THE ROLE OF INTERNAL AUDIT
This presentation is the property of its rightful owner.
Sponsored Links
1 / 43

THE ROLE OF INTERNAL AUDIT IN RISK MANAGEMENT PowerPoint PPT Presentation


  • 402 Views
  • Uploaded on
  • Presentation posted in: General

THE ROLE OF INTERNAL AUDIT IN RISK MANAGEMENT. Prepared by: Azman Kassim, CMIIA. LEARNING OBJECTIVES. WHAT IS CORPORATE GOVERNANCE? IMPORTANCE OF RISK MANAGEMENT RISK MANAGEMENT PROCESS RISK BASED APPROACH AUDITING VALUE ADDED ROLE OF INTERNAL AUDIT ROLE OF MANAGEMENT & BOARD.

Download Presentation

THE ROLE OF INTERNAL AUDIT IN RISK MANAGEMENT

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


The role of internal audit in risk management

THE ROLE OF INTERNAL AUDIT IN RISK MANAGEMENT

Prepared by:

Azman Kassim, CMIIA


The role of internal audit in risk management

LEARNING OBJECTIVES

  • WHAT IS CORPORATE GOVERNANCE?

  • IMPORTANCE OF RISK MANAGEMENT

  • RISK MANAGEMENT PROCESS

  • RISK BASED APPROACH AUDITING

  • VALUE ADDED ROLE OF INTERNAL AUDIT

  • ROLE OF MANAGEMENT & BOARD


The role of internal audit in risk management

INTRODUCTION

  • WORLDWIDE DEVELOPMENT

  • Corporate Failures

  • Eg ENRON, WORLD.COM

  • Release of draft Enterprise Risk Management-

  • Integrated Framework in 2003


The role of internal audit in risk management

INTRODUCTION

  • LOCAL DEVELOPMENT

  • Formation of The Institute of Internal Auditors Malaysia (IIAM-1997)

  • Securities Commission (1993)

  • Malaysian Institute of Corporate Governance (1999)

  • Bursa Malaysia’s SIC Guide (2001)


The role of internal audit in risk management

WHAT IS CORPORATE GOVERNANCE?

It can be defined as :

“….process and structure used to direct and manage the business and affairs of the company towards enhancing business prosperity and corporate accountability with the ultimate objective of realising long-term shareholders’ value, whilst taking into account the interest of other stakeholders’.

Extracted from Report on Corporate Governance


The role of internal audit in risk management

CHARACTERISTICS OF GOOD CORPORATE GOVERNANCE

  • Can be accomplished through 3 important elements :

  • an effective Board of Directors

  • management structure and policies and procedures; and

  • independent supervision of audit committees


The role of internal audit in risk management

COSO


The role of internal audit in risk management

Today’s organizations are concerned about:

Risk Management

Governance

Control

Assurance (and Consulting)


The role of internal audit in risk management

WHY A SHIFT OF FOCUS

TOWARDS RISK MANAGEMENT?

  • Rapid acceleration in competition as markets

  • are globalize

  • Continuous quantum leap in technology

  • Increasing volume and complexity of

  • legislation

  • Business that do not deal with risk will not

  • survive

  • Without effective risk management framework

  • all efforts are directed towards firefighting

  • rather than add value


The role of internal audit in risk management

WHY THE NEED FOR RISK MANAGEMENT??

“Every entity faces a variety of risks from external and internal sources that must be assessed. A precondition to risk assessment is the establishment of objectives, linked at different levels and internally consistent.

Risk assessment is the identification and analysis of relevant risks to the achievement of objectives, forming a basis for determining how the risks should be managed.

Because economic, industry, regulatory and operating conditions will continue to change, mechanisms are needed to identify and deal with the special risks associated with change.”

Treadway Commission (US)


Survey on stage of erm development

SURVEY ON STAGE OF ERM DEVELOPMENT

  • 48 % Partial and Complete ERM Framework

  • The rest not in place and no plans to implement ERM

    study conducted in 2004 by IIA Research Foundation based in USA


The role of internal audit in risk management

LINKING RISKS AND CONTROLS IN A BUSINESS PROCESS

Risks

Raw

Materials/

Services

Finished

Products

Suppliers

Customers

Controls

Process


The role of internal audit in risk management

Institute of Internal Auditors

“Internal auditing is an independent, objective assurance and consulting

activity designed to add value and improve an organization’s operation.

It helps organization accomplish its objectives by bringing a systematic,

disciplined approach to evaluate and improve the effectiveness of risk

management, control, and governance process.”


