Text PAQ 4.36

Assessing inherent risk

Required:

Based on the background information, what are the major inherent risks in the MaxSecurity audit?

Consider both industry and entity risks in your answer.

Industry:

• defence - high sensitivity of product information, customer information.
• risk of selling to allies which later become enemies, or on-sale of products to others.
• competitive market tendering to win government contracts.

Entity:

• high reliance on one product, specialised nature of product and reliance on export customers creates risk to revenue stream
• pricing of sophisticated product designed to meet customer specifications
• adequate security over designs, customer details – effect on personnel (e.g. security clearances required?), inventory management (secrecy over product components?) etc.

• new inventory costing system, replacing in-house system – does new system provide comparable information, has it been tested, integration with other client systems
• sophisticated nature of product design and costing information, questions about standard costing, inventory movements
• adequate documentation for tendering
• sufficient accountability of waste – is any waste controlled substances e.g. dangerous chemicals used? How are damaged items and wastes disposed of?