Risks Based Audit Approach – How Does It Work?


Risks based audit approach is one of the well-known audit approaches used by the auditor to perform an audit of financial statements. The principle of this approach requires the auditor to put their effort into the high risks areas rather than spend a lot of time on the areas that are low risks.

Risks based audit approach comes from the international standard on auditing ISA 315, Identifying and Assessing the Risks of Material Misstatement through Understanding the Entity and its Environment.

This standard requires an auditor to obtain an understanding of entity key internal control, internal environment, and the effect of the external environment that could potentially affect to entity’s business as well as financial reporting. Once the risks are assessed and identified, audit procedures are tailored.

For example, a high turnover of key staff in the finance department can be the factor that financial reporting system might not run appropriately and risks of material misstatement on the financial statements are likely to increase.

The audit procedures to detect the likelihood of incorrect accounting treatments as well as over right the level of authorization should be established.


If you are familiar with ISA 315, Identifying and Assessing the Risks of Material Misstatement through Understanding the Entity and its Environment, you might understand the principle audit approach on auditing financial statements.

This standard required the risk assessment to be performed at the planning stage through internal and external factors that influence client internal control.

This approach starts with the planning stage of an audit. Normally, the auditor obtains an understanding of the client’s key internal control and its environments before they perform risks assessment.

Related article  Fundamental Principles of Financial Due Diligence

And once the risks related to financial statements are assessed and identifies, the audit procedures are tailored to detect those risks.

There are many kinds of risks that might influence the misstatement of financial statements such as Financial Risks, Compliance Risks, and Operational Risks. If auditors could identify these risks and then execute the right audit procedure to detect all of those risks, then audit risks will be minimized.

It is good to note that risks contain three important risks include inherent risks, control risks, and detection risks. Inherent risks involve the risks outside the scope of management and auditors.

Control risks; in addition, refer to the risks resulting from management internal control over financial reporting could not detect the material misstatements due form both error and fraud.

Detection risk is the risk that auditors could not design the right audit procedures to detect the material misstatements that contain in the financial statements.

Risks base internal audit approach:

Risks based audit approach is also used by internal auditors to perform internal audit activities. This approach requires the internal auditor to understand and assess the entity’s risks.

For example, let classify those risks into three simple areas include operational risks, compliant risks, and financial risks.