Navigating Audit Risk Assessment and Planning in Times of Economic Uncertainty

Navigating Audit Risk Assessment and Planning in Times of Economic Uncertainty

By: Hooi Kok Mun

Contents

Why does audit risk assessment matter more in uncertain times?

Periods of economic uncertainty driven by inflationary pressures, geopolitical tensions, supply chain disruption, regulatory change, or tightening financial conditions can significantly alter an organisation’s risk profile. 

For multinational corporations and complex business groups, these conditions heighten the importance of a robust audit risk assessment and disciplined audit planning process.

A well-executed audit risk assessment is fundamental to ensuring that a financial statement audit remains responsive to evolving business realities. It enables auditors to identify areas where material misstatement risk has increased, reassess the effectiveness of internal controls, and adapt audit strategies accordingly. 

For boards, CFOs, and audit committees, this process also provides critical assurance that financial reporting remains reliable, transparent, and decision-useful despite external volatility.

In Malaysia, where organisations often operate across jurisdictions and regulatory frameworks, audit risk assessment must also reflect local statutory requirements, accounting standards, and governance expectations, alongside global group audit considerations.

Understanding audit risk assessment in an uncertain economic environment

Audit risk assessment refers to the systematic process by which auditors identify, analyse, and evaluate risks that could result in material misstatements in the financial statements.

During periods of economic uncertainty, this assessment becomes more complex due to rapid changes in operating conditions and heightened estimation uncertainty.

Key components of audit risk assessment include:

  • Understanding the entity and its environment, including industry dynamics and macroeconomic factors
  • Identifying inherent risks, particularly in areas involving judgement, estimation, or significant transactions
  • Assessing control risk, especially where business processes or personnel have changed
  • Determining the nature, timing, and extent of audit procedures required to address identified risks

Economic volatility often increases inherent risk across multiple financial statement areas simultaneously, requiring auditors and management to engage earlier and more extensively during the planning phase.

Entity-level risks and evolving business strategies

Reassessing the business model and strategic assumptions

Economic uncertainty frequently forces organisations to revisit their business models. These changes may include cost restructuring, workforce rationalisation, shifts in supplier relationships, entry into new markets, or the postponement of capital investments.

From an audit risk assessment perspective, auditors must understand:

  • How management has identified and prioritised emerging business risks
  • Whether strategic responses introduce new financial reporting risks
  • The potential accounting implications of contract renegotiations, pricing adjustments, or operational restructuring

Such changes can directly affect revenue recognition, cost allocation, asset valuation, and disclosures. Early dialogue between management and auditors during audit planning helps ensure that these impacts are appropriately reflected in the audit approach and scope.

Business process changes and internal control implications

Control environment under pressure

Economic stress often leads to accelerated operational changes, including automation initiatives, workforce reductions, or decentralisation of functions. While these measures may support resilience, they can weaken internal controls if not carefully designed and monitored.

Common control-related risks include:

  • Breakdowns in segregation of duties due to reduced headcount
  • Inadequate oversight following changes in process ownership
  • Control gaps arising from newly implemented or modified systems

Auditors will reassess whether existing controls remain effective and may adjust reliance on controls accordingly. For management, maintaining clear documentation, updated control narratives, and evidence of monitoring becomes essential to support the audit process.

Where organisations are undertaking broader risk or control transformation initiatives, insights from business risk services can support more structured identification and mitigation of these vulnerabilities.

IT general controls and increased reliance on digital systems

Technology risk as a critical audit consideration

In response to uncertainty, many organisations accelerate digitalisation and automation to improve efficiency and cost control. While beneficial, increased reliance on technology heightens the importance of IT general controls (ITGCs) in audit risk assessment.

Key areas of focus include:

  • User access management and timely removal of access for departing employees
  • Change management controls over financial systems
  • System interfaces and data integrity controls

Changes in personnel or responsibilities can weaken IT controls if access rights are not promptly updated. Auditors will evaluate whether deficiencies in ITGCs increase the risk of material misstatement and whether additional substantive procedures are required.

Financial reporting complexity and emerging accounting standards

Preparing for evolving reporting requirements

Periods of uncertainty often coincide with regulatory and accounting developments that add complexity to financial reporting. For example, the forthcoming adoption of MFRS 18 – Presentation and Disclosure in Financial Statements will require more granular data and enhanced disclosures.

