Risk Assessment by pengxiang

VIEWS: 66 PAGES: 9

									Risk Assessment:

For an Audit Engagement
         Learning Objectives
• Describe the general phases of a risk
  assessment on an audit engagement.
• Perform an exercise to use risk assessment
  on our case study.
                    Risk
• IIA glossary’s definition of risk: “The
  uncertainty of an event occurring that could
  have an impact on the achievement of
  objectives.”
             IIA Standards
• 2201 Engagement Planning Considerations:
  “…internal auditors should consider…the
  significant risks to the activity, its
  objectives, resources, and operations and
  the means by which the potential impact of
  risk is kept to an acceptable level.”
       Risk Assessment Steps
1. Collect background information
2. Identify objectives/assets/auditable
   activities
3. Identify the risks
4. Consider likelihood and/or significance of
   risks
          Measuring Risk
• Likelihood
• Consequences
      Risk Assessment Scoring
             Methods
• Quantitative (e.g., score on a scale from 1-
  Perfect to 3-Average to 5-Poor).
• Qualitative (e.g., High, Medium, Low)
        Risk Assessment Steps
             (continued)
5.  Rank the risks
6.  Identify any controls over the risks
7.  Determine whether the controls address the risks
8.  Develop your audit plan focused on biggest risks
9.  Option: Discuss the risk assessment with the
    client
10. Make any needed adjustments to your audit plan
     Risk Assessment Example
• City of San Jose risk matrix web site risk
  library: http://www.ci.san-
  jose.ca.us/auditor/risk3.html

								
To top