Uploaded bySiraj332397
PPT, PDF185 views

0210-RISK-BASED-AUDIT-APPROACH-new-20211020142926.ppt

This document discusses risk-based audit approaches. It defines key risks as those that could impact an organization achieving its objectives if not properly managed. It also defines inherent, control, and detection risks. The document outlines the basic conceptual framework for risk-based audit planning, which involves determining the audit universe, identifying risks, assessing risks, developing risk-based audit plans, and presenting results. It provides examples of risk factors and types of risks that should be considered in audit risk assessment.

Embed presentation

Download to read offline
RISK BASED AUDIT APPROACH S M Soral Retd. SAO 9785475137
Contents • Risk Based Audit Approach • Identification and Assessment of various risks • Inherent Risk, Control Risk and Detection risk • Risk Model:
WHAT IS RISK? • Risk is the possibility that an event will occur and adversely affect the achievement of objectives
KEY DEFINITIONS • Event–an incident or occurrence, from sources internal or external to an organization, which may affect the achievement of objectives. • Opportunity is the possibility that an event will occur and positively affect the achievement of objectives.
RISK MANAGEMENT V/S RISK ASSESSMENT • risk management is an integral part of internal control system and is the responsibility of management. • Audit risk assessment is part of planning and a process where auditor consider both individual risk and generic risk factors.
THE BASIC CONCEPTUAL FRAMEWORK FOR RISK BASED AUDIT PLANNING • 1. Determining and categorizing the audit universe. • 2. Identifying individual events that may give rise to risks and opportunities across the audit universe. • 3. Scoring events in terms of probability and impact (taking into account management actions to mitigate risk) to identify the level of residual risk. • 4. Building risk-based audit plans by using generic risk factors and scoring criteria for each factor to determine the audit priority of all audit objects within the audit universe. • 5. Presenting the results of risk-based planning by writing and updating strategic and annual work plans.
DETERMINING AND CATEGORIZING THE AUDIT UNIVERSE • What is the “audit universe”? • The phrase “audit universe” is a simple way of referring to all the totality of all things that an internal auditor could separately examine. • The universe consists of the totality of “auditable objects” which is a way of identifying and describing discrete part of the business, system or process, which can be separately audited. Auditable objects need to be large enough to justify an audit and small enough to be manageable.
POSSIBLE INFORMATION SOURCES FOR CATEGORIZING • Management information giving a breakdown of goals, objectives and targets; • Guides to the organization services ; • Organizational charts or office directory; • Annual reports and any performance targets for the organization; • Corporate and department plans ,business plans ; • Development plans for IIT ,other infrastructure and buildings budget ; • External audit and consultancy, inspection and review reports; • Existing operational and strategic audit plans.
IDENTIFY INDIVIDUAL RISKS • The events that may give rise to risks should be identified . • The events give rise to the opportunities across the audit universe should also be identified.
IDENTIFYING RISKS AND ASSESSING THEIR IMPACT AND PROBABILITY [SCORING] Criteria for assessing impact • Financial impact. • Impact on reputation. • Regulatory impact • Impact on mission/achievement of objectives/operations. • Impact on people
BUILDING RISK- BASED STRATEGIC AND ANNUAL PLANS • The objective of this stage of the process is to determine what needs to be audited from within the audit universe. To identify the building blocks for the audit strategy in terms of the types and cycles of audits that need to be undertaken. This is why this process is also referred to as an “audit needs assessment”.
PRESENTING RISK BASED PLANNING • The result of risk based planning can be presented in writing . • This may update strategic and annual work plans.
IDENTIFYING RISK FACTORS The most commonly used risk factors: • Financial materiality. • Complexity of activities. • Control environment • Reputational sensitivity. • Inherent risk. • Extent of change. • Confidence in management. • Fraud potential. • Political sensitivity. • Time since last audit.
WRITING AND UPDATING STRATEGIC AND ANNUAL PLANS • The purpose of the strategic plan is to document the judgments made about “audit needs” – the internal auditor’s judgment of the systems, activities and programs that should be subject to audit to provide reasonable assurance to management about risks and the effectiveness of internal control
IT MUST CONTAIN….. • Clearly expressed objectives and performance indicators • The methodology • How to address areas? • The resources required and available • An internal risk assessment • Plans for the coordination • The approach for following up • The higher or longer-term goals
TYPES OF RISKS • Key risks • Residual risks • Inherent risks • Control risks • Detection risks
KEY AND RESIDUAL • Key risks are those risks that, if properly managed, will make the organization successful in the achievement of its objectives or, if not well managed, it (the organization) will not achieve its objectives • Residual risk is the level of risk after taking into account risk mitigation actions such as control activities.
AUDIT RISK • Audit Risk is the risk that an auditor expresses an inappropriate opinion on the financial statements • Examples of inappropriate audit opinion include the following • 1. issuing an unqualified audit report where a qualification is reasonably justified ; • 2.issuing a qualified audit opinion where no qualification is necessary; • 3.failing to emphasize a significant matter in the audit report ; • 4.providing an opinion on financial statement where no such opinion may be reasonably given due to significant limitation of scope in the performance of the audit.
AUDIT RISK (contd..) • Audit risk may be considered as the product of the various risks which may be encountered in the performance of the audit. In order to keep the overall audit risk of engagements below acceptable limit, the auditor must assess the level of risk pertaining to each component of audit risk. • Audit Risk = Inherent Risk* Control Risk*Detection Risk •  AR = IRxCRxDR
INHERENT RISK • Inherent Risk is the risk of a material misstatement in the financial statements arising due to error or omission as a result of factors other than the failure of controls. • Inherent risk is generally considered to be higher where a high degree of judgement and estimation is involved or where transactions of entity are highly complex.
CONTROL RISK • Control Risk is the risk of a material misstatement in the financial statements arising due to absence or failure in the operation of relevant controls of the entity. • Organizations must have adequate internal controls in place to prevent and detect instances of fraud and error. • Assessment of control risk may be higher for example in case of a small sized entity in which segregation of duties is not well defined and the financial statement are prepared by individuals who do not have the necessary technical knowledge of accounting and finance .
DETECTION RISK • Detection Risk is the risk that the auditors fail to detect a material misstatement in the financial statements. • An auditor must apply audit procedures to detect material misstatements in the financial statement whether due to fraud or error. misapplication or omission of critical audit procedures may results in material misstatement remaining undetected by the auditor . Some detection risk is always present due to the inherent limitation of the audit such as the use of sampling for the selection of transactions.
ASSESSMENT • Assessing inherent risk ---factors to consider, such as the economy, the industry and previously known misstatements -- level of inherent risk for each audit area. • Assessing control risk--Segregation of duties, Adequate documents and records, Physical control of assets and records, • Assessing detection risk--Misapplying an audit procedure, Misinterpreting audit results, Selecting the wrong audit testing method.
0210-RISK-BASED-AUDIT-APPROACH-new-20211020142926.ppt

