SlideShare a Scribd company logo
1 of 15
Download to read offline
1
“Risk Assessment in the ‘Internal Audit’ Department – A practical approach!
Article by M RAJESHWARON
General Manager (Management Audit) - EID Parry
Introduction
Have we, as Internal Auditors, at any point of time stopped for a while and looked at our
‘own’ risk management strategies?
I thought, through this article, I would share some of my thoughts on this subject.
As Internal Auditors, we are expected to play a vital role in the organization in the area of
Risk Management. The focus on this role will depend on the “risk management status” in
the organization. For example, if there exists a structured system of Risk Management in
the organization, then the Internal Auditor takes the role of a continuous reviewer,
providing the management an on-going advice to improve the existing risk management
system. On the other hand, if the organization is in its infant stage of implementing a risk
management system, then he works with the management in providing value addition for a
robust risk management system in the organization. He then becomes a ‘facilitator’ than a
fault finder coming at the end and communicating on the inadequacies. Of course, this role
will be played keeping in mind the ‘independence focus of audit’.
While he projects himself as a ‘facilitator’ or an effective ‘Risk Assessor’, in the
organization, it is very essential that he understands the ‘risks’ in his own Internal Audit
Function and manage them more effectively.
This article dewels on the ground work required for establishing a proper risk management
process in the internal audit department.
The format I have adopted for this article is :
(A)mapping the Internal Audit processes and the inherent risks in them (A Question –
Answer section)
(B) depicting the risk matrix for an Internal Audit department (This matrix is
independent of the details discussed in (a) above)
While writing Section (A), I have kept in mind our Internal Audit Organization (EID
Parry) to facilitate easy flow of thoughts. Since the answers to these questions would
become the basis for developing an actual ‘risk matrix’ for a particular audit department,
it is expected that the Internal Auditors ensure compiling this data relevant to their own
working environment.
Section (A)
2
“Questions & Answers” for clearly understanding the ‘risk scenario’ prevailing in an
Internal Audit Function
1. What are the key objectives of your Internal Audit Department?
(a) Long-term objectives ?
To Provide “World Class Internal Audit Services”
(b) Short-term objectives?
“To play an effective role in the organization as internal consultants, guided by the
philosophy of adding value to improve the operations of all the Business units” and
provide assurance to the management on Risks, Controls & Governance.
(c )Every day objectives?
Properly intertwine work schedule and the above objectives of (a) adding
value to improve the operations of the organization and (b) evaluate on a
continuous basis the internal controls operating in various business
operations of the organisation based on proper risk analysis and also
review the effectiveness of the governing processes.
Assist the line management in translating the agreed recommendations into
results by extending support through collaborative efforts.
Endeavour to continuously assess and improve the quality of people,
process and deliverables to achieve these objectives.”
2. What are the activities that are getting covered under your Internal Audit?
Review Activities
• Assurance
* General Auditing (Audit of non-Technical Operations)
- Issue based assignments /Location specific operational audit assignments
- Compliance Audits (Internal / Statutory)
- Project / CAPEX Audits
- Review of Financial Reporting system
- Specific Functional Area Audits (Insurance, Taxation, Secretarial, Funds
Management etc.)
* Information Systems Auditing & Control evaluation
- ERP related area reviews
- Legacy Systems Reviews
- Information System Division’s Activities reviews
3
• Consulting
* Technical Consulting (Audit of Technical Operations)
- Energy & Fuel Audit (Steam / Power / Renewable Energy / Fossile fuel
‘POL’ (Petrol, Oil & Lubricants) / Motors / Pumps / Compressed air /
Insulation / Water etc)
- ‘SHE’ Audit
- Physical Assets Management / Maintenance Audit (Civil, Mechanical,
Electrical, Instrumentation)
- Production Process Audit (Input / Output, Mass Balance etc.)
* Business Consulting
- Improvements in Business profitability
- Marketing Activity Improvements
- R & D Activity Reviews
- Human Resources effectiveness of processes
Facilitating Activities
• Internal Controls / Corporate Governance Promotion
* Systems / Self Audit Process
- Delegation of Authority Manuals compilation / Facilitation
- Assistance & guidance to Business Units in Divisional system manual
preparation & Self Audit process
* Corporate Governance Support
- Facilitation for putting effective Internal Control system across business
locations
- Need based investigation assignment execution
- Conducting awareness program on Values & Beliefs / Code of Conduct,
Ethics Policies, Fraud policies etc.
- Promoting Good governing process at all levels
* Acting as Central repository of Business Knowledge as acquired through
various Audit Assignments
3. Have Internal Audit procedures been developed, documented, authorized,
implemented, and adequately communicated to all departments?
4
Yes. Ours is an ISO 9001: 2000 Certified Audit Function. We have an approved Apex
Quality / Procedures Manual. Manual shared with all Business Divisions and also
placed on the Intranet Home Page of the Internal Audit Division.
4. What is the process followed for approval of the internal audit plan?
A detailed risk based audit planning exercise is done in consultation with the audit
customers at the year beginning and the key focus areas are determined. The Audit
Plan is reviewed by the CAE (Chief Audit Executive) along with the Audit Customers,
changes and comments are incorporated as per customers’ requirements. The CAE
then finalises an Audit Focus document for the ensuing year and puts up to the Audit
Committee for its formal approval. (For conducting this exercise standard Risk based
Audit Planning software is deployed)
5. How is the system of co-ordination achieved with the other departments ie. Your
audit customers?
Structured involvement of Audit Customers at the,
* Audit Planning stage
* Pre-Audit stage
* Final Audit discussion stage
* Follow up stage
* Audit Committee Discussion stage
6. To what level does the internal audit observation get elevated?
All audit observations will be discussed with Senior Management of the Business and
the Significant audit observations / unresolved issues and areas where the Internal
Auditor feels that the residual risk is high in his opinion will get escalated to the Audit
Committee. Broad materiality parameters used for this purpose.
7. What is the process of follow-up for the observations in internal audit?
All agreed audit recommendations will be converted into ‘Tasks’ which will be
placed on the automated audit process management software system called
“WEBMARS”. WEBMARS will trigger mail messages at various stages as follow-up
reminders for completion of all tasks. Close monitoring of this system will ensure
completion of all tasks in the normal course. The system also generates Task Status
reports for appropriate escalation. A detailed follow-up audit also takes place during
the next cycle of audit to ascertain the status of all pending issues. Periodical Action
Taken Report (ATR) is also solicited from the auditee departments.
8. How does the department ensure completeness of all areas planned?
* The comprehensive audit plan with areas such as Technical, Systems and General
Auditing and the structured Risk area analysis is discussed & agreed by auditees at the
beginning of the year.
5
* Mid Audit Reviews and Audit Process management mechanism help in identifying
gaps in execution.
* Additional resources required are deployed through internal / external skill sourcing
wherever required.
* Periodical internal review meetings ensure a ‘progress chasing’ system.
9. How would you rate the independence of the department? Whom do you report
to?
* Board grants and Management acknowledges to the Internal Audit Function full
and complete access to all records, personnel, physical properties or information of
the organisation deemed necessary in accomplishing its audit activities. This is part
of the Audit Charter approved by the Board.
* Audit staff have no direct responsibility for or any authority over the activities that
they review.
* The CAE reports to the Audit Committee Chairman - functionally and
administratively to the Managing Director of the Company.
* Audit Team is encouraged to report all those issues which in the Internal Audit’s
opinion deserves top Management attention.
The above conditions ensure full independence of the Audit Team.
10. What are the significant reportings that have come up?
* These vary from suggestions for operational improvements to process improvements
to high cost saving potential to escalating a High Risk Area. It also includes reporting
on efficiency improvement in certain functions as well as effective facilitation / co-
ordination among Business Units to achieve synergies.
11. Is there a budget prepared for your department?
Yes, The Financial Budget is made as soon as the Audit Plan for the year is freezed
by the Heads of all the three Audit Functions namely General Audit, Systems Audit
& Technical Audit. This is then cleared by the CAE and put up to Management /
Audit Committee for approval.
12. How is your budget reviewed and monitored? What is the frequency of such
review?
The financial Budget is compared with actuals on a monthly basis and reviewed by the
CAE. This is also reported in the Audit MIS folder.
6
13. What kind of Reports / MIS is generated by the Internal Audit department? What
is the frequency of generation and review of these reports?
MIS reports are prepared on a monthly basis for the three streams of Management
Audit ie. General Audit, Systems Audit and Technical Audit. The contents of these
reports include status of all audit assignments, planned assignments vs actual
assignments taken-up, details of training programmes undertaken and action plan for
implementation of learnings, financial expenditure incurred against budget, Status of
cost savings recommended vs implemented and any other important milestones
crossed by these three streams of Audit in developing / strengthening the audit
processes
14. What key statistics / measures do you use to gauge the performance of your area?
(any comparison with international norms/benchmarks)
* The division has adopted the Professional Practices Frame Work (PPF) issued by
the Institute of Internal Auditors Inc. the only global body promoting the
profession of Internal Auditing.
* The Division is an ISO 9001:2000 certified organization and periodical
Surveillance audits are conducted to ensure compliance with all the quality process
requirements.
* “WEBMARS” (an Audit Process Management Software) depicts the on-going
progress based on which performance against targets are monitored.
* Measurement of Performance (MOP) model adopted for the Department also helps
in evaluating the Division’s performance on a year to year basis. The Internal Audit
Balanced Score card system helps in collecting inputs for this measurement.
* At the end of the year a ‘customer satisfaction’ survey matrix is also prepared (as
part of the ISO Quality System) for taking corrective actions. This also becomes a
basis for evaluation.
(Periodically the above measures are compared with global best practices)
15. What are the significant theoretical risks associated with your area of operation?
* Risk of inadequate audit coverage
* Risk of not identifying the right areas for audit
* Risks of audit completion delays
* Risks of deploying incompetent audit teams conducting audits
* Risks of gaps in the knowledge / skills possessed by Team Members
* Risks of not being able to balance between conflicting customer requirements
* Risks of not using appropriate IT Audit Tools
* Risks of not having a structured Audit Systems / Processes
* Risks of not accepting a challenging assignment when offered
* Risks of not meeting Standards, SEBI guidelines, Audit Committee requirements
7
* Risk of not studying / adopting to the Corporate culture / Organisation Dynamics
* Risks of not knowing the ‘best practices’ in Internal Audit
* Risks of not getting adequate ‘resources’ for audit
* Risk of not ‘innovating’!
16. How would you classify these risks into the following categories?
People?
Eg:
* Risks of deploying incompetent audit teams conducting audits
