According to IIA guidance, risk assessment is a critical step that precedes the development of audit engagement objectives. The risk assessment process helps internal auditors identify the key areas of risk within the organization, which then informs the setting of appropriate objectives for the audit engagement.
IIA Standard 2201 – Planning Considerations:
This standard requires internal auditors to consider risk when planning an engagement. The risk assessment process identifies the areas of highest risk, which allows the auditor to focus on the most critical issues during the engagement.
Role of Risk Assessment:
By assessing risks, the auditor can determine which processes or controls are most likely to affect the achievement of the organization’s objectives. This understanding is essential for setting the audit engagement’s objectives, ensuring that they are aligned with the areas of greatest concern.
IIA Practice Advisory 2210.A1-1:
The advisory suggests that auditors should use the results of the risk assessment to establish the scope, objectives, and priorities of the engagement. Without this risk assessment, the audit objectives may not fully address the most significant risks.
Option A (Identification of controls): This typically occurs after the objectives are set, as controls are evaluated based on the identified risks.
Option B (Scope establishment): The scope is determined after the objectives are set, which are based on the risk assessment.
Option D (Review of resources): This step is related to the allocation of resources after the objectives and scope are defined.
Detailed Explanation:Why Not Other Options?
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit