All about Security: 檢測風險, 殘留風險, 固有風險, 次要風險

2020年4月10日星期五

檢測風險(Detection Risks)

Detection risks are the risks that an auditor will not be able to find what they are looking to detect.Hence, it becomes tedious to report negative results when material conditions (faults) actually exist. Detection risk includes two types of risk: Sampling risk: This risk occurs when an auditor falsely accepts or erroneously rejects an audit sample. Non-sampling risk: This risk occurs when an auditor fails to detect a condition because of not applying the appropriate procedure or using procedures inconsistent with the audit objectives (detection faults).

Residual risk is the risk or danger of an action or an event, a method or a (technical) process that, although being abreast with science, still conceives these dangers, even if all theoretically possible safety measures would be applied (scientifically conceivable measures).
The formula to calculate residual risk is (inherent risk) x (control risk) where inherent risk is (threats vulnerability). In the economic context, residual means "the quantity left over at the end of a process; a remainder".

審計中的固有風險是指由於錯誤或欺詐而使被審計的帳戶或科目嚴重失誤而未考慮內部控制的風險。固有風險的評估取決於審計師的專業判斷，並且是在評估被審計實體的業務環境之後進行的。

Inherent risk, in auditing, is the risk that the account or section being audited is materially misstated without considering internal controls due to error or fraud. The assessment of inherent risk depends on the professional judgment of the auditor, and it is done after assessing the business environment of the entity being audited.

次要風險是由於實施風險應對措施而直接產生的風險。次要風險是應對原始風險的結果。次要風險不像主要風險那麼嚴格或重要，但是如果沒有適當地估計和計劃，那麼事實就是如此。

A secondary risk is a risk that arises as a straight consequence of implementing a risk response. The secondary risk is an outcome of dealing with the original risk. Secondary risks are not as rigorous or important as primary risks, but can turn out to be so if not estimated and planned properly.