Leaping into action
Audit teams don’t always identify, assess and respond to risk appropriately. Stacey Hillyard shows us the hoops to be jumped through.
Even though we have lived with International Standards on Auditing (ISAs) and their current incarnation Clarified ISAs for several years now, risk assessment is still an area that causes problems. In its 2012 Audit Monitoring Report, ICAEW’s Quality Assurance Department (QAD) said: "We tend to raise a number of points in this area as we cannot always see that firms have gone through all the required processes." More reassuringly, the report went on to add: "However, to put this into context, we can often conclude that the firm has obtained sufficient evidence to address the risks, even though the risk assessment process itself may not meet all the requirements."
Weaknesses in the way audit teams identify and assess risk have certainly been a recurring theme in many audit files I have reviewed. While it is not uncommon to see the same files demonstrate that the audit team has enough audit evidence, this is often despite the risk assessment work performed at the planning stage, and not because of it. A haphazard approach to risk assessment increases the chances of the audit team missing something potentially significant that, in turn, could lead to gaps in audit work in one or more key areas.
This is an extract from an article in the September 2015 edition of Audit & Beyond, the magazine of the Audit and Assurance Faculty.
Find out more
Members of the Audit and Assurance Faculty and subscribers of Faculties Online
To read the complete article, subscribe to Faculties Online or join the Audit and Assurance Faculty and get access to this article in full, plus all future publications, events, webinars and services.