Scribd Logo
Upload

Welcome to Scribd!

  • 01 Audit

    Uploaded by

    Abdullah Ch
    15 views4 pages
    ucp audit

    Original Title

    01 audit

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    ucp audit

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    15 views4 pages

    01 Audit

    Uploaded by

    Abdullah Ch
    ucp audit

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 4

    Submitted by: Muhammad Abdullah Waseem

    Reg NO# L1F20BSAF0171

    Section: C1

    Subject: Audit and assurance

    Assignment# 03

    Submitted to: Mam. Ayesha Munir


    Relationship between risk assessment and internal control

    Internal control:
    Internal control is a process, affected by an entity’s board of directors, management and other
    personnel, designed to provide reasonable assurance regarding the achievement of objectives.
    Every company will have its own unique system of internal control, depending on its size,
    industry, history, and operations.

    If a public organization fails to have effective internal controls over financial reporting, the
    organization faces a serious compliance risk. An effective internal control system can minimize
    the risks that may affect achievement of the objectives. The common internal control risks in
    business include lack of sound internal control environment, poorly designed business processes,
    IT security risk, integrity and ethic risk, human errors and fraud risk, among others.

    Risk assessment:
    A risk assessment is a thorough look at your workplace to identify those things, situations,
    processes, etc. that may cause harm, particularly to people. After identification is made, you
    analyze and evaluate how likely and severe the risk is. Please remember that risk management
    and internal controls are not objectives in themselves. They should always be considered when
    setting and achieving organizational objectives. When this determination is made, you can next,
    decide what measures should be in place to effectively eliminate or control the harm from
    happening. It helps prioritize risk management and aids in developing a roadmap and processes
    for the establishment of internal controls to mitigate or minimize the risks to an acceptable level.
    A risk assessment is comprised of:

     Identifying quantitative and qualitative risks that could influence the organization’s ability to
    conduct business

     Evaluating risks (analysis), which may include the construction of a risk/heat map

     Determining risk tolerance and establishing control measures

    The RCM is a risk assessment tool to help an organization directly identify the risks between
    objectives and controls. For example, when an organization has an objective that new vendors
    must be authorized before making a purchase, but the organization does not have an internal
    control in place to ensure the achievement of the objective, you know immediately that the
    company incurs the risk of utilizing fraudulent vendors. The next step could be to remediate the
    risk accordingly.

    Relationship between Risk assessment and Audit Planning

    Audit planning is a vital area of the audit, primarily conducted at the beginning of audit
    process, to ensure that appropriate attention is devoted to important areas, potential problems are
    promptly identified, work is completed expeditiously and work is properly coordinated. "Audit
    planning" means developing a general strategy and a detailed approach for the expected nature,
    timing and extent of the audit. The auditor plans to perform the audit in an efficient and timely
    manner.

    It includes following procedures

     Knowledge of client's business, which includes financing, legal framework, government


    norms, investments, accounting policies, business risk and financial risk
     Development of audit strategies or overall plan (who, when and how)
     Preparation of audit programmer

    Risk assessment can be an auditor’s best friend, particularly if we desire efficiency and
    effectiveness for the audit. Risk assessment is a key requirement of the planning phase of an
    audit, and assess the risks of material misstatement, whether due to error or fraud, at the financial
    statement and relevant assertion levels, which aids us in designing further audit procedures.
    During the risk assessment process, Internal Auditing identifies and assesses both the likelihood
    and potential impact of various risks to the organization. Internal controls are then identified and
    evaluated to determine how adequate they are in reducing risk to ensure that residual risk is at
    manageable levels. A risk assessment is a systematic process to evaluate, identify, and prioritize
    potential audits based on the level of risk to the organization. Risk is defined as the possibility of
    an event occurring that will have an impact on the achievement of objectives and is measured in
    terms of impact and likelihood.

    You might also like