Inherent Risk - Risk before controls, Gross Risk
Residual Risk - Risk after controls, Net Risk
Control Risk - Ineffective Controls, Entitiy's internal control may not detect/ prevent
Detection Risk - Ineffective Audit, Auditors fail to detect
Audit Risk - Inherent+Control+Detection
Audit universe - A living document that has to be updated on a periodic basis. It should capture all of the businesses, regions and functions that make up the organization. There has to be collaboration between key business stakeholders and internal audit to come up with this audit universe, but it should be primarily driven by the audit function.
- In order for the IT risk assessment process to be a successful driver for creating the audit plan, it is important to define the audit universe.
Residual Risk - Risk after controls, Net Risk
Control Risk - Ineffective Controls, Entitiy's internal control may not detect/ prevent
Detection Risk - Ineffective Audit, Auditors fail to detect
Audit Risk - Inherent+Control+Detection
Audit universe - A living document that has to be updated on a periodic basis. It should capture all of the businesses, regions and functions that make up the organization. There has to be collaboration between key business stakeholders and internal audit to come up with this audit universe, but it should be primarily driven by the audit function.
- In order for the IT risk assessment process to be a successful driver for creating the audit plan, it is important to define the audit universe.
No comments :
Post a Comment