风险分析——内部审计的特定过程【外文翻译】.doc

1、外文翻译RISKANALYSISSPECIFICPROCEDUREOFTHEINTERNALAUDITMATERIALSOURCEANNALSOFTHEUNIVERSITYOFPETROSANIAUTHORGEORGETRAIANRISKS,ASINHERENTELEMENTSINTHECONDUCTOFANYACTIVITY,CANLEADTODIFFERENTEFFECTSINTHELITERATURETHEREAREFOUNDMANYDEFINITIONSOFTHERISKTHUS,ONEOFTHERECOGNIZEDEXPERTSINTHEFRENCHENVIRONMENT,DOMIN

2、IQUEVICENTE,QUOTEDINTHELITERATUREINROMANIA,CONSIDERSTHAT“RISKISATHREATINTHEPURPOSETHATANEVENTORACTIONTOHAVEANADVERSEIMPACTONTHECOMPANYSCAPACITYTOFULFILLITSOBJECTIVESSUCCESSFULLY”INANOTHERPUBLICATIONINTHEAREA,RISKMANAGEMENTCHANGINGTHEINTERNALAUDITORSPARADIGM,TWORENOWNEDEXPERTS,DAVIDMCMANEEANDGEORGESE

3、LIM,ARGUETHAT“RISKISACONCEPTUSEDTOEXPRESSUNCERTAINTYABOUTTHEEVENTAND/ORTHEIRRESULTS,WHICHMAYHAVEASIGNIFICANTEFFECTONTHEOBJECTIVESOFTHEORGANIZATION”INTERNATIONALSTANDARDSONINTERNALAUDITDEFINERISKAS“THEPROBABILITYOFPRODUCINGANEVENTTHATMAYIMPACTONTHEACHIEVEMENTOFTHEOBJECTIVES”INTERNALAUDITRULESAPPLICAB

4、LETOPUBLICSECTORENTITIESDEFINERISKASBEING,“ANYEVENT,ACTION,SITUATIONORBEHAVIORWITHNEGATIVEIMPACTONTHEPUBLICENTITYSABILITYTOACHIEVEITSOBJECTIVES”ANALYSISOFSUCHDEFINITIONSPOINTSOUTTHATRISKISAPROBLEMWHICHHASNOTYETOCCURREDBUTCOULDOCCURINTHEFUTURE,WHEREITCONSTITUTEATHREATTOTHEENTITYREGARDINGTHEACHIEVEMEN

5、TOFTHEOBJECTIVESSETBYTHEMULTIANNUALANDANNUALPLANSANDTHOSECONCERNINGEACHFUNCTIONOFTHEENTERPRISETHERISKSHOULDBESEENASACOMBINATIONOFPROBABILITYANDIMPACTCONSIDERINGTHEVOLUMEONTHEIMPACT,THEREMAYBESTRATEGICOROPERATIONALRISKSINSOMEAPPROACHESAPPEARINTERMEDIATERISKSORPROGRAMRISKSASWELLALSO,SOMERISKSHAVETHEIR

6、ORIGININTHEEXTERNALENVIRONMENTOFTHEORGANIZATIONEXTERNALRISKS,ANDOTHERSARERISKSOFTHEORGANIZATIONITSELFINTERNALRISKSHOWEVER,RISKSCANBESEENINTHELIGHTOFNATUREOFTHEACTIVITY,INWHICHCASETHEYMAYBERISKSLEGAL,JUDICIAL,FINANCIAL,PROFESSIONAL,SOCIAL,COMMERCIAL,INFORMATIONAL,OPERATIONAL,ENVIRONMENTAL,IMAGEGOODWI

7、LL,PROPERTYFORILLUSTRATINGDIFFERENTTYPESOFRISKSTHATMAYAFFECTTHEACTIVITYOFANENTITY,WECONSIDERASREPRESENTATIVETHETABLESHOWNBELOWINCLUDINGTHECATEGORIESOFRISKSACCORDINGTOGENERALRULESREGARDINGTHEEXERCISEOFPUBLICINTERNALAUDITACTIVITY,THEMAINCATEGORIESOFRISKSAREORGANIZATIONALRISKSUNFORMALIZEDPROCEDURESLACK

