Documentos de Académico
Documentos de Profesional
Documentos de Cultura
Audit in Risk
Management
Internal Audit
Independent
Objective
Assurance
Consulting Activity
Add Value
Improve Operations
Internal Control
This includes all the policies and
procedures adopted by the
management of an entity to assist in
achieving managements objective:
The orderly and efficient conduct of
business
Adherence to Management objectives
The safeguarding of Assets
Prevention of fraud and error
Accuracy and completeness of
Accounting records
Timely preparation of reliable financial
information
Determine whether the risk management procedures are clearly understood by all
key levels involved in the risk management process
Review corporate policies, board, and audit committee minutes to determine the
organizations business strategies, risk management philosophy and methodology,
appetite for risk, and acceptance of risks.
10
KEY ELEMENTS
OF
RISK
MANAGEMENT
11
Risk Identification
Risks may be due to internal or external factors.
Internal factors may include changes in information systems, controls,
and major projects and programs, employee turnover .etc
External factors may include changes in the political and business
environment and changes in markets and competitive conditions,
social and economic conditions, and technological conditions.
12
13
Risk Assessment
Risks are to be assessed as to their potential severity of
loss and to the probability of occurrence
Qualitative techniques
Quantitative techniques
1)
Questionnaire
1) Probability based
2)
Surveys
2) Back testing
3)
Interviews
3) Sensitivity Analysis
4 Scenario Analysis
14
15
Risk Treatment
a)
risk transfer,
b)
risk avoidance,
c)
d)
risk acceptance
16
17
Risk reporting
18
19
Monitoring
20
21
Checklist
1)
2)
3)
Has the risk management plan been drawn in consistent with the
objectives?
4)
5)
22
external sources
internal sources
7) Does the management select technique that fit its risk management process
and does the entity develop risk identification capabilities
8) Is information gathered pertinent and assimilated in a proper form?
9) Are the risk analysis and evaluation techniques effective?
10) Does the management consider additional risk that might result from a
response selected to treat a risk?
11) In selecting a control technique does management consider how control
activities co-relate?
12) Is the communication activity across the organization adequate?
13) Is the information provided timely, efficient and sufficient?
23
14)
15)
16)
17)
18)
19)
20)
24
25
26
Characteristic
Old Paradigm
New Paradigm
Internal Control
Business Risk
Reactive, after-the-fact,
discontinuous, observers of
strategic planning initiatives
Coactive, real-time,
continuous monitoring,
participants in strategic plans
Risk Assessment
Risk Factors
Scenario Planning
Important Controls
Important Risks
Emphasis on the
Completeness of Detail
Controls Testing
Internal Audit
Recommendations
Internal Control:
Risk Management:
Independent Appraisal
Function
Strengthened
Cost-Benefit
Efficient/Effective
Avoid/Diversify Risk
Share/Transfer Risk
Control/Accept Risk
27
28
29