Business risks abound – economic, regulatory, compliance, climate change and greenwashing to name a few. To manage them entities need processes, which vary from informal to well-structured and disciplined.
ASA 315 Identifying and Assessing the Risks of Material Misstatement requires an auditor to understand an entity’s risk-assessment process. This is often a poorly applied requirement of the standard and a missed opportunity to provide a meaningful assessment to the client.
Some auditors and their clients fail to understand risk-management processes. Standards Australia AS ISO 31000 specifies guidelines on managing risks.
This session will:
- Recap what an auditor is required to do in understanding a client’s risk-management process
- Identify what the ASX’s governance principles and recommendations, the ACNC, and others say about risk
- Examine in depth Risk management — Guidelines (AS ISO 31000) and key risk terms in its Risk Management Vocabulary
- Profile responsibilities of boards and management – risk management guidelines — Companion to AS ISO 31000:2018, Part 1: Boards and executives
- Illustrate key principles through real-world examples, and
- Describe the benefits to auditors and entities of having a structured risk-management process.