Presentation is loading. Please wait.

Presentation is loading. Please wait.

2 0 0 5 The Connection between Risk Management and Internal Control in Organizations Mag. Norbert Wagner Budapest, 11.4.2008.

Published byCorey Thomas Modified over 8 years ago

Similar presentations

Presentation on theme: "2 0 0 5 The Connection between Risk Management and Internal Control in Organizations Mag. Norbert Wagner Budapest, 11.4.2008."— Presentation transcript:

1 2 0 0 5 The Connection between Risk Management and Internal Control in Organizations Mag. Norbert Wagner Budapest, 11.4.2008

2 2 Internal Auditing Risk Management Internal Control Connections

3 Budapest, 11.4.2008 3 Internal Auditing Risk Management Internal Control Connections

4 Budapest, 11.4.2008 4 Internal Auditing Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization‘s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes. (The IIA, Definition of Internal Auditing, 2004)

5 Budapest, 11.4.2008 5 The internal audit activity should assist the organization by identifying and evaluating significant exposures to risk and contributing to the improvement of risk management and control systems. (IPPF, Standard 2110) The internal audit activity should monitor and evaluate the effectiveness of the organization's risk management system. (IPPF, Standard 2110 A.1)

6 Budapest, 11.4.2008 6 The internal audit activity should evaluate risk exposures relating to the organization's governance, operations, and information systems regarding the Reliability and integrity of financial and operational information, Effectiveness and efficiency of operations, Safeguarding of assets, Compliance with laws, regulations, and contracts. (IPPF, Standard 2110 A.2)

7 Budapest, 11.4.2008 7 Internal Auditing Risk Management Internal Control Connections

8 Budapest, 11.4.2008 8 Risk Management Enterprise risk management broadly defined as: …a process, effected by an entity’s board of directors, management and other personnel, applied in strategy setting and across the enterprise designed to identify and manage potential events that may affect the entity and to provide reasonable assurance regarding the achievement of entity objectives.

9 Budapest, 11.4.2008 9 Risk time Riskmanagement - Basis Not identified Identified avoid mitigate shift Residual- Risk Risk Identification Risk Analysis Risk Completion Risk Controlling

10 Budapest, 11.4.2008 10 Enterprise Risk Management Internal Environment (ERM philosophy, Risk Culture) Objective setting (Risk appetite, risk tolerance) Risk assessment (Likelihood & Impact, Correlation) Risk response (avoid, reduce, share or accept) Event identification (Risks & opportunities) Control activities (General and application controls) Information and Communication Monitoring (Separate, ongoing evaluations) COSO – Enterprise Risk Management - A Process

11 Budapest, 11.4.2008 11 The Role of Internal Audit regarding RM (1) Internal Environment No direct audit field But ERM philosophy and risk culture essential for IA position Objective Setting Risk appetite and risk tolerance adequate to enterprise objectives and RM methods and actions

12 Budapest, 11.4.2008 12 The Role of Internal Audit regarding RM (2) Event Identification Chances and Risks: Focus on completeness of risk identification Risk Assessment Quality of risk assessment through risk owner Efficiency and effectivity of instruments used for risk assessment

13 Budapest, 11.4.2008 13 The Role of Internal Audit regarding RM (3) Risk Response Regularity and completeness of analysis and assessment of applied risk control activities Control Activities Quality of risk assessment through risk owner Efficiency and effectivity of instruments used for risk assessment

14 Budapest, 11.4.2008 14 The Role of Internal Audit regarding RM (4) Information and Communication Regularity and effectivity of information process Completeness, accountability and understandability of directives Monitoring Regularity, usefulness and efficiency of each monitoring process Efficiency and effectivity of instruments used for risk assessment

15 Budapest, 11.4.2008 15 Internal Auditing Risk Management Internal Control Connections

16 Budapest, 11.4.2008 16 Internal Control Internal control is broadly defined as a process, effected by an entity's board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories: Effectiveness and efficiency of operations, Reliability of financial reporting, Compliance with applicable laws and regulations.

17 Budapest, 11.4.2008 17 Internal Control (IKS = Internes Kontrollsystem) Definition of IIA Austria Internal Control is the entirety of all process orientated monitoring activities of an enterprise. Included are the respective organisational regulations and guidelines of the whole operational Management „top down“ as well as the defined control activities and the monitoring role of the direct process owners, NOT the auditing (by the Internal Audit).

18 Budapest, 11.4.2008 18 Internal Control (IKS) supports and assures: a correct management and accounting compliance with the business policy compliance with the law and other regulations adherence to predetermined objectives the assets of an organization the completeness and credibleness of informations, documentations and processes the efficiency and effectivity of processes, the prevention and detection of failures and irregularities, the transparency and comprehensibility of actions to protect the people involved in the process the safety of people within the organisation and in its environment.

