Risk Management at Accounting Firms: Overview of New Australian Standards


At the most basic level, risk is defined as the probability that certain outcomes (goals) will not be reached or reached. The risk is measured in the sense that the event should relate to the degree of uncertainty necessary to achieve the specified objectives. In this context, the risk is often considered a negative connotation: the risk of an adverse event.

This article deals with the risks of Australian accounting firms and reviews the new risk management standard (APES 325) issued by the Professional Standards Board.


In the context of a professional accounting firm, risk is not a new concept for professionals: as long as accountants offer services in a commercial environment. However, as the number and magnitude of legal claims against professional auditors have increased over the years, the issue of risk and risk management has also increased considerably.

Risk management is a system by which the company strives to (and sometimes contradictory) public interest obligations with the management of business goals. An effective risk management system facilitates business continuity, enabling the delivery and transfer of quality and ethical services to customers, ensuring the company's reputation and credibility. The Committee on Accounting for Professional and Ethical Standards (APESB) acknowledged that public interest and business risks were not adequately covered by existing APES standards, namely APES 320 (Quality Control of Companies). In the release of standard, APESB will replace and extend the range of risk management documents issued by various accounting organi- sations. Accordingly, APES 325 (Risk Management Companies) became mandatory from 1 January 2013.

APES 325 does not intend to impose obligations on accounting firms that already meet the existing requirements for dealing with remedial risks. All professional companies are currently required to document and enforce quality assurance guidelines and procedures for APES 320 / ASQC 1. The more effective quality assurance systems are tailored to the activities of the company to effectively address most risk issues. professional state accounting firm. Nevertheless, APES 325 expects companies to consider the risks that generally affect business, especially its continuity.


The process of risk management at the professional accounting firm takes into account the risks surrounding management, business continuity, human resources, technology and business, financial and regulatory environments. While this is a useful list of the risks involved, there will be risks that are relevant to practice, the most immediate attention being paid to. The ultimate goal of compliance with the risk management standard is to create an effective risk management framework that enables an enterprise to fulfill its most important public interest obligations, such as its business goals. This framework consists of risk management policies and the procedures for implementing and monitoring compliance with these policies. It is expected that most of the corporate quality management guidelines and procedures (developed in accordance with APES 320) will be incorporated into the risk management framework, thereby facilitating the integration of the requirements of this standard and the APES 320 and ensuring consistency across all corporate policies and procedures.

A critical element of the Risk Management Framework is to take into account and integrate business strategic and operational policies and practices that take into account the Customer's risk appetite for potentially risky activities.

Although the standard allows the vast majority of situations likely to arise by the accounting firm, owners should consider whether there are any activities or circumstances that require the company to meet the set goals.

Finally, the partners (or owners) of the Court of Auditors are responsible for Corporate Risk Management Framework. So this group (or a person if it is the sole owner) should take the lead in creating and maintaining the risk management framework, just as with the periodic assessment of planning and efficiency.

Often, the creation and maintenance of a Risk Management Framework is authorized for a single person (sometimes non-owner), therefore the Enterprise must ensure that the Creation and Maintenance of the Risk Management Framework Allow All Staff The standard has the necessary skills, experience, commitment and (in particular) authority.

When designing a framework, the company develops policies and procedures that identify, evaluate and manage the most important organizational risks. These risks usually cover 8 areas:

  1. Risk management and management of the company;
  2. Business Continuity Risks (Including Inheritance Planning and Disaster Relief (Non-Technology)
  3. Business Operational Risks
  4. Financial Risks
  5. Risk of Regulatory Changes
  6. stakeholder risk The nature and extent of the policies and procedures developed depend on a number of factors, such as the size and operational features of the company, whether it is part of the network, and if it is a risk that is specific to a particular company – its own due to its characteristics, these must also be identified and taken care of.

    One of the key factors in the risk management process is the management of the company, as this example is an example set up and maintained by the company's management, which is r the company's headquarters. As a result, adopting a risk-monitoring culture within a company is a function of pure, consistent and common actions and messages within and across the board. These messages and actions should consistently emphasize Customer's risk management policies and procedures. An important element of the risk management process is to check the system, which allows the company to generally reasonably trust the operation of the system. The system works when risks are properly identified and eliminated, treated or alleviated. Ultimately, most risks can not be eliminated, so the system must try to reduce the risk (to avoid it as much as possible) or reduce the risk (event management, if this occurs).

    As part of the system, you need to install a process that consistently ensures that the framework is – and remains – relevant, feasible and effective, and that it is all incident, detection and management of Risk Management policies and procedures. This includes such specimens in the attention of the Customer's management who must take appropriate corrective action.

    The Framework requires regular monitoring (at least annually) and Customer Leaders (one person or persons) must have sufficient and adequate experience, powers and responsibilities to ensure that such a systematic A risk management framework is implemented as necessary. Documentation

    The risk management system should be properly and properly documented so that all necessary requirements can be met and reference (if necessary). The form and content of the dossier has jurisdiction and depends on a number of factors, including: the number of employees within the company; the number of offices operated by the company; the nature and complexity of the company's practice and the services it provides.

    Appropriate and appropriate documentation enables you to effectively inform risk management policies and procedures about the company's staff. In all communications, a key message must be communicated that each person in the company has a personal responsibility for risk management and has to comply with all such policies and procedures. In addition, in view of the importance of obtaining feedback, staff should be encouraged to share their views and concerns about Risk Management issues.

    In documenting the risk framework, the company must include and cover the following aspects:

    • Procedures for identifying potential risks;
    • Customer's risk appetite;
    • Effective identification of risks;
    • Procedures for the evaluation and management and management of identified risks;
    • Documentation processes;
    • Procedures for dealing with non-compliance with the framework;
    • Staff training in risk management; and
    • Procedures for a regular review of the Risk Management Framework.

    In accordance with the supervision of the risk management system, any case where non-compliance with the company's risk management policies and procedures can be detected, however, the audit process should be documented. the measures taken by the company's management for non-compliance.

    Ultimately, the firm must maintain all relevant documentation related to the Risk Management Process to allow sufficient time for the observation process to evaluate compliance with the Risk Management Framework and to follow the relevant legal or regulatory requirements to record retention. Risks have always been present and growing components of professional accounting services are provided to customers and are not limited to clients that have a reputation for declining. This is the everyday business conditions and decisions that are seriously considered by a company.

    The modern auditing firm is in a unique position to supplement all operational risks of the major regulatory companies with the risks introduced by the various regulators and authorities.

    A comprehensive and effective risk management framework helps business owners identify shortcomings and blind spots that can affect an enterprise and assess the likelihood of occurrence of the incident and create clear plans for when and when.

    Source by sbobet

Leave a Reply

Your email address will not be published. Required fields are marked *