1. ‘Inherent Risk’ can be defined as the combination of internal and external risk factors in their pure, uncontrolled state, or gross risk that exists assuming there are no internal control activities in place.

‘Residual Risk’, on the other hand, can be defined as the portion of inherent risk that remains after management executes its risk responses.

With the above definitions in mind, discuss why internal auditors typically focus on inherent risk while management tends to focus on residual risk.

2. What are the components/elements of a well written audit report finding? Discuss any two of them.

(Not in the entire report, only in a finding/observation)