8、OFCLEARRESPONSIBILITIES,INSUFFICIENTORGANIZATIONOFHUMANRESOURCES,INADEQUATEDOCUMENTATION,OUTDATEDOPERATIONALRISKSNOTRECORDINGINTHEACCOUNTS,IMPROPERARCHIVINGOFJUSTIFICATORYDOCUMENTS,LACKOFCONTROLONHIGHRISKOPERATIONSFINANCIALRISKSUNSECUREDPAYMENTS,NOTDETECTINGFINANCIALRISKOPERATIONSOTHERRISKSRISKSARIS

9、INGFROMLEGISLATIVE,STRUCTURALCHANGESORMANAGERIALCHANGESFROMTHEABOVEITRESULTSTHATTHERISKSMUSTBEIDENTIFIEDANDEVALUATEDINTERMSOFTHECOMBINATIONOFITSTWOCOMPONENTSNAMELY,THEPROBABILITYTHATSOMETHINGTHERISKMAYOCCURANDTHEIMPACTTHECONSEQUENCEINTHEOBJECTIVETHATTHEMATERIALIZATIONOFSUCHPROBABILITYWILLHAVEAMEASUR

10、INGTHEPROBABILITYMEANSDETERMININGTHELIKELIHOODOFOCCURRENCEPROBABILITYOFASPECIFICRESULTWEWOULDLIKETORECALLTHATTHERISKISAPROBLEMSITUATION,EVENTTHATMAYOCCURTOMATERIALIZE,CASETHATLEADSTHEOBJECTIVESTOBEAFFECTEDINOTHERWORDS,THEREISUNCERTAINTYINTHEOCCURRENCEOFTHESITUATIONOREVENTTHATMAYAFFECTTHEACHIEVEMENTO

11、FTHEOBJECTIVESTHEPROBABILITYISAMEASUREOFUNCERTAINTYTHEPROBABILITYOFRISKSADVENTVARIESFROMIMPOSSIBILITYTOCERTAINTYANDISEXPRESSEDONASCALEOFVALUESONTHREELEVELSLOWPROBABILITY,AVERAGEPROBABILITY,HIGHPROBABILITYINPRACTICE,FORTHEPROBABILITYOFRISKSADVENTMEASUREMENT,TWOCRITERIAAREUSEDA1VULNERABILITYASSESSMENT

12、OFTHEENTITYTOMAKETHEASSESSMENT,THEAUDITORWILLEXAMINEALLTHEFACTORSTHATCOULDHAVEANINCIDENCEONTHEVULNERABILITYOFTHEEXISTINGTECHNICALMEANSTHEVULNERABILITYISEXPRESSEDONTHREELEVELSLOWVULNERABILITY,AVERAGEVULNERABILITY,HIGHVULNERABILITYA2ASSESSMENTOFINTERNALCONTROLTHEASSESSMENTOFINTERNALCONTROLISBASEDONANA

13、NALYSISOFTHEENTITYSINTERNALQUALITYCONTROLONTHREELEVELSAPPROPRIATEINTERNALCONTROL,INSUFFICIENTINTERNALCONTROL,DEFICIENTINTERNALCONTROLTABLE1TYPESOFRISKSNORISKCATEGORIES1EXTERNALARISINGFROMTHEEXTERNALENVIRONMENTANDCANNOTBEFULLYCONTROLLEDBYTHEENTITY,BUTFORWHICHMITIGATIONMEASURESCANBETAKEN11POLITICAL12E

14、CONOMIC13SOCIOCULTURAL14TECHNOLOGY15LEGAL16ENVIRONMENT2OPERATIONALRELATEDTOCURRENTOPERATIONS,MEANINGTHECURRENTMODEOFDEVELOPINGTHEACTIVITIES,CREATIONANDMAINTENANCEOFTHECAPACITYANDCAPABILITYASWELL21PROGRESSIN211ABILITYTOPROVIDEAPRODUCT/SERVICE212RUNNINGACTIVITIES/PROJECTS22CAPACITYANDCAPABILITY221RESO

15、URCESASSETS,HUMAN,FINANCIAL,INFORMATION222RELATIONS223OPERATIONSRESULTS224REPUTATION23METHODANDCAPABILITYOFRISKMANAGEMENT231GOVERNANCEREGULARANDFAIR232EXPLORATIONABILITYTOIDENTIFYRISKSANDOPPORTUNITIES233FLEXIBILITYANDADAPTABILITY234SECURITYACTIVE,SOCIAL,INFORMATIONALBMEASURINGTHESEVERITYOFTHECONSEQU

