2. Risk Assessment

During the planning phase, auditors gather information about your entity by:

  • asking key employees questions to identify potential risks; and
  • reviewing previous years' results to identify major changes and confirm scope, materiality, timing, audit assignments and the audit approach.

In addition, we seek information such as:

  • financial statements
  • budgets
  • financial performance measures/metrics
  • audit committee minutes
  • filings with regulators
  • judgments
  • estimates
  • business drivers
  • policy and procedure manuals
  • vision, mission, values
  • objectives
  • strategies
  • organizational structure
  • board of directors meeting minutes
  • job descriptions
  • operating performance
  • non-financial performance measures
  • creditors
  • media
  • analyst reports
  • government agency reports
  • Internet reports

Staff Involvement

Auditors must obtain a reasonable understanding of internal controls to plan the audit. Having staff available to assist the auditor makes the process of writing down systems and updating documentation more efficient.

Inform the auditor of significant changes in your business processes, so the potential impact can be assessed in advance of the audit completion target and so audit plans can be adjusted.


For each significant business process identified, the auditor performs a walkthrough to ensure the entity is operating as documented. A walkthrough includes questioning personnel, observing specific controls and inspecting documents. The walkthrough addresses control implementation at a point in time.
After the walkthroughs are completed, the design and implementation of internal control are evaluated. The risk of material misstatement is evaluated and segments that require special consideration are identified. Audit procedures are then designed by our staff.