Presentation is loading. Please wait.

Presentation is loading. Please wait.

It’s Time to Talk About Risk and Control

Published byVivian Chapman Modified over 9 years ago

Similar presentations

Presentation on theme: "It’s Time to Talk About Risk and Control"— Presentation transcript:

1 It’s Time to Talk About Risk and Control
Internal Audit It’s Time to Talk About Risk and Control

2 Demands/Expectations of Internal Audit’s Stakeholders Have Changed
The Audit Committee and Board: Execution of a comprehensive “risk based audit plan” Expertise and assurance on risks and controls Assistance in executing governance responsibilities Resident “eyes and ears” within the enterprise A “trusted advisor” Management: Expertise and assurance on internal controls Insight, advice, and assurance on enterprise risks Timely and relevant information to facilitate risk management and business decisions Additional financial related coverage The Audit Committee and Board: Execution of a comprehensive “risk based audit plan” Expertise and assurance on risks and controls Assistance in executing governance responsibilities Resident “eyes and ears” within the enterprise A “trusted advisor” External Auditors: Insight into the adequacy of financial controls Execution of a “risk-based audit plan” addressing financial risks – including relevant IT controls

3 Demands/Expectations of Internal Audit’s Stakeholders Have Changed
The Audit Committee and Board: Execution of a comprehensive “risk based audit plan” Expertise and assurance on risks and controls Assistance in executing governance responsibilities Resident “eyes and ears” within the enterprise A “trusted advisor” Management: Expertise and assurance on internal controls Insight, advice, and assurance on enterprise risks Timely and relevant information to facilitate risk management and business decisions Additional financial related coverage External Auditors: Insight into the adequacy of financial controls Execution of a “risk-based audit plan” addressing financial risks – including relevant IT controls

4 Demands/Expectations of Internal Audit’s Stakeholders Have Changed
The Audit Committee and Board: Execution of a comprehensive “risk based audit plan” Expertise and assurance on risks and controls Assistance in executing governance responsibilities Resident “eyes and ears” within the enterprise A “trusted advisor” Management: Expertise and assurance on internal controls Insight, advice, and assurance on enterprise risks Timely and relevant information to facilitate risk management and business decisions Additional financial related coverage External Auditors: Insight into the adequacy of financial controls Execution of a “risk-based audit plan” addressing financial risks – including relevant IT controls External Auditors: Insight into the adequacy of financial controls Execution of a “risk-based audit plan” addressing financial risks – including relevant IT controls

5 Attributes of High Performing Internal Audit Functions: “The Top 10”
Prominent Stature of Internal Audit Within the Organization A Formal Strategic Plan for Internal Audit Continuous Communications with Key Stakeholders An HR Strategy Focused on Stakeholder and Enterprise Needs A Risk Assessment Process that Produces Current Risk Profiles Integrated IT Audit Coverage as a Component of an Overall IT Audit Strategy Integration of Technology Solutions Into Multiple Aspects of Internal Audit Operations A Knowledge Management Strategy A Comprehensive Quality Assurance and Improvement Program Performance Measures Linked to Strategic Goals

6 Governance Internal auditing provides assurance to management and the audit committee that risks are understood and managed properly.

7 Internal Auditing’s Role in ERM
© The Institute of Internal Auditors at

8 Risk Management Internal auditors identify all auditable activities and relevant risk factors, and assess their significance. Investigating Evaluating Identifying potential trouble spots Communicating Anticipating emerging issues Identifying opportunities

9 Internal Auditors’ Roles
Risk management, control, & governance processes Financial analysts Risk evaluators Improving operations Supplying analyses, suggestions, & recommendations Adding Value

10 A Risk Assessment Process that Produces Current Risk Profiles
Beyond an annual risk assessment process – risk assessment should have a continuous component Continuous risk assessment process is formalized within internal audit and aligned with business units Risk assessments are transparent and interactive – involving senior management, external auditors, and the audit committee Emerging risks are identified and addressed through flexible internal audit coverage

11 Essential Services Internal auditing reviews the reliability and integrity of information, compliance with policies and regulations, the safeguarding of assets, the economical and efficient use of resources, and established operational goals and objectives. Internal audits encompass financial activities and operations including systems, production, engineering, marketing, and human resources. Can you afford to be without it?

12 IPPF – Standards Mandatory Guidance
2120-Risk Management The internal audit activity must evaluate the effectiveness and contribute to the improvement of risk management processes. Interpretation: Determining whether risk management processes are effective is a judgment resulting from the internal auditor's assessment that: Organizational objectives support and align with the organization's mission; Significant risks are identified and assessed; Appropriate risk responses are selected that align risks with the organization's risk appetite; and Relevant risk information is captured and communicated in a timely manner across the organization, enabling staff, management, and the board to carry out their responsibilities.   The internal audit activity may gather the information to support this assessment during multiple engagements. The results of these engagements, when viewed together, provide an understanding of the organization’s risk management processes and their effectiveness. Risk management processes are monitored through ongoing management activities, separate evaluations, or both.

