Presentation is loading. Please wait.

Presentation is loading. Please wait.

Section Topics Establish a framework for assessing risk

Published byEmma Bond Modified over 8 years ago

Similar presentations

Presentation on theme: "Section Topics Establish a framework for assessing risk"— Presentation transcript:

1 Section Topics Establish a framework for assessing risk
Use of the framework Identify internal audit resource requirements Coordinate the internal audit activity’s efforts Select engagements Part 1, Section 3

2 Control and Risk Management Part 1, Section 3, Introduction
“Any action taken by management, the board, and other parties to manage risk and increase the likelihood that established objectives and goals will be achieved” “A process to identify, assess, manage, and control potential events or situations, to provide reasonable assurance regarding the achievement of the organization’s objectives” Part 1, Section 3, Introduction

3 Internal Audit Activity Role in Risk Management
Help management understand internal controls and risk management processes. Develop and implement a risk assessment framework for internal audit planning. Practice a systematic, disciplined auditing approach. Provide objective and independent assurance. Recommend improvements, as warranted. Part 1, Section 3, Introduction

4 A Risk-based Assessment Framework
Identifies all sources of potential engagements and all potential auditable activities Determine the audit universe. Assesses internal and external risks based primarily on their impact on organizational goals and objectives Examine organizational risk factors. Annual audit plan Evaluates proposed engagements Establishes criteria and ranks risks Considers staffing Prioritize audits. Part 1, Section 3, Topic 1

5 The Audit Universe Sources of engagements Other sources
Operating entities Information technology Strategic plan Sources of engagements External business relationships Management and employees Regulatory mandates Management requests Part 1, Section 3, Topic 2

6 Discussion Question A meeting between the CAE and the general counsel identifies several key business risks. A logical next step is to determine if risks must be handled by external auditors. conduct a focus group with business unit leaders to discuss likelihood and impact. survey management and employees to quantify attitudes and perceptions. Answer: B. A focus group can help prioritize risks based on magnitude and probability of occurrence. Part 1, Section 3, Topic 2

7 + Qualitative Data Quantitative Data Examples: Interviews Focus groups
Measures derived from concrete, objective criteria Subjective, or soft, measures Examples: Interviews Focus groups Observations Meetings Examples: Studies Reports Surveys Part 1, Section 3, Topic 2

8 Assessing Organization-wide Risk
Takes a systematic look at the nature of risks and opportunities Risk identification Evaluates the potential impact of risks based on the probability of occurrence Risk measurement Ranks risks and establishes relative strengths and potential consequences Risk prioritization Part 1, Section 3, Topic 2

9 Proposed Engagements Audit plan should be based on the audit universe, input from senior management and the board, and an assessment of risk and exposures affecting the organization. Key audit objectives are usually to provide senior management and the board with assurance and information to help them accomplish the organization’s objectives, including an assessment of the effectiveness of management’s risk management activities. Practice Advisory , “Linking the Audit Plan to Risk and Exposures” Part 1, Section 3, Topic 2

10 Discussion Question Which of the following are decision factors used to rank and validate risk priorities? Respond “yes” or “no.” Answers: Yes No Quality of existing internal controls Asset liquidity Likelihood of coordination with external auditors Potential financial impact Part 1, Section 3, Topic 2

11 Reinforcing Activity 1-6
Part 1, Section 3, Topics 1 and 2 Establish and Use Framework for Assessing Risk Part 1, Section 3, Topic 2

12 Discussion Question Ten high-risk engagements have been identified. The CAE can staff only seven. The BEST course of action is to seek the advice of the audit committee about which engagements should be delayed. look at ways to coordinate engagements with regulatory bodies and other assurance functions. communicate the impact of resource limitations to the board and senior management. ask for additional resources. Answer: C. The CAE must communicate the impact of resource limitations to the board/senior management. Part 1, Section 3, Topic 3

13 Scope for Internal and External Auditors
Apply a systematic, disciplined approach to evaluate and improve risk management, control, and governance processes. Concerned with all aspects of the organization. Focus on future events. Defined by Section 2100 of the Standards. Internal auditors External auditors Ordinary examination is designed to obtain sufficient evidential matter to support an opinion on the overall fairness of the annual financial statements. Approach is historical. Defined by their professional standards. Part 1, Section 3, Topic 4

14 The CAE’s Role in Coordination with External Auditors
Achieve effective coordination of work. Minimize duplication with internal auditing coverage. Assist external auditors—possibly agreeing to perform some work. Regularly evaluate the coordination between internal and external auditors. Practice Advisory 2050-1, “Coordination” Part 1, Section 3, Topic 4

