05-03-2004, 06:20 PM
The Information System Audit Process
Risk based approach
As you guys all know to be good candidate for any professional exam we should adopt risk based approach to pass the exam as most the question can be solved rely upon our abilities to solve the problem based on risk.
All activities in our life have risk. We are constantly doing a risk analysis hundreds of times a day in the normal course of our lives, for example, what will happen if used the new product? Should I push my speed limit up? Will I reach my destination if I walk fast? All actions have risk associated with them. As we all know to do any business we should have cost associated with it. We all have same pattern to think about actions which we took or which we going to take i.e. consequences are evaluated, the probability of loss is computed, risks are weighed, then a choice is make. This all is nothing but risk based approach which we apply in our life.
To accomplish business objectives we have to take risks. If we donât have risk we donât have any reason to take decisions. We have to have risk to take business decisions. Taking risk is good for business growth. In this fast growing world we are required to take risk based decision making. More risk, more reward. No pain, no gain.
I will some up the above discussion by my these ending remarks - managing risk could mean monitoring the situation with no additional control actions taken, or it could mean reducing controls because the risks do not warrant the extent of the controls currently being applied. The old adage âdonât spend $100 to solve a $10 problemâ is what risk management is all about.
There is no word like luck in business world to be sustained in this world. Auditing is designed to give management a view of the effectiveness of their processes and the associated controls and how well the risk is being.
I will continue my discussion on the same topic in my next visit.
kris
Risk based approach
As you guys all know to be good candidate for any professional exam we should adopt risk based approach to pass the exam as most the question can be solved rely upon our abilities to solve the problem based on risk.
All activities in our life have risk. We are constantly doing a risk analysis hundreds of times a day in the normal course of our lives, for example, what will happen if used the new product? Should I push my speed limit up? Will I reach my destination if I walk fast? All actions have risk associated with them. As we all know to do any business we should have cost associated with it. We all have same pattern to think about actions which we took or which we going to take i.e. consequences are evaluated, the probability of loss is computed, risks are weighed, then a choice is make. This all is nothing but risk based approach which we apply in our life.
To accomplish business objectives we have to take risks. If we donât have risk we donât have any reason to take decisions. We have to have risk to take business decisions. Taking risk is good for business growth. In this fast growing world we are required to take risk based decision making. More risk, more reward. No pain, no gain.
I will some up the above discussion by my these ending remarks - managing risk could mean monitoring the situation with no additional control actions taken, or it could mean reducing controls because the risks do not warrant the extent of the controls currently being applied. The old adage âdonât spend $100 to solve a $10 problemâ is what risk management is all about.
There is no word like luck in business world to be sustained in this world. Auditing is designed to give management a view of the effectiveness of their processes and the associated controls and how well the risk is being.
I will continue my discussion on the same topic in my next visit.
kris