A company's risk profile determines the scope of its annual audit. The greater the risks, the more audit testing is required. Auditors are looking for those risk factors that may cause the financial statements to be misstated. But the reality is that auditors are concerned with all kinds of risks that can impact a client company—because the financial statements cannot be viewed in isolation from company operations.
The Public Company Accounting Oversight Board recently issued standards to help auditors improve the effectiveness of their risk assessments, and to enhance the way auditors address client risks. But the methods used by auditors to assess and deal with client risks also can be employed by management—as a framework for developing a risk management program. This short commentary explores how to do that. © 2012 Wiley Periodicals, Inc.