internal audit risk assessment and audit assessment and
play

Internal Audit Risk Assessment and Audit Assessment and Audit - PowerPoint PPT Presentation

Sep 05, 2023 •27 likes •597 views

Internal Audit Risk Assessment and Audit Assessment and Audit Planning May 6, 2011 Eric Miles, Partner, CPA, CIA, CFE Ric Jazaie, CPA, CIA Ric Jazaie, CPA, CIA MOSS ADAMS LLP | 1 T d Todays Objectives Obj ti Provide an overview

  1. Internal Audit Risk Assessment and Audit Assessment and Audit Planning May 6, 2011 Eric Miles, Partner, CPA, CIA, CFE Ric Jazaie, CPA, CIA Ric Jazaie, CPA, CIA MOSS ADAMS LLP | 1

  2. T d Today’s Objectives ’ Obj ti • Provide an overview of current internal audit planning and risk assessment practices l i d i k i • Review internal audit planning and risk assessment benchmark data benchmark data • Compare current California community college internal audit planning and risk assessment p g practices • Discuss common internal audit planning and risk assessment pitfalls MOSS ADAMS LLP | 2

  3. D t il d A Detailed Agenda d • Background • Risk Assessment and Audit Planning Process • Risk Assessment and Audit Planning Process o Identify Risks  Sketch Audit Universe  Define Objectives Universe  Define Objectives Universe  Develop Risk Universe  Validate Audit Universe o Measure Risks  Determine Factors  Weight Risk Factors  Score Risk Factors o Prioritize Risks and Select Audits • Summary • Q&A Q&A MOSS ADAMS LLP | 3

  4. Di Disclaimer l i The material appearing in this presentation is for informational purposes only and is not legal or accounting advice. Communication of l d i t l l ti d i C i ti f this information is not intended to create, and receipt does not constitute, a legal relationship, including, but not limited to, an accountant‐client relationship. Although these materials may have been prepared by professionals, they should not be used as a substitute for professional services. If legal, accounting, or other professional advice professional services. If legal, accounting, or other professional advice is required, the services of a professional should be sought. MOSS ADAMS LLP | 4

  5. S Source Material M t i l • Assessing Risk (2 nd Edition), David McNamee, IIA R Research Foundation 2004 h F d i 2004 • Brink’s Modern Internal Auditing (7th Edition), John B i k’ M d I t l A diti (7th Editi ) J h Wiley & Sons, 2009 • Sawyer’s Internal Auditing (5 th Edition), IIA 2005 MOSS ADAMS LLP | 5

  6. Ri k A Risk Assessment and Audit Planning t d A dit Pl i • Risk: The possibility of an event occurring that will h have an impact on the achievement of objectives. i h hi f bj i • Risk Assessment: the consideration of the probable Ri k A t th id ti f th b bl material effects of uncertain events. It is the identification, measurement, and prioritization of , , p risks and auditable areas. Further, it allows the auditor to design more specific and effective audit programs. MOSS ADAMS LLP | 6

  7. Do you use a formal risk assessment process f for internal audit planning? i t l dit l i ? 1 Yes 1. Yes 2. No MOSS ADAMS LLP | 7

  8. U Use of Risk Assessment in Internal Audit f Ri k A t i I t l A dit Source: IIA GAIN 2009 Benchmark Study MOSS ADAMS LLP | 8

  9. How often do you perform an Internal Audit Ri k A Risk Assessment? t? 1 Bi‐annually + 1. Bi annually + 2. Annually 3. Semi‐annually ll 4. Quarterly 5. Other/We don’t MOSS ADAMS LLP | 9

  10. F Frequency of Internal Audit Risk Assessments f I t l A dit Ri k A t Source: IIA GAIN 2009 Benchmark Study MOSS ADAMS LLP | 10

  11. Wh Ri k B Why Risk‐Based Audit Planning? d A dit Pl i ? • IPPF Performance Standard 2010.A1 – “The internal audit activity’s plan of engagements must be based audit activity s plan of engagements must be based on a documented risk assessment , undertaken at least annually . The input of the senior management and the board must be considered in d h b d b id d i this process.” • More than a requirement More than a requirement o Makes the best use of limited resources o Improves ability to impact organization o Generates buy‐in from management G b f o Creates value MOSS ADAMS LLP | 11