More Related Content

PPT
RISK BASED AUDIT APPROACH for conducting the audit of institutions
byDanish Mehraj
 
PPT
Risk Based Audit Approach
bySALIH AHMED ISLAM
 
PPTX
11. materiality and audit risk
bySyed Osama Rizvi
 
PDF
AnswerAudit risk is the risk that an auditor issues an incorrect .pdf
byharihelectronicspune
 
PPTX
Chapter 8 Overview of Risk-Based Audit Process_20251216_164523_0000.pptx
bynicnichole19
 
PPTX
Risk
bySafdar Raza
 
PPT
Risk Assessment For Internal Auditors
byminkhollow
 
PPT
Ch-5 Audit Evidence l auditing principles and practice I
byibsaasheka
 
RISK BASED AUDIT APPROACH for conducting the audit of institutions
byDanish Mehraj
 
Risk Based Audit Approach
bySALIH AHMED ISLAM
 
11. materiality and audit risk
bySyed Osama Rizvi
 
AnswerAudit risk is the risk that an auditor issues an incorrect .pdf
byharihelectronicspune
 
Chapter 8 Overview of Risk-Based Audit Process_20251216_164523_0000.pptx
bynicnichole19
 
Risk
bySafdar Raza
 
Risk Assessment For Internal Auditors
byminkhollow
 
Ch-5 Audit Evidence l auditing principles and practice I
byibsaasheka
 

Similar to 0210-RISK-BASED-AUDIT-APPROACH-new-20211020142926.ppt

PDF
Risk-Assessment-and-Internal-Control.pdf
byBestInsurance2
 
PPTX
Types of Risk, Audit Risk, Control Risk, examples Details
byLaibaSaeed18
 
PPTX
Risk Based Approach to Auditing Financial Statements.pptx
byhesnib
 
PDF
Understanding of entity and inherent risk assessment (including case studies)
byMUHAMMAD HUZAIFA CHAUDHARY
 
