Audit risk assessment is a stage in the audit planning process. During the assessment, an auditor determines the likelihood of audit risk, defined as the possibility of recording an inappropriate opinion on an audit as a result of a misstatement in the financial documents examined. Audit risk assessment is part of the series of controls which are used to manage the integrity of an audit, and to determine when and how audits should be conducted, and by whom.
While many people fear audits from tax authorities, they are actually a valuable tool when used internally. During an audit, a company can identify financial issues such as funds where they shouldn't be, abnormal numbers, signs of fraud or theft, and so forth. Auditing is used to control costs, to ensure that accounting is accurate, and to hold employees accountable for their activities. It can be performed across an entire company, or in specific departments.
Audit risk consists of several components. The first is the likelihood that a material misstatement will be made in financial documents. The second is the risk that the misstatement will not be caught by internal controls, and the third is that the misstatement will not be caught by an auditor. These components are examined during an audit risk assessment to come up with a numerical score which can be used to make decisions about the auditing process.
If the audit risk is high, it may indicate that audits should be performed more frequently, to increase the chance that errors and misstatements will be caught. A high audit risk may also suggest that it may be time to change some of the factors to lower the risk. For example, an auditor could recommend changes to internal controls which would lower the risk by increasing the chances of catching a misstatement internally.
Risk-based auditing is an approach to audit management which is informed by an audit risk assessment. It's important to remember that the assessment is not an audit; the audit still needs to be completed, keeping the findings of the assessment in mind.
In addition to being valuable for internal accounting, regular audits can also be useful from a customer relations standpoint. People tend to trust businesses which perform regular audits more, as auditing demonstrates a commitment to ethical standards. In some regions, internal auditing and transparency in the auditing process may be legally required of companies which wish to be traded publicly.