Risk Levels. In addition to explaining and giving details about the “Effect, potential impact or risk” in the text of an audit observation, UNDP requires that the auditor also identifies the risk level in the audit report by using one of the following 3 pre-established risk levels: High Action that is considered imperative to ensure that UNDP is not exposed to high risks(i.e. failure to take action could result in major consequences and issues). Medium Action that is considered necessary to avoid exposure to significant risks (i.e. failure to take action could result in significant consequences). Low Action that is considered desirable and should result in enhanced control or better value for money. RECOMMENDATION This aspect suggests how the situation might be remedied. An effective recommendation directly relates to and targets the cause. It isn't enough to state in general terms that management should fix the problem; the recommendation statement should also explain how remediation is to be achieved. A good recommendation maintains the proper balance between the risk presented and the cost to control it. Before making a recommendation, the auditor should consider the following questions: Does the recommendation solve the problem and eliminate or reduce the risk? Can the recommendation be implemented within the current environment? Is the recommendation cost-effective? Will the recommendation act as a temporary bandage or a permanent solution? Examples of effective recommendations include monthly or quarterly physical inventories of all assets and equipment with reconciliation to appropriate records. ADDITIONAL TIPS Whenever possible, similar findings should be combined into 0ne form so that the case for implementing the recommendation is strengthened. Playing devil's advocate can be an extremely helpful exercise. After completing the audit observation and recommendation, auditors should place themselves in the auditees' shoes and challenge/question the validity of the issue. If the issue cannot stand up to this exercise, it probably should not be included in the audit report. Annex 10: SAS 220 - GUIDANCE ON AUDITMATERIALITY Below are some highlights from the Statement of Auditing Standards (SAS) 220 – Audit Materiality. These are meant to provide guidance to the auditors in determining the materiality of observations for reporting purposes and as they might affect the audit opinion. The auditors should refer to SAS 220 for more details. The purpose of the SAS is to ...
Risk Levels. Current GS risk levels: (We can provide the 1-page matrix) • No incident – no business impact • RL3 – low risk/low impact • RL2 – known or medium risk with potential business impact • RL1 – high Risk incident
Risk Levels. 6.1 [The Contractor shall, from time to time, consider its risk level against the criteria specified in the table below. If any event occurs at any time which will [(or may)] trigger a change in the risk level of the Contractor from that existing as at the Effective Date (and for the avoidance of doubt the parties agree that the risk level of the Contractor at the Effective is [nil]) or any risk level applicable to the Contractor from time to time then the Contractor will immediately notify the Authority in writing.]
6.2 If any one or more of the factors specified against each risk level apply then the Contractor shall be determined as having that risk level. For the avoidance of doubt, the risk level shall be determined to be the highest risk level indicated in respect of at least on of the factors. Risk Level
Risk Levels. In addition to explaining the and giving details about the “Effect, potential impact or risk” in the text of an audit observation, UNDP requires that the auditor also identifies the risk level in the audit report by using one of the following 3 pre-established risk levels: This aspect suggests how the situation might be remedied. An effective recommendation directly relates to and targets the cause. It isn't enough to state in general terms that management should fix the problem; the recommendation statement should also explain how remediation is to be achieved. A good recommendation maintains the proper balance between the risk presented and the cost to control it. Before making a recommendation, the auditor should consider the following questions: Does the recommendation solve the problem and eliminate or reduce the risk? Can the recommendation be implemented within the current environment? Is the recommendation cost-effective? Will the recommendation act as a temporary bandage or a permanentsolution? Examples of effective recommendations include monthly or quarterly physical inventories of all assets and equipmentwith reconciliation to appropriate records. Whenever possible, similar findings should be combined into one form so that the case for implementing the recommendation is strengthened. Playing devil's advocate can be an extremely helpful exercise. After completing the audit observation and recommendation, auditors should place themselves in the auditees' shoes and challenge/question the validity of the issue. If the issue cannot stand up to this exercise, it probably should not be included in the audit report. Below are some highlights from the Statement of Auditing Standards (SAS) 220 – Audit Materiality. These are meant to provide guidance to the auditors in determining the materiality of observations for reporting purposes and as they might affect the audit opinion. The auditors should refer to SAS 220 for more details. The purpose of the SAS is to establish standards and provide guidance on the concept of materiality and its relationship with audit risk. Auditors should consider materiality and its relationship with audit risk when conducting an audit (SAS 220.1) A matter is material if knowledge of the matter would reasonably influence the economic decisions of users taken on the basis of the financial statements. Materiality may be considered in the context of the financial statements as a whole, any individual statements within the f...
