Risk identification and analysis

Risk assessment is foremost a planning device whereby the focus of the audit work is brought to bear on the highest risk areas. Items in the trial balance identified as potential risk areas are be flagged as risks by clicking on the yellow star icon to right of each line: 

AA1.png

  • Individual accounts and/or subtotals may be flagged as risk items
  • Items tagged in this way are sent to the risk analysis, strategy and plan page for risk analysis

Risks may also be flagged from a comment made on any work item (for instance a systems note or an internal controls checklist where a risk issue is identified) – for example from systems notes as below: 

AA1.png

  • Sometimes risks may be identified after planning is completed - this will mean that planning must be revisited and perhaps revised, and the risk analysis, strategy and plan page may need to be unconcluded and updated

Every flagged item will appear on the page in the E section: risk analysis, strategy and plan - there it will require either a detailed analysis or a comment, depending on the seriousness and complexity of the risk - here we have a significant risk to analyse identified in the trial balance:

AA1.png

  • A description of the risk identified is entered
  • The risk level is identified: low, medium, high or significant - a significant risk opens a further level of analysis
  • Possible tests to reduce or eliminate the risk are proposed
  • The risk data may also be sent to any other work paper (shown at the top of the target page) using select target work paper (optional) – for example if a risk may impact on the audit report it could be sent to the top of the audit report work paper in the Z section

This information will be visible wherever the data is displayed along with any other work done on the item (say in the analytical review section) – on lead schedules or other pages where the data is referenced:

  • Here on the G1 lead schedule all the risk assessment work is shown to prompt the auditor to carry out the specific testing identified at risk assessmentAA1.png
  • Data on lead schedules may be reduced to show just flagged items by clicking the star flag at the top of the table

All risks identified as high or significant are also carried onto the audit summary information page in the reporting section of the audit file:

  • Here the auditor must summarise the outcome of the response made to the risk, so that the partner may assess this as part of their overall review: AA1.png

 

Have more questions? Submit a request

Comments

Powered by Zendesk