* Risks of gaps in the knowledge / skill possessed by Team Members
Processes?
Eg:
* Risks of audit completion delays
* Risks of balancing between conflicting customer requirements
* Risks of not using appropriate IT Audit Tools to capture relevant data for forming
an audit opinion
Systems?
Eg:
* Risks of not understanding Business Systems / Controls
* Not having a structured Audit Systems / Processes
Competition?
Eg:
* Risks of not accepting a ‘challenging assignment’ when requested.
* Risks of not keeping abreast of development in Internal Audit Profession.
Regulation?
Eg:
* Risks of not evaluating compliance with Standards, SEBI guidelines, Audit Committee
requirements
Corporate Culture?
Eg:
* Risk of not studying, understanding & adopting to the Corporate culture, Code of
conduct, Ethics Policy etc.
17. What would be the impact of these risks and the likelihood of the risk occurrence?
Eg:
8
Impact : Could be severe in the case of Audit knowledge / skill level related risks as this
will directly affect the Audit deliverables.
Likelihood : risk happening will be certainif no proper care is taken at the recruitment, on
the job moitoring and year end performance stages.
18. What do you consider to be the key controls over these risks? [Issues discussed in
(17) above]
People?
* Adopting the Audit Skill Matrix at entry level, middle level & at Senior
levels
* Structured Training – Cognitive / Behavioural skills
* Continuing Professional Education for Team Members
* Team Members exposure to leading Professional organisations for
knowledge updation / Best Practices sharing
Processes?
* Dynamic Audit Processes with adequate process controls built in.
* ISO 9001 :2000 requirement compliance & periodical external audits
* Professional Practices Adoption / Monitoring
* Proper assessment of ‘Customer requirements’ and need based focus on
varied expectations.
* Customer Feedback system / corrective action monitoring
Systems?
* Proper updation of ‘Business Knowledge’ by all Team Members
* Comprehensiveness of Audit Plans & Timely Execution
* Guest Audit Pool expertise for specialized areas (in-company experts
team)
Competition?
* Readiness to face new audit requirements / continuous skill updation.
* On-going enhancement of Audit Activities in different areas
Regulation?
* Appropriate training to Audit staff, organizing internal seminars on
topical subjects.
* Close co-ordination with Corporate Secretarial, Legal & Taxation
Services
9
Corporate Culture?
* Internal Team discussions on Corporate culture, understanding the
Organization’s Values & Beliefs.
19. How would you rate the effectiveness of the key controls in your organisation?
1. Excellent 2. Very Good 3. Good 4. Fair 5. Poor
2. Very Good
20. How do you identify, evaluate, and monitor / control these risks?
Meetings?
* Monthly MIS Review Meetings
* Quarterly Management Review Meetings
* Audit Committee Meetings
* Audit Customer Feedback during periodical Meetings / Presentations
Quantitative/Qualitative Analysis?
* Customer Feed Back Index (Quantified)
* Quantification of Audit Benefits
* Skill Matrix for Team Members
* Audit Performance Measurement Format
* Audit Plan vs Actual Execution statistics
Internal Reports?
* Monthly MIS Reports
* Annual consolidation reports
* Training Programme / Action Taken Reports schedules
* Planning Documents
* WEBMARS – Status Reports on various Audits
* Team Member Performance Appraisal Reports
External Information?
* IIA Inc. (Institute of Internal Auditors) guidelines
* Best Practices from Research work done by Professional Organisations
* Experience Sharing Workshops
* Study Reports on the Profession
* World ‘CAE’ Forum – (‘CAE’ is a member of this forum)
* ISO Quality Auditor - Reports
21. What recent or planned changes are there in your area of responsibility?
10
* Audit Customer base enlarged.
* Additional responsibility of providing support to Group Companies.
* ‘WEBMARS’ – the internally developed software application is going to be
marketed by the Division to outside Professionals / Companies
* Technical Audit stream got the approval for conducting mandatory Energy Audits
for HT Industries - A revenue model emerging.
22. What issues result from:
Complexity or size of the operation?
* Requirement for more number auditors with special area skills
* Time management in preparing for and attending Audit Committee
Meetings on a quarterly basis
* On-going updation of status on Audit issues
* Comprehensive coverage of all locations
Communication of information between business functions /
operational units?
* Parallel Communication with different layers of management across
geographically dispersed units in terms of key audit issues on a timely basis
has impact on timely reporting, accuracy, correct status etc.
23. Is the current “Delegation of powers” adequate or commensurate with the
Division’s objectives?
* Yes – Independence & Objectivity of the function facilitated through adequate and
defined Responsibilities / Authority - Audit Charter & Structured Reporting lines
24. Are you comfortable with the current level of computerization and the adequacy
of hardware and software in the performance of your function?
Yes – All the Team Members have computers - “CAATS” softwares effectively used
by Team Members.
25. Are you using any application tool in the performance of the function?
Yes – Internally developed Audit Process Management Tool (WEBMARS), Risk
Ranking Tools, Control Evaluation Tools and Transaction Analysis Tools are
deployed.
26. Is there an Ethics or Business Conduct policy? What is your understanding of the
Company's Ethics Policy and Code of Conduct?
11
* Individual & Business Ethics well understood by all Team Members. Regular internal
discussions take place on this subject. IIA’s / ICAI’s Code of conduct & Company’s
Values & Beliefs statements, Policies etc. are read and understood by all.
27. Do you know how to voice ethical concerns? Do you feel comfortable voicing
ethical concerns?
* Yes – The ‘Whistle Blower’ Policy (CARO) when fully implemented will provide the
methodology, protection and a structured process for all whistle blowers. Audit
supports this initiative in taking up, investigating complaints in a logical manner
through appropriate audit methodology.
28. Has any concern on ethical issues been raised over the past two years and how has
the same been addressed?
* No such instances
29. What, in your view, are the strengths and weaknesses of the Ethics Policy and
Code of Conduct?
Strengths
* Positive outlook
* Professionalism
* Transparency
Weaknesses
* May be looked at as a threat by the reporting employee
* May have impact on the ‘Trust’ aspect
* All ‘People’ may not understand / perceive the implications of this policy effectively.
30. How do you monitor implementation of changes, if any, to Management policies
and procedures?
Changes in the management policies and procedures are communicated to Audit
Division and a compliance review is under taken for evaluating the effectiveness of
implementation of all changes
31. Do you have all the resources you need to effectively perform your job – in terms
of manpower, infrastructure and support facilities?
Yes, We have.
32. Do you outsource a part of your activity? What is the process followed in the
selection and approval of such source?
12
Yes, part of our activity is co-sourced. In order to identify the right source, first the
requirements are analyzed for various types of audits planned for the year.
Then from the data bank available with the Division, the outside service providers are
evaluated and selected to match with the above requirements. (The outside service
providers data kept updated in the Division on a continuous basis during the year,
before engaging them for assignment). There is a structured evaluation process to
decide the appropriateness of the co-sourced agency.
There is also a continuous monitoring mechanism and an year end evaluation system
for such outsourced services.
(The above system is a subject of ISO Quality Audits under supplier evaluation)
33. How do you find the morale in your area? What do you attribute this to?
* Independence & objectivity for Auditors have to come from within first
* Honesty and characters are very important
* Both at entry level as well as during the tenure - effective assessment is done and
feedback given to all Team Members
* An on-going performance appraisal also facilitates this.
* Due to the challenging work environment & empowered situation, the ‘morale’ is high
in the Division
34. What training, formal or informal, is offered to employees who report to you? Do
you participate?
* Structured Training Plan (External as well as Internal) exists. Formal Feedback sheets
prepared by Team Members and this helps in monitoring. Skills are divided into two
categories for training purposes
i. Cognitive skills and
ii. Behavioral skills.
Wither support from Corporate HR the programs are conducted.
35. What metrics do you use to evaluate your staff who report to you?
(1) Key Result Areas and Personal Objectives identification for all the Team Members
at the year beginning. Continuous assessment of this with the help of Corporate
Personnel and year end rating.
(2) Number of Training Programs attended in the areas identified for further
development.
(3) On-going Feedback by CAE / Actions Plan by Team Members
13
(4) Training Activity based on the earlier year’s appraisal document for all team
members
(5) Continuous bench marking with Brikket etel. 1999A study on ‘Skills required for
Internal Auditors (entry level, middle level & senior level) a document released by
IIA, USA.
(6) Team members are encouraged on the ‘self learning’ process by motivating to
pursue professional courses in their respective work areas.
(7) Team members participate in Professional Workshops / Seminars / Conferences as
participants as well as faculty. Technical skill development programs are identified
by CAE whereas the Behavioral related skill develop is done by the Corporate
Personnel.
(8) Periodical administration of personal quality / skill testing methodology with the
help of corporate personnel and evaluation of the same.
36. Who evaluates your performance and what are the key components?
* Self Appraisals completed by the individual & submitted to the Initiating
Officer (immediate boss) and then it goes to the Reviewing officer.(Boss’s
Boss)
* Functional Reporting officer’s form will directly go to the Reviewing Officer
(Officer who had interacted more during the year with the Executive)
* Reviewing Officer will finally approve the ratings and forward to Corporate
Personnel.
* PARC (Performance Appraisal Review Committee) will meet during June
every year and finally approve the ratings for the Executive.
* Periodical – 3600
feed back and other HR evaluation methodologies are
undertaken to measure soft skills.
On Data Collection:
The Questions with sample answers given above are only illustrative. Each Internal
Audit Department could attempt to ask similar questions and provide answers pertinent
to their work environment. This will become the basis for developing a risk
assessment model for the Division.
The purpose of a very detailed information as above is to identify all the risk elements
and list them down activitywise. After analyzing the answers to the questions as above
the key risk areas should be identified and listed. Then a risk matrix as shown below
could be prepared to understand the high, medium, & low risk areas.
14
Section (B)
A Sample Risk Matrix (Independent of the environment described in the foregoing
Question & Answer session)
The above boxes can then be classified into 1,2,3 categories denoting High,
Medium & Low risk areas.
Way Forward :
Once risks are classified as above, the control mechanism in operation in the Division
to address them need to be plotted against each such risk area. This would then lead to
a list of risk mitigation actions.
Catastrophic
*Gaps in Audit
Technology
Major
* Risks connected
with not
understanding the
customers'
expectations
*High dependency
on external
resources
Moderate
* Inadequate
Resource
Allocation
* Skill sets of Audit Team
Members
Minor
Insignificant
Rare Unlikely Moderate Likely Almost Certain
SIGNIFICANCE
"Risk Exposure Matrix"
3 2 1
* Balancing between
Assurance Audits & value
added audits
15
The actions would focus on bridging the gaps in the above selected areas.
This exercise needs to be repeated every year so that the trend could be captured and
continuous corrective actions / improvements take place in the Internal Audit
Department. Like any other system this also needs to be audited by a ‘third party’ at
periodical intervals.
This structured methodology in the ‘Internal Audit Department’ will thus effectively
demonstrate that the Internal Audit Team practices what it preaches to all its Audit
Customers.
------