The role of internal audit in risk management

INTERNAL AUDITING PROFESSION

  • AUDIT CHARTER

  • INTERNAL AUDIT GUIDELINES

  • SPPIA

  • CODE OF ETHIC

  • REGULATED : LAWS & REGULATION


The role of internal audit in risk management

INTERNAL AUDIT PROCESS MAP

Organization

Mission,

Objectives

& Plan

Organization

Structure

Organization

Risks

Strategic Audit

Planning

Audit

Tasks

Audit

Strategy

  • Control Self Assessment

  • Review of Control Systems

  • Internal Control Advice

  • Information Systems Risk Analysis

  • Systems Under Development

  • Review of the Risk Management Systems

Annual Audit

Planning

Audit

Schedule


The role of internal audit in risk management

Internal Audit Process

  • Risk Management is:

  • central aspect of the work of an internal auditor

  • essential tool in the development of an internal audit

  • strategy and annual internal audit plan

  • provision of control advice


The role of internal audit in risk management

Standards

  • 2010.A1 – The internal audit activity’s plan of engagements should be based on a risk assessment, undertaken at least annually.

  • 2120.A1 – Based on the results of the risk assessment, the internal audit activity should evaluate the adequacy and effectiveness of controls encompassing the organization’s governance, operations, and information systems.

  • 2210.A1 – When planning the engagement, the internal auditor should identify and assess risks relevant to the activity under review. The engagement objectives should reflect the results of the risk assessment.


The role of internal audit in risk management

RISK MANAGEMENT

  • PURPOSE

  • BOARD’S ROLE

  • SENIOR MANAGEMENT ROLE

  • INTERNAL AUDITOR’S ROLE


The role of internal audit in risk management

Risk assessment is an important part of the internal auditing process


The role of internal audit in risk management

WHAT IS RISK MANAGEMENT?

Identifying risk

Risk Management is an ongoing process of

Measure its potential impact

Monitors the action

Do what’s necessary to manage it


The role of internal audit in risk management

RISK MANAGEMENT

DEFINITION

“It is a term applied to a logical and systematic method of identifying, analyzing, assessing, treating, monitoring and communicating risks associated with any activity, function or process in a way that will enable organizations to minimize losses and maximize opportunities. Risk management is as much about identifying opportunities as avoiding or mitigating losses.”

Source: AS/NZS 4360:1995


The role of internal audit in risk management

RISK COMPONENTS

Political Economic Cycle

Environmental, Health & Safety

Business Interruptions

Business Risk Exposures

Personnel

Financial

Information Technology

Contractual/Legal

Harmful Actions


The role of internal audit in risk management

RISK :

Any issue which could impact your ability to meet your objectives

Source : PricewaterhouseCoopers 1999


The role of internal audit in risk management

DIFFERENT VIEWS OF RISK

Hazard

Risk of bad things happening

Uncertainty

Not meeting expectations

Opportunity

Exploiting the upside


The role of internal audit in risk management

RISK ASSESSMENT THOUGHT PROCESS

Define Objec-tives

Identify Risks

Assess Risks

Decide How to Manage Risks

Design or Evaluate Controls

What do we want to accomplish?

What can go wrong? (describe both cause and effect)

  • Likelihood

  • Significance

  • Avoid

  • Transfer

  • Accept

  • Reduce

To cost- effectively reach optimum level of risk


Risk analysis

Risk Analysis

Risk

Assessment

Risk

Management

Risk

Monitoring

Identification

Control It

Process

Level

Measurement

Share or

Transfer It

Activity

Level

Prioritization

Diversify or

Avoid It

Entity Level

Source: Business Risk Assessment. 1998 – The Institute of Internal Auditors


The role of internal audit in risk management

RISK MATRIX

  • LIKELIHOOD & IMPACT

  • 4 QUADRANTS

  • ACCEPT,REDUCE, TRANSFER, REJECT


Impact vs probability

Impact vs. Probability

High

Medium Risk

High Risk

S

I

G

N

I

F

I

C

A

N

C

E

I

M

P

A

C

T

Share

Mitigate & Control

O

R

Low Risk

Medium Risk

Accept

Control

PROBABILITY

Low

High

OR

LIKELIHOOD


Example call center risk assessment

Example: Call Center Risk Assessment

High

Medium Risk

High Risk

  • Loss of phones

  • Loss of computers

  • Credit risk

  • Customer has a long wait

  • Customer can’t get through

  • Customer can’t get answers

I

M

P

A

C

T

Low Risk

Medium Risk

  • Entry errors

  • Equipment obsolescence

  • Repeat calls for same problem

  • Fraud

  • Lost transactions

  • Employee morale

Low

PROBABILITY

High


Example accounts payable process

Example: Accounts Payable Process

ControlRiskControlObjectiveActivity

CompletenessMaterialAccrual of transactionopen liabilities not recorded Invoices accrued after closing