PPT
ERM Presentation.final
byAnna Cuson, CPA, CFE, CRMA, CGMA, CICP, CICA
 
PPTX
Audit Chapter 7
byNur Dalila Zamri
 
PPTX
Audit Risk and Fraud
byDwi Wahyu
 
PPT
ACFC302-Management-Fraud-and-Audit-Risk_166972.ppt
byTahaAkbar2
 
PPT
Audit planning and risk assessment
bycasahiljain1992
 
PPTX
Risk Based Audit - Key to managhe the bussines & Creating the value
byAangSanjaya2
 
PDF
CISA Overview
bysameh Abulfotooh
 
PPTX
Risk-Assessment-.pptx
bySiraj332397
 
PPTX
Risk-Assessment-.pptx
bySiraj332397
 
PPTX
module_1.pptx
byssuser432862
 
PPTX
The role of internal audit department
bySalih Islam
 
PPTX
Ahmedabad_Session_II.pptx dasdfasfasfafafaffafa
bymenakampr823116018
 
PPTX
CIA part 1 essentials of internal auditing
byariundalai1
 
PPTX
Understanding-the course of 305 of finance
byMdManikMia14
 
PPT
Audit+risk+risk+chapt+7+&+8
byGorani & Associates
 
PPTX
Group 07
byEishaMoni
 
Risk-Assessment-and-Internal-Control.pdf
byBestInsurance2
 
Types of Risk, Audit Risk, Control Risk, examples Details
byLaibaSaeed18
 
Risk Based Approach to Auditing Financial Statements.pptx
byhesnib
 
Understanding of entity and inherent risk assessment (including case studies)
byMUHAMMAD HUZAIFA CHAUDHARY
 
ERM Presentation.final
byAnna Cuson, CPA, CFE, CRMA, CGMA, CICP, CICA
 
Audit Chapter 7
byNur Dalila Zamri
 
Audit Risk and Fraud
byDwi Wahyu
 
ACFC302-Management-Fraud-and-Audit-Risk_166972.ppt
byTahaAkbar2
 
Audit planning and risk assessment
bycasahiljain1992
 
Risk Based Audit - Key to managhe the bussines & Creating the value
byAangSanjaya2
 
CISA Overview
bysameh Abulfotooh
 
Risk-Assessment-.pptx
bySiraj332397
 
Risk-Assessment-.pptx
bySiraj332397
 
module_1.pptx
byssuser432862
 
The role of internal audit department
bySalih Islam
 
Ahmedabad_Session_II.pptx dasdfasfasfafafaffafa
bymenakampr823116018
 
CIA part 1 essentials of internal auditing
byariundalai1
 
Understanding-the course of 305 of finance
byMdManikMia14
 
Audit+risk+risk+chapt+7+&+8
byGorani & Associates
 
Group 07
byEishaMoni
 

Recently uploaded

PDF
chapter one introduction to Probability theory.pdf
bySeid42
 
PPTX
Lecture 14- Introduction to Hypothesis Testing.pptx
bygbadamosiayomide
 
PPTX
Organizational Structure and Design Topic 4
bydavenieralayaay
 
PDF
WORLD-LITERATURE-2ND-SEMESTER2025-2026.pdf
byCHERIEMAYCAMO
 
DOCX
Data Analyst Training Course | Advanced Data Analytics Certification | GVT Ac...
byGVT Academy
 
PDF
PathRAG rag pipeline PathRAG rag pipeline .pdf
byhotslix023
 
PPTX
End to End Supply Chain Management- Analytics Case Study.
byNandhuNandha1
 
PDF
Unlocking the Future of Logistics & Supply Chain
byKunal Suri
 
PDF
Trustworthy AI : Governance of AI through Ethics
byKarim Baïna
 
PDF
Analysis of Union Budget 2026-27: Major Announcements and their Impact
byDeeshiPavecha
 
PPTX
Top Institute for Data Analyst Course in Navi Mumbai
byPatil sagar
 
PDF
LECTURE - Overcoming the AI Failure Rate - AIG, DQM.pdf
bySami Laine
 
PDF
Step by Step Guide to Buying a Old or Aged Verified Paxful Accounts in US.pdf
byTopSelleriTDotCom
 
PPT
Microsoft_SQL_ServerConsolidationTWP.ppt
byssuser8c3398
 
PDF
US Digital Fan Engagement Index 2026: Benchmarking Online Demand for Sports T...
byHyperset Group Ltd
 
PDF
Columbus Data and Analytics Wednesday - People Analytics 101: Making Sense of...
byTim Wilson
 
PDF
Understanding Data Analytics: Concepts, Types, and Use Cases
byThe IoT Academy
 
