Internal Audit, Compliance& Ethics and Risk Management

Section 1) 1.1) Introduction

Overview The project will contain discussion on internal audit, ethics and compliance and

enterprise risk management. Internal audit are activities conducted by an organization for evaluating themselves internally and it is different from external audit. Most of the organizations are having code of ethics and standards or policies that will support that ethical culture and aspects where all the employees should comply with it without failure. Enterprise risk management is broader form of risk management influencing the overall operations of the organization. 1.1.1. Purpose, and Aim

The purpose of the project is to identify what internal audit, ethics and compliance, and enterprise risk management are and to make a discussion about these terms by directly linking them to practical life in the organizational operations. Therefore, the project is aimed to provide good discussion around the various facts of these concepts. Section 2) 2.1) Discussion Findings

Internal Audit Internal audit is a process that involves objective assurance, independent and

consulting activity. It is designed for adding value and improving the operations of an organization. Therefore, it will be helping the organization so that they will be able to accomplish their objectives set by bringing disciplined and systematic approach for evaluating and improving the effectiveness of governance processes, control and risk management. The internal auditors will be evaluating the effectiveness and efficiency of the organizations procedures along with their related internal controls1.

Kowal, & Paribas. (2003). CobiT for Internal Auditors. Retrieved 6 December 2011 from http://www.nysscpa.org/committees/emergingtech/cobit.ppt
1

Page 1 of 6

Internal Audit, Compliance& Ethics and Risk Management

Internal audit is carried out by internal auditors for reporting to the Audit Committee of the Board of Directors and the top management. Some of the areas of internal audit are making sure employees are not making copies of software programs because it is illegal and auditing for fraud. Therefore, every department will be having personnel for conducting audit functions of their departmental activities assuring and checking efficiency and effectiveness 2. IT auditing is involving the evaluation of the computers role such as control objectives achievement and audit objectives achievement. There will be information providing such as means proving information and data will be available, secure, confidential and reliable3. In other words, internal is considered as parallel process incurring before external audit or preparing for external audit. The information for internal audit will be coming from management information systems, production or operations, finance and accounting, research and development, marketing and management4. The personnel conducting internal audit should be certified internal auditor. The major areas of exam will include business management skills, information technology and business analysis, conducting internal audit and its role in control, risk and governance5. Therefore, an internal auditor will be usually company employee for auditing whether organization is complying inline with set standards, policies and procedures6. 2.2)
2

Compliance & Ethics

Strand, Simkin, & Bagranoff. (2005). Information Technology Auditing. Retrieved 6 December 2011 from http://higheredbcs.wiley.com/legacy/college/bagranoff/0470045590/ppt/ch11.ppt Strand, Simkin, & Bagranoff. (2005). Information Technology Auditing. Retrieved 6 December 2011 from http://higheredbcs.wiley.com/legacy/college/bagranoff/0470045590/ppt/ch11.ppt
3

Makaeva. (2004). Internal Scanning: Organizational Analysis. Retrieved 6 December 2011 from http://sbmt.bsu.by/faculty/makaeva%5CmakaevaSMen%5CLectureNotes %5CIntrernal_Scanning_and_Organizational_Analysis.ppt
4

Hurt. (2010). Professional Certifications and Career Planning. Retrieved 6 December 2011 from http://www.philadelphia.edu.jo/courses/AIS/Chap017.ppt
5

Turban, McLean, & Wetherbe. (2000). Managing Information Resources and Security. Retrieved 6 December 2011 from http://people.hofstra.edu/Laura_H_Lally/bcis401/ch15.ppt
6

Page 2 of 6

Internal Audit, Compliance& Ethics and Risk Management

Ethics are set of guiding ideals, standards or beliefs that will be pervading a group or an individual. There is great importance to computer ethics because the people are having certain fears and perceptions towards the use of computer. Most of the organizations have ethics programs, code of ethics, and ethics audit. An ethics program will be consisting of several activities that will provide staff members with directions to carry out the credo of a corporate. Whereby, ethics audit performed are by the internal auditors to evaluate compliance by the staff members. They will be auditing performed activities against code of ethics7. There are some issues of computer ethics such as internal control integrity, unemployment and displacement, equity in access, ownership of property, privacy, computer misuse, artificial intelligence, environmental issues, and security and accuracy8. The two approaches in ethics are integrity-based approach and compliance-based approach9. In order to have effective ethics compliance, the organization should consider the following10: 2.3)
7

Establishing compliance procedures and standards, Assigning top level management, Avoiding delegating responsibility who are not trustworthy, Communicating procedures and standards to all employees, Monitoring and auditing systems for detecting unethical activities, Enforcing ethical standards, and Making adjustments in the process of ethical issues.

