Presentation is loading. Please wait.

Presentation is loading. Please wait.

Risk Based Internal Audit in Banks

Published byRoxanne Hamilton Modified over 8 years ago

Similar presentations

Presentation on theme: "Risk Based Internal Audit in Banks"— Presentation transcript:

1 Risk Based Internal Audit in Banks
April 7, 2014

2 Agenda Principles of Risk Based Internal Audit Methodology
Risk Assessment Annual Plan Audit Engagement Reporting Benefits of Risk Based Audit

3 1. Principles of Risk Based Internal Audit
Risk: The probability of occurring an event having effects on achievement to objectives. Risk has 4 components: Event Effect Likelihood Result Risk Management: The process of identification of potential cases, assessment, managing and controlling in order to realize institution’s objectives, for providing acceptable assurance. Risk Assessment Process Identification Classification Prioritization Measuring

4 1. Principles of Risk Based Internal Audit
Risk Assessment Process A “risk assessment” is an effort to identify, measure, and prioritize risks organization faces, so that internal audit activities are focused on the auditable areas with the greatest significance. Through the risk assessment process, it is able to develop a risk-based Internal Audit Plan. Risk Assessment Goals Inform senior management and the Board of Directors on risk assessment process. Get to know your client needs. Develop a project plan, timeline, and agree upon deliverables. Provides a framework for assessing and prioritizing risks.

5 1. Principles of Risk Based Internal Audit
What is risk based internal audit? The Institute of Internal Auditors defines Risk Based Internal Auditing (RBIA) as: a methodology that links internal auditing to an organization’s overall risk management framework that allows internal audit to provide assurance to the board that risk management processes are managing risk effectively, in relation to the risk appetite

6 2. Methodology Assessing Risk Annual Plan Audit Engagement Reporting
19/04/2017 2. Methodology Assessing Risk Annual Plan Audit Engagement Reporting

7 Regulatory Environment
3. Risk Assessment Evaluate the level of risk for each auditable area. Risk factors to consider include: Materiality Complexity of Process Business Environment Exposure to Loss Regulatory Environment

8 3. Risk Assessment Identify potential areas for internal auditing through discussions with key management and review of documentation. Key risks should be taken into account. Interview executive, senior management, middle management, and Board of Directors / Audit Committee. Review financial statements, strategic plans, budgets, policies and procedures, code of conduct, and other entity related information. Review industry information. Facilitate risk assessment sessions with management.

9 3. Risk Assessment Sample Heat Map

10 4. Annual Plan Establishing the Risk Based Internal Audit Plan
19/04/2017 4. Annual Plan Establishing the Risk Based Internal Audit Plan According to IIA standards, a risk based internal audit plan should satisfy the following issues: The internal audit activity’s plan of engagements must be based on a documented risk assessment, undertaken at least annually. The input of senior management and the board must be considered in this process. The chief audit executive must identify and consider the expectations of senior management, the board, and other stakeholders for internal audit opinions and other conclusions. The chief audit executive should consider accepting proposed consulting engagements based on the engagement’s potential to improve management of risks, add value, and improve the organization’s operations. Accepted engagements must be included in the plan.

11 Annual audit plan shall be approved by the Board.
19/04/2017 4. Annual Plan In Turkey, regulations of Banking Regulation and Supervision Agency necessitate the following conditions for an efficient internal audit system: Annual risk assessments that consider all business units and operations of the bank shall be made. An annual audit plan shall be established conveniently to the results of risk assessments. Annual audit plan shall be approved by the Board.

12 SAMPLE AUDIT PLAN PROCESS
4. Annual Plan Annual Audit Plan is determined by evaluation of Risk matrix, Risk Matrices of Subsidiaries (If applicable) Risk level of activities Risk Indicators & Dynamic Risk Assessment Contemporary conditions and expectations Feedbacks of Board of Directors, Audit Committee & Senior Management, etc. SAMPLE AUDIT PLAN PROCESS Audit Committee (Approval) Board of Directors Regulatory Authority (for information purposes only) Internal Audit Department

13 4. Annual Plan – Sample Risk Assessment Process: Bank Example
Identifying the Auditable Entities The Bank’s Risk Matrix Risk Level of Bank’s Activities Corporate Finance Trading and Sales Retail Banking Credit Extension Deposit Collection and Investment Products Retail Banking Operations Retail Brokerage Commercial Banking Commercial Banking Operations Payment and Settlement Agency Services Asset Management Mergers and Acquisitions Insurance Services Information Systems Human Resources Legal Proceedings New Technologies Risk Indicators Assessment Reports Importance Level* Audit Period AUDIT PLAN Identify Key Risks Define Audit Universe Perform Risk Ranking Audit Plan * A risk rating model can be used to define ideal audit periods. A risk rate can be given to each auditable entity from “1-High Risk” to “5-Low Risk”.