  12. What percentage of your audit recommendations are implemented by Management? i l t d b M t? 1 75% ‐ 100% 1. 75% 100% 2. 50% ‐ 75% 3. 25% ‐ 50% 5 5 4. 0% ‐ 25% MOSS ADAMS LLP | 12

  13. Percent of Recommendations Implemented P t f R d ti I l t d Source: IIA GAIN 2009 Benchmark Study MOSS ADAMS LLP | 13

  14. What Makes Risk‐Based Audit Planning g Difficult? • Lack of understanding of risk concepts Lack of understanding of risk concepts • Lack of specialized knowledge (e.g. IT) • No time to plan (the continuous “do” loop) p ( p) • Lack of senior management and Board support (i.e. strict compliance • Perceived lack of impact on value perception (i.e. it wouldn’t make a difference) • Paralysis through analysis l h h l MOSS ADAMS LLP | 14

  15. Ri k A Risk Assessment Process Overview t P O i Identify Risks Measure Risks Prioritize Risks Select and Develop Audits MOSS ADAMS LLP | 15

  16. Id Identify Risks tif Ri k Sketch Audit Universe Develop Risk Define Objectives Universe Universe MOSS ADAMS LLP | 16

  17. Id Identify Risks tif Ri k Validate Audit Universe Develop Risk Define Objectives Universe Universe MOSS ADAMS LLP | 17

  18. Id Identify Risks tif Ri k Sketch Audit Universe MOSS ADAMS LLP | 18

  19. Id Identify Risks tif Ri k • “Sketch” the Audit Universe o Audit Universe – The sum of all auditable units. A dit U i Th f ll dit bl it o Auditable Unit – Parts of the organization that are exposed to sufficient risks that control, including audit, is appropriate. i t o The “sketch” frames risk identification (i.e. who IA talks to, what info is gathered and how risk is identified). o The initial audit universe need not be complete but should be verified and completed through the risk assessment process.  Types of units: projects, IT systems, business functions, departments, business processes/sub‐processes, assets (physical, financial, human,intangible) MOSS ADAMS LLP | 19

  20. Id Identify Risks tif Ri k • “Sketch” the Audit Universe (cont.) o Categories of Auditable Units: projects, IT systems, business functions, departments, business processes/sub‐ processes, assets (physical, financial, human, intangible) o Criteria for selecting Auditable Units:  Contribute to the organizations goals.  Are sufficiently large as to have a noticeable impact on the  Are sufficiently large as to have a noticeable impact on the organization  Are sufficiently important to justify the cost of control  Minimize the categories of auditable units when possible. MOSS ADAMS LLP | 20

  21. Id Identify Risks tif Ri k • “Sketch” the Audit Universe (cont.) Acme CC District Corp Gov Process College #2 College #1 Department A Department A Department B Process B1 Process B1 Process B2 Sub ‐ Process B2.1 Sub ‐ Process B2.2 MOSS ADAMS LLP | 21

  22. Do you have a formally documented Audit U i Universe? ? 1 Yes 1. Yes 2. No MOSS ADAMS LLP | 22

  23. F Formally Documented Audit Universe ll D t d A dit U i Source: IIA GAIN 2009 Benchmark Study MOSS ADAMS LLP | 23

  24. A dit U i Audit Universe Categorization C t i ti Category Government Audit Staff: 1 to 5 Universe Departments Departments 97% 97% 89% 89% 86% 86% Processes 97% 89% 93% Service Line 58% 40% 55% Organization Units/Locations 81% 61% 78% Programs 75% 33% 51% ERM Risk Portfolio 28% 30% 34% Other 22% 14% 17% Source: IIA GAIN 2009 Benchmark Study MOSS ADAMS LLP | 24

