Thank you for the opportunity to help you with your question!
This phase of the audit process is not just a planning tool, but an integral part of evidence gathering. Since risk assessment directs the auditor’s attention to issues that merit further consideration, it should be based on the inquiries, observations and audit evidence gathered by the auditor; this gathering and documentation of evidence is important. Generally, simple inquiries of management are an insufficient basis for this assessment. In addition, according to SAS no. 109, Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement, risk assessment procedures alone are not a sufficient basis for rendering the audit opinion.An important requirement in these standards is the need to link identified risks to relevant controls and to the audit actions designed to respond to these risks. Such a linkage helps the audit team determine whether the risks are addressed, assists in communication on the audit and helps reviewers, including peer reviewers, follow the implementation of the audit strategy.In practice, simpler audits may accomplish this linkage through careful cross-referencing of audit documentation. For more complex situations, this linkage may be supplemented by a planning or engagement strategy memo or matrix.
Please let me know if you need any clarification. I'm always happy to answer your questions.
Content will be erased after question is completed.