Risk based internal auditing – an introduction Slides of figures and appendices ©David M Griffiths V3.2 ©David M Griffithswww.internalaudit.biz.

Slides:



Advertisements
Similar presentations
1 Welcome Safety Regulatory Function Handbook April 2006.
Advertisements

1 Marsh Risk Profiling User Guide for all Schools and Departments.
FINANCIAL AUDIT METHODOLOGY PETER CARLILL UK NATIONAL AUDIT OFFICE.
Risk based internal auditing – an introduction Slides of figures and appendices ©David M Griffiths
Appendix H: Risk training slides (sample). What is Risk? “ Risk is the effect of uncertainty on objectives ” AS/NZS ISO31000:2009.
1 Auditing in the Public Interest Records Management in the Victorian Public Sector Audit objective Audit had two objectives : The first objective was.
Risk and Resilience Delivered by Alba
Development of internal control: methodology and responsibility
How to Audit an ERP System via the Risk Management Route Presented by: Gabriel Lung ISACA London Chapter Events 2003/2004 ABN-AMRO, 250 Bishopsgate, London.
Institute of Municipal Finance Officers & Related Professions
Business Assurance Service An explanation of risk based auditing and reporting Anthony Garnett, Head of BAS February 2008.
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 5 Slide 1 Project management.
Risk based internal auditing – an introduction Slides of figures and appendices ©David M Griffiths
By Saurabh Sardesai October 2014.
Internal Control in a Financial Statement Audit
Purpose of the Standards
For more information visit us at Small Charities Coalition Risk management Catherine Rustomji Head of Third Sector North – Hempsons.
INTRODUCTION TO PUBLIC FINANCE MANAGEMENT Module 3.2 -Internal Control & Audit.
OH&S Management System
World Vision International Lisa Miller, ACDI/VOCA Dale Kabat
©Ian Sommerville 2000Software Engineering, 7th edition. Chapter 5 Slide 1 Chapter 5 Project Management Modified by Randy K. Smith.
The role of internal audit in enterprise-wide risk management (ERM)
Equity Housing Group Risk Management. 05 August 2002 © MazarsEquity Housing Group: Risk Management 2 Agenda Introduction: what is Risk Management? The.
RISK ASSESSMENT 2010/2011 M.J Ramakgolo. THE PURPOSE The aim of the risk assessment session is to develop the Strategic Risk Profile for the municipality.
©Ian Sommerville 2000Software Engineering, 6th edition. Chapter 4 Slide 1 Concerned with activities involved in ensuring that software is delivered: on.
Managing Risks During Tendering and Contract Procurement Tanya Jackson, Principal Consultant.
INTERNAL CONTROL OVER FINANCIAL REPORTING
Chapter 5 Internal Control over Financial Reporting
Internal Control in a Financial Statement Audit
Internal Control in a Financial Statement Audit
Environmental auditing
DEPARTMENT OF REGIONAL DEVELOPMENT, PRIMARY INDUSTRY, FISHERIES AND RESOURCES Mining Management Act Workshop and Information Session Mining Operations.
Learning Objectives LO5 Illustrate how business risk analysis is used to assess the risk of material misstatement at the financial statement level and.