More Related Content

What's hot

Internal_Audit_Competency_Framework
Internal_Audit_Competency_FrameworkInternal_Audit_Competency_Framework
Internal_Audit_Competency_FrameworkMuhamad Sugian Nor
 
Basic Internal Auditing Presentation
Basic Internal Auditing PresentationBasic Internal Auditing Presentation
Basic Internal Auditing PresentationVernon Benjamin
 
Internal audit procedure
Internal audit procedureInternal audit procedure
Internal audit procedurebhavikjariwala
 
Practical approach to Risk Based Internal Audit
Practical approach to Risk Based Internal AuditPractical approach to Risk Based Internal Audit
Practical approach to Risk Based Internal AuditManoj Agarwal
 
Internal Audit Plan 2015
Internal Audit Plan 2015Internal Audit Plan 2015
Internal Audit Plan 2015Mohammad Kashif
 
Key considerations for your internal audit plan
Key considerations for your internal audit planKey considerations for your internal audit plan
Key considerations for your internal audit planessbaih
 
Role and responsibility of Internal Audit under new Companies Act 2013
Role and responsibility of Internal Audit under new Companies Act 2013Role and responsibility of Internal Audit under new Companies Act 2013
Role and responsibility of Internal Audit under new Companies Act 2013Manoj Agarwal
 
Internal Audit Report Writing Best Practice
Internal Audit Report Writing Best PracticeInternal Audit Report Writing Best Practice
Internal Audit Report Writing Best PracticeDJones68
 
Internal Controls
Internal ControlsInternal Controls
Internal Controlsmscuttle
 
Risk Assessment For Internal Auditors
Risk Assessment For Internal AuditorsRisk Assessment For Internal Auditors
Risk Assessment For Internal Auditorsminkhollow
 
Basic internal auditing
Basic internal auditingBasic internal auditing
Basic internal auditingKhalid Aziz
 
Audit report writing 5
Audit report writing 5Audit report writing 5
Audit report writing 5DJones68
 

What's hot (20)

Internal_Audit_Competency_Framework
Internal_Audit_Competency_FrameworkInternal_Audit_Competency_Framework
Internal_Audit_Competency_Framework
 
Basic Internal Auditing Presentation
Basic Internal Auditing PresentationBasic Internal Auditing Presentation
Basic Internal Auditing Presentation
 
Internal audit procedure
Internal audit procedureInternal audit procedure
Internal audit procedure
 
Presentation on Audit Findings
Presentation on Audit FindingsPresentation on Audit Findings
Presentation on Audit Findings
 
Practical approach to Risk Based Internal Audit
Practical approach to Risk Based Internal AuditPractical approach to Risk Based Internal Audit
Practical approach to Risk Based Internal Audit
 
Internal Audit Plan 2015
Internal Audit Plan 2015Internal Audit Plan 2015
Internal Audit Plan 2015
 
Key considerations for your internal audit plan
Key considerations for your internal audit planKey considerations for your internal audit plan
Key considerations for your internal audit plan
 
Role and responsibility of Internal Audit under new Companies Act 2013
Role and responsibility of Internal Audit under new Companies Act 2013Role and responsibility of Internal Audit under new Companies Act 2013
Role and responsibility of Internal Audit under new Companies Act 2013
 
Internal Audit Report Writing Best Practice
Internal Audit Report Writing Best PracticeInternal Audit Report Writing Best Practice
Internal Audit Report Writing Best Practice
 
Internal Controls
Internal ControlsInternal Controls
Internal Controls
 
Internal Auditor Roles
Internal Auditor RolesInternal Auditor Roles
Internal Auditor Roles
 
Risk Assessment For Internal Auditors
Risk Assessment For Internal AuditorsRisk Assessment For Internal Auditors
Risk Assessment For Internal Auditors
 
Basic internal auditing
Basic internal auditingBasic internal auditing
Basic internal auditing
 
Operational audit
Operational auditOperational audit
Operational audit
 
Internal controls
Internal controlsInternal controls
Internal controls
 
Internal Audit
Internal AuditInternal Audit
Internal Audit
 
Audit report writing 5
Audit report writing 5Audit report writing 5
Audit report writing 5
 
The Internal Audit Framework
The Internal Audit FrameworkThe Internal Audit Framework
The Internal Audit Framework
 
Internal audit
Internal auditInternal audit
Internal audit
 
Internal audit ppt
Internal audit pptInternal audit ppt
Internal audit ppt
 

Viewers also liked

11. materiality and audit risk
11. materiality and audit risk11. materiality and audit risk
11. materiality and audit riskSyed Osama Rizvi
 
Audit Risk and Fraud
Audit Risk and FraudAudit Risk and Fraud
Audit Risk and FraudDwi Wahyu
 
Analytical procedures presentation
Analytical procedures presentationAnalytical procedures presentation
Analytical procedures presentationDarryl Woolley
 
DPA 3043(AUDITING)-CHAPTER 6:Materiality and Risk
DPA 3043(AUDITING)-CHAPTER 6:Materiality and RiskDPA 3043(AUDITING)-CHAPTER 6:Materiality and Risk
DPA 3043(AUDITING)-CHAPTER 6:Materiality and Risknorliza muhamad
 
