Fashion & Beauty

AN OVERVIEW OF THE ANNUAL RISK ASSESSMENT AND AUDIT PLAN PROCESS. June 27, What s your first thought when you hear the words: RISK ASSESSMENT?

Description
AN OVERVIEW OF THE ANNUAL RISK ASSESSMENT AND AUDIT PLAN PROCESS. June 27, 2012 What s your first thought when you hear the words: Who cares. RISK ASSESSMENT? OMG, they asked me to do this and I don t
Published
of 11
All materials on our website are shared by users. If you have any questions about copyright issues, please report us to resolve them. We are always happy to assist you.
Related Documents
Share
Transcript
AN OVERVIEW OF THE ANNUAL RISK ASSESSMENT AND AUDIT PLAN PROCESS. June 27, 2012 What s your first thought when you hear the words: Who cares. RISK ASSESSMENT? OMG, they asked me to do this and I don t have a clue. I Got this! 1 Understanding the process is IMPORTANT to everyone in the audit profession. ANNUAL RISK ASSESSMENT & AUDIT PLAN Today we will discuss: 1. Why it s important 2. The process 3. The final product 2 IMPORTANT WHY??? IIA Standard 2010 (Planning) states: The Chief audit executive must establish risk-based plans to determine the priorities of the internal audit activity, consistent with the organization s goals A1 The internal audit activity s plan of engagement must be based on a documented risk assessment, undertaken at least annually. IMPORTANT WHY??? Florida Statute (5) states: The Inspector general shall develop long-term and annual audit plans based on the findings of periodic risk assessments. The plan shall show the individual audits to be conducted during each year and related resources to be devoted to the respective audits. ALSO: OFTEN TIMES ORGANIZATION POLICY, PROCEDURE, CHARTERS, ETC REQUIRE THEM!! 3 IMPORTANT WHY??? How many people in your office know how to complete the annual risk assessment and audit plan? MANAGEMENT SHOULD Have a succession plan!! This means more than one person in your office should know how to complete this annual task! 4 IMPORTANT WHY??? How many people have experienced the fearful auditee that asks the question: Why am I being audited? AUDITORS SHOULD Use the audit plan as a basis to answer this question. ALSO: Any auditor seeking to advance in the auditing profession should know how to complete this task. You will be called on to complete this task at some point as you climb the ladder. 5 Generally involves a four (4) step process: 1. Identify the universe and auditable entities. 2. Conduct the Risk Assessment. 3. Analyze the information collected, develop a risk matrix and draft audit plan. 4. Consult with executive management and finalize the audit plan. Step 1: Identify the universe and auditable entities: Can be very challenging. Expect changes Sources to use: Prior year entities as a basis Review organizational charts, structure Financial information Identify Processes Ask management to identify any changes. 6 Step 2: Conduct the risk assessment: Sources to use: Risk Assessment Questionnaire Interviews with management Only use Auditor Judgment Develop your risk factors and rating system! Risk Factors is defined as a combination of conditions and/or obstacles that an agency faces in achieving its objectives. On average 8 to 10 risk factors are used. Risk factors are typically rated on a scale of 1 to 5 1(Less Significant) To 5 (More Significant) The process is very SUBJECTIVE AND JUDGMENTAL!! 7 Examples of Risk factors: Quality of internal controls Financial impact Frequency/complexity/volume of transactions Regulatory/Legal impact Changes in Area/management/systems/business processes/regulation/procedures Competency of Management/staff Opportunity of fraudulent activity/waste or abuse Image/reputation/customer impact Examples of Risk factors: Time since last audit (internal or external) Results of prior audits Management Discretion Executive Management Interest Complexity of Activity Public and Political sensitivity Deviations from Budget Risk of fraud or misappropriation 8 EXAMPLE OF A RISK FORM Step 3: Analyze the information collected, develop a risk matrix and draft audit plan: Utilize responses to rate each entity based on risk factors. **(staff & yr. long info) Typically develop a risk matrix in descending order. From Highest to lowest risk. **(weighted measure) Prepare a draft plan for consultation with executive management. How are audits selected at this point? 9 Step 4: Consult with Executive Management and Finalize the Audit Plan: Meet with executive mgmt such as the Inspector General, Agency Secretary, Elected Official, Board of Director and Audit Committee. Make adjustments as necessary. Making sure the plan is realistic and all relevant information is considered. Obtain Approval Publish the organization s annual audit plan. ARE WE DOING THIS JUST BECAUSE??? NO.. Our purpose should be to minimize the risk of losses to the organization And Effectively and efficiently utilize limited audit resources. 10 Presented by: Delphine Hill, CIA, CIGA Florida Department of Corrections Office of Inspector General (850)
Search
Similar documents
View more...
Related Search
We Need Your Support
Thank you for visiting our website and your interest in our free products and services. We are nonprofit website to share and download documents. To the running of this website, we need your help to support us.

Thanks to everyone for your continued support.

No, Thanks