14 4. Annual Plan – Sample Risk Based Annual Plan
19/04/2017 4. Annual Plan – Sample Risk Based Annual Plan Audit Cycle / Area Aggregate Risk from Risk Assessment Matrix Audit Frequency (1, 2, or 3 year rotation) Year - 1 Year - 2 Year - 3 LENDING OPERATIONS Commercial Loans M 2 X Consumer Loans Real Estate Loans Credit Administration H 1 Secondary Marketing L 3 TREASURY MANAGEMENT Securities Cash Management Asset/Liquidity Management Wire Transfer Automated Clearing House Borrowings and Repurchase Agreements ACCOUNTING AND FINANCIAL REPORTING General Accounting Financial Reporting DEPOSIT OPERATIONS BRANCH OPERATIONS BANK ADMINISTRATION Human Resources Payroll Purchasing Insurance Coverage High (H); Medium (M); Low (L)

15 5. Audit Engagement Subjects reviewed during the audit engagements vary according to the work performed by those units. According to the model, controls should provide tenable assurance about the following 4 issues. In the audit engagement controls on these issues are tested. Financial records, Operational records, Record keeping and reporting activities. Policies for Segregation of Duties Evaluation of procedures designed against theft, forgery, illegal acts and etc. Reliability & Integrity of Information Safeguarding of Assets Compliance Effectiveness & Efficiency of Operations Policies, Procedures, Laws and regulations, Agreements. Efficiency of workflows, Evaluation of capacity usage, Over/under employment. COSO is a committee composed of 5 professional organizations. This model is preferred and suggested by IIA (Institute of Internal Auditors.).

16 5. Audit Engagement Specific techniques USED to obtain information
Executing the audits Identifying Analyzing Evaluation of Information Confirmation Interviewing Observation & Inspection Statistical Sampling Detailed Testing Analytical Procedures Recomputing

17 19/04/2017 5. Audit Engagement Sample Audit Plan Sample Working Paper Risk based audit plans and working papers are prepared in audit engagement. Contents of these documents that are mentioned below identify the scope of assurance. Purpose, Scope, Analyzing Method, Sampling Method, Results

18 19/04/2017 6. Reporting What is expected by the senior management and the board from internal audit reports? Compliance of the audited unit to the Law and other legal procedures Compliance of the audited unit to the internal policies and procedures Efficiency and effectiveness of processes in the audited unit and possible corrective actions that may be taken by the senior management

19 6. Reporting Internal Audit Reporting Sample 19/04/2017
(High / Medium / Low) Headline Number of Finding H-001 Current State Auditee Controls Any kind of controls that are currently available in the process Finding Explaining the examined process briefly Highlighting the risky points Auditor’s opinions Examined Process Related Process / Sub-Process Process from the audit plan in which the finding is detected Risk and Suggestion Risk Risks regarding the process Suggestion Suggestions to cover risk Result Response of Auditee The answer / opinion of the auditee regarding the finding, risk and suggestion Target Remedition Date Related Parties Assistant Manager Unit Manager

20 6. Reporting Reporting to the Audit Committee
19/04/2017 6. Reporting Reporting to the Audit Committee The internal audit function is ultimately reports and is accountable to the Audit Committee. Prior to meeting the Audit Committee, internal audit reports of the audit period are prepared and delivered to the members of the Audit Committee and other concerned parties. Reporting to Senior Management and the Board In IIA standards, reporting levels are explained as follows: The chief audit executive must report periodically to senior management and the board on the internal audit activity’s purpose, authority, responsibility, and performance relative to its plan. Reporting must also include significant risk exposures and control issues, including fraud risks, governance issues, and other matters needed or requested by senior management and the board.

