RAWG

 ◦ ◦ ◦ ◦ ◦ ◦ Risk assessment guideline for strategic and annual planning Identifying auditing universe Identification of risks Categorization of possible risks Estimating likelihood and impact of risks Developing 3-year plans Annual plan

        Preparation for the audit engagement Drafting a plan for the audit engagement Appointing auditors for the engagement Identifying the goals of the engagement Executing the engagement Collecting audit evidence Developing a project and the final report (conclusion) Post audit

  Planning is just the overall direction of activity, a list of tasks and not a final decision on the audit engagement At the preparation stage for the audit engagement the annual audit plan can change based on REEVALUATION OF RISKS

   1210.А2 to evaluate the risk of fraud  1210.А3 key information technology risks and controls 1220.А1 adequacy and effectiveness of governance, risk management, and control processes 1220.А3 must be alert to the significant risks

   The significant risks kept to the activity, its objectives, resources, and operations and the means by which the potential impact of risk is to an acceptable level; The adequacy and effectiveness framework or model; of the activity’s governance, risk management, and control processes compared to a relevant The opportunities for making significant improvements to the activity’s governance, risk management, and control processes.

  2210.А1 — Internal auditors must conduct a preliminary assessment of the risks relevant to the activity under review. Engagement objectives must reflect the results of this assessment. 2210.А2 — Internal auditors must consider the probability of significant errors, fraud, noncompliance, and other exposures when developing the engagement objectives.

 Reporting must also include significant risk exposures and control issues, including fraud risks, governance issues, and other matters needed or requested by senior management and the board.

 The description of risk assessment or control methodology or of other criteria on which the opinion is based

 When the chief audit executive concludes that management has accepted a level of risk that may be unacceptable to the organization, the chief audit executive must discuss the matter with senior management…..

      Preliminary risk assessment at the stage of audit engagement planning Risk assessment when goals are set and audit evidence is collected Risk assessment at post-audit stage Assessment of fraud risks Assessment of IT risks etc. ….

    Preparation throughout the year Collection and assessment of information on risks Assessment of risks related to legal documents adopted after the latest risk assessment Identification of risks during consultations with senior management and first meeting

    Based on the results of preliminary risk assessment of the audit objects: developing an engagement plan Identification of most risky transactions Setting the tasks for auditors and defining the selection method (statistical, non-statistical, mixed) Setting other tasks and their possible changes

   Risk assessment of collected evidence Defining priorities Risk assessment of tasks execution or acceptance of risk by the leadership

 ◦ ◦ ◦ ◦ ◦ How to calculate Major risks Inherent risks Residual risks Acceptable risks Risk appetite