16、ENCESOFTHEEVENTATIMPACTLEVELTHEIMPACTREPRESENTSTHECONSEQUENCEONTHEEXPECTEDOBJECTIVESOUTCOMES,WHICHMAYBE,DEPENDINGONTHENATUREOFTHERISK,POSITIVEORNEGATIVEINSOMESITUATIONS,ESPECIALLYWHENITCOMESTOSTRATEGICOBJECTIVESANDTHEORGANIZATIONSARECOMPLEXALIKE,COMPLEXPROJECTS,COMPLEXACTIVITIES,THEASSESSMENTOFIMPAC

17、TBECOMESADIFFICULTPROBLEMTHATREQUIRESIMPACTSTUDIESBUT,INANORGANIZATION,MOSTRISKSARENOTOFTHEABOVEMENTIONEDTHENATUREANDTHEIRIMPACTCANBEMEASUREDWITHCONSIDERABLYLESSEFFORTTHEIMPACTOFANYRISKISCHARACTERIZEDBYTHECONSEQUENCESOFDIFFERENTNATURESBESIDESQUALITATIVECONSEQUENCES,EXPRESSEDINADESCRIPTIVEWAY,CANBEID

18、ENTIFIEDANDCONSEQUENCESCANBEEXPRESSEDINTERMSOFBUDGETCOSTS,EFFORTWORKTIMEANDTIMEPOSSIBLEDELAYSINTHEALLOCATEDPERIODTOACHIEVETHEOBJECTIVESPERFORMINGRISKANALYSISINACCORDANCEWITHTHERULESOFINTERNALPUBLICAUDIT,SUPPOSESCROSSINGTHEFOLLOWINGPHASESAIDENTIFYTHERISKSASSOCIATEDACTIVITIESIDENTIFYINGTHERISKSASSOCIA

19、TEDTOTHEOBJECTSTHATMAYBEAUDITED,HASASITSSTARTINGPOINT,THEANALYSISOFTHEOBJECTSAND/ORTHEOPERATIONSCOVEREDBYTHECENTRALIZEDLISTOFOBJECTSTHATMAYBEAUDITEDFORTHISPURPOSE,THEAUDITORSCOLLECTINFORMATIONABOUTTHEOBJECTSTHATMAYBEAUDITED,INFORMATIONWHICHARETHENEXAMINEDINORDERTODETERMINETHEIRIMPACTONTHEMISSIONREGA

20、RDINGTHEINFORMATIONTHATTHEAUDITORSNEEDATTHISTIMEOFDEPLOYMENTOFINTERNALAUDITACTIVITY,REVIEWSTHELITERATUREPOINTSOUTTHATTHESECONCERNSBUSINESSOBJECTIVESANDGOALSRULES,PLANS,PROCEDURES,LEGALANDCONTRACTUALREGULATIONSWHICHMAYHAVESIGNIFICANTIMPACTONTHEOPERATIONSAUDITEDENTITY/STRUCTURENUMBERANDNAMESOFTHEEMPLO

21、YEES,EMPLOYEESWHOOCCUPYKEYPOSITIONS,JOBDESCRIPTIONS,CHANGESINTHEORGANIZATIONALSTRUCTURE,CHANGESININFORMATIONSYSTEMSTHEINCOMEANDEXPENDITURE,TURNOVERANDFINANCIALDATAREGARDINGTHEAUDITEDACTIVITYWORKINGDOCUMENTSOFPREVIOUSINTERNALAUDITASSIGNMENTSRESULTSOFOTHERMISSIONS,INCLUDINGEXTERNALAUDITORS,COMPLETEDOR

22、UNDERDEVELOPMENTCORRESPONDENCEFILESTODETECTIMPORTANTPROBLEMSINFORMATIONONTHETECHNICALREFERENCEDOCUMENTATIONFORTHEACTIVITYBEINGAUDITEDTECHNICALREFERENCEDOCUMENTATIONFORTHEACTIVITYCONCERNEDHOWEVER,INORDERTOACHIEVETHEANALYSISOFRISKS,THEAUDITORSSHOULDASSESSTHEPROCESSESOFRISKMANAGEMENTREGARDINGTHESEISSUE

