“Risk assurance”的意思、由来-开放百科全书

Risk assurance is often associated with accounting practices and is a growing industry. Risk assurance is similar to assurance practices.^[1] One way to think about it is that the assurance department in a firm is more broader and accounting based while the risk assurance department is a subset, much smaller and specific. ^[2]Auditors that work in the risk assurance department are more focused on auditing information technology general controls (ITGCs) and completing a system and organization control (SOC 1) reports.^[3]^[4] It has become a huge part of public accounting firms revenue as the industry trends show that firms and clients are moving towards making technology a huge part of their day to day services. This means risk assurance will become a huge part of their auditors work.^[3] It starts with a meeting between the client and auditor to discuss which processes of the client that the auditors will choose to audit. They decide this based on which processes are significant and what controls are there in place to prevent any error or fraud. An example of this would be access into the journal entry database to ensure that anyone who has access is supposed to and those who do not cannot access the database.

1. ^{{cite web | url=https://www.investopedia.com/terms/a/assurance-services.asp | title=Assurance Services|website=Investopedia.com| date=2010-08-27}}
2. ^{{cite web | url=https://www.pwc.com/sg/en/risk-assurance.html | title=Risk Assurance|website=Pwc.com}}
3. ^¹{{cite web|url=https://www.resourcenter.net/images/AHIA/Files/2008/AnnMtg/Handouts/TrackB5.pdf|format=PDF|title=Understanding IT General Controls Understanding IT General Controls|author=Ben Miron|date=September 9, 2008|website=Resourcecenter.net|accessdate=25 November 2018}}
4. ^{{cite web | url=https://www.coso.org/Pages/default.aspx | title=Welcome to COSO|website=Coso.org}}

References