Risk Assessment

Risk assessment is required in generally accepted auditing standards. The procedures are performed by auditors as a means to detect where material misstatements might occur. Those procedures include the following:

• Walkthroughs of transaction cycles to see if an entity’s internal controls are designed and implemented
• A review of management’s estimates for bias
• Preliminary planning analytics
• Gaining an understanding of the entity

Additionally, the auditor uses inquiry, observation, and inspection to detect the potential for material misstatements.

Perform the risk assessment procedures annually. While auditors can bring prior year documentation forward, they still need to see if the internal controls are operational and whether they have changed.

The purpose of risk assessment is to assist the auditor in planning the audit. When transaction areas, account balances, or disclosures are more likely to contain misstatements, the auditor is to create responses in the form for audit procedures. Those procedures can include substantive procedures or a test of controls for effectiveness.

A lack of adequate risk assessment documentation continues to be a common finding in peer reviews performed in the United States.