Although MFRS 18 is not yet effective, early preparation is critical. Audit risk assessment should consider:

  • Management’s readiness to capture and present new data requirements
  • The adequacy of systems and processes to support comparative restatement
  • The risk of errors arising from manual workarounds or incomplete data

Failure to plan for such changes can increase audit risk and lead to inefficiencies during future audit cycles.

Going concern assessments under heightened scrutiny

Re-evaluating financial resilience

Economic uncertainty places renewed emphasis on management’s going concern assessment. Even historically profitable entities may experience rapid declines in demand, margin compression, or liquidity constraints.

Audit risk assessment in this area focuses on:

  • The robustness of cash flow forecasts and stress testing
  • The reasonableness of key assumptions and mitigation plans
  • The adequacy of disclosures relating to material uncertainties

Auditors will challenge whether management has sufficiently considered downside scenarios and whether supporting evidence is reliable. For boards and CFOs, clear documentation and transparent communication are essential to support both audit quality and stakeholder confidence.

Impairment risks and valuation uncertainty

Asset values in volatile markets

Economic instability often triggers the need for impairment assessments across financial and non-financial assets, including receivables, inventory, property, plant and equipment, and intangible assets.

Audit risk increases where:

  • Cash-generating units experience sustained revenue declines
  • Market-based inputs become less observable
  • Valuation assumptions rely heavily on management judgement

Auditors will scrutinise whether impairment indicators have been appropriately identified and whether valuation models reflect current economic conditions. This heightened focus can extend audit timelines and require specialist involvement where valuation uncertainty is significant.

Fraud risk considerations in challenging environments

Pressure, opportunity, and rationalisation

Economic stress can increase fraud risk by intensifying financial pressures on individuals and organisations. Cost-cutting measures, weakened controls, and performance targets may create opportunities for fraud or management override.

Audit risk assessment must therefore incorporate:

  • Reassessment of fraud risk factors
  • Evaluation of anti-fraud controls and monitoring mechanisms
  • Consideration of unusual or non-routine transactions

Proactive fraud risk assessment and control services can assist organisations in identifying vulnerabilities before they result in financial misstatement or reputational damage.

Contractual obligations, debt arrangements, and subsequent events

Engaging effectively with innovative audits

Economic uncertainty often leads to renegotiation of contracts, debt covenant breaches, or amendments to financing arrangements. These developments introduce audit risks related to:

  • Recognition and measurement of gains or losses on debt modification
  • Classification of liabilities between current and non-current
  • Disclosure of contingencies and commitments

Additionally, increased volatility raises the likelihood of subsequent events that require adjustment or disclosure. Audit planning must therefore remain flexible to address developments occurring after the reporting period.

Integrating enterprise risk management into audit planning

For complex organisations, aligning audit risk assessment with broader enterprise risk management (ERM) frameworks enhances both audit efficiency and governance outcomes.

ERM insights can help auditors and management:

● Identify emerging risks earlier

● Understand risk interdependencies across the organisation

● Strengthen the linkage between strategic risk and financial reporting risk

Embedding ERM considerations into audit planning supports a more holistic understanding of the organisation’s risk landscape, particularly in uncertain environments.

The role of audit firms in Malaysia during economic uncertainty

Audit firms in Malaysia play a critical role in supporting financial reporting integrity during periods of instability. Beyond compliance, high-quality audits provide confidence to investors, regulators, and other stakeholders.

Effective audit risk assessment enables audit teams to:

  • Focus on the most significant risks of material misstatement
  • Allocate resources efficiently
  • Maintain audit quality despite increased complexity

For organisations operating across borders, coordination between local and group auditors becomes especially important to ensure consistency and completeness of risk assessment and audit responses.

Conclusion: Strengthening audit outcomes through proactive risk assessment

Economic uncertainty is unlikely to abate in the near term. For MNCs, CFOs, and directors, navigating this environment requires a disciplined, forward-looking approach to audit risk assessment and planning.

By engaging early with auditors, maintaining robust internal controls, and integrating broader risk management insights, organisations can enhance audit quality and resilience. A well-executed audit risk assessment not only supports reliable financial reporting but also reinforces stakeholder trust at a time when transparency matters most.