Professional Documents
Culture Documents
Risk assessment I
Learning objectives
1. Entity level:
• applicable financial reporting framework
• major customers
• major suppliers
• international transactions
• capacity to adapt to changes in technology
• warranties and discounts
• client reputation and operations
• client relations with employees
• sources of financing
• ownership structures
• system of internal controls:
• control environment
• risk assessment process
• process to monitor system of internal control
• information system and communication
• control activities
Gaining an understanding of the entity
2. Industry level:
• level of competition
• client reputation
• level of government support
• level of government regulation
• level of demand for client goods/services.
Gaining an understanding of the entity
3. Economy level:
– How do overall economic conditions affect client?
• interest rate changes
• financial crises
• shareholder expectations of increasing profits in
good times.
– What are specific pressures on client to understate or
overstate profits in these conditions?
Fraud risk
• Examples of frauds:
Fraud risk
• Auditor should consider particular risks arising from IT (ISA 315), for
example:
– lack of backup and loss of data.
– unauthorised access to computers, software and data:
• Need security and passwords to prevent distorted data.
• Can occur if not thoroughly tested before implementation, or
errors introduced when changing programs.
• Restrict program change rights to authorised personnel.
– Programs need to be suitable for client requirements. errors in
programs:
• Can occur if not thoroughly tested before implementation, or
errors introduced when changing programs.
• Restrict program change rights to authorised personnel.
• Programs need to be suitable for client requirements.
Information technology