The role of internal audit in risk management

ROLE OF THE BOARD

Responsible for :

setting up appropriate internal control policies

seeking regular assurance to satisfy itself that the systems is functioning adequately and its integrity is maintained

ensuring that the system is adequate in managing risk in an approved manner

-

-

-


The role of internal audit in risk management

ROLE OF MANAGEMENT

Implement the board policies on risk and control

Identify and evaluate risks faced by the company for consideration by the board

design, operate and monitor a suitable system of internal control which implements the policies adopted by the board

ensure that all employees have some responsibility for internal control

-

-

-

-


The role of internal audit in risk management

ROLE OF MANAGEMENT

-

-

Remind all that risk exists in all aspects of the business

inject a risk culture where Board and CEO supports, perceived as clearly supporting, the necessary focus on risk management


The role of internal audit in risk management

INTERNAL AUDIT’S ROLE

  • May be initial champion (but it must not be an “audit thing”)

  • Advise top management in setting up the process

  • Advise line managers in performing the self assessments

  • Evaluate self assessment process and compare to audit results


Internal auditors can add value by

INTERNAL AUDITORS CAN ADD VALUE BY:

  • Reviewing critical control systems and risk management processes.

  • Performing an effectiveness review of management's risk assessments and the internal controls.

  • Providing advice in the design and improvement of control systems and risk mitigation strategies.


Internal auditors can add value by1

INTERNAL AUDITORS CAN ADD VALUE BY:

  • Implementing a risk-based approach to planning and executing the internal audit process.

  • Ensuring that internal auditing’s resources are directed at those areas most important to the organization.

  • Challenging the basis of management’s risk assessments and evaluating the adequacy and effectiveness of risk treatment strategies.


Internal auditors can add value by2

INTERNAL AUDITORS CAN ADD VALUE BY:

  • Facilitating ERM workshops.

  • Defining risk tolerances where none have been identified, based on internal auditing's experience, judgment, and consultation with management.


The role of internal audit in risk management

COMMON BARRIERS TO TODAY’S INTERNAL AUDIT CHALLENGES

People - Subject Matter Expertise, Competencies

Methodology - Risk-Based Audit Approach

Technology - Auditing Tools/Software

Knowledge - Knowledge Sharing

Extract from IBBM May-June 2005


The role of internal audit in risk management

ROLES INTERNAL AUDITING SHOULD NOT UNDERTAKE

  • Setting Risk Appetite

  • Imposing Risk Management Process

  • Management Assurance on Risks

  • Taking Decisions on Risk Responses

  • Implementing Risk Responses on Management’s Behalf

  • Accountability For Risk Management

The Institute of Internal Auditors, September 29, 2004


The role of internal audit in risk management

E N V I R O N M E N T R I S K

Competitor Sovereign/Political Social/Cultural Technological Innovation

Shareholder Relations Financial Markets Labor Availability Sensitivity

Capital Availability Legal Catastrophic Events Regulatory Globalization

P R O C E S S R I S K

EMPOWERMENT RISK

Accountability

Leadership

Authority/Limit

Outsourcing

Performance Incentives

Change Readiness

Communications

OPERATIONS RISK

Customer Satisfaction

Efficiency/Productivity

Capacity

Inventory

Cycle Time

Obsolescence

Compliance

Labor/Employee

Product Acceptance

Product/Service Quality

Environmental

Health and Safety

Resource Availability

Resource Price Volatility

Trademark/Brand Name Erosion

FINANCIAL RISK

Interest Rate

Currency

Equity

Cash Flow

Opportunity Cost

Concentration

Default

Market

Settlement

Price

Liquidity

INFORMATION PROCESSING/

TECHNOLOGY RISK

Relevance

Integrity

Access

Availability

Infrastructure

Credit

INTEGRITY RISK

Management Fraud

Employee Fraud

Illegal Acts

Unauthorized Use

Reputation

I N F O R M A T I O N F O R D E C I S I O N M A K I N G R I S K

OPERATIONAL

Product Pricing

Product Costing

Contract Commitment

Performance Measurement

Process Alignment

Regulatory Reporting

FINANCIAL

Budget and Planning

Accounting Information

Financial Reporting Evaluation

Taxation

Compensation and Benefits

Investment Evaluation

Regulatory Reporting

STRATEGIC

Environmental Monitoring

Business Portfolio

Valuation

Performance Measurement

Organization Design

Resource Allocation

Planning

Product Life Cycle

BUSINESS RISK MODEL A COMMON LANGUAGE


Conclusion

CONCLUSION

  • Internal auditors need to rise up to the changes within themselves and the organization they serve and be change agents as well

  • Managing risk is crucial to any organization if they are to be competitive and successful in today’s global economy


The role of internal audit in risk management

THANK YOU


  • Login