Risk based auditing focuses on inherent risks involved in activities and systems. It provides assurance that risks are managed within defined risk appetite levels set by management and boards of directors. There are three components of risk: inherent risk, control risk, and detection risk. Risk assessment involves quantifying or qualifying estimates of potential loss probabilities for defined situations and recognized threats. The risk assessment process establishes context, identifies risks, analyzes risks, evaluates and prioritizes risks, and addresses risks. Developing a risk-based audit plan considers an organization's business knowledge, transaction complexities and environments, measurement subjectivities, significant transactions and materiality levels, control environments, and overall risk assessments.

1. A Presentation on
Risk Based Auditing
BY: AMAR DEEP GHIMIRE

2. Definition
Risk based Audit (RBA) is an internal methodology which is primarily focused on the
inherent risk involved in the activities or system and provide assurance that risk is
being managed by the management within the defined risk appetite level.It is the risk
management framework of the management and seeks at every stage to reinforce
the responsibility of management and BOD (Board of Directors) for managing risk.

3. Components of Risk
 Inherent Risk
 Control Risk
 Detection Risk

4. QUESTIONS ??

5. Risk Assessment
Risk assessment is the determination of quantitative or qualitative estimate
of risk related to a well-defined situation and a recognized threat (also
called hazard). Quantitative risk assessment requires calculations of two components
of risk (R): the magnitude of the potential loss (L), and the probability (p) that the loss
will occur. An acceptable risk is a risk that is understood and tolerated usually
because the cost or difficulty of implementing an effective countermeasure for the
associated vulnerability exceeds the expectation of loss.[1] "Health risk assessment"
includes variations, such as risk as the type and severity of response, with or without a
probabilistic context

6. Risk Assessment Process
 Establish the Context
 Identify the Risk
 Analyze the Risk
 Evaluate and Prioritize the Risk
 Tackle the Risk

7. Impact of Environment on Risk
Assessment
 Economic Factors
 Technological Factors
 Regulatory environment
 Changes in Risk Management
 Change in Risk Appetite

8. QUESTIONS ??

9. Changes in Risk Management
 Continued improvements and changes in risk management approaches and
structures.
 Increased stakeholder pressure for more effective risk governance.
 Definition and embedding of risk appetite is cornerstone in risk management
processes but long way to go before truly embedded.
 Quality of data and systems remain impediments to effective risk management.
 Identification and mitigation of emerging risks.
 Industry and regulator views that there is still a lot of work to be done

10. Risk Appetite
It is the amount of risk that an entity is willing to accept within its overall Capacity. It
provides the threshold of acceptable risk and determining the risk appetite is
continuous process, it can't be set once and leave. Risk appetite is developed on the
basis of risk level of company like risk hunger company may develop high risk
appetite while risk averse company may develop low risk appetite level.

11. Developing Risk Based Audit Plan
The following aspects are to be considered while preparing the audit plan:
 Knowledge of Clients Business.
 Complexities of Transactions and Environment.
 Degree of subjectivity in the measurement of financial information.
 Assessment of significant transactions and level of materiality.
 Assessment of the control environment.
 Assessment of the Overall risk.

12. QUESTIONS ??

13. HAPPY DHAKATOPI DIWASH
THANK YOU ALL