Audit planning and risk assessment
Audit planning and risk assessmentAudit planning and risk assessment
Audit planning and risk assessmentcasahiljain1992
 
Audit planning and analytical procedures (jzanzig auditing ch 7 lecture)
Audit planning and analytical procedures (jzanzig auditing ch 7 lecture)Audit planning and analytical procedures (jzanzig auditing ch 7 lecture)
Audit planning and analytical procedures (jzanzig auditing ch 7 lecture)bagarza
 
ANALYTICAL METHOD VALIDATION BY P.RAVISANKAR
ANALYTICAL METHOD VALIDATION BY P.RAVISANKAR ANALYTICAL METHOD VALIDATION BY P.RAVISANKAR
ANALYTICAL METHOD VALIDATION BY P.RAVISANKAR Dr. Ravi Sankar
 
Internal Control & Risk
Internal Control & RiskInternal Control & Risk
Internal Control & RiskEzat Dandashi
 
DECISION MAKING POWERPOINT
DECISION MAKING POWERPOINT DECISION MAKING POWERPOINT
DECISION MAKING POWERPOINT Andrew Schwartz
 

Viewers also liked (17)

11. materiality and audit risk
11. materiality and audit risk11. materiality and audit risk
11. materiality and audit risk
 
Presentation 13, Analytical Procedures, Workshop on System-based auditing, Ti...
Presentation 13, Analytical Procedures, Workshop on System-based auditing, Ti...Presentation 13, Analytical Procedures, Workshop on System-based auditing, Ti...
Presentation 13, Analytical Procedures, Workshop on System-based auditing, Ti...
 
Audit Risk and Fraud
Audit Risk and FraudAudit Risk and Fraud
Audit Risk and Fraud
 
Audit risk model
Audit risk modelAudit risk model
Audit risk model
 
Audit Fraud & error p7
Audit Fraud & error p7Audit Fraud & error p7
Audit Fraud & error p7
 
Materiality
MaterialityMateriality
Materiality
 
Audit process
Audit processAudit process
Audit process
 
Analytical procedures presentation
Analytical procedures presentationAnalytical procedures presentation
Analytical procedures presentation
 
DPA 3043(AUDITING)-CHAPTER 6:Materiality and Risk
DPA 3043(AUDITING)-CHAPTER 6:Materiality and RiskDPA 3043(AUDITING)-CHAPTER 6:Materiality and Risk
DPA 3043(AUDITING)-CHAPTER 6:Materiality and Risk
 
Audit procedures
Audit proceduresAudit procedures
Audit procedures
 
Audit.planning
Audit.planningAudit.planning
Audit.planning
 
Audit planning and risk assessment
Audit planning and risk assessmentAudit planning and risk assessment
Audit planning and risk assessment
 
Audit planning and analytical procedures (jzanzig auditing ch 7 lecture)
Audit planning and analytical procedures (jzanzig auditing ch 7 lecture)Audit planning and analytical procedures (jzanzig auditing ch 7 lecture)
Audit planning and analytical procedures (jzanzig auditing ch 7 lecture)
 
ANALYTICAL METHOD VALIDATION BY P.RAVISANKAR
ANALYTICAL METHOD VALIDATION BY P.RAVISANKAR ANALYTICAL METHOD VALIDATION BY P.RAVISANKAR
ANALYTICAL METHOD VALIDATION BY P.RAVISANKAR
 
Internal Control & Risk
Internal Control & RiskInternal Control & Risk
Internal Control & Risk
 
Decision making
Decision makingDecision making
Decision making
 
DECISION MAKING POWERPOINT
DECISION MAKING POWERPOINT DECISION MAKING POWERPOINT
DECISION MAKING POWERPOINT
 

Similar to For model i 4a - 11 - risk assessment in the internal audit department

Internal auditing for “one & all” (second edition)
Internal auditing for “one & all” (second edition)Internal auditing for “one & all” (second edition)
Internal auditing for “one & all” (second edition)Mohammad Wahid Abdullah Khan
 
Companies Frequently Conduct Internal Audits Of Their...
Companies Frequently Conduct Internal Audits Of Their...Companies Frequently Conduct Internal Audits Of Their...
Companies Frequently Conduct Internal Audits Of Their...Jennifer Mower
 
Internal control.. control env
Internal control.. control envInternal control.. control env
Internal control.. control envPhillys Sebastiane
 
Ppt on risk based internal audit
Ppt on risk based internal auditPpt on risk based internal audit
Ppt on risk based internal auditAmitaMistry2
 
For model i balanced score card with parameters defined
For model i   balanced score card with parameters definedFor model i   balanced score card with parameters defined
For model i balanced score card with parameters definedRajeswaran Muthu Venkatachalam
 
SEATA by TOMMY SEAH
SEATA by TOMMY SEAHSEATA by TOMMY SEAH
SEATA by TOMMY SEAHTommy Seah
 
Process Level Auditing Presentation
Process Level Auditing   PresentationProcess Level Auditing   Presentation
Process Level Auditing PresentationVernon Benjamin
 
Measuring the impact of Internal Audit
Measuring the impact of Internal Audit Measuring the impact of Internal Audit
Measuring the impact of Internal Audit Huzeifa Unwala
 
The Audit Report And Internal Control E
The Audit Report And Internal Control EThe Audit Report And Internal Control E
The Audit Report And Internal Control EJennifer Thomas
 
Brief overview on Internal control (Audit)
Brief overview on Internal control (Audit)Brief overview on Internal control (Audit)
Brief overview on Internal control (Audit)Hisyam
 
PAWS - Pentana Audit Work System software
PAWS - Pentana Audit Work System softwarePAWS - Pentana Audit Work System software
PAWS - Pentana Audit Work System softwareMantala
 
Role Of Internal Audit On The Organization Outside The...
Role Of Internal Audit On The Organization Outside The...Role Of Internal Audit On The Organization Outside The...
Role Of Internal Audit On The Organization Outside The...Patty Buckley
 
COSO Deep Dive - Using BlackLine to Manage Your COSO Framework
COSO Deep Dive - Using BlackLine to Manage Your COSO FrameworkCOSO Deep Dive - Using BlackLine to Manage Your COSO Framework
COSO Deep Dive - Using BlackLine to Manage Your COSO FrameworkBlackLine
 
Auditing.docx
Auditing.docxAuditing.docx
Auditing.docxJoelEdau1
 

Similar to For model i 4a - 11 - risk assessment in the internal audit department (20)

Internal auditing for “one & all” (second edition)
Internal auditing for “one & all” (second edition)Internal auditing for “one & all” (second edition)
Internal auditing for “one & all” (second edition)
 
Companies Frequently Conduct Internal Audits Of Their...
Companies Frequently Conduct Internal Audits Of Their...Companies Frequently Conduct Internal Audits Of Their...
Companies Frequently Conduct Internal Audits Of Their...
 
Audit Report Model and Sample
Audit Report Model and SampleAudit Report Model and Sample
Audit Report Model and Sample
 
Internal control.. control env
Internal control.. control envInternal control.. control env
Internal control.. control env
 
Ppt on risk based internal audit
Ppt on risk based internal auditPpt on risk based internal audit
Ppt on risk based internal audit
 
For model i balanced score card with parameters defined
For model i   balanced score card with parameters definedFor model i   balanced score card with parameters defined
For model i balanced score card with parameters defined
 
SEATA by TOMMY SEAH
SEATA by TOMMY SEAHSEATA by TOMMY SEAH
SEATA by TOMMY SEAH
 
06304021
0630402106304021
06304021
 
Process Level Auditing Presentation
Process Level Auditing   PresentationProcess Level Auditing   Presentation
Process Level Auditing Presentation
 
Fice Of Internal Audit
Fice Of Internal AuditFice Of Internal Audit
Fice Of Internal Audit
 
Measuring the impact of Internal Audit
Measuring the impact of Internal Audit Measuring the impact of Internal Audit
Measuring the impact of Internal Audit
 
The Audit Report And Internal Control E
The Audit Report And Internal Control EThe Audit Report And Internal Control E
The Audit Report And Internal Control E
 
Brief overview on Internal control (Audit)
Brief overview on Internal control (Audit)Brief overview on Internal control (Audit)
Brief overview on Internal control (Audit)
 
Presentation_20110802213554
Presentation_20110802213554Presentation_20110802213554
Presentation_20110802213554
 
Internal Audit Reporting
Internal Audit ReportingInternal Audit Reporting
Internal Audit Reporting
 
PAWS - Pentana Audit Work System software
PAWS - Pentana Audit Work System softwarePAWS - Pentana Audit Work System software
PAWS - Pentana Audit Work System software
 
Role Of Internal Audit On The Organization Outside The...
Role Of Internal Audit On The Organization Outside The...Role Of Internal Audit On The Organization Outside The...
Role Of Internal Audit On The Organization Outside The...
 
