Presentation is loading. Please wait.

Presentation is loading. Please wait.

Edit Nemeth, Vice Chair of IACOP

Published bySara Short Modified over 5 years ago

Similar presentations

Presentation on theme: "Edit Nemeth, Vice Chair of IACOP"— Presentation transcript:

1 Edit Nemeth, Vice Chair of IACOP
RISK MANAGEMENT Edit Nemeth, Vice Chair of IACOP Vienna, 31st of May, 2017

2 Risk assessment vs. Risk management
Risk assessment is a tool – applied in different business areas SWOT analysis (strengths, weaknesses, opportunities and threats) Risk management is an operational activity of management Internal auditors have to make a risk based strategic and annual audit plan

3 Risk based audit planning vs. Risk management
Who responsible for it? Internal auditors (IA) Management What is the purpose of it? To decide on the focus of internal audit activity To manage risk in order to achieve the objectives What is the result of it? Risk based strategic and annual audit plan Risk inventory, Risk map, Control Self-assessment, Action plan for managing risks What are the steps? A – if there is a reliable risk management in place – IA use the information from it, but still use their on professional judgement B – if there is no risk management – with the involvement of management IA should assess the risks by their own in order to establish their audit plans, but this risk assessment cannot be considered as risk management! Risk identification Risk analysis Risk evaluation Decision on how to manage the identified risk ( Determination of Risk appetite, Control Self-assessment and choosing the applicable strategy for risk mitigation) Action plan Take action to mitigate risks Monitoring of action plan 02/12/2018

4 What we consider as Risk?
Risk: The possibility of an event occurring that will have an impact on the achievement of objectives. Risk is measured in terms of impact and likelihood.​ Risk Management: A process to identify, assess, manage, and control potential events or situations to provide reasonable assurance regarding the achievement of the organization's objectives.​ Inherent Risk: An assessed level of raw or untreated risk; the natural level of risk inherent in a process or activity without doing anything to reduce the likelihood or mitigate the severity of a mishap, or the amount of risk before the application of the risk reduction effects of controls. Residual Risk: The risk remaining after management takes action to reduce the impact and likelihood of an adverse event, including control activities in responding to a risk.​ INHERENT RISK – CONTROL ACTIVITIES = RESIDUAL RISK

5 Has negative impact on objectives
RISK An event Occurs in future Has negative impact on objectives

6 RISK? Can we consider a problem as a risk?
Is it a risk if we are uncertain in something? Is it a risk if we are lack of something?

7 Elevate probability or impact of risks
RISK FACTORS Generate risks Elevate probability or impact of risks Eg. Lack of resources, lack of information

8 Identification of risk
Risk universe (in audit planning – audit universe) No one can assess risk if objectives are not clear! What risks we should identify during risk management? Formulation of risk is essential to have an effective risk management

9 Probability * Impact = Risk value
Evaluation of risk Risk categories Risk factors Risk criteria Probability * Impact = Risk value

10 4 options to manage risk

11 IACOP approach Our objective was to understand risk management and risk based audit planning Our countries just started to implement IA and internal controls that’s why most probably the organisation doesn’t have a proper risk management – so IA need to assess risk to establish audit plans according to IIA standards During the working group meetings we processed a case study – which became also a knowledge product – Moldova and Hungary created a training on RA and RBAP on the basis of this case study We elaborated a Risk assessment in audit planning guide for public sector internal auditors

12 Role of internal auditors in risk management
Internal auditors cannot be involved in decision making, but can help the organisation to understand of risks IIA Standard 2100 – Nature of Work: The internal audit activity must evaluate and contribute to the improvement of the organization’s governance, risk management, and control processes using a systematic, disciplined, and risk-based approach. Internal audit credibility and value are enhanced when auditors are proactive and their evaluations offer new insights and consider future impact. – IA is helping by performing the internal audit activity

13 THANK YOU FOR YOUR KIND ATTENTION!

Download ppt "Edit Nemeth, Vice Chair of IACOP"

Similar presentations

1 of 21 Information Strategy Developing an Information Strategy © FAO 2005 IMARK Investing in Information for Development Information Strategy Developing.

