An approach for performing audits (both financial and Shari’ah) with a specific focus on associated risks and risk-related areas that would have potential impact on the subject-matter of audit- i.e., the operations, organizational set-up and financial well-being, or Shari’ah compliance (in case of a Shari’ah audit) of the auditee (such as an Islamic bank). The auditor will define the audit universe and set to assess the risks associated with all processes towards compiling a list of observations and corresponding causes, using a suitable set of criteria. The auditor’s report will be submitted to the management for action.