 |
Risk Assessment (print ref: Part 5, Annex A)
This involves first breaking down the organisation into a number of distinct areas, each of which is capable of being audited as a distinct entity. These areas would typically correspond with individual departments, functions or processes within an organisation.
Once these areas have been identified a basic risk assessment needs to be carried out for each one. The results of this risk assessment can then be used to determine audit priorities and help judge how often each of the areas needs to be audited. A straightforward approach to assessing risk is described in the following sections.
|
|
