[toc-this] Show
DefinitionsAudit risk and assuranceIt is not normally practical or cost-effective for auditors to collect evidence in order to have absolute (100%) assurance or confidence of detecting all material deviations. Instead, auditors try to ensure that their conclusions and opinions are based on reasonable assurance, which is obtained from the audit work. Audit risk is the inverse of audit assurance. It is the risk that the auditor is willing to tolerate coming to a wrong conclusion. In practice, audit risk is unavoidable. PrinciplesComponents of audit riskThe components of audit risk are:
Assessment of risks is a judgement rather than a precise measurement. The level attributed to each component is estimated by the auditor on the basis of his/her professional judgement, informed by the procedures outlined below. Audit risk modelThe audit risk model, as shown below, helps auditors to determine how comprehensive the audit work must be so as to attain the desired assurance for their conclusions. [label stroke="true"]Audit risk (AR)= Inherent risk (IR) x Control risk (CR) x Detection risk (DR)[/label] When to consider audit riskAudit risk should be considered when:
InstructionsProcedures to identify and assess riskThe risk-assessment procedures are employed in order to gain an understanding of the following:
The nature and extent of planned audit tests will vary, depending on the auditor's assessment of both inherent and control risk (see Assurance model). The auditor should perform risk assessment procedures as early in the audit as possible, based on various sources of information.
The entity’s own risk-assessmentThe entity's own risk-assessment process can be a source of information. The following important information should be considered as part of the risk assessment for compliance audits:
At the Commission, the DGs establish their own accounting risk analysis per process and per audit assertion. This represents a substantial input to the risk-assessment process for financial audits. However, the auditor should exercise [a-glossary term="professional%20scepticism"]professional scepticism[/a-glossary] , as risks identified by the auditee may not address those that are of importance for audit purposes, and such information may be biased. The ECA's previous work, and the knowledge and experience of the audit chambers should always be considered for both, financial and compliance audits. Where the auditor intends to use such information he or she should determine whether changes have occurred since the previous audit that may affect its relevance to the current audit. This is because changes in the control environment, for example, may affect the relevance of information obtained in the prior year. [/toc-this]What risk assessment procedures may an auditor perform?Risk assessment procedures are performed to validate information obtained during the risk assessment process. identifying the existence of unusual transactions or events, and amounts, ratios, and trends that might indicate matters that have financial statement and audit planning implications.
When performing a risk assessment the auditor should?. 04 The auditor should perform risk assessment procedures that are sufficient to provide a reasonable basis for identifying and assessing the risks of material misstatement, whether due to error or fraud, 3 and designing further audit procedures.
What is the first risk assessment procedure the auditor should perform?The Company's Risk Assessment Process
The auditor should obtain an understanding of management's process for: Identifying risks relevant to financial reporting objectives, including risks of material misstatement due to fraud ("fraud risks");
What procedures would you perform during the risk assessment process?During the risk assessment process, Internal Auditing identifies and assesses both the likelihood and potential impact of various risks to the organization. Internal controls are then identified and evaluated to determine how adequate they are in reducing risk to ensure that residual risk is at manageable levels.
|