GoJ Audit Commission Conference 2016 Tips on Reviewing a Risk-Based - - PowerPoint PPT Presentation

goj audit commission conference 2016
SMART_READER_LITE
LIVE PREVIEW

GoJ Audit Commission Conference 2016 Tips on Reviewing a Risk-Based - - PowerPoint PPT Presentation

Mar 25, 2024 273 likes •599 views

GoJ Audit Commission Conference 2016 Tips on Reviewing a Risk-Based Audit Plan 11/8/2016 Jacque Chevers BH{L}, CA, CRMA, MSc, BSc, AAT 1 RISK ASSESSMENT Risk-Based Audit Planning Where RISK, Meets STRATEGY 11/8/2016 Jacque Chevers BH{L},

slide-1
SLIDE 1

GoJ Audit Commission Conference 2016

Tips on Reviewing a Risk-Based Audit Plan

11/8/2016 Jacque Chevers BH{L}, CA, CRMA, MSc, BSc, AAT 1

slide-2
SLIDE 2

RISK ASSESSMENT

Where RISK, Meets STRATEGY

Risk-Based Audit Planning

11/8/2016 2 Jacque Chevers BH{L}, CA, CRMA, MSc, BSc, AAT

slide-3
SLIDE 3

Audit Development Process Stage 1

Identification of the Audit Universe

– All areas that are available to be audited within the organization. – To define the universe, the Internal Audit Unit divides the organization into manageable auditable activities such as:

  • Function or activity,
  • Organizational unit or division, or
  • Project or program.

11/8/2016 Jacque Chevers BH{L}, CA, CRMA, MSc, BSc, AAT 3

slide-4
SLIDE 4

Audit Development Process Stage 2

  • Objective Setting

– This phase is to determine the key objective for each business operative to ensure that risks identified were objective-specific.

11/8/2016 Jacque Chevers BH{L}, CA, CRMA, MSc, BSc, AAT 4

slide-5
SLIDE 5

Audit Development Process Stage 3

  • Risk Assessment

–Involves identification, evaluation and estimation of the levels of risk associated with the organization operations.

11/8/2016 Jacque Chevers BH{L}, CA, CRMA, MSc, BSc, AAT 5

slide-6
SLIDE 6

Risk Definition Risk Definition

(+) Opportunities

(-) Risks

Event

6 11/8/2016 Jacque Chevers BH{L}, CA, CRMA, MSc, BSc, AAT

slide-7
SLIDE 7

OBJECTIVE

  • Bolt winning the race

7 11/8/2016 Jacque Chevers BH{L}, CA, CRMA, MSc, BSc, AAT

slide-8
SLIDE 8

8

Consequences Lost Race Cause Broken Shoelace Risk (Trip & Fall)

11/8/2016 Jacque Chevers BH{L}, CA, CRMA, MSc, BSc, AAT

slide-9
SLIDE 9

OBJECTIVE

  • Bet on Bolt to win the race to

get money.

9 11/8/2016 Jacque Chevers BH{L}, CA, CRMA, MSc, BSc, AAT

slide-10
SLIDE 10

10

Consequences Lost Bet i.e. Money Cause Trip & Fall Risk (Lost Race)

11/8/2016 Jacque Chevers BH{L}, CA, CRMA, MSc, BSc, AAT

slide-11
SLIDE 11

Risk Categories

  • Strategic Risk – governance structure,

management experience

  • Operational Risk – internal processes, people,

system, etc

  • Financial Risk – risk relating to financing of an
  • rganization’s operations.
  • Compliance Risk – conformance with

regulations and policies.

11 11/8/2016 Jacque Chevers BH{L}, CA, CRMA, MSc, BSc, AAT

slide-12
SLIDE 12

Risk Factors

12 11/8/2016 Jacque Chevers BH{L}, CA, CRMA, MSc, BSc, AAT

slide-13
SLIDE 13

Determine Risk Factors

Risk Factors I/P Complexity of Operations P Quality of Internal Control P Public Exposure I Compliance with Regulations P Last Audited P Strategic Importance I Strength of Governance Structure I Going Concern P Susceptibility to Fraud I Dollar/Volume of Transactions I

13 11/8/2016 Jacque Chevers BH{L}, CA, CRMA, MSc, BSc, AAT

slide-14
SLIDE 14

11/8/2016 Jacque Chevers BH{L}, CA, CRMA, MSc, BSc, AAT 14

Principles used to Assess Risk Level

Risk Factor Process Main Focus Compliance with Regulations The level of compliance to Governmental Acts, Regulations, Policies and Guidelines. Compliance Public Exposure Overall impact to the