Evaluation of Internal Control System
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 5 Slide 1 Risk management.
AUDITOR-GENERAL Presentation to the Public Service and Administration Portfolio Committee on the appointment and utilisation of consultants Report of the.
SANEDI. INDEX  KEY ACTIVITIES DURING FINANCIAL YEAR  DISCUSSIONS ON KEY ACTIVITIES  CONCLUSION  APPRECIATION.
RAWG.  Risk assessment guideline for strategic and annual planning ◦ Identifying auditing universe ◦ Identification of risks ◦ Categorization of possible.
Chapter 15: Risk Management
Project Management Processes for a Project
Professional Certificate in Electoral Processes Understanding and Demonstrating Assessment Criteria Facilitator: Tony Cash.
CHAPTER 5 INTERNAL CONTROL OVER FINANCIAL REPORTING.
Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 6-1 Chapter Six Internal Control in a Financial Statement Audit.
Copyright © 2007 Pearson Education Canada 7-1 Chapter 7: Audit Planning and Documentation.
A Guide for Management. Overview Benefits of entity-level controls Nature of entity-level controls Types of entity-level controls, control objectives,
1 The Future Role of the Food and Veterinary Office M.C. Gaynor, Director, FVO EUROPEAN COMMISSION HEALTH & CONSUMER PROTECTION DIRECTORATE-GENERAL Directorate.
TREASURY REGULATIONS’ CHANGES AND POTENTIAL IMPACT
©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley Section 404 Audits of Internal Control and Control Risk Chapter.
Risk Management and the Audit Plan abc CIPFA in the Midlands Audit Training Seminar Wednesday 24th November 2004 Tina Spiers.
Copyright © 2007 Pearson Education Canada 9-1 Chapter 9: Internal Controls and Control Risk.
PIC EU-28 Conference Paris, 26 – 27 November 2015 PIC An EU Approach Assurance Maps An Introductory workshop Nathan Paget United Kingdom.
1 Friday 26 th July 2013 Gibson Hotel Jason Dowling CPA RISK MANAGEMENT & CORPORATE GOVERNANCE.
©©2012 Pearson Education, Auditing 14/e, Arens/Elder/Beasley Considering Internal Control Chapter 10.
12/06/20161 ObjectiveProcess Risk Inherent Risk – risk of not achieving objectives Inherent risk Inherent risk – before the assessment of any controls.
#327 – Legal and Regulatory Risk: Silent and Possibly Deadly Deborah Frazer, CPA CISA CISSP Senior Director, Internal Audit PalmSource, Inc.
McGraw-Hill/Irwin © The McGraw-Hill Companies 2010 Internal Control in a Financial Statement Audit Chapter Six.
Chapter 6 Internal Control in a Financial Statement Audit McGraw-Hill/IrwinCopyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.
OHS Risk Assessment of Work
OH&S Management System
Jean-Pierre Garitte Budapest 29 March 2017
An Overview on Risk Management
Solihull Review of Urgent Care Programme Approach And Governance 2013
11.3 Perform Qualitative Risk Analysis
HUMAN RESOURCE GOVERNANCE, RISK MANAGEMENT AND COMPLIANCE
OH&S Management System
Risk management - HIRAC awareness presentation
Audit Risk Assessment Model
Insert Programme Name Risk Report to insert name Month Year.
Robin Youll Office for National Statistics
Corruption Risk Assessment
Presentation transcript:

