Académique Documents
Professionnel Documents
Culture Documents
Abdus Samad
Audit Risks
Audit risk can be defined as the risk that the information/financial report (or the area under review) may contain material error or that the auditor may not detect an error that has occurred
Types of Risk
Inherent Risk
A risk that an error exists which could be material or significant when combined with other errors, assuming that there are no related compensating controls
Control Risk
The risk that a material error exists that will not be prevented or detected on a timely basis by the system of internal controls
Detection Risk
The risk that an auditor uses an inadequate test procedure and concludes that material errors do not exist when, in fact, they do
Business knowledge
Why business knowledge? Start point of any understanding phase Phase out most assumptions Even in business knowledge, you should almost always try to see the bird eye view and not just the niche This is specially helpful where business processes are changing Can you think of a most common example where business processes change?
7
Risk Analysis
Identify Assets
Information or data High Value Assets e.g. Cash etc Documents Services Personnel Reputation And above all the business processes that they are safeguarded by
10
Identify Threats
Errors Malicious damages / actions Fraud Theft Service outage The list may be unique for each asset or process
11
Controls
It is beneficial to understand the concepts of controls before we drill further into Risk assessment and Risk Management So what are control (s)? An action that circumvents a risk and /or its impacts Are they always counterpart of Risks in same area? Lets look at the possible counterpart of risks before we proceed further
12
CONTROLS
13
Preventive Controls
Any control that circumvents a risk from occurring is a preventive control
Locking the door is a preventive control because it keeps the door from being opened
14
Detective Controls
Detective controls are controls put in place to detect or indicate that an error or an unwanted event has occurred
An alarm on the door is a detective control because it tells you when the door has been opened but does not prevent someone from coming through the door
Reports and audit logs of activities are common examples of detective controls
15
Corrective Controls
Corrective controls are those controls that enable a risk impact or deficiency to be corrected
A corrective control may be dependent upon a detective control to initially identify the error Contingency procedures are the best exapmles
16
Compensating Controls
One weak control may be compensated by presence of another control on the process. Thus the additional control is said to be acting as a compensating control
17
18
Risk management
The core of what you did in the last slide was risk management
19
20
Elimination of risks
To what extent should be curtail the Risks? Shouldnt we try to eliminate them? This will make life simple In fact Too simple 0 risk means 0 what?
21
22
26
M- Performs