ABSTRACT
Having determined a schedule of audit priorities and a plan of the assignments to be completed for the next year, the risk-based approach needs to be applied to the individual assignments. Hold the pre-meeting to explain the audit, confirm functional objectives, discuss risks and determine scope and objectives of the assignment. The key to effective risk-based assignment planning is to begin with the functional objectives, that is, the objectives of the system, activity or process that you are planning to review. Whilst risks may have been identified formally during the CRSA programme, it is unlikely that the risk register will have recorded the risks at the detailed level required for audit purposes. The good news is that the methodical process-driven risk-based approach is designed to assess all the key activities, risks and controls and therefore major areas of concern should be identified.
