Text PAQ 4.36
Assessing inherent risk
Required:
Based on the background information, what are the major inherent risks in the MaxSecurity audit?
Consider both industry and entity risks in your answer.
Industry:
- defence - high sensitivity of product information, customer information.
- risk of selling to allies which later become enemies, or on-sale of products to others.
- competitive market tendering to win government contracts.
Entity:
- high reliance on one product, specialised nature of product and reliance on export customers creates risk to revenue stream
- pricing of sophisticated product designed to meet customer specifications
- adequate security over designs, customer details – effect on personnel (e.g. security clearances required?), inventory management (secrecy over product components?) etc.
- new inventory costing system, replacing in-house system – does new system provide comparable information, has it been tested, integration with other client systems
- sophisticated nature of product design and costing information, questions about standard costing, inventory movements
- adequate documentation for tendering
- sufficient accountability of waste – is any waste controlled substances e.g. dangerous chemicals used? How are damaged items and wastes disposed of?