1 of 21 Information Strategy Developing an Information Strategy © FAO 2005 IMARK Investing in Information for Development Information Strategy Developing.
Progress on Risk Assessment......continued Ms. Albana Gjinopulli, MPA Mr. Stanislav Buchkov.

Progress on Risk Assessment......continued Ms. Albana Gjinopulli, MPA Mr. Stanislav Buchkov.
Mindari Session Scoutsafe and Risk Management By RL Brian See

Mindari Session Scoutsafe and Risk Management By RL Brian See
IMFO Audit & Risk Indaba June 2012

IMFO Audit & Risk Indaba June 2012
Learning Objectives LO1 Explain the importance of auditing. LO2 Distinguish auditing from accounting. LO3 Explain the role of auditing in information risk.

Learning Objectives LO1 Explain the importance of auditing. LO2 Distinguish auditing from accounting. LO3 Explain the role of auditing in information risk.
Eliot M. Stenzel, CPA,CIA IIA Instructor for many years. 220-3198 Risk Based Auditing.

Eliot M. Stenzel, CPA,CIA IIA Instructor for many years Risk Based Auditing.
What is Risk Management? Whose responsibility is it in your institution? Mark Weatherley.

What is Risk Management? Whose responsibility is it in your institution? Mark Weatherley.
Auditing A Risk-Based Approach To Conducting A Quality Audit

Auditing A Risk-Based Approach To Conducting A Quality Audit
8 Managing Risk Teaching Strategies

8 Managing Risk Teaching Strategies
Lecture 3 Strategic Planning for IT Projects (Chapter 7)

Lecture 3 Strategic Planning for IT Projects (Chapter 7)
61 What is hazard risk management?. 62 Emergency risk management is “a systematic process that produces a range of measures that contribute to the well.

61 What is hazard risk management?. 62 Emergency risk management is “a systematic process that produces a range of measures that contribute to the well.
Project Risk Management

Project Risk Management
PMI Knowledge Areas Risk Management.

PMI Knowledge Areas Risk Management.
COMMON CHALLENGES AND SOLUTIONS IN ERM IMPLEMENTATION TO IMPROVE MUNICIPAL CLEAN ADMINISTRATION PROCESS. M.J. RAMAKGOLO (CCSA)

COMMON CHALLENGES AND SOLUTIONS IN ERM IMPLEMENTATION TO IMPROVE MUNICIPAL CLEAN ADMINISTRATION PROCESS. M.J. RAMAKGOLO (CCSA)
The role of internal audit in enterprise-wide risk management (ERM)

The role of internal audit in enterprise-wide risk management (ERM)
Risk Management Report to Audit Committee 26 September 2006 Lee Harris Assistant Chief Executive.

Risk Management Report to Audit Committee 26 September 2006 Lee Harris Assistant Chief Executive.
RISK ASSESSMENT 2010/2011 M.J Ramakgolo. THE PURPOSE The aim of the risk assessment session is to develop the Strategic Risk Profile for the municipality.

RISK ASSESSMENT 2010/2011 M.J Ramakgolo. THE PURPOSE The aim of the risk assessment session is to develop the Strategic Risk Profile for the municipality.
Results of Pre-event survey on Risk Assessment Ms. Edit Németh – RA WG – Budva, Montenegro.

Results of Pre-event survey on Risk Assessment Ms. Edit Németh – RA WG – Budva, Montenegro.
IT Risk Management, Planning and Mitigation TCOM 5253 / MSIS 4253

IT Risk Management, Planning and Mitigation TCOM 5253 / MSIS 4253
From risk to planning Making the bridge from risks to audit plans Richard Maggs Astana September 2014.

From risk to planning Making the bridge from risks to audit plans Richard Maggs Astana September 2014.

Similar presentations

Ads by Google