Scribd Logo
Upload

Welcome to Scribd!

  • Risk Assessment and Management Summary

    Uploaded by

    ghdava
    975 views11 pages
    Difination of Risk assessment

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PPT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Difination of Risk assessment

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    975 views11 pages

    Risk Assessment and Management Summary

    Uploaded by

    ghdava
    Difination of Risk assessment

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 11

    Risk Management

    &
    Audit Risk

    Dr. Gholamhossein Davani


    Member of High council of Iranian Association of
    ) Certifeid Public Accountants )IACPA
    IICA,IMA,AAA,CFE,IIA,BAA,EAA,CAAA

    1
    Generally, Risk Management is the
    process of measuring, or assessing risk
    and developing strategies to manage it.
    Strategies include transferring the risk to
    another party, avoiding the risk, reducing
    the negative effect of the risk, and
    accepting some or all of the consequences
    of a particular risk. Traditional risk
    management focuses on risks stemming
    from physical or legal causes (e.g. natural
    disasters or fires, accidents, death, and
    2
    lawsuits).
    The Risk Assessment and
    Management Summary should
    :include
    ;A methodology section explaining the risk definition and process used

    ;The identification of the parties involved in the process

    ;A Risk Matrix o explain the criteria and define the levels of impact and likelihood

    Identification of sources of risk, assessment of the likelihood and impact of

    those risks, including the underlying assumptions made and a discussion of risk

    mitigation actions )including management controls) taken and planned; and

    A summary of the key risks and a discussion of how they will be used to inform decisions

    on the nature and extent of monitoring )including performance measurement), recipient and internal

    .auditing and evaluation

    3
    ?What is an RBAF
    • The Risk-Based Audit Framework (RBAF is a management
    document that explains how risk concepts are integrated
    into the strategies and approaches used for managing
    programs that are funded through transfer payments.
    • The RBAF provides:
    • background and profile information on the transfer
    payment program including the key inherent risk areas
    (internal and external) that the program faces;
    • an explicit understanding of the specific risks which may
    influence the achievement of the transfer payment program
    objectives;
    • a description of existing measures and proposed
    incremental strategies for managing specific risks; and
    • an explanation of monitoring, recipient auditing, internal
    auditing, and reporting practices and procedures

    4
    Audit Process

    • Understanding of the entity & its


    environment

    • Assessing the entity’s business risks

    • Evaluate how entity responds to these


    risks

    • Assess the risk of material


    misstatement
    • 5 due to error or fraud
    SOX Audit Opinion
    Managemen
    ts Report on
    Internationa
    )l Control )IC

    :IC Weakness :IC Weakness


    No Material Misstatement
    Identified IC Misstatement s
    Weakness s could occur
    DID Occur

    Auditor’s
    Report on
    Audit Opinion # 1 Management’s
    Assessment of Restate
    IC financial
    statements
    Auditor’s
    Audi Audit
    Opinion #
    Report on IC
    Effectiveness
    t 2

    Financial
    Statement Audit
    Audit Opinion #3 Opinion
    6
    Potential Audit Opinions
    Audit Opinion #3
    Financial
    Statement Audit Opinion
    Audit Opinion # 1 Unqualified Not Unqualified* Audit Opinion #2
    Auditor’s Report on “Fairly Stated” Auditor’s Report on
    Management’s IC Effectiveness
    Assessment of IC
    “Fairly Stated”

    “Not Fairly Stated” No Deficiencies


    “Maintained Effective
    Controls”
    No Opinion

    “Fairly Stated” 163 Firms Deficiencies


    “Not Maintained
    Effective Controls”
    “Not Fairly Stated”

    No Opinion 7 Firms
    7
    Risk Interrelated Factors
    • Audit risk (AR) is the risk that the auditor may
    unknowingly fail to appropriately modify his or her
    opinion on financial statements that are materially
    misstated. Audit risk is the product of the following three
    interrelated factors:

    • IR = Inherent risk (the risk that an assertion is


    susceptible to a material misstatement, assuming there
    are no related controls)

    • CR = Control risk (the risk that a material


    misstatement that could occur in an assertion will not
    be prevented or detected on a timely basis by
    the entity's internal control)

    • DR = Detection risk (the risk that the auditor will
    not detect a material misstatement that exists in an
    8
    assertion)
    Thus, the "mathematical" depiction of the
    audit risk model in simple terms is
    AR = IR x CR x DR
    Despite the precision implied by
    rendering the
    model in mathematical terms, in reality it
    is highly judgmental. The objective in
    an audit is to limit audit risk (AR) to a
    low level, as judged by the auditor.

    9
    Audit Risk Model

    AR = IR x CR x DR

    Set a planned level of audit risk


    Assess inherent risk and control risk
    Determine appropriate level of
    detection risk

    10
    Types of Misstatements

    – Difference between a reported


    Financial statement (F/S) element
    and what would have been
    reported under GAAP
    – Omission of a F/S element
    – F/S disclosure that is not presented
    in accordance with GAAP.
    – Omission of information required to
    be disclosed in accordance with
    11
    GAAP.

    You might also like