Risk based internal auditing – an introduction Slides of figures and appendices ©David M Griffiths V3.2 ©David M Griffithswww.internalaudit.biz

Risk based internal auditing – an introduction slides of figures and appendices The following slides are those used in the book Risk based internal auditing – an introduction available from The slides of figures are: –1 Internal auditing objectives –2 Grid for significance risks –3 Stages of an audit –4 RBIA documentation –5 Processes involved in stage 2 –6 Grid for frequency of audits –7 Factors to reduce inherent risk scores risks –8 Processes involved in stage 3 –9 Grid for significance of residual risks Slides of appendices are –A Internal auditing objectives –B Hierarchy of objectives, risks and controls –C Process map –E Grid for risk workshop –J Stages of an internal audit –Other appendices are on the excel spreadsheet RBIA introduction excel v3 ©David M Griffithswww.internalaudit.biz

Internal auditing objectives (Figure 1 and appendix A) ©David M Griffithswww.internalaudit.biz The main aim of internal auditing is to assist the organization to achieve its objectives The management of an organization have Objectives An internal control is a process which manages a risk A risk is a set of circumstances that hinder the achievement of objectives Internal auditing provides an independent and objective opinion to an organization’s management as to whether its risks are being managed to acceptable levels.

2 Grid for significance of risks ©David M Griffithswww.internalaudit.biz Unacceptable: Immediate action required to manage the risk Issue: Action required to manage the risk Supplementary issue: Action is advisable if resources are available Acceptable: No action required Rare(1) Unlikely (2) Possible (3) Probable (4) Almost certain (5) 2 Acceptable Insignificant (1) Minor (2) Moderate (3) Major (4) Catastrophic (5) Likelihood of risk Consequence of risk 16 Unacceptable 3 Acceptable 2 Acceptable 1 Acceptable 5 Issue 3 Acceptable 5 Supplementary Issue 4 Acceptable 4 Acceptable 4 Acceptable 6 Supplementary Issue 6 Supplementary Issue 9 Issue 12 Issue 8 Supplementary Issue 8 Supplementary Issue 12 Issue 10 Issue 10 Issue 15 Unacceptable 20 Unacceptable 15 Unacceptable 20 Unacceptable 25 Unacceptable Risk appetite, as defined by the board IR RR IR = Inherent Risk RR = Residual Risk Internal control Fig.2 Grid showing the significance of risks

3 Stages of an audit ©David M Griffithswww.internalaudit.biz Assess risk maturity Feedback results into RAU Individual audit Management's Risk Register (if available) Audit plan Audit report Risk Naive Risk Enabled Risk Managed Risk Defined Risk Aware Use organisation's risks Facilitate risk identification Audit Committee report Stage 2 Stage 1 Audit universe Management's Risk Register (amended) Assign risks to audits Risk and audit universe (RAU) Stage 3 Fig 3 Stages of an audit

4 RBIA documentation ©David M Griffithswww.internalaudit.biz Fig. 4 RBIA documentation risks last audits scores controls Audit Committee report universe risks tests scores controls audit reports risk and audit audit databases risks last audits scores controls Audit Committee report risks tests scores controls audit reports objective s

5 Processes involved in stage 2 ©David M Griffithswww.internalaudit.biz Risks which will be tolerated Risks on which assurance is provided by others Risk and Audit Universe Filter risks Audit plan Risks on which assurance is required Risks within the risk appetite Risk Register (audited) Categorise risks Risks not requiring an audit in this period Link risks to audits Select risks to be covered Allocate resources to audits Audit Universe Audit Committee report Fig 5 Processes involved in Stage 2

6 Grid for frequency of audits ©David M Griffithswww.internalaudit.biz Rare(1) Unlikely (2) Possible (3) Probable (4) Almost certain (5) 2 Never Insignificant (1) Minor (2) Moderate (3) Major (4) Catastrophic (5) Likelihood of inherent risk Consequence of inherent risk 16 Every year 3 Never 2 Never 1 Never 5 Every three years 3 Never 5 Every three years 4 Never 4 Never 4 Never 6 Every three years 6 Every three years 9 Every two years 12 Every two years 8 Every three years 8 Every three years 12 Every two years 10 Every two years 10 Every two years 15 Every year 20 Every year 15 Every year 20 Every year 25 Every year Fig. 6 Grid for the frequency of audits

7 Factors to reduce inherent risk scores risks ©David M Griffithswww.internalaudit.biz Green AmberRed 1 year 2 years 3 years Time since last audit Audit result Fig. 7 Factors to reduce inherent risk scores

8 Processes involved in stage 3 ©David M Griffithswww.internalaudit.biz Define draft audit scope Feedback results into risk and audit universe Set up an audit database to record the audit details, or update the Risk and Audit Universe Agreed scope Audit report Test the monitoring and proper operation of controls Audit plan Meetings to determine objectives, risks and agree scope Draw preliminary conclusions and discuss them Obtain relevant documentation on processes Audit database Examine the risk management process for the area audited Decide on audit approach Conclude on risk maturity for the area audited Risk and audit universe Fig 5 Processes involved in stage 3

