Presentation is loading. Please wait.

Presentation is loading. Please wait.

Continuous Business Risk Assessment. About BYU Private, Church-sponsored Founded 1875 Three campuses –Provo, Utah (30,000) –Rexburg, Idaho (14,000) –Laie,

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "Continuous Business Risk Assessment. About BYU Private, Church-sponsored Founded 1875 Three campuses –Provo, Utah (30,000) –Rexburg, Idaho (14,000) –Laie,"— Presentation transcript:

1 Continuous Business Risk Assessment

2 About BYU Private, Church-sponsored Founded 1875 Three campuses –Provo, Utah (30,000) –Rexburg, Idaho (14,000) –Laie, Hawaii (2,000) Internal Audit: 11 professionals, –10 associate (student) auditors

3 Why? Our current risk assessment model is It no longer enables us to keep up with emerging risks in a dynamic business environment; Assumes management/auditor omnipotence One year cycle time is just tooooo long to formally address risks Relies on single method of harvesting risk information (annual survey) No method for prioritizing work Annual audit plan becomes the “Hotel California” of audit projects Risks working with blinders on.

4 Why? Comply with IIA Performance Standards Ensure alignment with University mission and objectives Add value to our audit customers

5 Are you following, unchanged, the audit plan you developed for 2003? Questions “Most often used measures (of internal audit effectiveness) are absolutely dysfunctional. I think of one: you do your annual audit plan and commit to the audit committee that you’re going to do X number of these audits for the coming year.” --Dr. James Roth

6 Internal Auditing Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.

7 Best Practices Extensive Staff Expertise Challenging Work Environment Organizational Alignment Participative, Qualitative, Real-time Risk Assessment An Array of Audit Services February 2003 Internal Auditor

8 Array of Audit Services Risk-based audits – working with management to identify the business risks they face. Process audits – auditing an entire business process rather than an organizational unit and looking for ways to improve the process instead of simply trying to find control weaknesses. Pre-implementation reviews – participating on new-product or system-development teams and/or reviewing the project at certain defined milestones. Self-Assessment – hosting workshops, administering questionnaires, and conducting structured interviews to address soft controls. Internal-Control Education – formal training programs designed and taught by internal auditors, as well as ad-hoc training, when needed, during assurance or consulting projects.

9 Internal Audit Tools Control Self-Assessment Workshops Client-Relationship Management –Relationship Development –Client Training Control Model Mentoring Computer-Aided Exception Identification (Continuous Auditing) Process Improvement Programs (Quality Improvement, Continuous Improvement) –Team Facilitation –Improvement Models

10 Internal Audit Tools Process Mapping/Control Evaluation (SOx, FCPA) Risk-based Auditing Maturity Model Evaluation/Implementation Management Review Risk Management Council Improvement Models –Accountability –Continuous Improvement

11 Continuous Business Risk Assessment Continuous Risk Assessment is a participative process whereby we evaluate emerging risks on a continuous, qualitative, real-time basis rather than on an annual basis.

12 Participative Involve more than Internal Auditors Seek out managers and employees who know and understand emerging risks.

13 Continuous Periodic vs. Annual As frequently as needed Various sources of information (meeting, conference, workshop, survey, interview)

14 Qualitative Relies on professional judgment Includes political and strategic factors as well as traditional measures Involves more than one opinion

15 Real-Time Results in changes to the audit schedule NOW Decisions made in close proximity to issue and risk identification

16 Event Identification Risk Assessment Process Imp. Action Plan Audit Mgt. Review Risk Response R i s k Risk Assessment Process Risk Evaluation & Response Investigation Mgt. Conf. Control Doc.

