The nature of the risks identified will vary according to the audit objective. The auditor should consider and assess the risk of different types of deficiencies, deviations or misstatements that may occur in relation to the subject matter. Both general and specific risks should be considered. This can be achieved through procedures that serve to obtain an understanding of the entity or programme and its environment, including the relevant internal controls. The auditor should assess the management’s response to identified risks, including its implementation and design of internal controls to address them. In a problem analysis the auditor should consider actual indications of problems or deviations from what should be or is expected. This process involves examining various problem indicators in order to define the audit objectives. The identification of risks and their impact on the audit should be considered throughout the audit process.

INTOSAI ref. Fundamental Principles of Public-Sector Auditing(pdf) (ISSAI-100).
#tagcoding hashtag: #issai146

en en.gif
fr fr.gif
nl nl.gif