Stanford University Assessing Risks Taken by Foodservice Industry Discussion

Discussion Topic: Assessing Industry Risks

When conducting an audit, there are various types of risk that mustbe assessed by the auditor at all phases of the audit process. Selectone of the industries shared in your instructor’s post and discuss howyou will incorporate a risk assessment into your audit plan. Be sure tomention inherent risk, control risk, and detection risk.

Posted 1

Ihave chosen Chipotle Mexican Grill as the company to be reviewed in myfinal assessment. The Company is an American chain of fast casualrestaurants that focus on tacos and burritos and it was founded in 1993and is based in Denver, Colorado.

Aspart of my audit plan, the first step would be to start getting aproper understanding of the entity and the business environment in whichthe Company is included. This understanding includes collectinginformation about the nature of the entity, the regulatory environmentand how the organization is structured in terms of governance andbusiness strategies. After that, an analytical procedure would beperformed to identify potential misstatements included in the financialstatements.

Theprocedures mentioned above would help the audit team to identify theinherent risks, which are basically the susceptibility of an assertionto a material misstatement. After the inherent risk were identified, thenext step would be to understand the client’s internal controls andthen identify the control risks, which are the risks of a materialmisstatement will not be prevented or detected by the Company’s internalcontrols that are in place. The detection risk exists when the auditorcannot detect a material misstatement within the financial statements atan assertion level. A proper audit strategy will consider auditprocedures to mitigate all the identified risks.

Posted 2

Iselected WorldCom for my Unit 6 assignment, which means I need tounderstand and identify the risks associated with the telecommunicationsindustry. There are quite a few risks associated with this industry,including the following:

• Capital expenditures
• Competition
• Accounting methods, and
• Regulatory issues

Iwill need to identify the audit risk that could lead to materialmisstatement in the company’s financial statements. Audit risk isdefined as a function of inherent risk, control risk, and detection risk(Boynton, W.C., & Johnson, R.N., (2006). Inherent risk is the riskthat an assertion may be materially misstated in the absence of internalcontrols. There are five financial statement assertions – existence,completeness, rights, valuation and presentation. For example, inauditing capital expenditures, I will need to determine that a capitalasset exists; that it is reported in total and correctly; that thecompany owns the capital asset; that it is valued correctly includingwrite-downs, and that it is presented appropriately with all relateddisclosures.

IfI find that the inherent risk is high (let’s say 90%), I will then needto determine if there are appropriate internal controls in place tomitigate the audit risk (i.e. catch any errors related to the assertionsmentioned). For instance, if there is an automated process in placethat tracks expenditures and verifies the existence of such asset(physical count to match the computerized records) along with approvalof the expenditures and appropriate segregation of duties related to theauthorization and purchase of the capital asset, the controlrisk may be low for the existence assertion. I may be able to test theinternal control related to this item to obtain reasonable assurancethat the asset exists and limit the physical count or testing I performrelated to capital assets.

Detectionrisk is the possibility that an auditor fails to detect a materialmisstatement related to the financial assertions. Once I determine theinherent and control risks, I need to consider the detection risk. Forinstance, if I determine that the inherent risk is high and the internalcontrols related to the assertion is ineffective, I will need to setdetection risk at a low level to achieve a low level of overall auditrisk. I will need to design or plan my audit ensure I can detect anymaterial misstatements that might be present.

Posted 3

For my final assignment, I chose to discuss the company, Oracle. Oracle is a software company that went public in 1986.

I will incorporate a risk assessment into my audit plan for Oracle.In the risk assessment I will look at inherent risk by especiallylooking into the situations where it is most likely to happen, forexample, in transactions with complexity and great detail (Boynton &Johnson, p. 186).

I will also assess the control risk of the audit, which couldpossibly be missed by the company’s internal controls (Boynton &Johnson, p. 186). Lastly, I will mention here that detection risk willalso be assessed. Detection risk is the risk of the auditor notdetecting an error that does exist (Boynton & Johnson, p. 186). Allof these risks are important to observe, in order to assure accuracy on a360 viewpoint for the audit.