The auditing profession has taught me several models that help me think – both professionally and personally.
For instance, I can convince my husband that we need to eat less sugar using the elements of a finding.
I can back up my rationale for why I don’t think my brother-in-law should move in with us using the SPPRC structure.
I can think through how to keep my children safe using the controls described in the COSO model.
But most importantly, I can free my mind from a good amount of the worry the news media stirs up by using the risk assessment questions auditors use during audit planning.
The news feeds our fears
The 24-hour news cycle forces journalists to make mountains out of molehills in order to keep readers and viewers interested.
But I don’t want to worry my days away over exaggerated, negative and salacious news. So, I actively work to filter out much of what I hear and see in order to remain creative and peaceful.
Some people let all the negative news in. For instance, a few days ago, while walking my dog, I ran into a neighbor who anxiously parroted the bad news featured on CNN that morning.
Maybe my neighbor likes to worry. Maybe she likes the drama and needs something negative to occupy her mind. Minds do like to dwell on fearful, negative stuff if they have nothing else to do. But I’d rather my mind have something else to do such as creating a new product or helping a friend.
Risk assessment questions can free our minds
Maybe my neighbor doesn’t know about risk assessment. Maybe she doesn’t know how risk assessment lets you rationally think through whether something is worthy of concern. Risk assessment lets you take out the mental trash, so to speak, and clear your mind of fearful, negative stuff.
Yes, there are issues that the press brings to our attention so that we can make necessary changes. But just because the news media is on a tear about something doesn’t mean that I should also be on a tear about that same something.
Here is how an auditor decides whether a subject matter is worthy of their attention on an audit. An auditor asks these risk assessment questions:
- What could go wrong? (the condition statement/inherent risk)
- Why is that important? (the effect statement/inherent risk)
- How important is it? (magnitude of the inherent risk)
- How likely is it? (likelihood of the inherent risk)
- Is anyone doing anything to stop it? (controls applied)
- How robust are these efforts? (assessing the strength of controls applied)
- What is the gap between the thing that could go wrong and what is being done to stop it? (residual risk)
- Can I do anything to fill this gap? (recommendations or actions)
Those questions can also help us find some peace when we are confronted with the next big news story. Because just like on an audit, we don’t have the time or energy to act on every concern. Some concerns have to be subordinated in order to make room for the important stuff.
The one thing…
Do you remember the movie, “City Slickers,” starring Billy Crystal? And how the wise, old cowboy advised a middle-aged and unhappy Billy Crystal to find the one thing to focus on, and then everything else would fall into place. That cowboy knew about risk assessment! His essential message stated you can’t concern yourself with everything, or you will rob yourself of your peace of mind and miss your destiny.
So, the risk assessment questions help you distinguish between what is petty and what is important to act on. But don’t think of risk assessment as a one-and-done activity. You have to ask these questions every day, both on your audit and as you keep up with the news. That way, you will filter out the drama so you can stay focused on what is important to you.
Want to learn more about risk assessment in audits?
Try the Essential Auditing Skills and Techniques for the Government Auditor course where Leita Hart-Fanta walks you through a risk assessment for the financial audit, a compliance audit and a performance audit. Let Leita guide you through every step of conducting an audit including assessing risk, refining the audit objective, choosing methodologies and documenting your work: All the essential auditing skills and techniques that will serve you no matter where, or for whom, you audit.
We also invite you to join featured speaker, Joseph Horowitz, on November 20 for his 2-hour live webinar, It’s 2024…Here’s Your Cybersecurity Wake Up Call! This course is designed specifically for government auditors to provide a solid understanding of security regulations, frameworks and internal controls in accordance with GAO standards. Upon completion of the webinar, students will determine how to use cybersecurity frameworks to conduct risk assessments. Sign up today!
Yellowbook-CPE.com is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: