In auditing, risk assessment is a very crucial stage before accepting an audit engagement. According to ISA315 Understanding the Entity and its Environment and Assessing the Risks of Material Misstatement, "the auditor should perform risk assessment procedures to obtain an understanding of the entity and its environment, including its internal control."
The main purpose of risk assessment procedures is to help the auditor understand the audit client. Aspects like client's business nature, management structure and internal control system are good examples. The procedures will provide audit evidence relating to the auditor�s risk assessment of a material misstatement in the client�s financial statements. Then, auditor obtains initial evidence regarding the classes of transactions at the client and the operating effectiveness of the client�s internal controls.
In auditing, audit risk includes inherent risk, control risk and detection risk.
