Professional Documents
Culture Documents
&
Audit Risk
1
Generally, Risk Management is the
process of measuring, or assessing risk
and developing strategies to manage it.
Strategies include transferring the risk to
another party, avoiding the risk, reducing
the negative effect of the risk, and
accepting some or all of the consequences
of a particular risk. Traditional risk
management focuses on risks stemming
from physical or legal causes (e.g. natural
disasters or fires, accidents, death, and
2
lawsuits).
The Risk Assessment and
Management Summary should
:include
;A methodology section explaining the risk definition and process used
;A Risk Matrix o explain the criteria and define the levels of impact and likelihood
those risks, including the underlying assumptions made and a discussion of risk
A summary of the key risks and a discussion of how they will be used to inform decisions
on the nature and extent of monitoring )including performance measurement), recipient and internal
3
?What is an RBAF
• The Risk-Based Audit Framework (RBAF is a management
document that explains how risk concepts are integrated
into the strategies and approaches used for managing
programs that are funded through transfer payments.
• The RBAF provides:
• background and profile information on the transfer
payment program including the key inherent risk areas
(internal and external) that the program faces;
• an explicit understanding of the specific risks which may
influence the achievement of the transfer payment program
objectives;
• a description of existing measures and proposed
incremental strategies for managing specific risks; and
• an explanation of monitoring, recipient auditing, internal
auditing, and reporting practices and procedures
4
Audit Process
Auditor’s
Report on
Audit Opinion # 1 Management’s
Assessment of Restate
IC financial
statements
Auditor’s
Audi Audit
Opinion #
Report on IC
Effectiveness
t 2
Financial
Statement Audit
Audit Opinion #3 Opinion
6
Potential Audit Opinions
Audit Opinion #3
Financial
Statement Audit Opinion
Audit Opinion # 1 Unqualified Not Unqualified* Audit Opinion #2
Auditor’s Report on “Fairly Stated” Auditor’s Report on
Management’s IC Effectiveness
Assessment of IC
“Fairly Stated”
No Opinion 7 Firms
7
Risk Interrelated Factors
• Audit risk (AR) is the risk that the auditor may
unknowingly fail to appropriately modify his or her
opinion on financial statements that are materially
misstated. Audit risk is the product of the following three
interrelated factors:
9
Audit Risk Model
AR = IR x CR x DR
10
Types of Misstatements