• Risk assessment - The risk assessment process involves the identification, evaluation, and management of risks that are significant to the achievement of an organization’s objective. The forensic auditor should obtain an understanding of the significant fraud risks and identify the implications of any such risks for the organization.
• Information and communication - All organizations should have information systems that measure process results and compare them with objectives. They should also have communication practices to ensure that senior management promptly receives all such information, both positive and negative.
• Control activities - These are the policies and procedures established by management as a response to internal and external risks.
• Monitoring - Management’s monitoring procedures involve the assessment of actual performance and the comparison of actual and anticipated performance. The board must fully understand the business risk issues and key performance indicators that could affect the ability of the organization to achieve its purpose in the long term. Business risk and key performance indicators should be benchmarked against industry norms and best practice.
No comments:
Post a Comment