Register now or log in to join your professional community.
Well !!!! there might be many answers or if i say, bookish text which we heard many times during our professional life. But i have a more practical approach to it.
I head the audit department of a tycoon yet i never used bookish text rather i go for a more practical approach.
In my opinion, Risk must be assessed both auditors identification point of view with the overviews of the board of directors or if i say the owmners or the stakeholders in other cases. We usually identify risk on the basis of its affect on the organisation rather then the effect it has on BOD. What i do is:
1. Identify risk and analyse its seriousness.
2. Sort the audits as per risk seriousness and add to the plan.
3. Take the plan to the audit committee and ask their point of view and risk over the organisation.
4. Alter the plan as per Audit committee risk identification of the audits the want to perform first.
5. Execute the plan.
Risk Assessment Process: