Risk-based auditing is a style of
auditing
An audit is an "independent examination of financial information of any entity, whether profit oriented or not, irrespective of its size or legal form when such an examination is conducted with a view to express an opinion thereon.” Auditing ...
which focuses upon the analysis and management of
risk
In simple terms, risk is the possibility of something bad happening. Risk involves uncertainty about the effects/implications of an activity with respect to something that humans value (such as health, well-being, wealth, property or the environme ...
.
In the UK, the 1999
Turnbull Report
''Internal Control: Guidance for Directors on the Combined Code'' (1999) also known as the "Turnbull Report" was a report drawn up with the London Stock Exchange for listed companies. The committee which wrote the report was chaired by Nigel Turnb ...
on
corporate governance
Corporate governance is defined, described or delineated in diverse ways, depending on the writer's purpose. Writers focused on a disciplinary interest or context (such as accounting, finance, law, or management) often adopt narrow definitions th ...
required directors to provide a statement to shareholders of the significant risks to the business. This then encouraged the audit activity of studying these risks rather than just checking compliance with existing controls.
Standards for
risk management have included the
COSO guidelines and the first international standard,
AS/NZS 4360. The latter is now the basis for a family of international standards for risk management —
ISO 31000
ISO 31000 is a family of standards relating to risk management codified by the International Organization for Standardization. ISO 31000:2018 provides principles and generic guidelines on managing risks that could be negative faced by organizatio ...
.
A traditional audit would focus upon the transactions which would make up financial statements such as the
balance sheet
In financial accounting, a balance sheet (also known as statement of financial position or statement of financial condition) is a summary of the financial balances of an individual or organization, whether it be a sole proprietorship, a business ...
. A risk-based approach will seek to identify risks with the greatest potential impact. Strategic risk analysis will then include political and social risks such as the potential effect of legislation and demographic change.
An experiment suggested that managers might respond to risk-based auditing by transferring activity to accounts which are ostensibly low risk. Auditors would need to anticipate such attempts to game the process. It has been suggested in research the tone of an annual report reflects factors that auditors consider in assessing audit risk.
References
Citations
Sources
*
*
*
Types of auditing
{{business-stub