During the planning phase of an assurance engagement, the internal audit engagement team identifies and evaluates the inherent fraud risks within the procurement function. What should be the engagement team’s next step?
A.
Identify and map existing controls to their relevant inherent fraud risks
B.
Detect fraudulent activities in the activity under review for the audited period
C.
Select the appetite level for each inherent fraud risk
D.
Evaluate and respond to residual fraud risks that need to be mitigated
The risk assessment process in planning begins with identifying inherent risks (risks without considering controls). The next logical step is to identify and map existing controls to those inherent risks to determine whether they mitigate them effectively. Only after this step can residual risk be assessed. Detecting actual fraud (Option B) is not part of planning. Risk appetite (C) is a management responsibility, not audit’s. Option D occurs later after evaluating controls.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit