual risk analysis of accounting
statements", the certified public accountant should keep the
risk from the wrong report of the accounting statements and
the risk form the corporate strategy at the risk of the
relationship in contact closely, thus grasp the audit risk from
the source in order to avoid the risk from the audit project
more than the whole capability of the accounting firm.
① Professional ability risk. It refers to the phenomenon
that the ability of the practitioner is so limited that he can not
be competent for the job. This is due to the certified public
accountant profession have a late start in China, if the certified
public accountants and assistants with limited operational
capacity lack effective supervision, they often arbitrarily
omitting the necessary audit procedures, which would lead to
low standardization of the audit reports and poor audit quality .
② Independence risk. It refers to the phenomenon that the
accounting firms do not abide by the independence principle
and have a certain interest relationship with the customers
such as the relationship of the financial interests, so in the
implementation of auditing, they will be subject to the impact
of customers’ feedback, which may lead to the risk from the
audit opinion without objectivity and fairness.
z Audit Legal Liability Risk
It refers to the accounting statements audited still exist the
auditor's important misstatement and neglect, which lead to
the possibility that the auditor and his accounting firm must
response the legal liability actively or passively.
Although the auditor and accounting firms follow the generally accepted auditing standards and issue the correct audit opinion, they have a certain specific relationship with their customers. Once the customer happen to have poor management or bankruptcy, the frustrated investors and creditors would do everything possible to seek the associated collaborator who can afford the debt for compensation, therefore, accounting firms often become the main objective of the litigation. As the development of Chinese capital market as well as the development of civil audit career, the opinion of the customers and other correlate on the civil audit is no longer a pure legal requirement, only to become an important tool to determine the reliability of information and protection of their own interests. Once the dereliction of the auditors making the customers and other correlate a loss happens, the customers and other correlate would respond to the duty of the certified public accountants including recourse to the law, which may lead to the risk from the audit legal liability.
z Internal Governance Risk
Enterprises are usually considered as an alternative form of contract of the market, which is also a way of property transaction between people, a series of agreements between human capital and non-human capital. It is especially obvious to the accounting firms famous for their people cooperation feature that the owners of every factor of enterprises can share different proportion of the residual claim and residual control as a result of different structures of property rights. This also leads to different supervision and motivation effect based on which the behavior of human capital owners is influenced. Internal risk control is the risks faced by the accounting firms as a result of the absence of establishment of appropriate governance structure based on the compatibility principle between incentives and constraints. It is mainly reflected in three aspects including, the risk of personnel management, and the risk of financial management.
① The risk of operation quality management. The short-term business behaviors of some accounting firms affect the norm of operation behaviors and the quality of business reports, because they do not establish a strict business quality control mechanisms, lack the driver of long-term economic interests and brand awareness, can not correctly handle the dialectical relationship between economic interests and business quality and can not easily maintain the independence of its audit services initiatively.
② The risk of personnel management. Accounting firm's core competence is the intellectual work, because its main assets and strengths reflect in the person's moral and professional standard. First, the partner’s quality, which plays a particularly important role in determining the direction and future of the accounting firm’s development. Second, non-partner, as the executive of every business of the firm, whose capacity and quality will directly affect the quality of their service, and then bring risks to the firm.
③ The risk of financial management. Financial risks are closely related to the firm’s fund raising, management and safety. Financial risks mainly comes from the uncertainty of financial management。Such as the financial control is good or not, the organization of financial management framework is proper or not, the conceptual design is reasonable or not, the distribution method between expenses and income is adequate or not, etc.
III.T HE R ISK R ESPONSE D ECISIONS OF THE A CCOUNTING A.The Risk Response Decisions Based on the Risk Appetite
and Risk toLerances
COSO mode introduces two important correlative concepts, that is, the risk appetite and risk tolerances. Risk appetite is defined as the amount of risk, on a broad level; an entity is willing to accept in pursuit of value and its mission. Risk appetite influences the entity’s culture, operating style, strategies, resource allocation, and infrastructure. Risk appetite is not a constant and it can be divided into high, medium and low categories of the classification qualitatively or measure the impact on business performance quantitatively. Risk tolerances are defined as the acceptable levels of variation relative to the achievement of objectives, which are often best measured in the same units as the related objectives and expressed by the same units or the correlative objectives as the appetite quantitatively.
The most significant availability of these two concepts in the risk management activities is to help the accounting firms handle the relationship between risk and reward, which directly affects the survival of the accounting firms. If an accounting firm is always in pursuit of profit and ignores the risk, it perhaps maintains prosperity at the moment, but losses a long-term vitality. Certified public accountant must try to eliminate acceptable risks as far as possible and at the same time take appropriate measures to deal with the risks can not be eliminated. One of the important principles is to ensure the remuneration correspond to the risk preparing to accept.
COSO model summaries the risk response decisions as four categories of measures: avoidance, reduction, sharing and acceptance.
