1. Identify various risks faced by the assessed object.
2. Assess the risk probability and possible negative impact.
3. Determine the ability of the organization to bear risks.
4. Determine the priority level of risk reduction and control.
5. Recommend measures to reduce risks.
The relationship between risk assessment and risk response;
1. Risk assessment and risk response are mutually coordinated and complementary.
In the actual audit, risk assessment and risk response are coordinated and complementary, and risk assessment has never been completed at the beginning, and then response has been made. Moreover, risk assessment and risk response are all from shallow to deep, from business start to report.
2. Risk assessment is the premise of risk response.
According to the audit process of financial statements, risk assessment is the starting point of the whole audit process, so it can also be concluded that risk assessment is the premise of risk response.
Looking at it from another angle, we should keep professional doubts when auditing an audited entity. According to our professional judgment, we should know where there may be risks, how likely it is to produce such a major misstatement, what will be the consequences and how serious the consequences will be. In fact, this is the principle of risk identification and evaluation. On this basis, we will implement specific audit procedures to deal with such risks. It can also be concluded that risk assessment is the premise or basis of risk response.
3. Risk assessment and risk response interact.
However, we need to note that risk assessment runs through the entire audit process. Risk response may find that the previous risk assessment is inaccurate and needs to be reassessed. When the risk assessment changes, subsequent risk response procedures may need to be revised. So they influence each other.