  25. Id Identify Risks tif Ri k Sketch Audit Universe Define Objectives Universe MOSS ADAMS LLP | 25

  26. Id Identify Risks tif Ri k • Define the “Objectives Universe” o Objectives Universe: I made this one up. Key objectives for Obj ti U i I d thi K bj ti f each Auditable Unit o Risks only exists in the context of the achievement of an objective…if you don’t know the objective you can’t identify bj ti if d ’t k th bj ti ’t id tif the risk. o Categories of objectives  Reliability and integrity of financial and operational information  Effectiveness and efficiency of operations.  Safeguarding of assets.  Compliance with laws, regulations, and contracts. MOSS ADAMS LLP | 26

  27. Id Identify Risks tif Ri k Sketch Audit Universe Develop Risk Define Objectives Universe Universe MOSS ADAMS LLP | 27

  28. Id Identify Risks tif Ri k • Develop the “Risk Universe” o Arguably the most important step in the entire process. Everything else follows the identification of risk. If you don’t identify it you can’t measure, prioritize or manage. o Requirements for successful risk identification:  Thorough understanding of operations of Auditable Units  A process through which to generate a reasonable list of  A process through which to generate a reasonable list of possible risks. Common methods include a combined use of: – Risk framework (see below) – Management questionnaires i i – Management interviews MOSS ADAMS LLP | 28

  29. Id Identify Risks tif Ri k • Develop the “Risk Universe” (Cont.) – Analogies to similar operations – Prior audit results – Industry surveys and benchmarking – Other research o Use of a Risk Framework  Exposure Analysis Risk from the perspective of the primary  Exposure Analysis: Risk from the perspective of the primary assets of the organization, including all four types of assets (physical, financial, human, and intangible). Primarily areas with significant reliance on capital equipment with significant reliance on capital equipment. MOSS ADAMS LLP | 29

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Audit Committee Internal Audit Work Plan Recommendation October 6, 2016 John Mickevice

Audit Committee Internal Audit Work Plan Recommendation October 6, 2016 John Mickevice

APS Internal Audit Department Audit Committee Internal Audit Work Plan Recommendation October 6, 2016 John Mickevice Presentation Overview Overview of Internal Audit at APS Risk Assessment Analysis Factors for APS Projects

334 views • 17 slides
Cervical Cytology Screening Audit: An Assessment of the Outcome at Biopsy of High Risk HPV

Cervical Cytology Screening Audit: An Assessment of the Outcome at Biopsy of High Risk HPV

Cervical Cytology Screening Audit: An Assessment of the Outcome at Biopsy of High Risk HPV Positive Triage Cases. Jemma Armstrong Overview Aims of the Audit Method Results Future study Questions Audit overview To

281 views • 12 slides
Texas Southern University Risk Assessment & Evaluation Presentation Presented by the Office

Texas Southern University Risk Assessment & Evaluation Presentation Presented by the Office

Texas Southern University Risk Assessment & Evaluation Presentation Presented by the Office of Internal Audit & Fraud, an office within the Department of Internal Audit, Fraud and Institutional Compliance October 2016 Agenda

591 views • 31 slides
Farmersville, Texas Audit Presentation September 30, 2017 Presented By: Louis Breedlove, Audit

Farmersville, Texas Audit Presentation September 30, 2017 Presented By: Louis Breedlove, Audit

Farmersville, Texas Audit Presentation September 30, 2017 Presented By: Louis Breedlove, Audit Manager June 26, 2018 1 OVERVIEW OF THE AUDIT PROCESS Audit Planning and Risk Assessment Audit Standards The audit was performed in

425 views • 13 slides
AUDIT PLAN Fiscal Year 2020 September 26, 2019 FY2020 Risk Assessment Required by Texas

AUDIT PLAN Fiscal Year 2020 September 26, 2019 FY2020 Risk Assessment Required by Texas

AUDIT PLAN Fiscal Year 2020 September 26, 2019 FY2020 Risk Assessment Required by Texas Internal Auditing Act and professional auditing standards, including approval of audit plan by governing body (Texas Transportation Commission)

157 views • 5 slides
Risk Assessment and Updating Audit Plan Contents Process and results Impact of pandemic on

Risk Assessment and Updating Audit Plan Contents Process and results Impact of pandemic on

