City of San José, Capital of Silicon Valley  
  City Home City Services About San José Visitors Feedback
 
department title

Sunday, November 22, 2009
  Auditor Home


Authority & Responsibility
The Audit Process
Office Philosophy
Audit Assignments
Budget & Staff
Awards
Quality Assurance

PUBLISHED WORK

Audit Reports & Memos
Audit Recommendations
Monthly Status Reports
Annual Work Plans
Peer Reviews
Service Efforts & Accomplishments

HEARING FROM YOU

We welcome any comments or audit suggestions you might have.

 


 

 
 
 
 

RISK ASSESSMENT

 

General

The rationale for conducting a risk assessment is that auditors can limit testing and focus on those areas most vulnerable to noncompliance and abuse. This produces a more cost-effective and timely audit.

In conducting a risk assessment, the auditor:

  • Identifies the threats associated with the area or activity under review;
  • Determines the inherent risk associated with the identified threats; and
  • Assesses whether the existing internal controls will prevent, detect, or correct instances when threats actually occur.

The extent of audit testing is directly related to an assessment of the activity's degree of vulnerability. The higher the vulnerability, the more extensive the audit testing needs to be and vice versa. Thus, even though an activity may have a high degree of inherent risk, a strong system of internal controls can reduce the entity's exposure to a low or moderate level. Accordingly, the need to conduct detailed audit tests could be reduced to an appropriate level.

 

 

  Purpose
  General
  Library

 

 

 

Last Modified Date: 1/21/2009
 
 

City Home - City Services - About San José - Visitors - Feedback - Search
 

As a customer-driven organization, the City of San José welcomes any suggestions you might have to help us serve you better.