There are many differences between traditional auditing and Risk-based auditing.
Traditional auditing is associated with conducting tests to issue an opinion on the fairness of the financial statements of the company being audited. Those tests include, tests on internal controls that the company uses to produce figures in the financial statements, tests on the balances of the accounts, and tests on the overall posting system of its accounts.
Where as in Risk-based auditing the audit plan is based on the assessment of the Risks which impact the overall company’s objectives, the audit plan includes to identify and assess risk responses that management relying upon to manage those risks. Risk-based Auditing provides an in-depth understanding of the business unit operations through risk assessment which provides assurance, that important risks are being managed properly, and more efficient use of resources has been applied by concentrating on risky areas. Generally, risk-based auditing focuses on audit risks, i.e. inherent risk, control risk, and detection risk. Inherent risk is the risk involved in the nature of business or transaction. Control risk refers to the risk that a misstatement could occur but may not be detected and corrected or prevented by entity’s internal control mechanism. Detection risk is the probability that the audit procedures may fail to detect existence of a material error or fraud. Risk-based auditing takes a step further than traditional auditing and not only focuses on audit risks, but also highlights business risk. That is because business risk can affect the profitability and even survival of a firm.
By concluding our discussion, we can say that, a poorly controlled environment has considerable risks that must be the focus of attention of the management. In this situation, risk-based auditing identifies the weaknesses and helps the management to take proper measures in reinforcing the internal controls.