Information risk refers to the probability that the information provided by a company is false or misleading. This risk arises due to a conflict of interest between information providers (e.g., management) and users (e.g., investors and creditors). For example, management may present an overly optimistic or inaccurate picture of the company's financial health to secure funding or investments.
Assurance: The lending of credibility to information.
Attestation: A professional service resulting in a report on an assertion (or assertions) about subject matter that is the responsibility of another party.
Auditing: The systematic process of objectively obtaining and evaluating evidence regarding assertions about economic actions and events to ascertain the degree of correspondence between the assertions and established criteria and communicating the results to interested users.
There are at least four environmental conditions that increase user demand for relevant and reliable information.
Complexity: Some accounting treatments are difficult to understand, even for trained accountants. For example, the accounting for derivatives and hedges is notorious for its complexity.
Remoteness: Investors typically do not have the ability to visit distant locations to check up on their investments.
Time Sensitivity: Decisions often have to be made quickly, which requires that information be made available on a timely basis.
Consequences: Investment decisions have significant financial consequences.
Auditing addresses information risk by providing independent assurance that financial statements are free from material misstatements and fairly presented in accordance with Generally Accepted Accounting Principles (GAAP). This assurance reduces skepticism among users and enhances the credibility of the financial statements.
Audited financial statements improve investor and creditor confidence, which lowers the perceived risk of investment or lending. Consequently, companies benefit from a reduced cost of capital, as lenders and investors require less compensation for perceived risk.