1 / 17

Risk Audit Guide: Understanding and Implementing Effective Risk Management

This guide provides comprehensive information on risk assessment and management, helping auditors and IA units plan their audit work more effectively. It covers determining and categorizing the audit universe, identifying events that give rise to risks, scoring events, and building risk-based audit plans. Available in Bucharest, December 2014.

pamelal
Download Presentation

Risk Audit Guide: Understanding and Implementing Effective Risk Management

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Richard Maggs Bucharest December 2014

  2. What I will cover • Why did we write the guide • Whats in the guide • Where to next? The Risk Assessment working group has finished his work

  3. Why did we write the guide • Because confusion about the terms risk, risk assessment and risk management • Because auditors need to understand what risk is and how this impacts both management and audit • To help IA units plan their audit work more effectively • To help Central units (e.g. CHUs) who have to prepare guidance for IA on how to do risk based planning

  4. What’s in the guide • Chapter 2 • Determining and categorising the audit universe • Chapter 3 • Part I • Identifying individual events that may give rise to risks and opportunities across the audit universe • Chapter 3 • Part II • Scoring events in terms of probability and impact • Chapter 4 • Building risk-based audit plans with generic risk factors • Chapter 5 • Writing risk-based strategic and annual plans

  5. Understanding Risk • People have problem identifying risks. But everyone knows what an event is. • Something that may happen in future that has a positive or a negative impact on achieving objectives • Positive impacts are opportunities • Negative impacts are risks • Managers and auditors examine risk for different reasons

  6. Categorising the audit universe • Breaking the Audit Universe into smaller elements helps in planning the audit. • There is usually a need to cut the universe vertically (e.g. by organizational structure) and horizontally (by theme or function)

  7. Best Practice - Audit Universe • Follow the crowd - but limit the factors used

  8. Identifying events • Where possible use risks assessments done by management • If these are not available consider a workshop with management to identify risks • Use documentary sources to identify risks - operation plans other audit reports, etc. • Warning: This is what management should be doing

  9. Example of type of events

  10. Scoring events • Events are scored in terms of likelihood and impact • Use simple scales and processes • All risk-scoring systems by definition produce exact numbers. This can add a false level of accuracy to the assessment process. Remember than the numbers are based on Judgement. • Have clear definitions for what an impact means. • Warning: This is what management should be doing

  11. Using risk factors for planning • Generic risk factors are used to select amongst a large number of potential audits • Think of these as selection factors • Remember that most auditors use the same risk factors • Materiality; complexity, time since last audit; etc

  12. Best Practice - Risk factors • Follow the crowd - but limit the factors used

  13. Example scoring risk factors

  14. Example - weighting risk factors

  15. Developing strategic and annual plans • A comprehensive strategic and annual plan of IA activity is crucial to the success of internal audit • The plans should document – the internal auditor’s judgement of the systems, activities and programmes that should be subject to audit. • The guide provides advice on what should be in the strategic and annual plans • The plan is a shop window - make it attractive to shoppers

  16. Where to next • How can we PEMPAL best promote the risk audit guide? • How can Internal Auditors best use it? • How can the CHU best use it? • What other materials can be used e.g training case study? • Lets use the guide not leave it on the shelf to gather dust

  17. Thankyou • For the opportunity to talk • For listenting • For questions

More Related