Recommandé
Contenu connexe
Tendances
Tendances (18)
En vedette
En vedette (17)
Similaire à Internal Audit Training Risk Assessment
Similaire à Internal Audit Training Risk Assessment (20)
Dernier
Dernier (20)
Internal Audit Training Risk Assessment
- 1. A paper presented at the internal audit training session of Audit Division of the Controller’s Office, City of Houston. Olaniyi Oyedele, CPA Audit Manager January 4, 2017
- 2. What is Risk and Risk Assessment Why do we engage in Risk Assessment What is Engagement Risk Understand the Audit Risk Model Understand the Risk Assessment Tools
- 3. COSO defines: Risk – the possibility that an event will occur and adversely affect the achievement of objectives. Risk Assessment – involves a dynamic and iterative process for identifying and assessing risks to the achievement of objectives.
- 4. To allow for efficiency and effectiveness of audit by focusing on critical aspects of the audit. Assist in efficient allocation of resources Enable audits be completed timely Drives and enhances meaningful audits Reduces audit costs and possible litigations costs arising from audits.
- 5. Represents the overall risk associated with an audit engagement. Consists of three components: - Entity Risk - Audit risk - Auditor’s risk
- 6. The risk that an auditor may issue an incorrect opinion arising from: - issue an unqualified report where a qualification is reasonably justified - Issuing a qualified opinion where no qualification is necessary - Failure to emphasize a significant matter in the audit report Audit Risk Model = Inherent risk (IR) x Control Risk (CR) x Detection Risk (DR) Used to manage the overall risk of an audit engagement.
- 7. Obtain an understanding of the client and its environment Obtain an understanding of Internal Control Perform additional inquiries of key management personnel, staff, oversight agencies, reports and relevant third party, where applicable. Analytical review Brainstorming session Summarization of the audit risk assessed.
Notes de l'éditeur
- Entity Risk: Risk associated with the entity’s survival operations and profitability. It includes; recent changes in management, questions relating to management integrity, recent fraud involving management personnel, changes in IT Operations. Audit Risk: Risk associated with the manner in which the audit process was performed, which may result in the auditor arriving at an incorrect opinion. For instance risk that the auditor may issue an unqualified opinion on materially misstated statement financial statements or reach a conclusion based on incomplete or wrong population or sample. Auditor’s Risk: Risk arising as a result of the services provided by the auditors to his clients. Such risk include; litigation costs, loss of reputation, inability to recover audit fees. Auditor’s risk is controllable; therefore, if analyzed correctly, auditors can mitigate their own risk.
- Inherent Risk: risk associated with the nature of the matter and/or unit under audit. For example risk involved in the audit of a Police Department would be different from that of the Department of Library or PWE. Control Risk: Risk arising from the absence or failure in the operations of relevant internal controls. Organizations must have adequate internal controls in place to prevent and detect instances of fraud and error. Control risk is considered to be high where the audit entity does not have adequate internal control to prevent and detect instances of fraud or error. Detection Risk: (Also known as residual risk) risk that the auditors fail to detect errors and material misstatement in the financial statements. Detection risk forms the residual risk after taking into consideration the inherent and control risks pertaining to the engagement and the overall audit risk that the auditor is willing to accept. Where the auditor’s assessment of inherent and control risk is high, the detection risk is set at a lower level to keep the audit risk at an acceptable level. Lower detection risk may be achieved by increasing the sample size for audit testing. Conversely, where the auditor believes the inherent and control risk is low, detection risk is allowed to be set at a relatively higher level.