COSO Deep Dive - Using BlackLine to Manage Your COSO Framework
COSO Deep Dive - Using BlackLine to Manage Your COSO FrameworkCOSO Deep Dive - Using BlackLine to Manage Your COSO Framework
COSO Deep Dive - Using BlackLine to Manage Your COSO Framework
 
Auditing.docx
Auditing.docxAuditing.docx
Auditing.docx
 
SFC Plan of engagement
SFC Plan of engagementSFC Plan of engagement
SFC Plan of engagement
 

More from Rajeswaran Muthu Venkatachalam

technical audit in murugappa group - toward converting the audit from cost ...
 technical audit in murugappa group - toward converting the audit from  cost ... technical audit in murugappa group - toward converting the audit from  cost ...
technical audit in murugappa group - toward converting the audit from cost ...Rajeswaran Muthu Venkatachalam
 

More from Rajeswaran Muthu Venkatachalam (20)

Skills required for internal auditors a matrix
Skills required for internal auditors a matrix Skills required for internal auditors a matrix
Skills required for internal auditors a matrix
 
Skills required for internal auditors a matrix
Skills required for internal auditors a matrix Skills required for internal auditors a matrix
Skills required for internal auditors a matrix
 
3a 10 - managing outsourced audit activities
3a   10 - managing outsourced audit activities3a   10 - managing outsourced audit activities
3a 10 - managing outsourced audit activities
 
Z 3h 2 - application of ppf in practice
Z 3h   2 - application of ppf in practiceZ 3h   2 - application of ppf in practice
Z 3h 2 - application of ppf in practice
 
Z 3f 2 - iso 9002 -1994 certification
Z 3f   2 - iso 9002 -1994 certificationZ 3f   2 - iso 9002 -1994 certification
Z 3f 2 - iso 9002 -1994 certification
 
Z 3d 1 - auditor-auditee partnership
Z 3d   1 - auditor-auditee partnershipZ 3d   1 - auditor-auditee partnership
Z 3d 1 - auditor-auditee partnership
 
Z 3f 3 - the quality principles
Z 3f   3 - the quality principlesZ 3f   3 - the quality principles
Z 3f 3 - the quality principles
 
Z 3d 2 - quality auditors-skills-attributes
Z 3d   2 - quality auditors-skills-attributesZ 3d   2 - quality auditors-skills-attributes
Z 3d 2 - quality auditors-skills-attributes
 
technical audit in murugappa group - toward converting the audit from cost ...
 technical audit in murugappa group - toward converting the audit from  cost ... technical audit in murugappa group - toward converting the audit from  cost ...
technical audit in murugappa group - toward converting the audit from cost ...
 
EID PARRY (INDIA ) LTD - internal audit team
EID PARRY (INDIA ) LTD - internal audit teamEID PARRY (INDIA ) LTD - internal audit team
EID PARRY (INDIA ) LTD - internal audit team
 
Human values tamilversion
Human values tamilversionHuman values tamilversion
Human values tamilversion
 
Universal manager
Universal manager Universal manager
Universal manager
 
Webmars Presentation Ver2
Webmars Presentation Ver2Webmars Presentation Ver2
Webmars Presentation Ver2
 
Webmars Presentation Ver1
Webmars Presentation Ver1Webmars Presentation Ver1
Webmars Presentation Ver1
 
Copy Of Human Values Tamil Version (1)
Copy Of Human Values Tamil Version (1)Copy Of Human Values Tamil Version (1)
Copy Of Human Values Tamil Version (1)
 
3a 12 Successful Empowerment
3a   12   Successful Empowerment3a   12   Successful Empowerment
3a 12 Successful Empowerment
 
3a 9 Working With Audit Committees
3a   9  Working With Audit Committees3a   9  Working With Audit Committees
3a 9 Working With Audit Committees
 
Evaluating It Investments
Evaluating It InvestmentsEvaluating It Investments
Evaluating It Investments
 
3c 2 Information Systems Audit
3c   2   Information Systems Audit3c   2   Information Systems Audit
3c 2 Information Systems Audit
 
3g 2 Audit Administration Software Webmars Features
3g   2   Audit Administration Software Webmars   Features3g   2   Audit Administration Software Webmars   Features
3g 2 Audit Administration Software Webmars Features
 

Recently uploaded

Live-Streaming in the Music Industry Webinar
Live-Streaming in the Music Industry WebinarLive-Streaming in the Music Industry Webinar
Live-Streaming in the Music Industry WebinarNathanielSchmuck
 
HELENE HECKROTTE'S PROFESSIONAL PORTFOLIO.pptx
HELENE HECKROTTE'S PROFESSIONAL PORTFOLIO.pptxHELENE HECKROTTE'S PROFESSIONAL PORTFOLIO.pptx
HELENE HECKROTTE'S PROFESSIONAL PORTFOLIO.pptxHelene Heckrotte
 
Project Brief & Information Architecture Report
Project Brief & Information Architecture ReportProject Brief & Information Architecture Report
Project Brief & Information Architecture Reportamberjiles31
 
BCE24 | Virtual Brand Ambassadors: Making Brands Personal - John Meulemans
BCE24 | Virtual Brand Ambassadors: Making Brands Personal - John MeulemansBCE24 | Virtual Brand Ambassadors: Making Brands Personal - John Meulemans
BCE24 | Virtual Brand Ambassadors: Making Brands Personal - John MeulemansBBPMedia1
 
NewBase 25 March 2024 Energy News issue - 1710 by Khaled Al Awadi_compress...
NewBase  25 March  2024  Energy News issue - 1710 by Khaled Al Awadi_compress...NewBase  25 March  2024  Energy News issue - 1710 by Khaled Al Awadi_compress...
NewBase 25 March 2024 Energy News issue - 1710 by Khaled Al Awadi_compress...Khaled Al Awadi
 
Intellectual Property Licensing Examples
Intellectual Property Licensing ExamplesIntellectual Property Licensing Examples
Intellectual Property Licensing Examplesamberjiles31
 
PDT 89 - $1.4M - Seed - Plantee Innovations.pdf
PDT 89 - $1.4M - Seed - Plantee Innovations.pdfPDT 89 - $1.4M - Seed - Plantee Innovations.pdf
PDT 89 - $1.4M - Seed - Plantee Innovations.pdfHajeJanKamps
 
MoneyBridge Pitch Deck - Investor Presentation
MoneyBridge Pitch Deck - Investor PresentationMoneyBridge Pitch Deck - Investor Presentation
MoneyBridge Pitch Deck - Investor Presentationbaron83
 
AMAZON SELLER VIRTUAL ASSISTANT PRODUCT RESEARCH .pdf
AMAZON SELLER VIRTUAL ASSISTANT PRODUCT RESEARCH .pdfAMAZON SELLER VIRTUAL ASSISTANT PRODUCT RESEARCH .pdf
AMAZON SELLER VIRTUAL ASSISTANT PRODUCT RESEARCH .pdfJohnCarloValencia4
 
Team B Mind Map for Organizational Chg..
Team B Mind Map for Organizational Chg..Team B Mind Map for Organizational Chg..
Team B Mind Map for Organizational Chg..dlewis191
 
Boat Trailers Market PPT: Growth, Outlook, Demand, Keyplayer Analysis and Opp...
Boat Trailers Market PPT: Growth, Outlook, Demand, Keyplayer Analysis and Opp...Boat Trailers Market PPT: Growth, Outlook, Demand, Keyplayer Analysis and Opp...
Boat Trailers Market PPT: Growth, Outlook, Demand, Keyplayer Analysis and Opp...IMARC Group
 
Upgrade Your Banking Experience with Advanced Core Banking Applications
Upgrade Your Banking Experience with Advanced Core Banking ApplicationsUpgrade Your Banking Experience with Advanced Core Banking Applications
Upgrade Your Banking Experience with Advanced Core Banking ApplicationsIntellect Design Arena Ltd
 
Cracking the ‘Business Process Outsourcing’ Code Main.pptx
Cracking the ‘Business Process Outsourcing’ Code Main.pptxCracking the ‘Business Process Outsourcing’ Code Main.pptx
Cracking the ‘Business Process Outsourcing’ Code Main.pptxWorkforce Group
 
Borderless Access - Global B2B Panel book-unlock 2024
Borderless Access - Global B2B Panel book-unlock 2024Borderless Access - Global B2B Panel book-unlock 2024
Borderless Access - Global B2B Panel book-unlock 2024Borderless Access
 
Lecture_6.pptx English speaking easyb to
Lecture_6.pptx English speaking easyb toLecture_6.pptx English speaking easyb to
Lecture_6.pptx English speaking easyb toumarfarooquejamali32
 
Graham and Doddsville - Issue 1 - Winter 2006 (1).pdf
Graham and Doddsville - Issue 1 - Winter 2006 (1).pdfGraham and Doddsville - Issue 1 - Winter 2006 (1).pdf
Graham and Doddsville - Issue 1 - Winter 2006 (1).pdfAnhNguyen97152
 
Introduction to The overview of GAAP LO 1-5.pptx
Introduction to The overview of GAAP LO 1-5.pptxIntroduction to The overview of GAAP LO 1-5.pptx
Introduction to The overview of GAAP LO 1-5.pptxJemalSeid25
 
