The initial evaluation of risks that may impact the possibility of a material misstatement or the vulnerability of an organization’s assets based on initial assumptions, research, and uncertainties.
To understand the types of risk assessment involved in a business entity and how they apply to IT and its relationship to financial reporting in particular, in identifying IT-related risks and the effectiveness of any controls to mitigate those risks, from a materiality constraint.
To understand the business environment and business processes, especially the risk IT itself brings to accounting information systems and financial reporting, and how to apply this knowledge. In public accounting, this application would involve IT-related engagements, especially the financial audit. In business and industry (B&I), it would involve managing those systems and processes effectively, as well as understanding the purposes, processes, and evidence the CPA/CITPs will be using in their engagements.
To understand and apply the audit risk model as defined in the risk-based standards: Inherent Risk (IR), Control Risk (CR), and the Risk of Material Misstatement (RMM). Relevant standards include Statement on Auditing Standards (SAS) No. 99, SAS No. 104-111 (RBA standards), Auditing Standard (AS) 5. Relevant models for risk include COSO, COBIT, and the P-D-C model.
To enhance one’s understanding and evaluation of controls via walkthroughs.
To understand ...