9 Grid for significance of residual risks ©David M Griffithswww.internalaudit.biz Unacceptable: Immediate action required to control the risk Issue: Action required to control the risk Supplementary issue: Action is advisable if it is cost-effective Acceptable: No action required Rare(1) Unlikely (2) Possible (3) Probable (4) Almost certain (5) 2 Acceptable Insignificant (1) Minor (2) Moderate (3) Major (4) Catastrophic (5) Likelihood of residual risk Consequence of residual risk 16 Unacceptable 3 Acceptable 2 Acceptable 1 Acceptable 5 Supplementary Issue 3 Acceptable 5 Supplementary Issue 4 Acceptable 4 Acceptable 4 Acceptable 6 Supplementary Issue 6 Supplementary Issue 9 Issue 12 Issue 8 Supplementary Issue 8 Supplementary Issue 12 Issue 10 Issue 10 Issue 15 Unacceptable 20 Unacceptable 15 Unacceptable 20 Unacceptable 25 Unacceptable Risk appetite, as defined by the board Fig. 9 Grid for the significance of residual risks

Hierarchy of objectives, risks and controls (Appendix B) ©David M Griffithswww.internalaudit.biz Devise a strategy for the next five years to deliver our objectives Relieve famine in central Africa No clear strategy as to how to achieve our objective Unable to predict where and when famines will occur Unable to obtain food Unable to deliver the food to the starving Inadequate resources to deliver the objectives Set up a system which enables us to predict famine areas Set up agreements with donors to obtain food Establish a supply chain to ensure prompt delivery of food to the highest priority area Establish functions to support the field operations Insufficient drivers Fuel not available for lorries Do not know where food is required most urgently Routes become impassable due to the weather Labor to load lorries not available Lorries break down Don't distribute food efficiently and effectively Work with other agencies and the military to plan routes Fuel is stored in the compound Charity has established a network of reliable local people with access to mobile phones List of drivers available for hire is kept by the compound office The warehouse provides loaders Two mechanics are on the permanent staff Risks level 1 Objective level 1 Risks Level 2 Internal controls Objective level 2 Arrange land transport Objective level 3

Objectives map (appendix C) ©David M Griffithswww.internalaudit.biz Relieve famine in central Africa 1 Devise a strategy for the next five years to deliver our objectives 2 Set up a system which enables us to predict famine areas 3 Set up agreements with donors to obtain food 4 Establish a supply chain to ensure prompt delivery of food to the highest priority area 5 Employ sufficient, suitably qualified staff using sufficient resources 4.2 Arrange land transport 4.1 Arrange sea transport objective 1.2The strategy is converted into targets and action for all staff 1.1 The trustees of the charity define the future aims and plans 1.3 Aims and plans to be regularly updated 5.2 Safeguard money and assets 5.3 Provide purchasing services 5.6 Provide information technology 5.1 Operate organisation according to legal requirements 5.4 Provide transaction processing 5.5 Provide an HR department Level 2 objectives Level 3 objectives

Grid for risk workshop (appendix E) ©David M Griffithswww.internalaudit.biz Rare(1) Unlikely (2) Possible (3) Probable (4) Almost certain (5) 2 Acceptable Insignificant (1) Minor (2) Moderate (3) Major (4) Catastrophic (5) Likelihood of risk Consequence of risk 16 Unacceptable 3 Acceptable 2 Acceptable 1 Acceptable 5 Issue 3 Acceptable 5 Supplementary Issue 4 Acceptable 4 Acceptable 4 Acceptable 6 Supplementary Issue 6 Supplementary Issue 9 Issue 12 Issue 8 Supplementary Issue 8 Supplementary Issue 12 Issue 10 Issue 10 Issue 15 Unacceptable 20 Unacceptable 15 Unacceptable 20 Unacceptable 25 Unacceptable

Stages of an internal audit (appendix J) ©David M Griffithswww.internalaudit.biz Works with the organization to identify risks hindering the processes Tests the controls mitigating the risks The management of an organization have Objectives An internal control is a process which manages a risk A risk is a set of circumstances that hinder the achievement of objectives Significant risks generate the audit plan Internal auditing Internal auditing: provides an independent and objective opinion to an organization’s management as to whether its risks are being managed to acceptable levels. Assures that risks are mitigated to an acceptable level 5 Determines processes and their objectives 1 Reports where risks are not sufficiently mitigated by controls The audit

Version Control ©David M Griffithswww.internalaudit.biz DateVersionComments 21-Feb-153.2Made consistent with book and spreadsheet

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.