Auditor using risk-based approach focuses on “the processes which have the greatest impact on enhancing customer satisfaction and producing expected results, while considering past problems and trends.”
The reason why Auditor should use the risk approach stated that “it is not feasible to audit every single document, record, and activity”
Considering that :
I may not be able to depend on management’s statement or provided data,
Organization rapid changes, management’s dishonesty, or well-concealed fraud, can escape risk-based focus if not considered.
Inadequate risk based audit procedure or documentation, undoubtedly makes risk -based audit ineffective.
Experienced auditors or master auditors, please talk to me! I am a new auditor but I have some crazy thoughts stirring up.