Loading presentation...

Present Remotely

Send the link below via email or IM


Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.



Risk - Based Internal Auditing

CBG Infoshare

on 24 January 2013

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of RBIA

Evaluating Controls Internal Audit
& RBIA Corporate Governance Are controls in place? Control: Any action taken by management, th board and other parties to manage risk and increase the likelihood that established objectives and goals will be achieved. Management plans, organises and directs the performance of sufficient actions to provide reasonable assurance that objectives and goals will be achieved. Risk-Based The possibility of an event occurring that will have an impact on the attainment of objectives.

Impact and likelihood RISK Core IA Roles in ERM Enterprise-wide Risk Management Inherent and Residual Risk The totality of the structures, methodology, procedures and definitions that an oragnisation has chosen to use to implement its risk management processes. ERM Framework The ERM process which management has put in place within the organisation are operating as intended.
The risk management processes are of sound design
Management response to risk are both adequate and effective in reducing the risk
A sound framework of controls is in place to sufficiently mitigate risk Provide assurance to the board that: Audit Risk Based Internal Audit Corporate Governance Enterprise-wide Risk Management (ERM) Internal Audit and ERM Risk-Based Internal Audit Approach Board of Directors Management External Audit Internal Audit Short-term Profit Long-term Growth Positive Position Cashflow Reliable Financial Statement Reputation Social Responsibility Regulatory Compliance Accountable for performance and affairs Identify
Risk Control
Risk Review
Risk Assess
Risk Corporate governance involves a set of relationships between a company's management, its board, its shareholders and other stakeholders.

Corporate governance also provides the structure through which the objectives of the company are set, and the means of attaining those objectives and monitoring performance are determined. Independent and objective assessment appropriate governance structure
operating effectiveness of governance
evaluate governance components if working as expected Catalyst for change advising on improvement to enhance governance
participate in the establishment of governance processes IA is a key cornerstone for effective governance TOLERATE TRANSFER TERMINATE TAKE Establish "tone at the top" Responsible for effective risk management practices Determine Risk appetite level Oversees organisational activities Performance Stewardship Build the "S" Strategy
System Manage the "P" Purpose
People Made up of "C" CEO
CFO Risk
Process People
Systems ERM is structured, consistent and continuous process accross the whole organisation for identifying, assessing, deciding on response to and reporting on opportunities and threats that affects achievement of its objectives. COSO ERM Cube Internal Audit Roles of Internal Audit in ERM An independent, objective assurance and consulting activity designed to add value and improve an organisation's operations.

It helps an organisation accomplish its objectives by bringing a systematics, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance process. Risk Naive No formal approach developed for Risk Management Risk Aware Scattered silo based approach to risk management Risk Defined Strategy and policy in place and communicated Risk Managed Enterprise-wide approach to RM development. Communicated Risk Enabled RM and controls are fully embedded into the operations Giving assurance on risk management processes
Giving assurance that risks are correctly evaluated
Evaluating risk management processes
Evaluating the reporting of key risks
Reviewing the management of key risks Legitimate IA Roles with Safeguards Facilitating identification and evaluation of risk
Coaching management in responding to risk
Coordinating ERM activities
Consolidating the reports on risk
Maintaining and developing the ERM framework
Championing establishment of ERM
Developing risk management strategy for board approval Risk Assessment Risk Universe
Risk Owner
Risk Officer
Risk Register
Risk Process
Risk Evaluation Criteria Internal Audit must identify Directive
Mitigating Adequacy Does the process provide reasonable assurance? Effectiveness Is the process functioning as intended?
Full transcript