PPT
data collection tool ppt.ppttttdataadfttg
byMuhammadodil
 
PPTX
Social Media Audit of Starbucks Coffee Company.pptx
bydiviap21
 
PDF
Khan Traders Fish Meal – MSDS Material Safety Data Sheet
byKhan Traders Karachi
 
chapter one introduction to Probability theory.pdf
bySeid42
 
Lecture 14- Introduction to Hypothesis Testing.pptx
bygbadamosiayomide
 
Organizational Structure and Design Topic 4
bydavenieralayaay
 
WORLD-LITERATURE-2ND-SEMESTER2025-2026.pdf
byCHERIEMAYCAMO
 
Data Analyst Training Course | Advanced Data Analytics Certification | GVT Ac...
byGVT Academy
 
PathRAG rag pipeline PathRAG rag pipeline .pdf
byhotslix023
 
End to End Supply Chain Management- Analytics Case Study.
byNandhuNandha1
 
Unlocking the Future of Logistics & Supply Chain
byKunal Suri
 
Trustworthy AI : Governance of AI through Ethics
byKarim Baïna
 
Analysis of Union Budget 2026-27: Major Announcements and their Impact
byDeeshiPavecha
 
Top Institute for Data Analyst Course in Navi Mumbai
byPatil sagar
 
LECTURE - Overcoming the AI Failure Rate - AIG, DQM.pdf
bySami Laine
 
Step by Step Guide to Buying a Old or Aged Verified Paxful Accounts in US.pdf
byTopSelleriTDotCom
 
Microsoft_SQL_ServerConsolidationTWP.ppt
byssuser8c3398
 
US Digital Fan Engagement Index 2026: Benchmarking Online Demand for Sports T...
byHyperset Group Ltd
 
Columbus Data and Analytics Wednesday - People Analytics 101: Making Sense of...
byTim Wilson
 
