Risk Assessment Process in Audit Planning
Audit planning involves the development of an overall strategy or game plan for expected conduct and scope of the audit. Risk assessment is a systematic process of evaluating the potential risks that may be involved in a projected activity or undertaking. Effective planning of an audit is essential to ensure that auditors focus on the areas of greater risk and carry out their audits efficiently. There are several steps of auditing, those are:
(a) The Context: At this stage, the auditor primarily confronts with a particular risk.
(b) Identify Risks: Auditor identifies by brainstorm ideas and group under appropriate risk headings. Consider the effects on people (staff, students, and other people), information, physical assets, and finances, reputation.
(c) Analyze Risks: Determine consequences and likelihood of each risk. Write these items on the table next to each risk.
(d) Evaluate Risks: Auditor uses the grid and several risk model to identify to identify the level of risk.
(e) Identify and evaluate existing risk controls: Identity what happens already to manage the risks and consider how well that strategies are working (good, adequate, and variable). How does this affect the level of risk? Fill these items in on the table. If you are not happy with the level of risk at this stage proceed to step 6.
(f) Further risk treatments and opportunities for improvement: What actions are needed to bring risks to an acceptable level (these actions are incorporated into other planning processes and include responsibilities, resources, and timelines)? What opportunities are there for improvement? Write these on the table.
(g) Communicate and consult: Monitor and review should be incorporated throughout the process.
(h) Review: Review the assessment on a regular basis. File the documentation.