Download presentation
Presentation is loading. Please wait.
Published byCorey Thomas Modified over 9 years ago
1
2 0 0 5 The Connection between Risk Management and Internal Control in Organizations Mag. Norbert Wagner Budapest, 11.4.2008
2
2 Internal Auditing Risk Management Internal Control Connections
3
Budapest, 11.4.2008 3 Internal Auditing Risk Management Internal Control Connections
4
Budapest, 11.4.2008 4 Internal Auditing Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization‘s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes. (The IIA, Definition of Internal Auditing, 2004)
5
Budapest, 11.4.2008 5 The internal audit activity should assist the organization by identifying and evaluating significant exposures to risk and contributing to the improvement of risk management and control systems. (IPPF, Standard 2110) The internal audit activity should monitor and evaluate the effectiveness of the organization's risk management system. (IPPF, Standard 2110 A.1)
6
Budapest, 11.4.2008 6 The internal audit activity should evaluate risk exposures relating to the organization's governance, operations, and information systems regarding the Reliability and integrity of financial and operational information, Effectiveness and efficiency of operations, Safeguarding of assets, Compliance with laws, regulations, and contracts. (IPPF, Standard 2110 A.2)
7
Budapest, 11.4.2008 7 Internal Auditing Risk Management Internal Control Connections
8
Budapest, 11.4.2008 8 Risk Management Enterprise risk management broadly defined as: …a process, effected by an entity’s board of directors, management and other personnel, applied in strategy setting and across the enterprise designed to identify and manage potential events that may affect the entity and to provide reasonable assurance regarding the achievement of entity objectives.
9
Budapest, 11.4.2008 9 Risk time Riskmanagement - Basis Not identified Identified avoid mitigate shift Residual- Risk Risk Identification Risk Analysis Risk Completion Risk Controlling
10
Budapest, 11.4.2008 10 Enterprise Risk Management Internal Environment (ERM philosophy, Risk Culture) Objective setting (Risk appetite, risk tolerance) Risk assessment (Likelihood & Impact, Correlation) Risk response (avoid, reduce, share or accept) Event identification (Risks & opportunities) Control activities (General and application controls) Information and Communication Monitoring (Separate, ongoing evaluations) COSO – Enterprise Risk Management - A Process
11
Budapest, 11.4.2008 11 The Role of Internal Audit regarding RM (1) Internal Environment No direct audit field But ERM philosophy and risk culture essential for IA position Objective Setting Risk appetite and risk tolerance adequate to enterprise objectives and RM methods and actions
12
Budapest, 11.4.2008 12 The Role of Internal Audit regarding RM (2) Event Identification Chances and Risks: Focus on completeness of risk identification Risk Assessment Quality of risk assessment through risk owner Efficiency and effectivity of instruments used for risk assessment
13
Budapest, 11.4.2008 13 The Role of Internal Audit regarding RM (3) Risk Response Regularity and completeness of analysis and assessment of applied risk control activities Control Activities Quality of risk assessment through risk owner Efficiency and effectivity of instruments used for risk assessment
14
Budapest, 11.4.2008 14 The Role of Internal Audit regarding RM (4) Information and Communication Regularity and effectivity of information process Completeness, accountability and understandability of directives Monitoring Regularity, usefulness and efficiency of each monitoring process Efficiency and effectivity of instruments used for risk assessment
15
Budapest, 11.4.2008 15 Internal Auditing Risk Management Internal Control Connections
16
Budapest, 11.4.2008 16 Internal Control Internal control is broadly defined as a process, effected by an entity's board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories: Effectiveness and efficiency of operations, Reliability of financial reporting, Compliance with applicable laws and regulations.
17
Budapest, 11.4.2008 17 Internal Control (IKS = Internes Kontrollsystem) Definition of IIA Austria Internal Control is the entirety of all process orientated monitoring activities of an enterprise. Included are the respective organisational regulations and guidelines of the whole operational Management „top down“ as well as the defined control activities and the monitoring role of the direct process owners, NOT the auditing (by the Internal Audit).
18
Budapest, 11.4.2008 18 Internal Control (IKS) supports and assures: a correct management and accounting compliance with the business policy compliance with the law and other regulations adherence to predetermined objectives the assets of an organization the completeness and credibleness of informations, documentations and processes the efficiency and effectivity of processes, the prevention and detection of failures and irregularities, the transparency and comprehensibility of actions to protect the people involved in the process the safety of people within the organisation and in its environment.
19
Budapest, 11.4.2008 19 Internal Auditing Risk Management Internal Control Connections
20
Budapest, 11.4.2008 20 Risk Management - Internal Control Risk Management is broadly defined as a process, effected by an entity’s board of directors, management and other personnel, applied in strategy setting and across the enterprise designed to identify and manage potential events that may affect the entity and to provide reasonable assurance regarding the achievement of entity objectives. Internal control is broadly defined as a process, effected by an entity's board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories: Effectiveness and efficiency of operations, Reliability of financial reporting, Compliance with applicable laws and regulations.
21
Budapest, 11.4.2008 21 Assurance of Effectivity of RMS Assessment of RM results Generation of RM measures Decision concerning measures Documentation/ Reporting Internal Auditing - Risk Management Risk Identification
22
Budapest, 11.4.2008 22 Safeguarding of company‘s business and assets Risk Management (stretegic) Internal Control operational, process orientated) Risk Policy Early Warning - Red Flags Operational RM Actions Process- Owner Control- Activities Policies, Guidelines Internal Monitoringsystem Internal Auditing Controlling strategicoperational
23
Budapest, 11.4.2008 23 Thank you
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.