  • rganization’s reputation

Physical environment and security of the facilities, data, records and department personnel. Reputation Governance Operations Strategy

slide-15
SLIDE 15

11/8/2016 Jacque Chevers BH{L}, CA, CRMA, MSc, BSc, AAT 15

Principles used to Assess Risk Level Risk Factor Process Main Focus Management Philosophy & Operating Style Evaluate the way the entity is managed, (formal vs. informal) as well as the general attitude towards financial reporting Governance Susceptibility to Fraud Consider the dollar magnitude of exposure; consider the potential

  • verride of controls by management,

areas where controls are weak or lack

  • f segregation of duties. Assess

incentives, opportunities and the pressures to commit fraud. Distance from head office. Financial Governance Compliance

slide-16
SLIDE 16

11/8/2016 Jacque Chevers BH{L}, CA, CRMA, MSc, BSc, AAT 16

Principles used to Assess Risk Level Risk Factor Process Main Focus Quality of Internal Control Assessed internal controls known. Looked at the possibility of potential misstatements arising from fraudulent financial reporting, management influence over the control environment, operating characteristics and financial stability.

  • Financial
  • Compliance
  • Governance
  • Operations

Competence Evaluate the ability of an individual to do a job properly

  • Operations
slide-17
SLIDE 17

11/8/2016 Jacque Chevers BH{L}, CA, CRMA, MSc, BSc, AAT 17

Principles used to Assess Risk Level Risk Factor Process Main Focus Management Experience Consider management’s background, time in service level, type and nature of experience. Governance Financial Exposure A measure of exposure to potential loss or embarrassment due to the cash nature of transactions and the ease or difficulty of assets being converted to cash. Financial Reputation Going Concerns Threat to the continuance of the business Financial

slide-18
SLIDE 18

Audit Development Process Stage 3

  • Velocity – the time it takes for the risk event

to have an effect, that is, the time that elapses between the occurrence of the event and the point at which the entity first feels the impact.

  • Control Factor - Systematic measures such as

reviews, checks and balances, methods and procedures)instituted

18 11/8/2016 Jacque Chevers BH{L}, CA, CRMA, MSc, BSc, AAT

slide-19
SLIDE 19

11/8/2016 Jacque Chevers BH{L}, CA, CRMA, MSc, BSc, AAT 19

Risk Assessment Legend

Ratings

1 2 3 4 5

Impact

Negligible Minor Moderate Critical Catastrophic

Probability Improbable

Seldom Occasional Likely Frequent

Velocity

Very slow Several months Few months Days Immediately

Control Factor

(1.00) No Control (0.95) Minor Controls (0.90) Moderate (0.85) Adequate Controls (0.8) Very Good Controls

Audit Development Process Stage 3

slide-20
SLIDE 20

Risk Analysis Result

  • Activity
  • Objective
  • Key Risks
  • Impact Factors
  • Probability Factors
  • Velocity
  • Inherent Risk
  • Control Factor
  • Residual Risk
  • Risk Rating

11/8/2016 Jacque Chevers BH{L}, CA, CRMA, MSc, BSc, AAT 20

slide-21
SLIDE 21

11/8/2016 Jacque Chevers BH{L}, CA, CRMA, MSc, BSc, AAT 21

Activity Objective Key Risks I P V IR CR RR Bank & Cash management Fund expenditures and meet

  • bligations as they fall due

Limited cash flow, misappropriation of funds M Contracts & Procurement Receive value-for-money substandard gds. & serv., corrupt acts e.g. Nepotism 5 5 4 100 0.85 85 Facilities Management Construct new buildings upgrade and maintain existing structure to provide suitable accommodation for staff Insufficient funding, cost overruns, substandard work, corruption 5 5 5 125 0.9 113 Information Technology secure optimal information technology and systems efficiency while giving support to the wider portfolio Loss or destruction

  • f data and/or

information, hacking 5 5 5 125 0.95 119 Human Resource Management Acquire competent ("best fit") persons Corrupt practices such as nepotism 5 4 3 60 0.85 51

Key: I=Impact, P=Probability, V=Velocity, IR=Inherent Risk, CR=Control Risk, RR=Residual Risk M=Mandatory

slide-22
SLIDE 22

Audit Development Process Stage 4

  • Formulation of the Audit Plan

– risk ratings, – available audit days (# of auditors x # of works days/yr) – audit cycle (estimated time to complete the audit) – a combination of high, medium and mandatory areas as well as weaknesses highlighted in the Auditor General Annual Report and special requests by senior managers. – Other activities such as leave, training, unscheduled and pre-audits

