Detailed Risk Assessments

avatar
Created by
Jinny D

Cards (8)

  • Objectives must reflect the results of what?
    Risk assessments
  • By building the foundation of the engagement on a risk assessment, auditors can?
    Focus on relevant risks and add value
  • What does the implementation standard "planning considerations" A2 state?
    Internal auditors must consider the probability of significant errors, fraud, noncompliance, and other exposures when developing the engagement objectives.
  • Overall risk assessments are not expected to identify every risk or weakness that needs to be considered at the engagement level. As the engagement progresses beyond the planning stage, auditors are still responsible for being alert to signs of risk.
  • When doing a preliminary assessment of risks for fraud, what red flags can internal auditor look for?
    • Management issues: Lack of area expertise, Lack of supervision, History of legal violations
    • Personnel issues: Lack of background checks, Dissatisfied employees, Unwillingness to share duties
    • Process issues: Duties not segregated, Poor physical security, Poor access controls
  • A risk-based approach requires internal auditors to first do what?
    To understand the entity and its environment in order to identify risks.
  • What should be documented to understand the entity?

    • Operational objectives.
    • Level of compliance with laws, policies, and procedures.
    • Organizational structure (e.g., reporting relationships and supervision).
    • Information systems.
    • Identified key risks.
    • Current controls.
  • How to gather information to understand the entity and its environment?
    • Initial client meetings.
    • Conducting a preliminary survey.
    • Performing analytical review procedures.
    • Conducting interviews.
    • Observation.
    • Inspection.
    • Benchmarking.
    • Reviewing prior internal audit reports and other assurance providers.