Presentation is loading. Please wait.

Presentation is loading. Please wait.

Applying a risk model in state internal and external audits.

Published byRosaline Jordan Modified over 8 years ago

Similar presentations

Presentation on theme: "Applying a risk model in state internal and external audits."— Presentation transcript:

1 Applying a risk model in state internal and external audits

2 Audit and Risk Haven’t we, as auditors always considered risk within our audit plans?

3 Roles and Responsibilities

4 Governing Body Audit/Risk Committee Incorporating risk into the planning process for overall coverage. Considered opinions on specific elements of the organisation. Overall opinion of control environment. Assessment of completeness and effectiveness of the risk management process. Assessment of the effectiveness of specific elements of the control environment. Promotes good practice drives and monitors risk framework and action plans maintains risk map and risk profile Reviews risk profile. Analyses emerging risks. Tracks existing risks. Co-ordinates RMSA Co-ordinates risk reporting Risk Workshops Managing specific risks Apply risk management cycle Implement action plans Develop capabilities, processes, Controls Monitor performance Manage issues/breaches Efficiency reviews Improvement programmes Process optimisation Cost reduction Risk ProfessionalInternal Audit Business/Risk owners Organisational Improvement Outputs Socialising risk Identification of key risks Decide on how to manage risk Measuring residual risk Data for risk reporting Outputs Reviews of: Risk management methodology Corporate Governance statements Statements on internal controls Management responses to key risks

5 Roles and Responsibilities Promotes good practice Drives and monitors risk framework and action plans Maintains risk register Analyses emerging risks. Supports risk owners. Co-ordinates Risk Reporting. The Risk Professional.

6 Roles and Responsibilities Managing specific risks Apply risk management cycle Implement action plans Develop capabilities, processes, Controls Monitor performance Manage issues/breaches Tracks existing risks. Business risk owners

7 Roles and Responsibilities Efficiency reviews Improvements programmes Process optimisation Cost reduction Organisational Improvement

8 Incorporating risk into the planning process for overall audit coverage. Considered opinions on specific elements of the business. Overall opinion of control environment. Assessment of completeness and effectiveness of the risk management process. Assessment of the effectiveness of specific elements of the control environment. Roles and Responsibilities Internal Audit

9 Risk Management Reporting Governing Body Risk Register SELFCERTIFICATIONSELFCERTIFICATION A U D I T O P I N I O N S Scrutiny/Audit Cttee CHIEF EXECUTIVE DIRECTORS MANAGERS Organisation Chief Internal Auditor FUNCTIONS & OPERATIONS INDIVIDUAL AUDITS AUDIT OPINIONS

10 Risk Management Is Therefore More Than Just a Cyclical Audit or Insurance Review and Report. The Risk Management Process

11 Roles and Responsibilities Risk management cannot be introduced in isolation. It has to be in partnership with all those other interested parties.

12 The Contribution of Internal Audit Role is changing Challenges of good Governance FD/CEO Expectations changing The need to evidence measurable added value IIA re-defining the role

13 IIA Definition Internal auditing is an independent and objective assurance and consulting activity that is guided by a philosophy of adding value to improve the operations of the organisation. It assists an organisation in accomplishing its objectives by bringing a systematic and disciplined approach to evaluate and improve the effectiveness of the organisations risk management,control, and governance processes.

14 Definition of Audit Auditing is a process by which an organisation gains assurance that the risk exposures it faces are understood and managed appropriately in dynamically changing contexts

15 Risk Matrix Important risks – might potentially affect provision of key services or duties Key risk- may potentially affect provision of key services or duties Immediate action needed - serious threat to provision and/or achievement of key services or duties Monitor as necessary - less important but still could have a serious effect on the provision of key services or duties Monitor as necessary - less important but still could have a serious effect on the provision of key services or duties Key risks - may potentially affect provision of key services or duties No action necessary Monitor as necessary - ensure being properly managed Monitor as necessary - less important but still could have a serious effect on the provision of key services or duties Over £5 million OR Questions raised in Parliament £2million-£5 million OR Reported in National Press £500,000 - £2 Million OR Reported in Local Paper £ 100,000 - £500,000 OR Unacceptable levels of Complaints Under £100,000 OR Some complaints from individuals. Rare- once in 20 years Unlikely - Once in 10- 20 years Possible- Once in 10 years Likely- Once in 3years Certain- Once a year

16 Translating Key Risks Into the Assurance Programme Key risks as identified in the matrix should be the basis of the Audit programme Should form 60% approx of full programme Some risks not easily auditable Consider specialists, CSA etc

17 What Should The Audit Role Be In Establishing a Risk Management Process?

18 Audit Participation in Risk Programmes OPTIONS Manage the whole programme Facilitate the workshops Jointly facilitate the workshops Coordinate responses etc Attend the workshops as a participant Monitor and report on the action plans Review perceived versus actual controls

19 Audit Reporting Linking to key risks gives visibility Perceived versus actual controls Monitoring of action plans Board, audit Cttee.Risk Cttee. Snr mgt. Focus on achievements –Monetary –Risk reduction (matrix movements –IT security, fraud,reduction in surprises

20 Audit Reporting Refer to organisational objectives Specify the risk to their achievement Explain findings specifically related to those risks Specify actions to address the exposures or opportunities ( and what they will achieve )

21 Effectiveness of the Control Environment Risk Minus the cost of: TransferControlRecover Equals Exposure ++

22 Cascading the Techniques Into Project and Change Management.

23 Projects & Improvement Programs Within the programs planned do you have objectives that you want to achieve? Amongst the action plans and recommendations that you have to introduce are there some that could stop or delay the overall program? Can the likelihood and impact of failing to achieve these recommendations and action plans be assessed?

