AUD Audit Risk

“ Definition “

(also referred to as residual risk) refers to the risk that an auditor may issue unqualified report due to auditors failure to detect material misstatement either due to error or fraud. This risk is composed of inherent risk (IR), control risk (CR) and detection risk (DR), and can be calculated thus:

AR = IR × CR × DR

• IR is inherent risk,
• CR is control risk and
• DR detection risk.

Where as :

• IR refers to the risk involved in the nature of business or transaction.
• CR refers to the risk that a misstatement could occur but may not be detected and corrected or prevented by entity's internal control mechanism.
• DR is the probability that the audit procedures may fail to detect existence of a material error or fraud.

Risk Types from Auditing

1. Inherent Risk
2. Control Risk
3. Detection Risk
4. Residual Risk

Inherent Risk : is the default risk linked to the area of audit. In other words Inherent risk is the risk naturally related to the business area of audit subject. This is where finding your industry’s risk list is helpful.

Control Risk : is the risk originated because of errors or irregularities in the audit subject may not be detected, prevented or corrected by existing internal control.

Detection Risk : is the risk because of the material errors/irregularities in the audit subject will not be detected by substantive test techniques used by IS Auditor.

Residual Risk : are those risks which exist in the system even after putting controls to mitigate inherent risks of the audit subject. In project management this is referred to as secondary risk and residual risk.

Audit ‘information risks’?

• A likely cause of the information risk is the possibility of inaccurate financial statements.
• Information is essential to today’s society, and to most organizations and departments within government.
• Information risk assessment should be second nature to security practitioners, and yet too few of us understand what it really takes to do it well – and few organizations have a world-class capability in place.
• The development of information technology has great effect on information acquisition, processing, storage, and generate mode. Information system has brought benefit to the enterprise, at the same time, it also make the enterprise has a lot of risk. So it is necessary to analyze the reason of the risk and put forward the concrete measures and guard against risks.

Causes of

Information Risk

1. Remoteness of Information
2. Biases and Motives of the Provider
3. Voluminous Data
4. Complex Exchange Transactions

Reducing

Information Risk

1. User Verifies Information
2. User Shares Information Risk with Management
3. Audited Financial Statements Are Provided

“ Definition “

1. is responsible for ensuring that board-approved audit directives are implemented.
2. The audit management software provides the flexibility to support all types of audits .
3. Audit management oversees the internal and external audit staff, establishes audit programs .

the main difference between internal and external audit

Internal audit : is a function setup the organization to reduce the risk of fraud in the organization and runs according to the management commands.

external audit : Is a function that allows the auditor to express an opinion on the financial statements as presented by the management of the organization.

Internal Audit Process

1. Entrance Conference
2. Field (Audit) Work
3. Preliminary Exit Meeting
4. Draft Audit Report
5. Exit Conference
6. Management Responses
7. Final Audit Report
8. Audit Follow-Up