23、S,THEINTERNATIONALINTERNALAUDITSTANDARDSSTATES“WEMUSTDISTINGUISHBETWEENTHEASSESSMENTOFRISKMANAGEMENTPROCESSESANDRISKANALYSISTHATTHEAUDITORSMUSTMAKE,INORDERTOPLANTHEIRACTIVITIESHOWEVER,THEINFORMATIONRESULTINGFROMAFULLRISKMANAGEMENTPROCESSANDINPARTICULARFROMTHEIDENTIFICATIONOFTHESUBJECTSOFINTERESTTOTH

24、EMANAGERSANDTHECOUNCILMAYHELPTHEINTERNALAUDITORTOPLANAUDITACTIVITIES”INSUCHCONDITIONSANDREQUISITIONSWECONSIDERASNECESSARYTHEFOLLOWINGPRESENTATIONOFSEVERALISSUESTHATMAYBECONSIDEREDASUSEFULINTERMSOFTHEAUDITORSAWARENESSOFTHESITUATIONSTHEYMAYENCOUNTERINPRACTICEAFIRSTPRACTICALISSUETHATCANBEINCORPORATED,R

25、ELATESTOTHESITUATIONWHERETHERISKMANAGEMENTPROCESS,ASPARTOFTHEORGANIZATIONALMANAGEMENTPROCESSISWELLORGANIZEDWITHINTHEENTITY1,INWHICHCASETHEREISARISKREGISTRYBOOKTHATHIGHLIGHTSTHEMAINRISKS,IDENTIFIEDANDASSESSED,ASSOCIATEDWITHRELEVANTOBJECTIVESBECAUSETHERISKSARECONSTANTLYCHANGING,THEAUDITORWILLBEINTERES

26、TEDTOSEEWHETHERTHERISKSANDTHEIRMITIGATIONMEASURESWEREREVIEWEDREGULARLYANDRECENTLYIFTHISISEVIDENTINPRACTICE,THEAUDITORWILLBEINTERESTEDTOEXPLOREANDVALIDATETHECONTENTREVISION,ORIFFULL,CURRENTANDWELLFOUNDEDFINALLY,IFTHEAUDITORCONCLUDESTHATTHERISKREGISTRYBOOKISAGOODBASISTOGUIDETHEAUDITACTIVITY,HEWILLFOCU

27、SONTHEHIGHERRISKSINVOLVED,TOENSURETHATCONTROLINSTRUMENTSAREPUTWITHEFFECTIVENESSINPRACTICELIKEWISE,ITSHOULDBEMENTIONEDTHATTHESERISKSARESEENBYTHEAUDITORONONEHANDASAN“EXPOSURE“BECAUSETHECONTROLINSTRUMENTSARENOTSUFFICIENTLYCONSISTENT,ANDONTHEOTHERHANDASAPOTENTIALFORADDINGVALUEBASEDONTHEMADERECOMMENDATIO

28、NSANOTHERRELEVANTPRACTICALISSUETOTHISPROBLEM,ISSPECIFICTOENTITIESTHATDONOTHAVEORGANIZEDSUCHARISKREGISTRYBOOKANDTHEMANAGEMENTDOESNOTHAVEACLEARIDEAONTHEMOSTIMPORTANTRISKSTHEYAREFACINGINTHESECIRCUMSTANCES,THEAUDITORSHOULDDISCUSSWITHTHEMANAGEMENTABOUTTHERISKS,THEIRIMPACTANDPROBABILITYTHISTHINGISRECORDED

29、BYTHEINTERNALAUDITORASPARTOFTHEAUDITTRAILIFTHEMANAGEMENTISNOTVERYCONCERNEDBYTHESERISKS,THEAUDITORSHOULDSEEKTOIDENTIFYANDASSESSTHERISKSONHISOWNKNOWLEDGEANDEXPERIENCEANDUSINGALLOTHERSOURCESOFINFORMATIONTHATISAVAILABLETHISCANBEDONEONLYWHENALLOTHEROPTIONSMENTIONEDABOVEHAVEBEENALREADYEXPLOREDANDCONSIDERE

30、DASINAPPROPRIATEINPRACTICETHISFIRSTPHASEOFRISKANALYSISPROCEDUREISCOMPLETEDBYINTERNALAUDITORSTHROUGHELABORATIONOFTHEDOCUMENTCALLEDIDENTIFICATIONOFRISKSREGARDINGTHISDOCUMENT,THEINTERNALAUDITINGSTANDARDSAPPLICABLEINROMANIADONOTPROVIDEASTANDARDIZEDTEMPLATET,LEAVINGITUPTOTHEPROFESSIONALSTOPREPARETHISDOCU