24 Projects & Improvement Programs A program/project is therefore ideal for using risk management techniques to prioritise where you need to focus. You know your objectives. You have already identified the issues (risks) that you have to manage to successfully achieve: –Action Plans –Recommendations.

25 Projects & Improvement Programs If we assess the likelihood of not successfully implementing each of the the action plans and recommendations and If we assess the impact to the overall program of not successfully implementing them.

26 Projects & Improvement Programs This gives us a simple method of categorizing and prioritising the steps that have to be taken.

27 Projects & Improvement Programs EXAMPLE

28 Projects & Improvement Programs Objective. To improve the the procurement systems of State Government.

29 Projects & Improvement Programs Issue: Make the External Auditors Office responsible for carrying out ex-post control of procurement, with the appropriate means to hire experts for independent audits.

30 Risk Matrix 689 357 124 HIGH Impact Of Risk LOW Unlikely Likelihood of Occurrence Likely

31 Risk Matrix HIGH Impact Of Risk LOW Unlikely Likelihood of Occurrence Likely

32 Projects & Improvement Programs Issue: Enact a new public procurement laws based on Model Law being prepared used else where

33 Risk Matrix HIGH Impact Of Risk LOW Unlikely Likelihood of Occurrence Likely

34 Projects & Improvement Programs Issue: Issue Circular to improve procurement process with mandatory requirements for  advertisement of all bidding opportunities in the Gazettes, local dailies and notice boards of procuring entities;  public bid opening;  publication of contract awards above a certain threshold.

35 Risk Matrix HIGH Impact Of Risk LOW Unlikely Likelihood of Occurrence Likely

36 Risk Management Risk management is a journey. You can expend great effort and travel miles If, however you haven’t plotted your course in line with the organisations strategy you will do nothing but waste valuable time and resources.

Download ppt "Applying a risk model in state internal and external audits."

Similar presentations

Organizational Governance

Organizational Governance
. . . a step-by-step guide to world-class internal auditing

. . . a step-by-step guide to world-class internal auditing
Risk The chance of something happening that will have an impact on objectives. A risk is often specified in terms of an event or circumstance and the consequences.

Risk The chance of something happening that will have an impact on objectives. A risk is often specified in terms of an event or circumstance and the consequences.
Auditing, Assurance and Governance in Local Government

Auditing, Assurance and Governance in Local Government
Child Safeguarding Standards

Child Safeguarding Standards
IMFO Audit & Risk Indaba June 2012

IMFO Audit & Risk Indaba June 2012
© Sigma (Bookham) Ltd British Computer Society 19 March 2007 'Embedding Benefit Realisation Management – Friends Provident’s experiences Ann Watts – Head.

© Sigma (Bookham) Ltd British Computer Society 19 March 2007 'Embedding Benefit Realisation Management – Friends Provident’s experiences Ann Watts – Head.
Tax Risk Management Keeping Up with the Ever-Changing World of Corporate Tax March 27, 2007 Tax Services Bryan Slone March 27, 2007.

Tax Risk Management Keeping Up with the Ever-Changing World of Corporate Tax March 27, 2007 Tax Services Bryan Slone March 27, 2007.
Institute of Municipal Finance Officers & Related Professions

Institute of Municipal Finance Officers & Related Professions
IS Audit Function Knowledge

IS Audit Function Knowledge
1 Strategies to Maintaining Internal & External Relationships The Institute of Internal Auditors April 13, 2004 Xenia Parker, CIA, CISA, CFSA Principal.

1 Strategies to Maintaining Internal & External Relationships The Institute of Internal Auditors April 13, 2004 Xenia Parker, CIA, CISA, CFSA Principal.
Quality evaluation and improvement for Internal Audit

Quality evaluation and improvement for Internal Audit
Office of Inspector General (OIG) Internal Audit

Office of Inspector General (OIG) Internal Audit
Purpose of the Standards

Purpose of the Standards
PAINTING THE FULL PICTURE

PAINTING THE FULL PICTURE
1 Portfolio Committee on Home Affairs Presentation on Internal Audit 19 April 2013 Building a New Home Affairs.

1 Portfolio Committee on Home Affairs Presentation on Internal Audit 19 April 2013 Building a New Home Affairs.
Control environment and control activities. Day II Session III and IV.

Control environment and control activities. Day II Session III and IV.
Information Technology Audit

Information Technology Audit
Internal Auditing and Outsourcing

Internal Auditing and Outsourcing
Energy Efficiency Opportunities (EEO) Program 2nd International Conference on the Global impact of Energy Management Systems: ‘Creating the right environment.

Energy Efficiency Opportunities (EEO) Program 2nd International Conference on the Global impact of Energy Management Systems: ‘Creating the right environment.

Similar presentations

Ads by Google