The Vietnam Believer Newsletter_MARCH 25, 2024_EN_Vol. 003
The Vietnam Believer Newsletter_MARCH 25, 2024_EN_Vol. 003The Vietnam Believer Newsletter_MARCH 25, 2024_EN_Vol. 003
The Vietnam Believer Newsletter_MARCH 25, 2024_EN_Vol. 003believeminhh
 

Recently uploaded (20)

Live-Streaming in the Music Industry Webinar
Live-Streaming in the Music Industry WebinarLive-Streaming in the Music Industry Webinar
Live-Streaming in the Music Industry Webinar
 
HELENE HECKROTTE'S PROFESSIONAL PORTFOLIO.pptx
HELENE HECKROTTE'S PROFESSIONAL PORTFOLIO.pptxHELENE HECKROTTE'S PROFESSIONAL PORTFOLIO.pptx
HELENE HECKROTTE'S PROFESSIONAL PORTFOLIO.pptx
 
Investment Opportunity for Thailand's Automotive & EV Industries
Investment Opportunity for Thailand's Automotive & EV IndustriesInvestment Opportunity for Thailand's Automotive & EV Industries
Investment Opportunity for Thailand's Automotive & EV Industries
 
Project Brief & Information Architecture Report
Project Brief & Information Architecture ReportProject Brief & Information Architecture Report
Project Brief & Information Architecture Report
 
BCE24 | Virtual Brand Ambassadors: Making Brands Personal - John Meulemans
BCE24 | Virtual Brand Ambassadors: Making Brands Personal - John MeulemansBCE24 | Virtual Brand Ambassadors: Making Brands Personal - John Meulemans
BCE24 | Virtual Brand Ambassadors: Making Brands Personal - John Meulemans
 
NewBase 25 March 2024 Energy News issue - 1710 by Khaled Al Awadi_compress...
NewBase  25 March  2024  Energy News issue - 1710 by Khaled Al Awadi_compress...NewBase  25 March  2024  Energy News issue - 1710 by Khaled Al Awadi_compress...
NewBase 25 March 2024 Energy News issue - 1710 by Khaled Al Awadi_compress...
 
Intellectual Property Licensing Examples
Intellectual Property Licensing ExamplesIntellectual Property Licensing Examples
Intellectual Property Licensing Examples
 
PDT 89 - $1.4M - Seed - Plantee Innovations.pdf
PDT 89 - $1.4M - Seed - Plantee Innovations.pdfPDT 89 - $1.4M - Seed - Plantee Innovations.pdf
PDT 89 - $1.4M - Seed - Plantee Innovations.pdf
 
MoneyBridge Pitch Deck - Investor Presentation
MoneyBridge Pitch Deck - Investor PresentationMoneyBridge Pitch Deck - Investor Presentation
MoneyBridge Pitch Deck - Investor Presentation
 
AMAZON SELLER VIRTUAL ASSISTANT PRODUCT RESEARCH .pdf
AMAZON SELLER VIRTUAL ASSISTANT PRODUCT RESEARCH .pdfAMAZON SELLER VIRTUAL ASSISTANT PRODUCT RESEARCH .pdf
AMAZON SELLER VIRTUAL ASSISTANT PRODUCT RESEARCH .pdf
 
Team B Mind Map for Organizational Chg..
Team B Mind Map for Organizational Chg..Team B Mind Map for Organizational Chg..
Team B Mind Map for Organizational Chg..
 
Boat Trailers Market PPT: Growth, Outlook, Demand, Keyplayer Analysis and Opp...
Boat Trailers Market PPT: Growth, Outlook, Demand, Keyplayer Analysis and Opp...Boat Trailers Market PPT: Growth, Outlook, Demand, Keyplayer Analysis and Opp...
Boat Trailers Market PPT: Growth, Outlook, Demand, Keyplayer Analysis and Opp...
 
Upgrade Your Banking Experience with Advanced Core Banking Applications
Upgrade Your Banking Experience with Advanced Core Banking ApplicationsUpgrade Your Banking Experience with Advanced Core Banking Applications
Upgrade Your Banking Experience with Advanced Core Banking Applications
 
Cracking the ‘Business Process Outsourcing’ Code Main.pptx
Cracking the ‘Business Process Outsourcing’ Code Main.pptxCracking the ‘Business Process Outsourcing’ Code Main.pptx
Cracking the ‘Business Process Outsourcing’ Code Main.pptx
 
Borderless Access - Global B2B Panel book-unlock 2024
Borderless Access - Global B2B Panel book-unlock 2024Borderless Access - Global B2B Panel book-unlock 2024
Borderless Access - Global B2B Panel book-unlock 2024
 
Lecture_6.pptx English speaking easyb to
Lecture_6.pptx English speaking easyb toLecture_6.pptx English speaking easyb to
Lecture_6.pptx English speaking easyb to
 
Graham and Doddsville - Issue 1 - Winter 2006 (1).pdf
Graham and Doddsville - Issue 1 - Winter 2006 (1).pdfGraham and Doddsville - Issue 1 - Winter 2006 (1).pdf
Graham and Doddsville - Issue 1 - Winter 2006 (1).pdf
 
WAM Corporate Presentation Mar 25 2024.pdf
WAM Corporate Presentation Mar 25 2024.pdfWAM Corporate Presentation Mar 25 2024.pdf
WAM Corporate Presentation Mar 25 2024.pdf
 
Introduction to The overview of GAAP LO 1-5.pptx
Introduction to The overview of GAAP LO 1-5.pptxIntroduction to The overview of GAAP LO 1-5.pptx
Introduction to The overview of GAAP LO 1-5.pptx
 
The Vietnam Believer Newsletter_MARCH 25, 2024_EN_Vol. 003
The Vietnam Believer Newsletter_MARCH 25, 2024_EN_Vol. 003The Vietnam Believer Newsletter_MARCH 25, 2024_EN_Vol. 003
The Vietnam Believer Newsletter_MARCH 25, 2024_EN_Vol. 003
 