11/8/2016 Jacque Chevers BH{L}, CA, CRMA, MSc, BSc, AAT 22

slide-23
SLIDE 23

11/8/2016 Jacque Chevers BH{L}, CA, CRMA, MSc, BSc, AAT 23

Allocation of Available Audit Days

Posts

CIA AS4 AS3 AS2 AS1 TOTAL

Staff size by position

1 2 4 8 3 18

Total audit days available

254 508 1016 2032 762 4572 4572

Less estimated leave: Vacation

15 30 40 80 30 195

Sick

8 16 32 40 19 115

Departmental

10 20 40 50 29 149

Total estimated leave

33 66 112 170 78 459 459

Less Schedule Audits (including reviews): Engagement b/f

67

Regular

1,725

SATF

702

Contingency for special requests

294

Pre-Audit Activities

884

Administration

322

Training/Meetings

119

Available audit days net of leave

4113 4572

slide-24
SLIDE 24

Priority Level Remarks 1 Mandatory Audits 2

  • Main concerns highlighted in the AG

Report

  • Unfavorable results of past internal

audit reviews 3 High risk rating 4 Moderate and low risk rating

24 11/8/2016 Jacque Chevers BH{L}, CA, CRMA, MSc, BSc, AAT

Audit Development Process Stage 4

slide-25
SLIDE 25

Audit Time Table

11/8/2016 Jacque Chevers BH{L}, CA, CRMA, MSc, BSc, AAT 25

slide-26
SLIDE 26

Type of Audits

  • Performance/Operational Audits examine the use of

department/university resources to evaluate whether those resources are being utilized in the most efficient and effective way to fulfill the department‘s mission and objectives. An operational audit may include elements of a compliance audit, a financial audit, and an information systems audit.

  • Information Systems Audits address the internal

control environment of automated information processing systems and how these systems are used. IS audits typically evaluate system input, output and processing controls, backup and recovery plans, and system security, as well as computer facility reviews.

11/8/2016 Jacque Chevers BH{L}, CA, CRMA, MSc, BSc, AAT 26

slide-27
SLIDE 27

Type of Audits

  • Financial Audits: Address questions of accounting,

recording, and reporting of financial transactions.

  • Compliance Audits: Seek to determine if

departments are adhering to laws, regulations, policies, and procedures.

  • Follow-up Audits: Determine if management

implement recommendations effectively or accepted the risk of not executing corrective measures.

11/8/2016 Jacque Chevers BH{L}, CA, CRMA, MSc, BSc, AAT 27

slide-28
SLIDE 28

Internal Audit Plan Authorization Memorandum

  • We have reviewed the Internal Audit Plan for the Ministry of National

Security and do agree with the planned activities outlined herein. We fully accept and authorize initiation of work to proceed. Permanent Secretary Chairman - Audit Committee _____________________ DATE

11/8/2016 Jacque Chevers BH{L}, CA, CRMA, MSc, BSc, AAT 28

slide-29
SLIDE 29

More Tips

  • Prior Year Planned Audits vs. Actual Audits
  • Peruse External Reviews
  • Budget Allocation
  • Percentage of audits vs. Pre-audit Activities
  • Percentage of Audits vs. Non-audit activities
  • Benchmark – (Regular audit – above 70% of available audit days)
  • Management Involvement in Planning
  • Audit-in-Progress b/f in current Schedule
  • Time Allocated for Risk Assessment and Self

Assessment

  • Management Responses
  • Follow-up procedures

– Should not exceed 12 months after original audit

11/8/2016 Jacque Chevers BH{L}, CA, CRMA, MSc, BSc, AAT 29

slide-30
SLIDE 30

More Tips

  • Critical Areas

– Contracts & Procurement – Recruitment – Core Functions – Asset Management

  • Mandatory Audits

– Salaries – Appropriation Accounts – Payments

11/8/2016 Jacque Chevers BH{L}, CA, CRMA, MSc, BSc, AAT 30

slide-31
SLIDE 31

MAY GOD BLESS YOU

THANK YOU

11/8/2016 31 Jacque Chevers BH{L}, CA, CRMA, MSc, BSc, AAT

slide-32
SLIDE 32

Q & A

32 11/8/2016 Jacque Chevers BH{L}, CA, CRMA, MSc, BSc, AAT