In this article, the topic of Risk-based auditing will be addressed from different perspectives and discussions. Risk-based auditing is a topic that has sparked interest and debate in various areas, generating great expectations among experts and the general public. In the following lines, the implications, repercussions and possible solutions related to Risk-based auditing will be explored, in order to offer a comprehensive and enlightening vision on this topic. Furthermore, different opinions and approaches will be taken into account to enrich the analysis and provide a multidimensional view of Risk-based auditing.
Risk-based auditing is a style of auditing which focuses upon the analysis and management of risk.
In the UK, the 1999 Turnbull Report on corporate governance required directors to provide a statement to shareholders of the significant risks to the business. This then encouraged the audit activity of studying these risks rather than just checking compliance with existing controls.[1]
Standards for risk management have included the COSO guidelines and the first international standard, AS/NZS 4360.[2] The latter is now the basis for a family of international standards for risk management โ ISO 31000.
A traditional audit would focus upon the transactions which would make up financial statements such as the balance sheet. A risk-based approach will seek to identify risks with the greatest potential impact. Strategic risk analysis will then include political and social risks such as the potential effect of legislation and demographic change.[3]
An experiment suggested that managers might respond to risk-based auditing by transferring activity to accounts which are ostensibly low risk. Auditors would need to anticipate such attempts to game the process.[4]