UNIVERSSITY OF CENTRAL PUNJAB

Assignment no: 4
Relationship between AUDITING & RISK ASSESSMENT on
both aspects Internal & External

Submitted by:
Abeera Chaudhry
L1F19BSAF0156

Submitted to:
Ma’am Ayesha Munir

Section C

 What is Auditing?
 Audit is the examination or inspection of various books of accounts by an auditor followed by
physical checking of inventory to make sure that all departments are following documented
system of recording transactions. It is done to ascertain the accuracy of financial statements
provided by the organisation. And this process is known as AUDITING.

 What is Risk Assessment?

The auditor needs this knowledge and understanding in order to assess the risk attached to the
audit. Risk assessment is a key feature of the audit planning process and the assessment of risk in
the audit will affect:

 the amount of audit work performed in general, and

 the areas on which the auditor will focus his attention

 Risk Assessment Process:

The goal of a risk assessment plan will vary across industries, but overall, the goal is to help
organizations prepare for and combat risk. Other goals include:

 Providing an analysis of possible threats

 Preventing injuries or illnesses

 Meeting legal requirements

 Creating awareness about hazards and risk

 Creating an accurate inventory of available assets

 Justifying the costs of managing risks

 Determining the budget to remediate risks

 Understanding the return on investment

5 steps in the risk assessment process

Before you start the risk management process, you should determine the scope of the
assessment, necessary resources, and stakeholders involved, and laws and regulations that
you’ll need to follow. Then proceed with these five steps.

 Identify the hazards

 Determine who might be harmed and how
 Evaluate the risks and take precautions
 Record your findings
 Review assessment and update if necessary

Relationship between AUDITING & RISK ASSESSMENT on

Internal aspects
During the risk assessment process, Internal Auditing identifies and assesses both the possibility
and potential impact of various risks to the organization.  Internal controls are then identified and
evaluated to determine how suitable they are in reducing risk to ensure that residual risk is at
manageable levels.  

Audit functions have used information about risk, quite properly, as one of the core inputs to
audit planning. For organisations without an effective enterprise risk management (ERM)
function, or one in its early stages of development, this has meant that internal audit have been
forced to undertake their own risk assessments; and in many circumstances internal audit have
done their own assessments anyway as a check on risk management or to assert their
independence. In addition, internal audit also have to audit risk management frameworks, to
provide assurance to Boards and senior management about their adequacy and effectiveness.
This is a requirement of the IIA Professional Practices Standards. It is also one way that Boards
can satisfy the requirements of Principle 7.2 of the ASX Corporate Governance requirements.

 Control on Risk:

Control is an activity that helps ensure that management directives to mitigate risk are carried out.  

 Internal Controls are control activities including policies that establish what
should and should not be done and procedures that are the actions to implement the
policies.  Control activities either deter undesirable acts or prevent errors from occurring
(preventative) or find undesirable acts or errors after they've occurred and provide
evidence as to whether the preventative controls are effective (detective).  Internal
controls are either automated by software or manually performed.
  Residual Risk is the risk remaining after management has taken actions to alter
the risk's Likelihood or Impact.

 Process Maps are graphical representations of your program's key processes

including internal control activities.

 Performance Measures identify your program's true measures of success.

 A Risk Score is a mathematical equation where Impact, Likelihood and other

risk measurement factors are assigned weights and calculated in a manner to create a
stack ranking or heat map of risks.

 A Risk Control Matrix shows how internal controls address each of your
program's risks.

Relationship between AUDITING & RISK ASSESSMENT on External

aspects

Through an external audit risk assessment, an auditor can engage people with valuable

knowledge at a company. These individuals work every day in the environment you’re auditing
and can help you identify risk in a number of ways, whether that risk is in the form of fraud,
errors or operational weaknesses

The objective of the auditor under ISA 315 is to identify and assess the risks of misstatement,
whether due to fraud or error, through understanding the entity and its environment, including its
internal controls. With the ISA 315, external auditors are now required to make inquiries of the
internal audit function to identify and assess risks of material misstatement. Auditors may refer
to the management’s responses of the identified deficiencies of the internal controls and
determine whether the management has taken appropriate actions to tackle the problems
properly.  Besides inquiries of the internal audit function, auditors may collect audit evidence of
the control environment through observation on how the employees perform their duties,
inspection of the documents, and analytical procedures. After obtaining the audit evidence of the
control environment, auditors may then assess the risks of material misstatement.

 The auditor’s responsibilities relating to fraud: ISA 240

 The role of the external auditor with regard to fraud is covered by ISA 240 The
auditor’s responsibilities relating to fraud in an audit of financial statements.
 The objectives of the auditor under ISA 240 are the same as for any other area:
to identify and assess the risks of material misstatement and to obtain sufficient appropriate
evidence about those risks through appropriate audit procedures.
 However, it is particularly important in relation to fraud that the auditor
maintains an attitude of professional skepticism as required by ISA 200 and the Auditors’ Code.
ISA 240 states that:
 Two types of fraud are identified by ISA 240 that are
 Fraudulent financial reporting
 Misappropriation of assets.