DEVELOPING A STRUCTURED DUE DILIGENCE METHODOLOGY FOR AUDIT FIRMS: A RISK-BASED PERSPECTIVE
DOI:
https://doi.org/10.5281/zenodo.20068836Keywords:
due diligence; audit firms; risk-based methodology; ISRS 4400; ISQM 1; risk scoring; audit-related services; quality managementAbstract
The expansion of audit-related services has increased the need for audit firms to provide due diligence engagements that are systematic, risk-sensitive, well documented and compatible with professional quality management requirements. In practice, due diligence is often performed through fragmented checklists or expert judgment, which may create inconsistency in risk identification, evidence collection, reporting and engagement quality. This article develops a structured due diligence methodology for audit firms from a risk-based perspective. The study applies qualitative document analysis, comparative standard mapping and design-science logic to synthesize requirements and principles from ISRS 4400 (Revised), ISAE 3000 (Revised), ISQM 1, OECD risk-based due diligence guidance, ISO 31000 risk-management logic and contemporary sustainability due diligence developments. The proposed methodology consists of seven interconnected stages: engagement acceptance, scope and criteria definition, risk-universe construction, targeted evidence planning, analytical testing, risk scoring and decision-oriented reporting. The results present a practical framework, risk matrix, quality gates, working paper structure and reporting architecture that audit firms can adapt for financial, tax, legal, operational, governance and ESG due diligence. The article argues that due diligence should not be treated merely as a transaction checklist but as a disciplined professional service governed by risk assessment, ethical safeguards, documentation standards and firm-level quality management. The proposed model strengthens comparability, transparency and usefulness of due diligence reports for investors, owners, lenders and other decision-makers.
References
1.Committee of Sponsoring Organizations of the Treadway Commission. (2017). Enterprise risk management: Integrating with strategy and performance. COSO. https://www.coso.org/guidance-erm
2.European Commission. (2024). Corporate sustainability due diligence. https://commission.europa.eu/topics/business-and-industry/doing-business-eu/sustainability-due-diligence-responsible-business/corporate-sustainability-due-diligence_en
3.International Auditing and Assurance Standards Board. (2013). International Standard on Assurance Engagements 3000 (Revised), Assurance engagements other than audits or reviews of historical financial information. IAASB. https://www.iaasb.org/publications/international-standard-assurance-engagements-isae-3000-revised-assurance-engagements-other-audits-or
4.International Auditing and Assurance Standards Board. (2020a). International Standard on Related Services 4400 (Revised), Agreed-upon procedures engagements. IAASB. https://www.iaasb.org/publications/international-standard-related-services-isrs-4400-revised
5.International Auditing and Assurance Standards Board. (2020b). International Standard on Quality Management 1, Quality management for firms that perform audits or reviews of financial statements, or other assurance or related services engagements. IAASB. https://www.iaasb.org/publications/international-standard-quality-management-isqm-1-quality-management-firms-perform-audits-or-reviews
6.International Ethics Standards Board for Accountants. (2024). International code of ethics for professional accountants (including International Independence Standards). IESBA. https://www.ethicsboard.org/iesba-code
7.International Organization for Standardization. (2018). ISO 31000:2018 Risk management - Guidelines. ISO. https://www.iso.org/standard/65694.html
8.Organisation for Economic Co-operation and Development. (2018). OECD due diligence guidance for responsible business conduct. OECD Publishing. https://www.oecd.org/en/publications/oecd-due-diligence-guidance-for-responsible-business-conduct_15f5f4b3-en.html
9.Organisation for Economic Co-operation and Development. (2023). OECD guidelines for multinational enterprises on responsible business conduct. OECD Publishing. https://www.oecd.org/en/publications/oecd-guidelines-for-multinational-enterprises-on-responsible-business-conduct_81f92357-en.html
Downloads
Published
Issue
Section
License
This work is licensed under a Creative Commons Attribution 4.0 International License.
Authors retain the copyright of their manuscripts, and all Open Access articles are disseminated under the terms of the Creative Commons Attribution License 4.0 (CC-BY), which licenses unrestricted use, distribution, and reproduction in any medium, provided that the original work is appropriately cited. The use of general descriptive names, trade names, trademarks, and so forth in this publication, even if not specifically identified, does not imply that these names are not protected by the relevant laws and regulations.
