Adding Specific Risks
Specific risks display in the Specific Risks table in KBA-502 Summary of Risk Assessments. They also flow to the for each audit area the risk is associated with. You can also view the risk in the Risk Summary section.
If needed, you can link program steps in a substantive audit program to a specific risk using the unique risk name.
If no specific risks are created for a significant audit area, information to this effect displays in various parts of the form. For example, in KBA-502 Summary of Risk Assessments, you’ll see a row that says “No risks have been added for this area.”
The moment you start entering information to create a risk, you become the active user of KBA-502. When you click Add Risk or Reset Risk Form, you will no longer be the active user. The moment you start entering information to create a risk, you become the active user of KBA-502. When you click Add Risk or Reset Risk Form, you will no longer be the active user.
To add a specific risk, do the following:
- While in the engagement view or a form view for an engagement, click Risk Summary.
- Click the Specific Risk section to expand it.
- Complete the information about the risk.
Risk name |
Enter a unique risk name of up to 30 characters. This name will be used when you link program steps to the risk.
Note: You cannot use the pound sign (#) or the pipe symbol (|) in this field.
|
Risk description |
Enter brief information about the risk. |
Type of risk |
Select one or more options as needed. See the instructions in KBA-502 Summary of Risk Assessments for information on the factors to consider when determining if a risk is significant or might be related to fraud. A risk might also require tests of controls, where substantive tests alone are not sufficient.
|
Audit areas affected by the risk |
Select one or more audit areas that are impacted by the risk. All audit areas are shown here, including custom audit areas you have added. |
Cash transaction cycle |
Select which cash transaction cycle applies to the identified risk. This field is only required for audit areas Cash and Other Revenues and Expenses. |
Relevant assertions |
Choose any of the following:
- EO. Existence or Occurrence
- RO. Rights and Obligations
- CO. Completeness
|
- AV. Allocation or Valuation
- CU. Cutoff
- UC. Understandability or Classification
|
Note: The assertion definitions change with the clarified version of the titles.
|
Controls, if any, that mitigate specific risk |
Evaluate the design of controls for each significant risk or fraud risk. The magnitude of a risk depends in part on whether controls are in place to mitigate those risks.
|
Combined risk assessment |
Inherent Risk (IR) is combined with Control Risk (CR) to determine the Risk of Material Misstatement (RMM) for each risk. The RMM level will be recommended for you, based on the table found in the instructions at KBA-502 Summary of Risk Assessments. |
Planned audit approach |
Choose from the following:
- Combined Approach. Audit plan consists of both tests of controls and substantive tests.
- Substantive: Analytical. Audit plan consists primarily of analytical procedures.
- Substantive: In-Depth. Audit plan consists of both analytical procedures and tests of details.
|
Comment on planned audit approach |
Enter a brief description of the work you are planning to act as a guide for linking specific program steps to this risk when you design the audit program. |
Form identified in |
KBA-502 is selected by default. You can select a different option if needed. In audit programs, this selection results in the risk being added to the list of Findings in the Results section of the audit program. |
- Click Add Risk.