A practical model to audit risk assessment in a health‐care setting

Risk assessment is one of the major steps in the audit‐planning process. The increase in the number of incidents of auditors′ negligence has focused attention on this important step. Risk is defined in a statement by the Internal Auditing Standards as “the possibility that an event or action may occur which would adversely affect the organization”. The effects of risk can be faulty decisions as a result of utilizing inaccurate or incomplete information; inappropriate accounting treatment; fraudulent financial reporting; failure to safeguard assets adequately; failure to follow certain organizational policies and procedures; non‐compliance with relevant laws and regulations and inefficient or ineffective use of resources. In order to minimize the risks, the internal audit department must develop an audit plan that ensures maximum coverage of the areas to be audited. Experts in the field of auditing stress that the risk could be minimized if the selection of potential audit areas emanates from a risk assessment process. Uses a multifactor evaluation technique for the development of a risk‐based audit plan at a local hospital.