Risk-based auditing

In the UK, the 1999 Turnbull Report on corporate governance required directors to provide a statement to shareholders of the significant risks to the business.

This then encouraged the audit activity of studying these risks rather than just checking compliance with existing controls.

A traditional audit would focus upon the transactions which would make up financial statements such as the balance sheet.

A risk-based approach will seek to identify risks with the greatest potential impact.

[3] An experiment suggested that managers might respond to risk-based auditing by transferring activity to accounts which are ostensibly low risk.