3/2: Audit risk assessment:

    Excessive Information technology has raised the level of inherent risk and control
    risk for all sectors especially those dealing with highly confidential client's
    information's. auditor must plan the needed procedures according to audit risk
    model. according to audit risk model.

    What is the effect of IT audit on audit risk model?

    As stated above IT has increased both Inherent risk and control risk.
    a- Given the Following Information Calculate the level of planned detection risk

       (DR) needed to achieve the acceptable audit risk (AR) of 5 percent? In a low
       information technology environment?

    Assume that acceptable audit risk is assessed at a value of 5 percent, consistent with
    the IR is assessed at 40 percent, and CR is assessed at 40 percent.
    Answer:

                         5% = 40% * 40% * DR
                          DR = 0.31

    b- How would assessment of audit risk Model differ from the previous question if the
      clients co belong to high information technology environment as Banking
      industry?

    Assume that acceptable audit risk is assessed at a value of 5 percent. Will the
    amount of inherent risk and control risk increase or decrease than 40%?

           Answer: high information technology industry leads by default to higher
    inherent risk and higher control risk, which would result in lower detection risk
    than the previous example.

    PHASE 3: Fieldwork and implementing the auditing procedures (4 steps)
    Regarding Substantive tests.

           Auditor must expand the scope of the tests to account for IT related tests.
    As IT environment results in lower detection risk that requires him to perform more
    auditing procedures using (as CAATS) that results in electronic evidences about
    transaction and balances rather than traditional evidence

    29

28

    ‫جميع الحقوق محفوظة ـ الإعتداء على حق المؤلف بالنسخ أو الطباعة يعرض فاعله للمسائلة القانونية‬