13 Outsourced Internal Audit
Perform Risk Assessment Interview key management Identify & evaluate risks Develop internal Audit plan Review results with management Present to the Audit Committee Internal Audits Plan individual internal audits Execute each internal audit No surprises approach Findings, rationale and recommendations Final reporting Audit Committee Continuous feedback Reports for all audits Follow up and feedback

14 VACO Can Help You For additional information, please contact
Heriot Prentice Director, Governance Risk and Compliance Vaco Orlando, LLC 485 N. Keller Road, Suite 451 Maitland, FL 32751 (407) Office

Download ppt "It’s Time to Talk About Risk and Control"

Similar presentations

Organizational Governance

Organizational Governance
VALUE OF INTERNAL AUDITING: ASSURANCE, INSIGHT, OBJECTIVITY A PRESENTATION TO STAKEHOLDERS ABOUT THE VALUE OF INTERNAL AUDITING.

VALUE OF INTERNAL AUDITING: ASSURANCE, INSIGHT, OBJECTIVITY A PRESENTATION TO STAKEHOLDERS ABOUT THE VALUE OF INTERNAL AUDITING.
Internal Control–Integrated Framework

Internal Control–Integrated Framework
Alignment of COBIT to Botswana IT Audit Methodology

Alignment of COBIT to Botswana IT Audit Methodology
IMFO Audit & Risk Indaba June 2012

IMFO Audit & Risk Indaba June 2012
Www.theiia.org Continuous Auditing Global Technology Auditing Guide 3 Twelfth Continuous Auditing and Reporting Symposium Rutgers Business School November.

Continuous Auditing Global Technology Auditing Guide 3 Twelfth Continuous Auditing and Reporting Symposium Rutgers Business School November.
Agency Risk Management and Internal Control Standards Presentation to the Board of Visitors November 14, 2014.

Agency Risk Management and Internal Control Standards Presentation to the Board of Visitors November 14, 2014.
Internal Audit Awareness

Internal Audit Awareness
Introduction to Enterprise Risk Management (ERM)

Introduction to Enterprise Risk Management (ERM)
Sodexo.com Group Internal Audit. page 2 helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and.

Sodexo.com Group Internal Audit. page 2 helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and.
Welcome! Internal Auditing CHAPTER 1. Definition Internal auditing is an independent, objective, assurance and consulting activity designed to add value.

Welcome! Internal Auditing CHAPTER 1. Definition Internal auditing is an independent, objective, assurance and consulting activity designed to add value.
Tax Risk Management Keeping Up with the Ever-Changing World of Corporate Tax March 27, 2007 Tax Services Bryan Slone March 27, 2007.

Tax Risk Management Keeping Up with the Ever-Changing World of Corporate Tax March 27, 2007 Tax Services Bryan Slone March 27, 2007.
2011 Governance, Risk, and Compliance Conference August 29 – 31, 2011 / Orlando, FL, USA The Top Four Essential Objectives to Auditing ERM Stephen E. McBride,

2011 Governance, Risk, and Compliance Conference August 29 – 31, 2011 / Orlando, FL, USA The Top Four Essential Objectives to Auditing ERM Stephen E. McBride,
Eliot M. Stenzel, CPA,CIA IIA Instructor for many years. 220-3198 Risk Based Auditing.

Eliot M. Stenzel, CPA,CIA IIA Instructor for many years Risk Based Auditing.
Governance Risk and Compliance It’s Time to Talk About Control.

Governance Risk and Compliance It’s Time to Talk About Control.
6/2/20151 Enterprise Risk & Assurance Management in Zurich North America Brian Selby MA (Audit), FIIA, QiCA, MBCS, CISA.

6/2/20151 Enterprise Risk & Assurance Management in Zurich North America Brian Selby MA (Audit), FIIA, QiCA, MBCS, CISA.
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
PwC Role of Internal Audit in Corporate Governance September 2010 Tumin Gültekin, Partner.

PwC Role of Internal Audit in Corporate Governance September 2010 Tumin Gültekin, Partner.
Operational Auditing--Fall 2009 1 Operational Auditing Fall 2009 Professor Bill O’Brien.

Operational Auditing--Fall Operational Auditing Fall 2009 Professor Bill O’Brien.
Operational Auditing--Spring 2011 1 Operational Auditing Spring 2011 Professor Bill O’Brien.

Operational Auditing--Spring Operational Auditing Spring 2011 Professor Bill O’Brien.

Similar presentations

Ads by Google