THE ROLE OF INTERNAL AUDIT IN RISK MANAGEMENT. Prepared by: Azman Kassim, CMIIA. LEARNING OBJECTIVES. WHAT IS CORPORATE GOVERNANCE? IMPORTANCE OF RISK MANAGEMENT RISK MANAGEMENT PROCESS RISK BASED APPROACH AUDITING VALUE ADDED ROLE OF INTERNAL AUDIT ROLE OF MANAGEMENT & BOARD.
Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.
THE ROLE OF INTERNAL AUDIT IN RISK MANAGEMENT
Azman Kassim, CMIIA
WHAT IS CORPORATE GOVERNANCE?
It can be defined as :
“….process and structure used to direct and manage the business and affairs of the company towards enhancing business prosperity and corporate accountability with the ultimate objective of realising long-term shareholders’ value, whilst taking into account the interest of other stakeholders’.
Extracted from Report on Corporate Governance
CHARACTERISTICS OF GOOD CORPORATE GOVERNANCE
Today’s organizations are concerned about:
Assurance (and Consulting)
WHY A SHIFT OF FOCUS
TOWARDS RISK MANAGEMENT?
WHY THE NEED FOR RISK MANAGEMENT??
“Every entity faces a variety of risks from external and internal sources that must be assessed. A precondition to risk assessment is the establishment of objectives, linked at different levels and internally consistent.
Risk assessment is the identification and analysis of relevant risks to the achievement of objectives, forming a basis for determining how the risks should be managed.
Because economic, industry, regulatory and operating conditions will continue to change, mechanisms are needed to identify and deal with the special risks associated with change.”
Treadway Commission (US)
study conducted in 2004 by IIA Research Foundation based in USA
LINKING RISKS AND CONTROLS IN A BUSINESS PROCESS
Institute of Internal Auditors
“Internal auditing is an independent, objective assurance and consulting
activity designed to add value and improve an organization’s operation.
It helps organization accomplish its objectives by bringing a systematic,
disciplined approach to evaluate and improve the effectiveness of risk
management, control, and governance process.”
INTERNAL AUDITING PROFESSION
INTERNAL AUDIT PROCESS MAP
Internal Audit Process
Risk assessment is an important part of the internal auditing process
WHAT IS RISK MANAGEMENT?
Risk Management is an ongoing process of
Measure its potential impact
Monitors the action
Do what’s necessary to manage it
“It is a term applied to a logical and systematic method of identifying, analyzing, assessing, treating, monitoring and communicating risks associated with any activity, function or process in a way that will enable organizations to minimize losses and maximize opportunities. Risk management is as much about identifying opportunities as avoiding or mitigating losses.”
Source: AS/NZS 4360:1995
Political Economic Cycle
Environmental, Health & Safety
Business Risk Exposures
Any issue which could impact your ability to meet your objectives
Source : PricewaterhouseCoopers 1999
DIFFERENT VIEWS OF RISK
Risk of bad things happening
Not meeting expectations
Exploiting the upside
RISK ASSESSMENT THOUGHT PROCESS
Decide How to Manage Risks
Design or Evaluate Controls
What do we want to accomplish?
What can go wrong? (describe both cause and effect)
To cost- effectively reach optimum level of risk
Source: Business Risk Assessment. 1998 – The Institute of Internal Auditors
Mitigate & Control
CompletenessMaterialAccrual of transactionopen liabilities not recorded Invoices accrued after closing
ROLE OF THE BOARD
Responsible for :
setting up appropriate internal control policies
seeking regular assurance to satisfy itself that the systems is functioning adequately and its integrity is maintained
ensuring that the system is adequate in managing risk in an approved manner
ROLE OF MANAGEMENT
Implement the board policies on risk and control
Identify and evaluate risks faced by the company for consideration by the board
design, operate and monitor a suitable system of internal control which implements the policies adopted by the board
ensure that all employees have some responsibility for internal control
ROLE OF MANAGEMENT
Remind all that risk exists in all aspects of the business
inject a risk culture where Board and CEO supports, perceived as clearly supporting, the necessary focus on risk management
INTERNAL AUDIT’S ROLE
COMMON BARRIERS TO TODAY’S INTERNAL AUDIT CHALLENGES
People - Subject Matter Expertise, Competencies
Methodology - Risk-Based Audit Approach
Technology - Auditing Tools/Software
Knowledge - Knowledge Sharing
Extract from IBBM May-June 2005
ROLES INTERNAL AUDITING SHOULD NOT UNDERTAKE
The Institute of Internal Auditors, September 29, 2004
E N V I R O N M E N T R I S K
Competitor Sovereign/Political Social/Cultural Technological Innovation
Shareholder Relations Financial Markets Labor Availability Sensitivity
Capital Availability Legal Catastrophic Events Regulatory Globalization
P R O C E S S R I S K
Health and Safety
Resource Price Volatility
Trademark/Brand Name Erosion
I N F O R M A T I O N F O R D E C I S I O N M A K I N G R I S K
Budget and Planning
Financial Reporting Evaluation
Compensation and Benefits
Product Life Cycle
BUSINESS RISK MODEL A COMMON LANGUAGE