My Reading on ASQ CQA HB Part I-IA~IE-s
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
<strong>Part</strong> IB<br />
Risk- Based Auditing<br />
Some audit programs may allocate resources specifically to areas that have been problematic or<br />
that are high risk. This could include product characteristics, product or process hazards,<br />
pers<strong>on</strong>nel or process safety, and envir<strong>on</strong>mental c<strong>on</strong>trols. This is often called risk- based auditing.<br />
A starting point for risk- based auditing is for the organizati<strong>on</strong> to identify and quantify its risks.<br />
Risk-based auditing is a style of auditing which focuses up<strong>on</strong> the analysis and management of risk.<br />
In the UK, the 1999 Turnbull Report <strong>on</strong> corporate governance required directors to provide a<br />
statement to shareholders of the significant risks to the business. This then encouraged the audit<br />
activity of studying these risks rather than just checking compliance with existing c<strong>on</strong>trols.[1]<br />
Standards for risk management have included the COSO guidelines and the first internati<strong>on</strong>al<br />
standard, AS/NZS 4360. The latter is now the basis for a family of internati<strong>on</strong>al standards for risk<br />
management - ISO 31000.<br />
A traditi<strong>on</strong>al audit would focus up<strong>on</strong> the transacti<strong>on</strong>s which would make up financial statements such<br />
as the balance sheet. A risk-based approach will seek to identify risks with the greatest potential<br />
impact. Strategic risk analysis will then include political and social risks such as the potential effect of<br />
legislati<strong>on</strong> and demographic change. An experiment suggested that managers might resp<strong>on</strong>d to riskbased<br />
auditing by transferring activity to accounts which are ostensibly low risk. Auditors would need<br />
to anticipate such attempts to game the process.<br />
https://en.wikipedia.org/wiki/Risk-based_auditing<br />
Internal auditors and some external auditors should be aware of the existence of risk and that<br />
effectiveness, efficiency, performance, and risk are important factors when determining the<br />
purpose of the audit or when planning the annual audit schedule. In this secti<strong>on</strong> we have<br />
discussed organizati<strong>on</strong>al risk as a purpose of an audit. Later we will discuss audit program risk<br />
and audit process risk.<br />
Charlie Ch<strong>on</strong>g/ Fi<strong>on</strong> Zhang