B.Analysis of Risk Response Decisions
z Risk Avoidance
Risk avoidance is a response where you try to avoid the possibility of the loss, give up or change the activities and exit the activities that cause the risk, such as many accounting firms choose customers or business. For example, accounting firms should make a careful study of the environmental factors which will affect their clients before taking an audit commission. A certified public accountant should maintain a cautious attitude when taking the business, if the integrity of the clients’ management is doubtful; the accounting firm should check the clients’ status in the industry, management operation style and the relationship with their former certified public accountants. If the customer survey data indicate there may be such as bad credit, financial crises, risk preference or poor quality, it would be inappropriate to accept a commission.
z Risk Reduction
(1) Prevention (beforehand). A reduction which takes specific measures to deal with the risks before they occur in
order to eliminate or reduce the potential factors. For example, if an accounting firm decides to undertake the audit after bargaining, it can assign someone to draft the. The audit engagement should include the consignor, assignee, business scope, bilateral responsibilities and obligations, fees, effective time, the liability for breach of contract. The audit engagement must include the bilateral responsibilities and the accounting firm must pay close attention to the distinction of the account liability in order to reduce the audit risk. In addition, the accounting firms should strengthen the routine practice and the professional ethics education of the certified public accountants, at the same time increase the awareness and professional quality of the certified public accountants and practitioners.
(2) Decentralization (in hand). Decentralization increases the number of the similar risks units to improve the predictability of future losses so as to achieve the purpose of risk reduction. For example, to expand in a certain business field, or even to monopolize. On one hand, the firm can become more familiar with this business field in order to reduce errors; on the other hand, big business will improve the accuracy of forecast to losses. Even if the individual accountable accident occurred, the accounting firm can achieve the purpose to reduce the risk because compared to its overall business, the relative probability of the individual ones is very small.
(3) Suppression (afterward). Suppression means to take various remedial measures in order to reduce losses. Accounting firms generally will take this technology or method to response to the loss, there are different methods can be used to compensate such as the business methods and disclaimer measures.
z Risk Transfer (Risk Sharing)
Risk transfer refers to pass the risk on to other units or individuals consciously in order to avoid the risk, which can be divided into two types of non-insurance transfer and insurance transfer. Non-insurance transfer refers to transfer the loss or financial consequences related to the loss to the clients or other units and individuals, such as signing an engagement letter with the commission unit or request the management department of the audited unit to issue a declaration document, etc. Insurance is a risk management approach by which the accounting firms pass the liability risks on to the insurers. That is, the insurance company in accordance with the law response the financial liability (including losses and legal costs) which comes from the compensation of the insured entity (accounting firms) for his negligence and mistakes to others. There are some advantages of the implementation of the certified public accountant professional liability insurance. The insurer can undertake the civil liability for the insured and solve his problems, protecting the economic interests of the innocent people not to be aggrieved in responsible accident, maintaining and promoting the social stability. It helps to favorably settle civil compensation disputes and ensure the implementation of the laws. Of course, the professional liability insurance of the certified public accountant can not solve all problems so that in the end risk acceptance has to be chosen.
z Risk Retention (Risk Acceptance)
Risk acceptance describes an informed decision to accept the consequences and likelihood of a particular risk. General practice is that the accounting firms establish occupational venture capital in accordance with "Law on Certified Public Accountants ". At present, the counting and drawing of the venture capital in the accounting firms is in accordance with the business income. This method does not distinguish the quantity between each audit project risk and business risk in the accounting firms, which is not helpful to the risk management of the firms. The business such as the audit business, management consultation, asset valuation, accounting services will not face the same liability risks because each audit project face different audits risks. Accounting firms should count and draw the venture capital in accordance with single audit item (or a different business). The projects with similar risk may be counted and drawn together.
All the methods above have their advantages and disadvantages. Risk avoidance is simple, however, limits the development of business, which means to loss some markets and profit and not to be inconsistent with the leitmotiv of risk management; risk prevention is a positive and effective and eliminates a lot of potential risks, but it can not eliminate all risk; risk decentralization is not so universal that some accounting firms can not use; risk suppression is negative and compelled; risk acceptation is of low-cost and effective, however, has limited capacity to take risks due to the fund quantity.
To sum up, risk response decision is a series of measures adopted by the management authority to coordinate the risk and the main body’s risk tolerance and risk appetite, which give the accounting firms’ business activities maximum security guarantee. In addition to doing well with the plan of risk response decision, the accounting firms’ risks awareness also need to be strengthened, identify clearly that the entity’s implementation of risk management is the personnel from all walks of life, rather than just the managerial class of their own;We should establish a sound risk management mechanism,continuously enhance the comprehensive ability to resist risks. It is conducive to establish a sound quality control system for accounting firms by doing a good job of the accounting firms in order to improve the quality of audit work.
R EFERENCES
[1][1]Thomas A. Stewart.Managing Risk in 21st Century.Fortune
(February 7,2000):202.
[2]Xie zhiming. The identification and control of the risk management in
the accounting firms.Financial accounting of public institution,
2005(2):60-61. (in Chinese).
[3]Committee of Sponsoring Organizations of the Treadyway Commission.
Enterprise risk management –integrated framework. 2005. (in Chinese). [4]Ye xuefang. How to manage the risk in the accounting firms. Chinese
certified public accountant.2001(1):24-25. (in Chinese).
The Risk Management of the Accounting Firms Research Based on the
COSO Risk Management Framework
作者:JIANG Jingqing
作者单位:School of Finance and Economics, Liaoning University of International Business and Economics, Dalian, China, 116052
本文链接:https://www.doczj.com/doc/d814432669.html,/Conference_WFHYXW381948.aspx