Vous êtes sur la page 1sur 5

Risk Management in group and individual financial statements

Appendix 9
Risk Management Audit Steps

To:

XYZ AG Attn. HDFGDH Spielhof 20 CH-7640 Glarus Switzerland

email: hdfgdh@xyz.ch

Fax no: +41 44 534 18 20

Group entity: Year: Local Audit Firm: Local Audit Engagement Partner: Local Audit Engagement Manager:

X SA 31.12.2010 Z Audit SRL Iliescu F Popescu Z

A) PERFORMANCE OF RISK EVALUATION RISK MANAGEMENT (in compliance with Art. 663b par. 12 CO) Auditor: Reviewer: Craciun Ion Popescu Z Date: Date: February 2011 February 2011

B) Pending Points
No N/A Description N/A Gathered N/A Date N/A Comments / Findings for the report to the Board of Directors N/A Done N/A Auditor N/A Date N/A

C) Audit Objective/s The audit objectives of this working paper are: The evaluation of the performance of a risk evaluation within the company by the Board of Directors. Insuring the adequate disclosure of the risk evaluation in the notes to the financial statements. It has to be considered that according to the legal provisions in Switzerland

"the risk evaluation does not cover all business risks but only those risks which could have a significant influence on the assessment of the financial statements"
As a consequence risks concerning accounting and external financial reporting are of more importance than strategic and operational business risks. The auditors test the objective and documented illustration of the risk evaluation process and the adequate disclosure of this process in the notes to the financial statements.

Risk Management in group and individual financial statements

Appendix 9
Risk Management Audit Steps

D) Detailed list to Appendix 9 The following detailed working papers are connected with Appendix 9: WP C 1.1 WP C 1.2 and Cash E) Audit steps Internal Control System conclusion Definition of activity flows Questionnaires for assessment of Sales, Acquisitions, Payroll, Investments, Inventories

WP C 1.2.1 to C 1.2.6

No Audit steps

Source

Assessment

Result/Findings

Conclusion

Ref

YES A 1 General audit steps Is the risk management appropriate to raise all essential risks that can have a direct influence on financial statements, both at the business level and the process level? Is a permanent risk supervision process available and implemented (monitoring)? Is the system for risk evaluation appropriate and documented clearly? Note: The requirements of documentation depend on the size of the company under review. Did the Board of Directors formally approve the risk management?

NO

N/A

We have not identified indications that there are risks unaddressed by the management

Risk management is appropriate

Checks are performed in order to avoid errors

Risk supervision is in place Not documented

The system is appropriate but it is not documented

The system is not documented formally.

Not approved formally Risk evaluation is appropriate Risk communication is appropriate

Is risk evaluation performed regularly (at least annually)?

We have not identified indications that the risks are not evaluated periodically by the management We have not identified indications that the risks are not communicated periodically to the management

Will risks be reported to the Board of Directors on a regular basis and significant risks be communicated in time to the responsible persons? Based on identified business risks, are measures in place to reduce or prevent these risks? Is the implementation of the measures supervised and controlled by the Board of Directors or management?

We have not identified indications that additional measures are necessary We have not identified indications that implementation of measures is not well-enough supervised.

Measures are in place

Implementation is supervised

Risk Management in group and individual financial statements

Appendix 9
Risk Management Audit Steps
Conclusion Ref

No Audit steps

Source

Assessment

Result/Findings

YES B 9 For full scope audit only Is there an appointed person in the firm who is responsible for the risk management? Have their responsibilities been defined and delegated clearly and understood?

NO

N/A

We have not identified indications to the contrary. We have not identified indications to the contrary.

Responsibility was delegated

10

In a group structure, will risks on group level (consolidated financial statements) as well as on entity level (subsidiaries) appropriately be assessed and disclosed? Will the estimated probability and relevance of identified business risks be assessed? Are deficiencies and weaknesses as well as applicable improvement measures included in the risk report to the Board of Directors? Has top management determined to what extent the Company a) will/can bear the risks itself; b) can reduce risks; c) to what degree risks will be outsourced (e.g. insurance coverage)? Change Management: In the case of changes to the business model, is a new risk evaluation performed? Disclosures in the notes to the financial statements Is the execution of the risk evaluation appropriately disclosed?1 RO-GAAP does not require such disclosures PS 890, A IV, f), PG. 6 We have not identified indications to the contrary.

11

12

We have not identified indications that improvements are necessary.

13

We have not identified indications to the contrary.

14

15

The wording of the law and the comments to the legal provisions do not set specific standards regarding the content of the disclosure to be

made in the notes to the financial statements. Possible are: a) Only to describe the risk evaluation process b) To disclose process and risks with a direct impact on the financial statements c) To disclose process and all significant business risks (including strategic and operative risks) The objective of the disclosure regulation is to communicate to the reader of the financial statements the importance of the dealing with risks.

Risk Management in group and individual financial statements

Appendix 9
Risk Management Audit Steps
Conclusion Ref

No Audit steps

Source

Assessment

Result/Findings

YES 16 Are, as much as the risk evaluation requires, the essential changes in risks compared to the previous year adequately disclosed?

NO

N/A RO-GAAP does not require such disclosures

F) Conclusion Audit tests have been carried out in accordance with law Art. 663b) par. 12 CO. Based on these audit tests we reach the following conclusion: a) The risk evaluation of the Board of Directors was carried out in the audit year in accordance with specification of the law:

YES Explanation:

NO

NA

We have not identified indications to the contrary


b) The risk evaluation was [with the following restrictions] [not] disclosed sufficiently in the notes to the financial statements:

YES Explanation:

NO

NA

RO-GAAP does not require such disclosures


c) The comments regarding the risk evaluation in the notes to the financial statements have [with the following restrictions] [not] been understood and could be audited (that means that the risk evaluation process is documented and can be traced).

YES Explanation:

NO

NA

RO-GAAP does not require such disclosures


d) The comments regarding the risk evaluation in the notes to the financial statements do [with the following restrictions] [not] correspond with actual circumstances and are [with the following restrictions] [not] reproduced correctly (truth/correctness of comments):

YES Explanation:

NO

NA

RO-GAAP does not require such disclosures

Risk Management in group and individual financial statements

Appendix 9
Risk Management Audit Steps

e)

The risk evaluation process and the documentation of the risk evaluation suit the fulfillment of the intended function and are [with the following restrictions] [not] appropriate based on the size and complexity of the company:

YES Explanation:

NO

NA

RO-GAAP does not require such disclosures