21 19/04/2017 6. Reporting Monitoring Progress and Communicating the Acceptance of Risks The chief audit executive must establish and maintain a system to monitor the disposition of results communicated to management. When the chief audit executive concludes that management has accepted a level of risk that may be unacceptable to the organization, the chief audit executive must discuss the matter with senior management. If the chief audit executive determines that the matter has not been resolved, the chief audit executive must communicate the matter to the board. The identification of risk accepted by management may be observed through an assurance or consulting engagement, monitoring progress on actions taken by management as a result of prior engagements, or other means. It is not the responsibility of the chief audit executive to resolve the risk.

22 Benefits of Risk Based Audit
Conducting efficient audit activities Identifying the risk appropriately Affirmative cost-benefit impacts Fulfilling the stakeholders’ expectations Focusing on the most significant and risky auditable areas

23 Internal Audit Exam Deadline to Application: April 18th, 2014
19/04/2017 Deadline to Application: April 18th, 2014 Exam Date: April 27th, 2014 Exam Locations: İstanbul Ankara İzmir Expected to Hire: 35 People Expected Date to Begin: July 2014

24 April 7, Istanbul

Download ppt "Risk Based Internal Audit in Banks"

Similar presentations

Risk The chance of something happening that will have an impact on objectives. A risk is often specified in terms of an event or circumstance and the consequences.

Risk The chance of something happening that will have an impact on objectives. A risk is often specified in terms of an event or circumstance and the consequences.
Auditing, Assurance and Governance in Local Government

Auditing, Assurance and Governance in Local Government
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Control and Accounting Information Systems

Control and Accounting Information Systems
Development of internal control: methodology and responsibility

Development of internal control: methodology and responsibility
Sodexo.com Group Internal Audit. page 2 helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and.

Sodexo.com Group Internal Audit. page 2 helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and.
Audit Committee in Albania Legal framework Law 9226 /2006 “On banks in Republic of Albania” Law 9901/2008 “On entrepreneurs and commercial companies” Corporate.

Audit Committee in Albania Legal framework Law 9226 /2006 “On banks in Republic of Albania” Law 9901/2008 “On entrepreneurs and commercial companies” Corporate.
Welcome! Internal Auditing CHAPTER 1. Definition Internal auditing is an independent, objective, assurance and consulting activity designed to add value.

Welcome! Internal Auditing CHAPTER 1. Definition Internal auditing is an independent, objective, assurance and consulting activity designed to add value.
Presented by: Patricia “Patti” Snopkowski Chief Auditor, OUS Internal Audit Division 2011 Annual Risk Assessment.

Presented by: Patricia “Patti” Snopkowski Chief Auditor, OUS Internal Audit Division 2011 Annual Risk Assessment.
S11: Risk Based Audit Approach. Session Objectives  To define audit risks and establish the relationship between materiality and audit risk  To discuss.

S11: Risk Based Audit Approach. Session Objectives  To define audit risks and establish the relationship between materiality and audit risk  To discuss.
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Standar Pekerjaan Lapangan: Pemahaman Memadai atas Pengendalian Intern Pertemuan 5.

Standar Pekerjaan Lapangan: Pemahaman Memadai atas Pengendalian Intern Pertemuan 5.
IS Audit Function Knowledge

IS Audit Function Knowledge
6-1 McGraw-Hill/Irwin ©2002 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 6 Internal Control Evaluation: Assessing Control Risk.

6-1 McGraw-Hill/Irwin ©2002 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 6 Internal Control Evaluation: Assessing Control Risk.
IDENTIFYING RISKS AND CONTROLS IN BUSINESS PROCESS

IDENTIFYING RISKS AND CONTROLS IN BUSINESS PROCESS
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.

Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
By Saurabh Sardesai www.starvaluemodel.com October 2014.

By Saurabh Sardesai October 2014.
Auditing A Risk-Based Approach To Conducting A Quality Audit

Auditing A Risk-Based Approach To Conducting A Quality Audit
18- 1 © 2006 The McGraw-Hill Companies, Inc., All Rights Reserved. Chapter 18 Integrated Audits of Internal Control (For Public Companies Under Sarbanes-Oxley.

18- 1 © 2006 The McGraw-Hill Companies, Inc., All Rights Reserved. Chapter 18 Integrated Audits of Internal Control (For Public Companies Under Sarbanes-Oxley.
Quality evaluation and improvement for Internal Audit

Quality evaluation and improvement for Internal Audit

Similar presentations

Ads by Google