19 Budapest, 11.4.2008 19 Internal Auditing Risk Management Internal Control Connections

20 Budapest, 11.4.2008 20 Risk Management - Internal Control Risk Management is broadly defined as a process, effected by an entity’s board of directors, management and other personnel, applied in strategy setting and across the enterprise designed to identify and manage potential events that may affect the entity and to provide reasonable assurance regarding the achievement of entity objectives. Internal control is broadly defined as a process, effected by an entity's board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories: Effectiveness and efficiency of operations, Reliability of financial reporting, Compliance with applicable laws and regulations.

21 Budapest, 11.4.2008 21 Assurance of Effectivity of RMS Assessment of RM results Generation of RM measures Decision concerning measures Documentation/ Reporting Internal Auditing - Risk Management Risk Identification

22 Budapest, 11.4.2008 22 Safeguarding of company‘s business and assets Risk Management (stretegic) Internal Control operational, process orientated) Risk Policy Early Warning - Red Flags Operational RM Actions Process- Owner Control- Activities Policies, Guidelines Internal Monitoringsystem Internal Auditing Controlling strategicoperational

23 Budapest, 11.4.2008 23 Thank you

Download ppt "2 0 0 5 The Connection between Risk Management and Internal Control in Organizations Mag. Norbert Wagner Budapest, 11.4.2008."

Similar presentations

Risk Management at Harvard – Panel Discussion Harvard IT Summit

Risk Management at Harvard – Panel Discussion Harvard IT Summit
Internal Control–Integrated Framework

Internal Control–Integrated Framework
PRESENTATION ON MONDAY 7 TH AUGUST, 2006 BY SUDHIR VARMA FCA; CIA(USA) FOR THE INSTITUTE OF INTERNAL AUDITORS – INDIA, DELHI CHAPTER.

PRESENTATION ON MONDAY 7 TH AUGUST, 2006 BY SUDHIR VARMA FCA; CIA(USA) FOR THE INSTITUTE OF INTERNAL AUDITORS – INDIA, DELHI CHAPTER.
Lisanne Sison Director ERM Bickmore

Lisanne Sison Director ERM Bickmore
IMFO Audit & Risk Indaba June 2012

IMFO Audit & Risk Indaba June 2012
Chapter 10 Accounting Information Systems and Internal Controls

Chapter 10 Accounting Information Systems and Internal Controls
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Control and Accounting Information Systems

Control and Accounting Information Systems
Agency Risk Management and Internal Control Standards Presentation to the Board of Visitors November 14, 2014.

Agency Risk Management and Internal Control Standards Presentation to the Board of Visitors November 14, 2014.
STATE OF NEW YORK OFFICE OF THE STATE COMPTROLLER New York State Office of the State Comptroller Thomas P. DiNapoli, Comptroller Office of Operations John.

STATE OF NEW YORK OFFICE OF THE STATE COMPTROLLER New York State Office of the State Comptroller Thomas P. DiNapoli, Comptroller Office of Operations John.
It’s Time to Talk About Risk and Control

It’s Time to Talk About Risk and Control
Sodexo.com Group Internal Audit. page 2 helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and.

Sodexo.com Group Internal Audit. page 2 helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and.
Internal Control.

Internal Control.
Welcome! Internal Auditing CHAPTER 1. Definition Internal auditing is an independent, objective, assurance and consulting activity designed to add value.

Welcome! Internal Auditing CHAPTER 1. Definition Internal auditing is an independent, objective, assurance and consulting activity designed to add value.
Tax Risk Management Keeping Up with the Ever-Changing World of Corporate Tax March 27, 2007 Tax Services Bryan Slone March 27, 2007.

Tax Risk Management Keeping Up with the Ever-Changing World of Corporate Tax March 27, 2007 Tax Services Bryan Slone March 27, 2007.
1 INTERNAL CONTROLS A PRACTICAL GUIDE TO HELP ENSURE FINANCIAL INTEGRITY.

1 INTERNAL CONTROLS A PRACTICAL GUIDE TO HELP ENSURE FINANCIAL INTEGRITY.
Eliot M. Stenzel, CPA,CIA IIA Instructor for many years. 220-3198 Risk Based Auditing.

Eliot M. Stenzel, CPA,CIA IIA Instructor for many years Risk Based Auditing.
What is Risk Management? Whose responsibility is it in your institution? Mark Weatherley.

What is Risk Management? Whose responsibility is it in your institution? Mark Weatherley.
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
IDENTIFYING RISKS AND CONTROLS IN BUSINESS PROCESS

IDENTIFYING RISKS AND CONTROLS IN BUSINESS PROCESS

Similar presentations

Ads by Google