CITY OF MINNEAPOLIS Risk Assessment and Updating Audit Plan Contents Process and results Impact of pandemic on assessment Proposed Covid-19 Approach Proposed Audit Plan Modifications 2 Purpose Cannot entirely avoid risk,

297 views • 15 slides
Audit Risk Presented by: Eric Kline, CPA Quality Assurance & Technical Specialist Center

Audit Risk Presented by: Eric Kline, CPA Quality Assurance & Technical Specialist Center

Audit Risk Presented by: Eric Kline, CPA Quality Assurance & Technical Specialist Center for Audit Excellence August 6, 2015 Risk Assessment 2 Agenda Audit Risk Various Components of Audit Model Risk Ohio Auditor of

751 views • 28 slides
Audit and Compliance Committee Internal Audit Proposed Internal Audit Charter March 15, 2019

Audit and Compliance Committee Internal Audit Proposed Internal Audit Charter March 15, 2019

Audit and Compliance Committee Internal Audit Proposed Internal Audit Charter March 15, 2019 Internal Audit Open Meeting Internal Audit Charter Internal Audit Charter (The following 3 slides are excerpts from the Institute of Internal

205 views • 6 slides
Internal Audit Professionals & Internal Audit Students Pizza Mingle! Managing the Internal

Internal Audit Professionals & Internal Audit Students Pizza Mingle! Managing the Internal

Internal Audit Professionals & Internal Audit Students Pizza Mingle! Managing the Internal Audit Function Sponsored by: The Austin Chapter of the Institute of Internal Auditors, Academic Relations Committee Slide 1 Managing The Internal

722 views • 12 slides
Internal Audit Division Update & Review of Internal Audit Plan Finance and Audit Committee

Internal Audit Division Update & Review of Internal Audit Plan Finance and Audit Committee

Internal Audit Division Update & Review of Internal Audit Plan Finance and Audit Committee 12/19/19 Why we are here Today we are here to Provide information on 2019 Internal Audit activities Request a review of 2020 Internal

391 views • 16 slides
Internal Audit Division Update Finance and Audit Committee | 10/24/19 Why we are here Today

Internal Audit Division Update Finance and Audit Committee | 10/24/19 Why we are here Today

Internal Audit Division Update Finance and Audit Committee | 10/24/19 Why we are here Today we are here to provide information on Internal Audit activities. Internal Audit Activity Update Internal Audits Completed Internal

257 views • 12 slides
Internal Audit Division Update Finance and Audit Committee 6/20/19 Why we are here Internal

Internal Audit Division Update Finance and Audit Committee 6/20/19 Why we are here Internal

Internal Audit Division Update Finance and Audit Committee 6/20/19 Why we are here Internal Audit Activity Update Internal Audits Completed Internal Audits In Progress 2019 Performance Audit Update Today we are here to

388 views • 12 slides
Internal Audit Annual Board Update Audit Advisory Committee January 28, 2020 Debi Roth, Chair

Internal Audit Annual Board Update Audit Advisory Committee January 28, 2020 Debi Roth, Chair

Internal Audit Annual Board Update Audit Advisory Committee January 28, 2020 Debi Roth, Chair Mission of Internal Audit To enhance and protect organizational value by providing risk-based and objective assurance, advice, and insight.

410 views • 17 slides
KSCB Section 11 Self Assessment Audit What has been done? What are the themes and findings?

KSCB Section 11 Self Assessment Audit What has been done? What are the themes and findings?

KSCB Section 11 Self Assessment Audit What has been done? What are the themes and findings? Challenge and support Next steps What is the Section 11 Self Assessment Audit? Section 11 of the Children Act 2004 places

347 views • 10 slides
Risk Assessment Management on an Organizational Level Presentation for International Workshop on

Risk Assessment Management on an Organizational Level Presentation for International Workshop on

Risk Assessment Management on an Organizational Level Presentation for International Workshop on Accountability in Science Funding, 1 June 2006 Laura Cavanaugh SFI Head of Internal Audit 1 June 2006 1 SFI - Risk Assessment Management on an

626 views • 29 slides
Section 3 Risk ASJ Stages of an Audit Audit Approaches ASJ In this approach, audit