For model i 4a - 11 - risk assessment in the internal audit department

  • 1. 1 “Risk Assessment in the ‘Internal Audit’ Department – A practical approach! Article by M RAJESHWARON General Manager (Management Audit) - EID Parry Introduction Have we, as Internal Auditors, at any point of time stopped for a while and looked at our ‘own’ risk management strategies? I thought, through this article, I would share some of my thoughts on this subject. As Internal Auditors, we are expected to play a vital role in the organization in the area of Risk Management. The focus on this role will depend on the “risk management status” in the organization. For example, if there exists a structured system of Risk Management in the organization, then the Internal Auditor takes the role of a continuous reviewer, providing the management an on-going advice to improve the existing risk management system. On the other hand, if the organization is in its infant stage of implementing a risk management system, then he works with the management in providing value addition for a robust risk management system in the organization. He then becomes a ‘facilitator’ than a fault finder coming at the end and communicating on the inadequacies. Of course, this role will be played keeping in mind the ‘independence focus of audit’. While he projects himself as a ‘facilitator’ or an effective ‘Risk Assessor’, in the organization, it is very essential that he understands the ‘risks’ in his own Internal Audit Function and manage them more effectively. This article dewels on the ground work required for establishing a proper risk management process in the internal audit department. The format I have adopted for this article is : (A)mapping the Internal Audit processes and the inherent risks in them (A Question – Answer section) (B) depicting the risk matrix for an Internal Audit department (This matrix is independent of the details discussed in (a) above) While writing Section (A), I have kept in mind our Internal Audit Organization (EID Parry) to facilitate easy flow of thoughts. Since the answers to these questions would become the basis for developing an actual ‘risk matrix’ for a particular audit department, it is expected that the Internal Auditors ensure compiling this data relevant to their own working environment. Section (A)
  • 2. 2 “Questions & Answers” for clearly understanding the ‘risk scenario’ prevailing in an Internal Audit Function 1. What are the key objectives of your Internal Audit Department? (a) Long-term objectives ? To Provide “World Class Internal Audit Services” (b) Short-term objectives? “To play an effective role in the organization as internal consultants, guided by the philosophy of adding value to improve the operations of all the Business units” and provide assurance to the management on Risks, Controls & Governance. (c )Every day objectives? Properly intertwine work schedule and the above objectives of (a) adding value to improve the operations of the organization and (b) evaluate on a continuous basis the internal controls operating in various business operations of the organisation based on proper risk analysis and also review the effectiveness of the governing processes. Assist the line management in translating the agreed recommendations into results by extending support through collaborative efforts. Endeavour to continuously assess and improve the quality of people, process and deliverables to achieve these objectives.” 2. What are the activities that are getting covered under your Internal Audit? Review Activities • Assurance * General Auditing (Audit of non-Technical Operations) - Issue based assignments /Location specific operational audit assignments - Compliance Audits (Internal / Statutory) - Project / CAPEX Audits - Review of Financial Reporting system - Specific Functional Area Audits (Insurance, Taxation, Secretarial, Funds Management etc.) * Information Systems Auditing & Control evaluation - ERP related area reviews - Legacy Systems Reviews - Information System Division’s Activities reviews
  • 3. 3 • Consulting * Technical Consulting (Audit of Technical Operations) - Energy & Fuel Audit (Steam / Power / Renewable Energy / Fossile fuel ‘POL’ (Petrol, Oil & Lubricants) / Motors / Pumps / Compressed air / Insulation / Water etc) - ‘SHE’ Audit - Physical Assets Management / Maintenance Audit (Civil, Mechanical, Electrical, Instrumentation) - Production Process Audit (Input / Output, Mass Balance etc.) * Business Consulting - Improvements in Business profitability - Marketing Activity Improvements - R & D Activity Reviews - Human Resources effectiveness of processes Facilitating Activities • Internal Controls / Corporate Governance Promotion * Systems / Self Audit Process - Delegation of Authority Manuals compilation / Facilitation - Assistance & guidance to Business Units in Divisional system manual preparation & Self Audit process * Corporate Governance Support - Facilitation for putting effective Internal Control system across business locations - Need based investigation assignment execution - Conducting awareness program on Values & Beliefs / Code of Conduct, Ethics Policies, Fraud policies etc. - Promoting Good governing process at all levels * Acting as Central repository of Business Knowledge as acquired through various Audit Assignments 3. Have Internal Audit procedures been developed, documented, authorized, implemented, and adequately communicated to all departments?
  • 4. 4 Yes. Ours is an ISO 9001: 2000 Certified Audit Function. We have an approved Apex Quality / Procedures Manual. Manual shared with all Business Divisions and also placed on the Intranet Home Page of the Internal Audit Division. 4. What is the process followed for approval of the internal audit plan? A detailed risk based audit planning exercise is done in consultation with the audit customers at the year beginning and the key focus areas are determined. The Audit Plan is reviewed by the CAE (Chief Audit Executive) along with the Audit Customers, changes and comments are incorporated as per customers’ requirements. The CAE then finalises an Audit Focus document for the ensuing year and puts up to the Audit Committee for its formal approval. (For conducting this exercise standard Risk based Audit Planning software is deployed) 5. How is the system of co-ordination achieved with the other departments ie. Your audit customers? Structured involvement of Audit Customers at the, * Audit Planning stage * Pre-Audit stage * Final Audit discussion stage * Follow up stage * Audit Committee Discussion stage 6. To what level does the internal audit observation get elevated? All audit observations will be discussed with Senior Management of the Business and the Significant audit observations / unresolved issues and areas where the Internal Auditor feels that the residual risk is high in his opinion will get escalated to the Audit Committee. Broad materiality parameters used for this purpose. 7. What is the process of follow-up for the observations in internal audit? All agreed audit recommendations will be converted into ‘Tasks’ which will be placed on the automated audit process management software system called “WEBMARS”. WEBMARS will trigger mail messages at various stages as follow-up reminders for completion of all tasks. Close monitoring of this system will ensure completion of all tasks in the normal course. The system also generates Task Status reports for appropriate escalation. A detailed follow-up audit also takes place during the next cycle of audit to ascertain the status of all pending issues. Periodical Action Taken Report (ATR) is also solicited from the auditee departments. 8. How does the department ensure completeness of all areas planned? * The comprehensive audit plan with areas such as Technical, Systems and General Auditing and the structured Risk area analysis is discussed & agreed by auditees at the beginning of the year.
  • 5. 5 * Mid Audit Reviews and Audit Process management mechanism help in identifying gaps in execution. * Additional resources required are deployed through internal / external skill sourcing wherever required. * Periodical internal review meetings ensure a ‘progress chasing’ system. 9. How would you rate the independence of the department? Whom do you report to? * Board grants and Management acknowledges to the Internal Audit Function full and complete access to all records, personnel, physical properties or information of the organisation deemed necessary in accomplishing its audit activities. This is part of the Audit Charter approved by the Board. * Audit staff have no direct responsibility for or any authority over the activities that they review. * The CAE reports to the Audit Committee Chairman - functionally and administratively to the Managing Director of the Company. * Audit Team is encouraged to report all those issues which in the Internal Audit’s opinion deserves top Management attention. The above conditions ensure full independence of the Audit Team. 10. What are the significant reportings that have come up? * These vary from suggestions for operational improvements to process improvements to high cost saving potential to escalating a High Risk Area. It also includes reporting on efficiency improvement in certain functions as well as effective facilitation / co- ordination among Business Units to achieve synergies. 11. Is there a budget prepared for your department? Yes, The Financial Budget is made as soon as the Audit Plan for the year is freezed by the Heads of all the three Audit Functions namely General Audit, Systems Audit & Technical Audit. This is then cleared by the CAE and put up to Management / Audit Committee for approval. 12. How is your budget reviewed and monitored? What is the frequency of such review? The financial Budget is compared with actuals on a monthly basis and reviewed by the CAE. This is also reported in the Audit MIS folder.
  • 6. 6 13. What kind of Reports / MIS is generated by the Internal Audit department? What is the frequency of generation and review of these reports? MIS reports are prepared on a monthly basis for the three streams of Management Audit ie. General Audit, Systems Audit and Technical Audit. The contents of these reports include status of all audit assignments, planned assignments vs actual assignments taken-up, details of training programmes undertaken and action plan for implementation of learnings, financial expenditure incurred against budget, Status of cost savings recommended vs implemented and any other important milestones crossed by these three streams of Audit in developing / strengthening the audit processes 14. What key statistics / measures do you use to gauge the performance of your area? (any comparison with international norms/benchmarks) * The division has adopted the Professional Practices Frame Work (PPF) issued by the Institute of Internal Auditors Inc. the only global body promoting the profession of Internal Auditing. * The Division is an ISO 9001:2000 certified organization and periodical Surveillance audits are conducted to ensure compliance with all the quality process requirements. * “WEBMARS” (an Audit Process Management Software) depicts the on-going progress based on which performance against targets are monitored. * Measurement of Performance (MOP) model adopted for the Department also helps in evaluating the Division’s performance on a year to year basis. The Internal Audit Balanced Score card system helps in collecting inputs for this measurement. * At the end of the year a ‘customer satisfaction’ survey matrix is also prepared (as part of the ISO Quality System) for taking corrective actions. This also becomes a basis for evaluation. (Periodically the above measures are compared with global best practices) 15. What are the significant theoretical risks associated with your area of operation? * Risk of inadequate audit coverage * Risk of not identifying the right areas for audit * Risks of audit completion delays * Risks of deploying incompetent audit teams conducting audits * Risks of gaps in the knowledge / skills possessed by Team Members * Risks of not being able to balance between conflicting customer requirements * Risks of not using appropriate IT Audit Tools * Risks of not having a structured Audit Systems / Processes * Risks of not accepting a challenging assignment when offered * Risks of not meeting Standards, SEBI guidelines, Audit Committee requirements