31、MENTASNECESSARYBESTABLISHINGTHECRITERIA,WEIGHTINGSANDLEVELSOFRISKASSESSMENTONTHESUBJECTOFRISKASSESSMENT,THEINTERNALAUDITORSHOULDDEVELOPANASSESSMENTMETHODOLOGYBESTPRACTICEINTHEFIELDRECOMMENDSTHATTHESTRUCTUREOFTHEINTERNALAUDITTOESTABLISHASETOFCRITERIAFACTORS,OBJECTIVESFORIMPACTMEASUREMENTANDANOTHERSET

32、OFINSTRUMENTSASTARGETSFORMEASURINGTHEPROBABILITYININTERNATIONALPRACTICE,THEIMPACTCRITERIAINCLUDEFINANCIALCRITERIA,OPERATIONALCRITERIA,REPUTATIONALCRITERIA,COMPLIANCECRITERIAETC,ANDTHEPROBABILITYCRITERIAAREOFTENACOMBINATIONOFEXPERIENCEANDINSIGHTSUSTAINEDBYINFORMATIONTHERULESOFINTERNALAUDITINROMANIA,A

33、PPLICABLETOPUBLICECONOMICENTITIES,RECOMMENDSFORTHERISKANALYSISTHEFOLLOWINGFACTORS/CRITERIAOFRISKASSESSMENTOFINTERNALCONTROL,QUANTITATIVEASSESSMENT,QUALITATIVEASSESSMENTCDETERMINATIONOFRISKLEVELANDDETERMININGTHETOTALRISKSCOREBASEDONTHERISKFACTORSDESCRIBEDABOVEINTHISPHASEOFTHERISKANALYSISPROCEDURE,ARI

34、SKASSESSMENTISCARRIEDOUTASSOCIATEDTOTHEACTIVITIESTHATMAYBEAUDITEDWHICHMATERIALIZESINAPPLYINGTOTHEWEIGHTSOFTHERISKFACTORSFORASSESSINGTHELEVELOFRISK,RISKFACTORS,BASEDONEVALUATIONSCONDUCTEDBYINTERNALAUDITORSDETERMININGTOTALRISKSCOREISACHIEVEDBYAPPLYINGTHESHAREOFEACHRISKASSESSMENTFACTORLEVELTODETERMINET

35、HETOTALSCOREDRISKRANKINGBASEDONTOTALSCORESAFTERTHECALCULATION,THEPHASEOFAPPRAISALOFTHELEVELOFRISKANDDETERMININGTHETOTALRISKSCOREISNECESSARYTOINDICATETOWHICHLEVELOFRISKCORRESPONDSNUMERICALRESULTOFTHECALCULATIONTOCONDUCTTHISWORK,ITISNECESSARYTOESTABLISHINTERVALSWHICHWILLINDICATETHELEVELOFRISK,INFACTTH

36、EPRIORITYITGIVESARISKAUDITBESTPRACTICEINTHEFIELDRECOMMENDSTHATINESTABLISHINGTHESIZEOFTHEINTERVAL,TOCONSIDERTHEAVAILABLERESOURCESWITHINTHEENTITYINORDERTOCARRYOUTTHEMISSIONOFINTERNALAUDITINTERNALAUDITRULESAPPLICABLETOPUBLICECONOMICENTITIESINROMANIA,RECOMMENDSSHARINGTHERISKSDEPENDINGONTHERISKFACTORSTAK

37、ENINTOANALYSISONTHREERISKLEVELSLOW,MEDIUM,LARGEATTHESAMETIME,PRACTICEINTHERELATEDAREAFROMOURCOUNTRY,RECOMMENDSFORRISKCLASSIFICATIONINTHECASEOFTHREERISKFACTORS,USINGTHEFOLLOWINGINTERVALSSMALLRISKFROM10TO18AVERAGERISKFROM1,9TO2,3HIGHRISKSFROM24TO30ALLACTIVITIESDEVELOPEDBYTHEAUDITORSINTHISPHASEOFRISKAN

38、ALYSISARESUMMARIZEDWITHASUMMARYDOCUMENTRANKINGOBJECTSTHATMAYBEAUDITED,WHICHTHELEGISLATIONHASENABLEDTHEUSERTOADAPTTOHISNEEDSEHIERARCHYOFACTIVITIES/OPERATIONSDEPENDINGONRISKANALYSISPRIORITIZINGACTIVITIESWHICHARETOBEAUDITEDSHALLBEBASEDONPREVIOUSLYPREPAREDDOCUMENTFORTHESUCCESSFULCOMPLETIONOFTHISACTIVITY

