2. Definition
Risk based Audit (RBA) is an internal methodology which is primarily focused on the
inherent risk involved in the activities or system and provide assurance that risk is
being managed by the management within the defined risk appetite level.It is the risk
management framework of the management and seeks at every stage to reinforce
the responsibility of management and BOD (Board of Directors) for managing risk.
5. Risk Assessment
Risk assessment is the determination of quantitative or qualitative estimate
of risk related to a well-defined situation and a recognized threat (also
called hazard). Quantitative risk assessment requires calculations of two components
of risk (R): the magnitude of the potential loss (L), and the probability (p) that the loss
will occur. An acceptable risk is a risk that is understood and tolerated usually
because the cost or difficulty of implementing an effective countermeasure for the
associated vulnerability exceeds the expectation of loss.[1] "Health risk assessment"
includes variations, such as risk as the type and severity of response, with or without a
probabilistic context
6. Risk Assessment Process
Establish the Context
Identify the Risk
Analyze the Risk
Evaluate and Prioritize the Risk
Tackle the Risk
7. Impact of Environment on Risk
Assessment
Economic Factors
Technological Factors
Regulatory environment
Changes in Risk Management
Change in Risk Appetite
9. Changes in Risk Management
Continued improvements and changes in risk management approaches and
structures.
Increased stakeholder pressure for more effective risk governance.
Definition and embedding of risk appetite is cornerstone in risk management
processes but long way to go before truly embedded.
Quality of data and systems remain impediments to effective risk management.
Identification and mitigation of emerging risks.
Industry and regulator views that there is still a lot of work to be done
10. Risk Appetite
It is the amount of risk that an entity is willing to accept within its overall Capacity. It
provides the threshold of acceptable risk and determining the risk appetite is
continuous process, it can't be set once and leave. Risk appetite is developed on the
basis of risk level of company like risk hunger company may develop high risk
appetite while risk averse company may develop low risk appetite level.
11. Developing Risk Based Audit Plan
The following aspects are to be considered while preparing the audit plan:
Knowledge of Clients Business.
Complexities of Transactions and Environment.
Degree of subjectivity in the measurement of financial information.
Assessment of significant transactions and level of materiality.
Assessment of the control environment.
Assessment of the Overall risk.