Enterprise Risk Management

McLeod, & Schell. (2004). Ethical Implications Of Information Technology. Retrieved 6 December 2011 from http://people.hofstra.edu/Laura_H_Lally/bcis401/ch15.ppt Wheeler, P. (2003). Ethics, Fraud, and Internal Control. Retrieved 6 December 2011 from http://www.swlearning.com/accounting/hall/ais_4e/ppt/ch03.ppt
8

Altman. (2005). Organizational Ethics and the Law. Retrieved 6 December 2011 from http://hercules.gcsu.edu/~dgoings/mktg3172/Chap006.ppt
9

Stanwick, P. (2000). Understanding Business Ethics. Retrieved 6 December 2011 from http://www.auburn.edu/~stanwsd/introtoethics.ppt
10

Page 3 of 6

Internal Audit, Compliance& Ethics and Risk Management

Enterprise risk management (ERM) is consisting of three areas: operational risks, speculative risks and strategic risks. It is much broader concept considering personnel, property or liability loss exposures11. The process of ERM will be flowing and ongoing through an entity and the application will be during strategy setting. The design of ERM will be to identify possible events that might affect the entity so that they will be able to prepare risk management at enterprise level and to provide reasonable assurance. There are six encompassing areas in ERM as shown in figure 1:

Figure 1: ERM Encompassing Areas 12 Section 3) Conclusion

Rejda. (2000). Advanced Topics in Risk Management. Retrieved 6 December 2011 from http://facultad.bayamon.inter.edu/cdehoyos/finanzas/seguros/fin%20601/CAP%204.ppt
11

Mulay, P. (2006). Information Risk Management vis--vis Enterprise Risk Management. Retrieved 6 December 2011 from http://www.assocham.org/events/recent/event_65/Presentation___ERM___20_4_06___Pravi n_Mulay.ppt
12

Page 4 of 6

Internal Audit, Compliance& Ethics and Risk Management

We have discussed about internal audit, compliance and ethics, risk management. All have and plays major functions in the operations of organizations. Therefore, internal audit is helping to accomplish organizational to departmental objectives for bringing improvements. Ethics is important in the business world and it is in the top agenda of businesses to make sure that staff are complying with ethical standards and activities set or initiated. Without an effective ethics compliance program, there is no point for ethics. ERM enables identifying possible events that might affect the business and it will help in managing risks effectively and efficiently.

Page 5 of 6

Internal Audit, Compliance& Ethics and Risk Management

References 1) Kowal, & Paribas. (2003). CobiT for Internal Auditors. Retrieved 6 December 2011 from http://www.nysscpa.org/committees/emergingtech/cobit.ppt 2) Strand, Simkin, & Bagranoff. (2005). Information Technology Auditing. Retrieved 6 December 2011 from http://higheredbcs.wiley.com/legacy/college/bagranoff/0470045590/ppt/ch11.ppt 3) Strand, Simkin, & Bagranoff. (2005). Information Technology Auditing. Retrieved 6 December 2011 from http://higheredbcs.wiley.com/legacy/college/bagranoff/0470045590/ppt/ch11.ppt 4) Makaeva. (2004). Internal Scanning: Organizational Analysis. Retrieved 6 December 2011 from http://sbmt.bsu.by/faculty/makaeva%5CmakaevaSMen%5CLectureNotes %5CIntrernal_Scanning_and_Organizational_Analysis.ppt 5) Hurt. (2010). Professional Certifications and Career Planning. Retrieved 6 December 2011 from http://www.philadelphia.edu.jo/courses/AIS/Chap017.ppt 6) Turban, McLean, & Wetherbe. (2000). Managing Information Resources and Security. Retrieved 6 December 2011 from http://people.hofstra.edu/Laura_H_Lally/bcis401/ch15.ppt 7) McLeod, & Schell. (2004). Ethical Implications Of Information Technology. Retrieved 6 December 2011 from http://people.hofstra.edu/Laura_H_Lally/bcis401/ch15.ppt 8) Wheeler, P. (2003). Ethics, Fraud, and Internal Control. Retrieved 6 December 2011 from http://www.swlearning.com/accounting/hall/ais_4e/ppt/ch03.ppt 9) Altman. (2005). Organizational Ethics and the Law. Retrieved 6 December 2011 from http://hercules.gcsu.edu/~dgoings/mktg3172/Chap006.ppt 10) Stanwick, P. (2000). Understanding Business Ethics. Retrieved 6 December 2011 from http://www.auburn.edu/~stanwsd/introtoethics.ppt 11) Rejda. (2000). Advanced Topics in Risk Management. Retrieved 6 December 2011 from http://facultad.bayamon.inter.edu/cdehoyos/finanzas/seguros/fin%20601/CAP%204.ppt 12) Mulay, P. (2006). Information Risk Management vis--vis Enterprise Risk Management. Retrieved avin_Mulay.ppt 6 December 2011 from http://www.assocham.org/events/recent/event_65/Presentation___ERM___20_4_06___Pr

Page 6 of 6