39、ISNECESSARYTOTAKEINTOACCOUNTTHENUMBEROFSTAFF,AVAILABLETIME,OTHERACTIVITIESTAKINGPLACEWITHINTHESTRUCTUREOFINTERNALAUDITANDRISKANALYSISSPECIFICALLYIDENTIFIEDINOTHERAREASOFTHEENTITYFDEVELOPTHEDETAILEDTHEMATICOFTHEINTERNALAUDITMISSIONTHEDETAILEDTHEMATICOFTHEINTERNALAUDITMISSIONISTHATPHASEWITHINTHEINTERN

40、ALAUDITMISSION,WHICHISDONEBYSELECTINGOBJECTIVESTHATMAYBEAUDITED,HAVINGASSTARTINGPOINTTHETABLEOFSTRENGTHSANDWEAKNESSESDOCUMENT,WHICHWEREASSESSEDASWEAKNESSESANDWILLBECONSIDEREDFURTHERFORAUDITINGREGARDINGTHEMETHODOFSELECTINGOBJECTSTHATMAYBEAUDITED,WECONSIDERITAPPROPRIATETOMENTIONTHEVIEWOFEXPERTSFROMROM

41、ANIA,RESPECTIVELY,“INPRACTICEUSUALLYTHEREARECONSIDEREDALLTHEOBJECTIVESTHATWERECLASSIFIEDASWEAKNESSES,BUTMAYBECOVEREDBYTHEAUDITORSANDOBJECTIVESTHATAREQUALIFIEDASSTRENGTHS,IFTHEAUDITORBELIEVESITNECESSARYTOINVESTIGATEWHETHERTHEINTERNALCONTROLSYSTEMISFUNCTIONING”THERESULTSOFTHISWORKAREREFLECTEDINELABORA

42、TIONOFTHETHEDETAILEDTHEMATICOFTHEINTERNALAUDITMISSIONDOCUMENT,FORWHICHTHERULESOFINTERNALAUDITAPPLICABLETOPUBLICECONOMICENTITIES,DONOTRECOMMENDTOUSEAFORMALIZEDDOCUMENT,LEAVINGITUPTOANAUDITORTOUSETHISDOCUMENTINACCORDANCEWITHHISNEEDS译文风险分析内部审计的特定过程资料来源帕特罗萨尼大学经济学年报作者卡罗特乔治，特拉扬风险，作为任何活动的内在因素，会对活动造成不同的影响。在

43、很多文献中可以发现有许多风险的定义。例如，法国公认的专家多米尼克维森特，引述了罗马尼亚文献中的例子，她认为“风险是一项会对公司的能力造成负面影响，对其实现目标构成威胁的事项或行动。”在该地区另一出版物风险管理改变内部审计师范式一文中，两位著名专家大卫和乔治塞利姆认为“风险是用来表达对某事件或结果的不确定性的一个概念，它可能会对机构实现其目标造成重大影响”。国际内部审计准则将风险定义为，“有一定的可能性影响到目标成功实现的事件”。适用于公共部门的内部审计条例把风险定义为，“任何会影响公共部门的能力并对其实现目标造成负面影响的事件、行动、情况或行为”。分析这些定义可以得出，风险是一种现在不一定发生

44、但在将来可能发生，会对实体实现其多年或者年度的目标构成威胁，风险应该被看作是概率和影响的组合。考虑到总量的影响，可能会产生战略或经营风险（在一些方法中出现中间风险或程序风险）。同样地，一些风险源于组织的外部环境（外部风险），而其余的源于组织自身的风险（内部风险）。然而，在可能产生风险的情况下，风险可以被看做是活动的依据法律，司法，金融，专业，社会，商业，信息，营运，环境，形象（商誉），财产。为了说明不同类型的风险可能会影响到一个实体的活动，我们把以下风险做为代表在表中列示。根据一般规则，就公共内部审计活动的运用而论，风险的主要类别包括组织风险（非正式程序）缺乏明确的责任，人力资源不足的组织，证

