Professional Documents
Culture Documents
Chapter # 3.1 Risk Based Auditing
Chapter # 3.1 Risk Based Auditing
Remember,
The definition of I/A provides comprehensive guidelines for the framework of
internal audit. It should always be kept in mind while I/A work is being carried out.
It helps in devising the complete internal audit approach.
Business risks are the factors that could prevent or hinder the achievement of
organizational goals and objectives.
• Loss of customers
• Increase in production costs
• Cash flow problems
• Decline in product demand
• Litigations and claims
• Technological obsolescence
• Increase in market competition
• Decrease in profitability
• Political and economic instability
• Over trading
• Inadequate financing
• High financial risk
• Risk of fraud and theft
Objective:
Focus on risk of occurrences that could prevent the Organization from
achieving its goals.
What is risk?
Risk is the probability of an event or action having an adverse effect. Risk is
measured in terms of impact and likelihood. Examples of risk include:
Focus on areas with high risk and high probability that controls are not in place or
are weak
Risks are also identified through Internal Audit’s experiences, the work of external
auditors, and professional organizations such as the IIA.
Additional risks may be identified during the year which require the audit plan to
be adjusted accordingly.
PERFORM AUDIT FIELDWORK
Carry out fieldwork as indicated in the annual audit
plan.