  • 7. 7 * Risk of not studying / adopting to the Corporate culture / Organisation Dynamics * Risks of not knowing the ‘best practices’ in Internal Audit * Risks of not getting adequate ‘resources’ for audit * Risk of not ‘innovating’! 16. How would you classify these risks into the following categories? People? Eg: * Risks of deploying incompetent audit teams conducting audits * Risks of gaps in the knowledge / skill possessed by Team Members Processes? Eg: * Risks of audit completion delays * Risks of balancing between conflicting customer requirements * Risks of not using appropriate IT Audit Tools to capture relevant data for forming an audit opinion Systems? Eg: * Risks of not understanding Business Systems / Controls * Not having a structured Audit Systems / Processes Competition? Eg: * Risks of not accepting a ‘challenging assignment’ when requested. * Risks of not keeping abreast of development in Internal Audit Profession. Regulation? Eg: * Risks of not evaluating compliance with Standards, SEBI guidelines, Audit Committee requirements Corporate Culture? Eg: * Risk of not studying, understanding & adopting to the Corporate culture, Code of conduct, Ethics Policy etc. 17. What would be the impact of these risks and the likelihood of the risk occurrence? Eg:
  • 8. 8 Impact : Could be severe in the case of Audit knowledge / skill level related risks as this will directly affect the Audit deliverables. Likelihood : risk happening will be certainif no proper care is taken at the recruitment, on the job moitoring and year end performance stages. 18. What do you consider to be the key controls over these risks? [Issues discussed in (17) above] People? * Adopting the Audit Skill Matrix at entry level, middle level & at Senior levels * Structured Training – Cognitive / Behavioural skills * Continuing Professional Education for Team Members * Team Members exposure to leading Professional organisations for knowledge updation / Best Practices sharing Processes? * Dynamic Audit Processes with adequate process controls built in. * ISO 9001 :2000 requirement compliance & periodical external audits * Professional Practices Adoption / Monitoring * Proper assessment of ‘Customer requirements’ and need based focus on varied expectations. * Customer Feedback system / corrective action monitoring Systems? * Proper updation of ‘Business Knowledge’ by all Team Members * Comprehensiveness of Audit Plans & Timely Execution * Guest Audit Pool expertise for specialized areas (in-company experts team) Competition? * Readiness to face new audit requirements / continuous skill updation. * On-going enhancement of Audit Activities in different areas Regulation? * Appropriate training to Audit staff, organizing internal seminars on topical subjects. * Close co-ordination with Corporate Secretarial, Legal & Taxation Services
  • 9. 9 Corporate Culture? * Internal Team discussions on Corporate culture, understanding the Organization’s Values & Beliefs. 19. How would you rate the effectiveness of the key controls in your organisation? 1. Excellent 2. Very Good 3. Good 4. Fair 5. Poor 2. Very Good 20. How do you identify, evaluate, and monitor / control these risks? Meetings? * Monthly MIS Review Meetings * Quarterly Management Review Meetings * Audit Committee Meetings * Audit Customer Feedback during periodical Meetings / Presentations Quantitative/Qualitative Analysis? * Customer Feed Back Index (Quantified) * Quantification of Audit Benefits * Skill Matrix for Team Members * Audit Performance Measurement Format * Audit Plan vs Actual Execution statistics Internal Reports? * Monthly MIS Reports * Annual consolidation reports * Training Programme / Action Taken Reports schedules * Planning Documents * WEBMARS – Status Reports on various Audits * Team Member Performance Appraisal Reports External Information? * IIA Inc. (Institute of Internal Auditors) guidelines * Best Practices from Research work done by Professional Organisations * Experience Sharing Workshops * Study Reports on the Profession * World ‘CAE’ Forum – (‘CAE’ is a member of this forum) * ISO Quality Auditor - Reports 21. What recent or planned changes are there in your area of responsibility?
  • 10. 10 * Audit Customer base enlarged. * Additional responsibility of providing support to Group Companies. * ‘WEBMARS’ – the internally developed software application is going to be marketed by the Division to outside Professionals / Companies * Technical Audit stream got the approval for conducting mandatory Energy Audits for HT Industries - A revenue model emerging. 22. What issues result from: Complexity or size of the operation? * Requirement for more number auditors with special area skills * Time management in preparing for and attending Audit Committee Meetings on a quarterly basis * On-going updation of status on Audit issues * Comprehensive coverage of all locations Communication of information between business functions / operational units? * Parallel Communication with different layers of management across geographically dispersed units in terms of key audit issues on a timely basis has impact on timely reporting, accuracy, correct status etc. 23. Is the current “Delegation of powers” adequate or commensurate with the Division’s objectives? * Yes – Independence & Objectivity of the function facilitated through adequate and defined Responsibilities / Authority - Audit Charter & Structured Reporting lines 24. Are you comfortable with the current level of computerization and the adequacy of hardware and software in the performance of your function? Yes – All the Team Members have computers - “CAATS” softwares effectively used by Team Members. 25. Are you using any application tool in the performance of the function? Yes – Internally developed Audit Process Management Tool (WEBMARS), Risk Ranking Tools, Control Evaluation Tools and Transaction Analysis Tools are deployed. 26. Is there an Ethics or Business Conduct policy? What is your understanding of the Company's Ethics Policy and Code of Conduct?
  • 11. 11 * Individual & Business Ethics well understood by all Team Members. Regular internal discussions take place on this subject. IIA’s / ICAI’s Code of conduct & Company’s Values & Beliefs statements, Policies etc. are read and understood by all. 27. Do you know how to voice ethical concerns? Do you feel comfortable voicing ethical concerns? * Yes – The ‘Whistle Blower’ Policy (CARO) when fully implemented will provide the methodology, protection and a structured process for all whistle blowers. Audit supports this initiative in taking up, investigating complaints in a logical manner through appropriate audit methodology. 28. Has any concern on ethical issues been raised over the past two years and how has the same been addressed? * No such instances 29. What, in your view, are the strengths and weaknesses of the Ethics Policy and Code of Conduct? Strengths * Positive outlook * Professionalism * Transparency Weaknesses * May be looked at as a threat by the reporting employee * May have impact on the ‘Trust’ aspect * All ‘People’ may not understand / perceive the implications of this policy effectively. 30. How do you monitor implementation of changes, if any, to Management policies and procedures? Changes in the management policies and procedures are communicated to Audit Division and a compliance review is under taken for evaluating the effectiveness of implementation of all changes 31. Do you have all the resources you need to effectively perform your job – in terms of manpower, infrastructure and support facilities? Yes, We have. 32. Do you outsource a part of your activity? What is the process followed in the selection and approval of such source?
  • 12. 12 Yes, part of our activity is co-sourced. In order to identify the right source, first the requirements are analyzed for various types of audits planned for the year. Then from the data bank available with the Division, the outside service providers are evaluated and selected to match with the above requirements. (The outside service providers data kept updated in the Division on a continuous basis during the year, before engaging them for assignment). There is a structured evaluation process to decide the appropriateness of the co-sourced agency. There is also a continuous monitoring mechanism and an year end evaluation system for such outsourced services. (The above system is a subject of ISO Quality Audits under supplier evaluation) 33. How do you find the morale in your area? What do you attribute this to? * Independence & objectivity for Auditors have to come from within first * Honesty and characters are very important * Both at entry level as well as during the tenure - effective assessment is done and feedback given to all Team Members * An on-going performance appraisal also facilitates this. * Due to the challenging work environment & empowered situation, the ‘morale’ is high in the Division 34. What training, formal or informal, is offered to employees who report to you? Do you participate? * Structured Training Plan (External as well as Internal) exists. Formal Feedback sheets prepared by Team Members and this helps in monitoring. Skills are divided into two categories for training purposes i. Cognitive skills and ii. Behavioral skills. Wither support from Corporate HR the programs are conducted. 35. What metrics do you use to evaluate your staff who report to you? (1) Key Result Areas and Personal Objectives identification for all the Team Members at the year beginning. Continuous assessment of this with the help of Corporate Personnel and year end rating. (2) Number of Training Programs attended in the areas identified for further development. (3) On-going Feedback by CAE / Actions Plan by Team Members
  • 13. 13 (4) Training Activity based on the earlier year’s appraisal document for all team members (5) Continuous bench marking with Brikket etel. 1999A study on ‘Skills required for Internal Auditors (entry level, middle level & senior level) a document released by IIA, USA. (6) Team members are encouraged on the ‘self learning’ process by motivating to pursue professional courses in their respective work areas. (7) Team members participate in Professional Workshops / Seminars / Conferences as participants as well as faculty. Technical skill development programs are identified by CAE whereas the Behavioral related skill develop is done by the Corporate Personnel. (8) Periodical administration of personal quality / skill testing methodology with the help of corporate personnel and evaluation of the same. 36. Who evaluates your performance and what are the key components? * Self Appraisals completed by the individual & submitted to the Initiating Officer (immediate boss) and then it goes to the Reviewing officer.(Boss’s Boss) * Functional Reporting officer’s form will directly go to the Reviewing Officer (Officer who had interacted more during the year with the Executive) * Reviewing Officer will finally approve the ratings and forward to Corporate Personnel. * PARC (Performance Appraisal Review Committee) will meet during June every year and finally approve the ratings for the Executive. * Periodical – 3600 feed back and other HR evaluation methodologies are undertaken to measure soft skills. On Data Collection: The Questions with sample answers given above are only illustrative. Each Internal Audit Department could attempt to ask similar questions and provide answers pertinent to their work environment. This will become the basis for developing a risk assessment model for the Division. The purpose of a very detailed information as above is to identify all the risk elements and list them down activitywise. After analyzing the answers to the questions as above the key risk areas should be identified and listed. Then a risk matrix as shown below could be prepared to understand the high, medium, & low risk areas.
  • 14. 14 Section (B) A Sample Risk Matrix (Independent of the environment described in the foregoing Question & Answer session) The above boxes can then be classified into 1,2,3 categories denoting High, Medium & Low risk areas. Way Forward : Once risks are classified as above, the control mechanism in operation in the Division to address them need to be plotted against each such risk area. This would then lead to a list of risk mitigation actions. Catastrophic *Gaps in Audit Technology Major * Risks connected with not understanding the customers' expectations *High dependency on external resources Moderate * Inadequate Resource Allocation * Skill sets of Audit Team Members Minor Insignificant Rare Unlikely Moderate Likely Almost Certain SIGNIFICANCE "Risk Exposure Matrix" 3 2 1 * Balancing between Assurance Audits & value added audits
  • 15. 15 The actions would focus on bridging the gaps in the above selected areas. This exercise needs to be repeated every year so that the trend could be captured and continuous corrective actions / improvements take place in the Internal Audit Department. Like any other system this also needs to be audited by a ‘third party’ at periodical intervals. This structured methodology in the ‘Internal Audit Department’ will thus effectively demonstrate that the Internal Audit Team practices what it preaches to all its Audit Customers. ------