March 13, 2014 - 11:43am
#1
I have a couple of questions regarding annual risk assessments:
- Who conducts the annual risk assessment used for establishing a risk-based plan to determine priorities of the internal audit activity?
- Is this a risk assessment the Internal Audit Department develops, or do you use a risk assessment developed by Risk Management or Enterprise Risk Management?
- Does it impair independence or violate auditing standards to use a risk assessment developed by another party to determine your risk-based audit work plan? Why or why not?
