With a solid understanding of the company, its objectives and inherent risks, the auditor must consider the possible impact of the various risks on the achievement of business objectives and the likelihood of their occurrence. By considering both the impact of key risks and the likelihood of occurrence, a risk profile of the organisation can be developed. The risk profile is presented to management and the audit committee using a colour-coded heat map that identifies high, moderate and low risk areas. This initial risk assessment identifies specific business units, processes or activities that present the highest risks and forms the basis of the audit programme. .