15 Discussion Question Which of the following describe appropriate coordination activities? (Select all that apply.) Evaluating corrective actions taken to reduce hazardous waste Comparing annual internal and external audit plans Reviewing related regulatory reports Exchanging audit schedules and reports with the quality control function Answer: All of these are valid coordination efforts to maximize audit coverage and minimize redundancies. Part 1, Section 3, Topic 4

16 Coordination with Other Internal Assurance Functions
Internal Audit Activity Compliance Quality control Security Safety Enterprise risk management Part 1, Section 3, Topic 4

17 Reinforcing Activity 1-7
Part 1, Section 3, Topics 3 and 4 Identify Resources and Coordinate IA Activity’s Efforts Part 1, Section 3, Topics 3 and 4

18 The Internal Audit Activity’s Contributions to Risk-based Planning
Communicate and obtain approval. Select engagements. Participate in selection process. Updates 1 2 3 4 Part 1, Section 3, Topic 5

19 Reinforcing Activity 1-8
Part 1, Section 3, Topic 5 Select Engagements Part 1, Section 3, Topic 5

20 End of Section 3 Questions? Part 1, Section 3

Download ppt "Section Topics Establish a framework for assessing risk"

Similar presentations

Organizational Governance

Organizational Governance
. . . a step-by-step guide to world-class internal auditing

. . . a step-by-step guide to world-class internal auditing
Www.theiia.org External Quality Assessments Frequently Occurring Findings Observed by The IIA QA Teams.

External Quality Assessments Frequently Occurring Findings Observed by The IIA QA Teams.
PROJECT RISK MANAGEMENT

PROJECT RISK MANAGEMENT
Auditing, Assurance and Governance in Local Government

Auditing, Assurance and Governance in Local Government
A Consultative Approach to Auditing

A Consultative Approach to Auditing
IMFO Audit & Risk Indaba June 2012

IMFO Audit & Risk Indaba June 2012
Chapter 1 An Introduction to Assurance and Financial Statement Auditing McGraw-Hill/Irwin Copyright © 2012 by The McGraw-Hill Companies, Inc. All rights.

Chapter 1 An Introduction to Assurance and Financial Statement Auditing McGraw-Hill/Irwin Copyright © 2012 by The McGraw-Hill Companies, Inc. All rights.
Supervisory Committee Communications with Management and the Board

Supervisory Committee Communications with Management and the Board
It’s Time to Talk About Risk and Control

It’s Time to Talk About Risk and Control
Sodexo.com Group Internal Audit. page 2 helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and.

Sodexo.com Group Internal Audit. page 2 helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and.
Presented by: Patricia “Patti” Snopkowski Chief Auditor, OUS Internal Audit Division 2011 Annual Risk Assessment.

Presented by: Patricia “Patti” Snopkowski Chief Auditor, OUS Internal Audit Division 2011 Annual Risk Assessment.
An Introduction to Assurance and Financial Statement Auditing

An Introduction to Assurance and Financial Statement Auditing
An Introduction to Assurance and Financial Statement Auditing

An Introduction to Assurance and Financial Statement Auditing
CBIZ Risk & Advisory Services, LLC 1 Quality Assessments Lessons Learned/Best Practices Thomas A. Johnson, CIA November 13, 2007.

CBIZ Risk & Advisory Services, LLC 1 Quality Assessments Lessons Learned/Best Practices Thomas A. Johnson, CIA November 13, 2007.
Eliot M. Stenzel, CPA,CIA IIA Instructor for many years. 220-3198 Risk Based Auditing.

Eliot M. Stenzel, CPA,CIA IIA Instructor for many years Risk Based Auditing.
IS Audit Function Knowledge

IS Audit Function Knowledge
Operational Auditing--Fall 2009 1 Operational Auditing Fall 2009 Professor Bill O’Brien.

Operational Auditing--Fall Operational Auditing Fall 2009 Professor Bill O’Brien.
Operational Auditing--Spring 2011 1 Operational Auditing Spring 2011 Professor Bill O’Brien.

Operational Auditing--Spring Operational Auditing Spring 2011 Professor Bill O’Brien.
Continuous Business Risk Assessment. About BYU Private, Church-sponsored Founded 1875 Three campuses –Provo, Utah (30,000) –Rexburg, Idaho (14,000) –Laie,

Continuous Business Risk Assessment. About BYU Private, Church-sponsored Founded 1875 Three campuses –Provo, Utah (30,000) –Rexburg, Idaho (14,000) –Laie,

Similar presentations

Ads by Google