17 Seven Performance Standards 2000 - Managing the Internal Audit Activity 2100 - Nature of Work 2200 - Engagement Planning 2300 - Performing the Engagement 2400 - Communicating Results 2500 - Monitoring Progress (Recommendations) 2600 - Management’s Acceptance of Risks

18 Audit Population Strengthening Control Environment Monitoring Compliance Risk-Based Audits & Requested Services

19 CBRA Event/Project Identification Risk Assessment Risk Response Prioritize Projects

20 CBRA Event/Project Identification Risk Assessment Risk Response Prioritize Projects

21 Risk Tracking Log Access Database Three Screens Input Log Evaluation Screen Strategic Considerations

22 Audit Project Portfolio Excel Categorized

23 What We Get Increased capability to systematically respond to business risks Increased ability to identify risks by expanding and improving risk information harvesting methods Improved utilization of Internal Audit resources Compliance with IIA Performance Standards Overall, a more mature risk assessment process

24 Standards Summary Risk-based plan of engagements Develop at least annually Determine priorities consistent with organization’s goals Consider input of senior management and board Identify significant exposures to risk Consider consulting proposals

25 Impacts More time identifying, characterizing and evaluating risks. Need more flexible audit schedule. Trust in consensus/professional opinion.

26 Copy of slide presentation Access database template (Tracking Log) david_galloway@byu.edu

27 Continuous Business Risk Assessment

Download ppt "Continuous Business Risk Assessment. About BYU Private, Church-sponsored Founded 1875 Three campuses –Provo, Utah (30,000) –Rexburg, Idaho (14,000) –Laie,"

Similar presentations

Organizational Governance

Organizational Governance
. . . key messages for CAEs, Senior Management and the Board

. . . key messages for CAEs, Senior Management and the Board
. . . a step-by-step guide to world-class internal auditing

. . . a step-by-step guide to world-class internal auditing
Program Management Office (PMO) Design

Program Management Office (PMO) Design
Internal Audit Who? What? When? How? Why? In brief...

Internal Audit Who? What? When? How? Why? In brief...
PRESENTATION ON MONDAY 7 TH AUGUST, 2006 BY SUDHIR VARMA FCA; CIA(USA) FOR THE INSTITUTE OF INTERNAL AUDITORS – INDIA, DELHI CHAPTER.

PRESENTATION ON MONDAY 7 TH AUGUST, 2006 BY SUDHIR VARMA FCA; CIA(USA) FOR THE INSTITUTE OF INTERNAL AUDITORS – INDIA, DELHI CHAPTER.
A Consultative Approach to Auditing

A Consultative Approach to Auditing
Supervisory Committee Communications with Management and the Board

Supervisory Committee Communications with Management and the Board
Internal Audit Awareness

Internal Audit Awareness
It’s Time to Talk About Risk and Control

It’s Time to Talk About Risk and Control
Introduction to Enterprise Risk Management (ERM)

Introduction to Enterprise Risk Management (ERM)
Meeting with IESBA CPAB Update Glenn Fagan and Kam Grewal April 7, 2014.

Meeting with IESBA CPAB Update Glenn Fagan and Kam Grewal April 7, 2014.
Decision Making Tools for Strategic Planning 2014 Nonprofit Capacity Conference Margo Bailey, PhD April 21, 2014 Clarify your strategic plan hierarchy.

Decision Making Tools for Strategic Planning 2014 Nonprofit Capacity Conference Margo Bailey, PhD April 21, 2014 Clarify your strategic plan hierarchy.
Preparing for an External Quality Assessment of your Quality Assurance and Improvement Program Institute of Internal Auditors El Paso Chapter August 29,

Preparing for an External Quality Assessment of your Quality Assurance and Improvement Program Institute of Internal Auditors El Paso Chapter August 29,
Eliot M. Stenzel, CPA,CIA IIA Instructor for many years. 220-3198 Risk Based Auditing.

Eliot M. Stenzel, CPA,CIA IIA Instructor for many years Risk Based Auditing.
Institute of Municipal Finance Officers & Related Professions

Institute of Municipal Finance Officers & Related Professions
Operational Auditing--Fall 2009 1 Operational Auditing Fall 2009 Professor Bill O’Brien.

Operational Auditing--Fall Operational Auditing Fall 2009 Professor Bill O’Brien.
By Saurabh Sardesai www.starvaluemodel.com October 2014.

By Saurabh Sardesai October 2014.
Quality evaluation and improvement for Internal Audit

Quality evaluation and improvement for Internal Audit
Office of Inspector General (OIG) Internal Audit

Office of Inspector General (OIG) Internal Audit

Similar presentations

Ads by Google