Download presentation
Presentation is loading. Please wait.
Published byPatience Phelps Modified over 9 years ago
1
ALARM SOUTH EAST ALARM South East Conference 2005 Risk Based Auditing:-The 4 th Paradigm Peter O-Mensah (ODPM) Bill Sulman (Heath Lambert)
2
Stages in Audit Development Inspection & Compliance Assurance – Consider – Basis – Audit Unit Financial / Control Based System Based Risk Based Audit / Business Objectives
3
Risk Based Audit Changing Scope of Internal Audit Service i) The Challenges of Corporate Governance ii) Board expectation of Internal Audit is changing iii) Need to create measurable added value iv) IIA reaction : re-defining the role of Internal Audit
4
Models of Risk Based Auditing MACRO LEVEL MICRO LEVEL
5
Macro Level Audit Risk Identification Audit Universe Strategic Audit Plan Operational Audit Plan
6
Main Drivers –Audit Universe Strategic Risk Register Directorate Risk Register HIA Annual Opinion Audit Committee Audit Findings Machinery of Government Change Change in Management Structure Past history
7
Micro Level Business Risk Identification Establish Audit Objective / Scope Identify & record key business objectives Establish congruence of objectives Review risk management process Identify threats to achievement Identify key controls managing the threats
8
Micro Level Evaluate the controls Identify instances of over control/exposure Device appropriate audit risk test Conclusion-report-management action (Report on Management of key risks)
9
Benefits of RBA Simplicity Transparency Effective reporting to Board Directs audit at the high risks areas Organisation buy-in More challenging and interesting to staff Greater value added
10
Problem Areas Understanding the concept Threat to independence and objectivity Hard work Complex delivery Re-training
11
Key Risk Identification Pointers – Questions to ask? What could go wrong? How could we fail? What must go right for us to succeed? Where are we vulnerable? How could operations be disrupted? Are we achieving our objectives?
12
Key Risk Identification Pointers – Questions to ask? What decisions require most judgment? What activities are most complex? What activities are regulated? What is our greatest legal exposure?
13
Risk Identification Exercise Case Study-Local Authority Summary of Mission Statement / Challenges Putting People First Promoting a strong / responsible economy Protecting & promoting our environment Developing learning communities Finance, Asset Management/Human Res. Identify three top key strategic risks for each of the five challenges.
14
Key Challenges for Internal Audit What we do - audit “all business risks” - report on effectiveness - audit what they say and do What we audit - control environment - risk management process - management of key risks
15
Key Changes for Internal Audit How we do it - Audit Universe driven by risk register - Emphasis on RBA - Short audit report - Opinion: traffic light approach How we think - Philosophers - Training needs
16
Key Changes for Internal Audit How we relate to our colleagues - adult to adult - with humility - management know best not auditors Who does it? - specialised skills - mixed skills - joint approach
17
Challenges for the Profession Recognising there is a paradigm shift Understand nature of the shift Taking the lead Be proactive Educate the Board Emphasis on assurance Focus on key risks Agree deliverables with Audit Committee
18
Questions to ask yourself? Do I really use RBA? How good is my relation with the AC? Do I really know what they want? Does my organisation understand how IAS adds value?
19
Reference Material www.hm-treasury.gov.uk ceu.enquiries@hm-treasury.gov.uk HMTreasury Guidance on Risk Based Auditing HMTreasury Corporate governance in central government: code of good practice
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.