Professional Documents
Culture Documents
Tradition:
Crisis:
Today ..
Brief History of Internal Auditing What is Risk Based Internal Auditing? Risk Based Internal Auditing Advantages .....and potential difficulties The 10 Deadly Sins of Risk Based Auditing Summary
Necessity created internal auditing and is making it an integral part of modern business. No large business can escape it. If they havent got it now, they will have to have it sooner or later, and, if events keep developing as they do at present, they will have to have it sooner.
and procedures.
Ascertaining the extent to which company assets are accounted for, and
responsibilities.
Internal auditing is an independent appraisal activity. It is a control which functions by examining and evaluating the adequacy and effectiveness of other controls. The objective of internal auditing is to assist members of the organization in the effective discharge of their responsibilities. The audit objective includes promoting effective control at reasonable cost.
Developing Risk Thinking COSO 1992: linked traditional internal controls to protecting against risks; 2000-02: Corporate Governance guidance explicitly talked of Managements Responsibilities in respect of risk management and internal control And in relation to all aspects of an entitys business
organization's risk management, governance and internal control processes are operating effectively. Internal auditors deal with issues that are fundamentally important to the survival and prosperity of any organization. They look beyond financial risks and statements to consider wider issues such as the organization's reputation, growth, its impact on the environment and the way it treats its employees.
The main aim of internal auditing is to help the organization achieve its
objectives
A risk is a set of circumstances that hinder the achievement of objectives.
Risks
Controls
Risk based internal auditing is an audit approach designed to provide assurance that the business is appropriately mitigating SIGNIFICANT risks to the achievement of objectives
Strategy
Operations
POLICEMAN
The potential for Internal Auditing to become a more attractive profession than we have been traditionally. Attracting the best people.
Reduced Cost
Targeted Resources
Potential Difficulties
My business does not have Enterprise Risk Management (ERM) yet? - consult - management input - share outputs What about compliance checks? - focussed - as long as policies/procedures address objectives / risks Audits perceived as important by management may disappear - Education Closer working relationship with management may compromise independence - Boundaries - Education
Controls
Objectives
Risks
r
RISK:
Succession Plan
No succession plans
a
OBJECTIVE: Business continuity
MORE APPROPRIATE:
RISK: Staff in key positions are absent / leave the business CONTROL: (1) Appropriate notice periods for key staff; Short and long term succession plans in place TEST PLAN: (1) Obtain list of key staff / positions Check notice Review adequacy of contingency plans RESULT: Notice periods ok, short term contingency ok, lack of longer term planning RECOMMENDAT ION Introduce succession planning across the business linked into career development plans. This should include a one to five year time period.
(2)
(2) (3)
the business;
Risks
Objectives
Controls
Audit
Management
CONCLUSIONS
Many businesses have made moves towards risk based
Internal Audit; Business wide focus. BUT: Unless we eliminate the 10 Deadly Sins, we will not realize the full benefits; Internal Auditors need to think OBJECTIVE RISK CONTROL in everything they do; Risk based thinking throughout the audit process is essential; Risk based auditing must not be just a buzzword.
Thank You!