Understanding Data Analytics: Concepts, Types, and Use Cases
byThe IoT Academy
 
data collection tool ppt.ppttttdataadfttg
byMuhammadodil
 
Social Media Audit of Starbucks Coffee Company.pptx
bydiviap21
 
Khan Traders Fish Meal – MSDS Material Safety Data Sheet
byKhan Traders Karachi
 

0210-RISK-BASED-AUDIT-APPROACH-new-20211020142926.ppt

  • 1.
    RISK BASED AUDITAPPROACH S M Soral Retd. SAO 9785475137
  • 2.
    Contents • Risk BasedAudit Approach • Identification and Assessment of various risks • Inherent Risk, Control Risk and Detection risk • Risk Model:
  • 3.
    WHAT IS RISK? • Riskis the possibility that an event will occur and adversely affect the achievement of objectives
  • 4.
    KEY DEFINITIONS • Event–anincident or occurrence, from sources internal or external to an organization, which may affect the achievement of objectives. • Opportunity is the possibility that an event will occur and positively affect the achievement of objectives.
  • 5.
    RISK MANAGEMENT V/S RISK ASSESSMENT • risk managementis an integral part of internal control system and is the responsibility of management. • Audit risk assessment is part of planning and a process where auditor consider both individual risk and generic risk factors.
  • 6.
    THE BASIC CONCEPTUALFRAMEWORK FOR RISK BASED AUDIT PLANNING • 1. Determining and categorizing the audit universe. • 2. Identifying individual events that may give rise to risks and opportunities across the audit universe. • 3. Scoring events in terms of probability and impact (taking into account management actions to mitigate risk) to identify the level of residual risk. • 4. Building risk-based audit plans by using generic risk factors and scoring criteria for each factor to determine the audit priority of all audit objects within the audit universe. • 5. Presenting the results of risk-based planning by writing and updating strategic and annual work plans.
  • 7.
    DETERMINING AND CATEGORIZING THEAUDIT UNIVERSE • What is the “audit universe”? • The phrase “audit universe” is a simple way of referring to all the totality of all things that an internal auditor could separately examine. • The universe consists of the totality of “auditable objects” which is a way of identifying and describing discrete part of the business, system or process, which can be separately audited. Auditable objects need to be large enough to justify an audit and small enough to be manageable.
  • 8.
    POSSIBLE INFORMATION SOURCES FORCATEGORIZING • Management information giving a breakdown of goals, objectives and targets; • Guides to the organization services ; • Organizational charts or office directory; • Annual reports and any performance targets for the organization; • Corporate and department plans ,business plans ; • Development plans for IIT ,other infrastructure and buildings budget ; • External audit and consultancy, inspection and review reports; • Existing operational and strategic audit plans.
  • 9.
    IDENTIFY INDIVIDUAL RISKS •The events that may give rise to risks should be identified . • The events give rise to the opportunities across the audit universe should also be identified.
  • 10.
    IDENTIFYING RISKS ANDASSESSING THEIR IMPACT AND PROBABILITY [SCORING] Criteria for assessing impact • Financial impact. • Impact on reputation. • Regulatory impact • Impact on mission/achievement of objectives/operations. • Impact on people
  • 11.
    BUILDING RISK- BASED STRATEGIC AND ANNUAL PLANS • The objectiveof this stage of the process is to determine what needs to be audited from within the audit universe. To identify the building blocks for the audit strategy in terms of the types and cycles of audits that need to be undertaken. This is why this process is also referred to as an “audit needs assessment”.
  • 12.
    PRESENTING RISK BASED PLANNING •The result of risk based planning can be presented in writing . • This may update strategic and annual work plans.
  • 13.
    IDENTIFYING RISK FACTORS The mostcommonly used risk factors: • Financial materiality. • Complexity of activities. • Control environment • Reputational sensitivity. • Inherent risk. • Extent of change. • Confidence in management. • Fraud potential. • Political sensitivity. • Time since last audit.
  • 14.
    WRITING AND UPDATINGSTRATEGIC AND ANNUAL PLANS • The purpose of the strategic plan is to document the judgments made about “audit needs” – the internal auditor’s judgment of the systems, activities and programs that should be subject to audit to provide reasonable assurance to management about risks and the effectiveness of internal control
  • 15.
    IT MUST CONTAIN….. •Clearly expressed objectives and performance indicators • The methodology • How to address areas? • The resources required and available • An internal risk assessment • Plans for the coordination • The approach for following up • The higher or longer-term goals
  • 16.
    TYPES OF RISKS •Key risks • Residual risks • Inherent risks • Control risks • Detection risks
  • 17.
    KEY AND RESIDUAL •Key risks are those risks that, if properly managed, will make the organization successful in the achievement of its objectives or, if not well managed, it (the organization) will not achieve its objectives • Residual risk is the level of risk after taking into account risk mitigation actions such as control activities.
  • 18.
    AUDIT RISK • AuditRisk is the risk that an auditor expresses an inappropriate opinion on the financial statements • Examples of inappropriate audit opinion include the following • 1. issuing an unqualified audit report where a qualification is reasonably justified ; • 2.issuing a qualified audit opinion where no qualification is necessary; • 3.failing to emphasize a significant matter in the audit report ; • 4.providing an opinion on financial statement where no such opinion may be reasonably given due to significant limitation of scope in the performance of the audit.
  • 19.
    AUDIT RISK (contd..) •Audit risk may be considered as the product of the various risks which may be encountered in the performance of the audit. In order to keep the overall audit risk of engagements below acceptable limit, the auditor must assess the level of risk pertaining to each component of audit risk. • Audit Risk = Inherent Risk* Control Risk*Detection Risk •  AR = IRxCRxDR
  • 20.
    INHERENT RISK • InherentRisk is the risk of a material misstatement in the financial statements arising due to error or omission as a result of factors other than the failure of controls. • Inherent risk is generally considered to be higher where a high degree of judgement and estimation is involved or where transactions of entity are highly complex.
  • 21.
    CONTROL RISK • ControlRisk is the risk of a material misstatement in the financial statements arising due to absence or failure in the operation of relevant controls of the entity. • Organizations must have adequate internal controls in place to prevent and detect instances of fraud and error. • Assessment of control risk may be higher for example in case of a small sized entity in which segregation of duties is not well defined and the financial statement are prepared by individuals who do not have the necessary technical knowledge of accounting and finance .
  • 22.
    DETECTION RISK • DetectionRisk is the risk that the auditors fail to detect a material misstatement in the financial statements. • An auditor must apply audit procedures to detect material misstatements in the financial statement whether due to fraud or error. misapplication or omission of critical audit procedures may results in material misstatement remaining undetected by the auditor . Some detection risk is always present due to the inherent limitation of the audit such as the use of sampling for the selection of transactions.
  • 23.
    ASSESSMENT • Assessing inherentrisk ---factors to consider, such as the economy, the industry and previously known misstatements -- level of inherent risk for each audit area. • Assessing control risk--Segregation of duties, Adequate documents and records, Physical control of assets and records, • Assessing detection risk--Misapplying an audit procedure, Misinterpreting audit results, Selecting the wrong audit testing method.