Section 3 Risk ASJ Stages of an Audit Audit Approaches ASJ In this approach, audit

ASJ Section 3 Risk ASJ Stages of an Audit Audit Approaches ASJ In this approach, audit resources are targeted on testing large volumes of transactions and account balances without any particular focus on specified Substantive areas of

271 views • 16 slides
Knowledge Area 5 Asset and Risk Management Welcome-1 January 2017 Administrative Items

Knowledge Area 5 Asset and Risk Management Welcome-1 January 2017 Administrative Items

Knowledge Area 5 Asset and Risk Management Welcome-1 January 2017 Administrative Items Emergency procedures Emergency exits Restrooms Break facilities Lunch facilities Cancellation policy Course attendance policy

1.67k views • 141 slides
An Open Platform for Collecting Data for OpenSeaMap Ulrich Langenbach, Joachim Langenbach

An Open Platform for Collecting Data for OpenSeaMap Ulrich Langenbach, Joachim Langenbach

An Open Platform for Collecting Data for OpenSeaMap Ulrich Langenbach, Joachim Langenbach 03.02.2018 Overview Motivation What needs to be done? Data Collection Data Processing Hardware Setup Requirements and Features

653 views • 37 slides
Shock Reflection-Diffraction and Multidimensional Conservation Laws Gui-Qiang Chen Department

Shock Reflection-Diffraction and Multidimensional Conservation Laws Gui-Qiang Chen Department

Shock Reflection-Diffraction and Multidimensional Conservation Laws Gui-Qiang Chen Department of Mathematics, Northwestern University Email: gqchen@math.northwestern.edu Website: http://www.math.northwestern.edu/gqchen/preprints Mikhail

604 views • 45 slides
Radiation boundary conditions for waves: the solved, the unsolved, and potential applications to

Radiation boundary conditions for waves: the solved, the unsolved, and potential applications to

Radiation boundary conditions for waves: the solved, the unsolved, and potential applications to numerical relativity Tom Hagstrom SMU Collaborators in rbc work : S.I. Hariharan, U. Akron - first implementations of arbitrary order Bayliss-Turkel

560 views • 23 slides
Dynamic Interpretation of Emerging Systemic Risks Kathleen Weiss Hanley 1 and Gerard Hoberg 2 1

Dynamic Interpretation of Emerging Systemic Risks Kathleen Weiss Hanley 1 and Gerard Hoberg 2 1

Dynamic Interpretation of Emerging Systemic Risks Kathleen Weiss Hanley 1 and Gerard Hoberg 2 1 Lehigh University 2 University of Southern California MIT GCFP Conference September 2016 Hanley and Hoberg (2016) Dynamic Emerging Systemic Risks

484 views • 16 slides
U.S. Department of Housing and Urban Development Office of Housing Counseling Sub-Grantee Award

U.S. Department of Housing and Urban Development Office of Housing Counseling Sub-Grantee Award

U.S. Department of Housing and Urban Development Office of Housing Counseling Sub-Grantee Award & Monitoring Guide December 13, 2016 2:00 PM EST Facilitated by Booth Management Consulting, LLC 7230 Lee Deforest Drive, Suite 202,

594 views • 46 slides
Navigating Prevention Science The Essentials April 19, 2017 Liz Wilhelm, M.S. YMPEP and DFC

Navigating Prevention Science The Essentials April 19, 2017 Liz Wilhelm, M.S. YMPEP and DFC

Navigating Prevention Science The Essentials April 19, 2017 Liz Wilhelm, M.S. YMPEP and DFC Coordinator Seattle Childrens Prevention Works in Seattle Prevention Science The Essentials Presentation description: Prevention is the

751 views • 35 slides
The Ground for Negotiation: Zoning for Risk Reduction around Hazardous Plants Cline

The Ground for Negotiation: Zoning for Risk Reduction around Hazardous Plants Cline

The Ground for Negotiation: Zoning for Risk Reduction around Hazardous Plants Cline Grislain-Letrmy Bertrand Villeneuve Universit Paris-Dauphine, Universit PSL & CREST New Challenges in Insurance Conservatoire National des Arts et

368 views • 33 slides

More recommend