Audit Risk Assessment
Introduction
Audit risk assessment is the process that we perform in the planning stage of the audit. As auditors, we perform audit risk assessment by identifying the risks of material misstatement and responding to such risks with suitable procedures.
We usually perform an audit risk assessment after obtaining an understanding of the client’s business and control environment. In this case, we usually try to identify the risks while gaining an understanding of the client’s business and control environment.
Then, we assess how those risks could impact financial statements and make a proper response to such risks by designing suitable audit procedures.
Risk assessment is performed in the risk-based approach of auditing, in which we focus our audit process on those high-risk areas.
Audit Risk Assessment Procedures
Audit risk assessment procedures usually contain two steps process, including identifying and responding to risks of material misstatement.
Identify Risk of Material Misstatement
Our objective here is to identify the risk of material misstatement that can occur on the financial statements. In this case, we need to identify both inherent and control risks and properly assess their levels (high, moderate, or low).
The procedures of audit risk assessment in this step may include:
- Inquiries of the client’s management and related personnel on the matter related to risks of material misstatement due to fraud or error.
- Performing preliminary analytical procedures.
- Observation of client’s operation and other related areas.
- Inspection of documentation such as internal control procedures and management reports.
Respond to Risk of Material Misstatement
After identifying and assessing the level of risk of material misstatement, we need to properly respond to such risk based on their severity.
In this case, we usually perform the following procedures:
- Designing suitable audit tests that may include both test of controls and substantive audit procedures. This is usually influenced by the assessed risk of internal control. For example, if the control risk is high, we will skip the test of control and perform more substantive procedures.
- Forming an audit team with sufficient knowledge, skills, and experiences concerning the assessed risk.
- Making sure that audit team members maintain professional skepticism at all times.
- Making sure the appropriate level of supervision is in place.
It is useful to note that risk assessment procedures by themselves do not provide us sufficient appropriate audit evidence to form a basis of an opinion. Hence, we need to perform the next stage of the audit that may include the test of controls, substantive analytical procedures and tests of details. This is so that we can obtain sufficient appropriate audit evidence on which to base our audit opinion.