45、件不足，已经过时；操作风险不记录在帐，不正确的将错误文件归档，对高风险业务缺乏控制，财务风险无抵押金，未检测到金融风险业务；其他风险立法的，结构的变化或管理的改变所引起的风险。由上述风险导致，也就是说风险必须由它的两个成分来识别和评估，某件事（风险）发生的概率和其产生的影响力（目标的后果）（一）测量概率是指确定一个事件可能发生的概率。我们要记得，风险是一个可能发生（兑现）的问题（情况，事件），可能导致目标受到影响。换句话说，就是不确定的情况或事件的出现可能会影响目标的实现。概率是对不确定性事件的估量。风险出现的概率从不可能发生到必然发生可以被划分为三个级别低概率，平均概率，高概率。在实践中，对

46、风险出现的概率的测量，采用两个标准1评估实体的弱点。为了得出评估结论，审计人员通过技术手段将所有可能对弱点产生影响的因素进行仔细检查。该漏洞表现为三个层次低水平的弱点，平均水平的弱点，高水平的弱点。2评估内部控制。内部控制评估是基于实体的三个层次之间的内部质量控制分析适当的内部控制，不足的内部控制，缺乏内部控制。表1风险的种类序号风险类别1外部风险由外部环境产生并且不能完全由实体控制，但它可以采取缓解的措施11政治上的12经济上的13文化上的14技术上的15法律上的16环境上的2操作风险意味着发展活动的现行模式与现行业务有关，同样的也与创造和维护的能力与素质有关21进展中211有能力供给产品服

47、务；212运行的活动项目。22能力和素质221资源（资产，人力，财力，信息）；222关系223业务操作（结果）；224声誉23风险管理的方法和能力231治理（定期的和公平的）；232探索（能够识别风险和机遇）；233灵活性和适应性；234安全（主动的，社会的，信息的）（二）衡量事件（按影响程度）后果的严重性。对代表预期目标（效果）结果可能产生的影响是积极的或者消极的取决于风险的性质。在某些情况下，特别是当它涉及到战略目标和组织是复杂的（相似的，复杂的项目，复杂的活动），这就会影响评估使之成为一个难题，这需要对影响进行研究。但是，在组织中，大部分风险不属于上述性质，它们的影响可以用较少的努力衡量

48、出来。任何风险的影响根据不同性质的结果都有各自的特征。除了定性的后果可以用描述性的方式之外,后果方面可依据预算成本,努力工作时间和时间有可能延误分配时期所要实现的目标来表达。依据内部公共审计准则进行风险分析，设定以下几个步骤一、识别风险有关的活动。识别与被审计的对象有关的风险，应对涵盖的集中的一系列可能被审计的对象或者业务进行分析作为它的起点。为此，审计人员收集与被审计对象有关的信息。这些信息是为了考察对任务的影响。关于审计师需要在这个时期对内部审计活动进行调度的信息，回顾了文献指出这些问题值得关注商业目标和目的；规则，计划，程序，法律和合同规定，可能对业务产生重大影响；被审计单位/组织员工的

49、数量和名字，占据关键岗位的员工，岗位描述，组织结构的变化，信息系统的改变；收入和支出，经审核营业额及有关活动的财务数据；以前内部审计分配的工作记录；其他任务的结果，包括外部审计师，已完成或正在开发的成果；对应的文件来检测的重要问题，有关被审计活动的工程证明书文件材料，重视的活动的工程证明书文件。然而，为了得出对风险的分析，审计人员应评估风险管理的过程。对于这些问题，国际内部审计标准申明“我们必须区分风险管理流程和审计师做的风险分析，为了计划他们的活动。然而，信息产生于一个完整的风险风险管理流程，尤其是来自于有兴趣的利益主体身份的管理者和理事会的信息可能会帮助内部审计师完成审计记挂活动”。在这样的条件下，要求我们必要时考虑以下几个问题的描述，它们依据审计员意识到可能会在实践中遇到的情况，被认为也许是有用的。第一个实践问题，可以被纳入，涉及到其中的风险管理程序，作为组织管理过程的一部分在组织内被充分的利用，在这种情况下有一个风险登记册，突出的主要风险，确定和情况评估，与相关目标有关。由于风险是不断变化的，审计人员将有兴趣看看风险和他们的缓解措施是否有规律的和最新的。假如在实践中是明显的，审计人员将有兴趣去探索和验证内容的修订，如果充分，目前，说明内容是有根据的。最后，如果审计人员得出结论认为，风险登记簿是一个很好的依据去指导审计活动，他将专注于更高的风险，以确