1 / 17

Integrating Enterprise Risk Management and Audit

Integrating Enterprise Risk Management and Audit. Pentana background. Started in 1992 Our mission is to support auditors through innovative use of technology Development in UK but been in US for 6 years, with Australian subsidiary and resellers in other countries

bart
Download Presentation

Integrating Enterprise Risk Management and Audit

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Integrating Enterprise Risk Management and Audit www.pentana.com

  2. Pentana background • Started in 1992 • Our mission is to support auditors through innovative use of technology • Development in UK but been in US for 6 years, with Australian subsidiary and resellers in other countries • 25 people, owned by employees, no debt or external finance. www.pentana.com

  3. Contract work - 2001 External Audit System For major Accounting Firm ERM Risk Framework For Construction Firm www.pentana.com

  4. Developed 2002-2003 Pentana Integrated Risk Management And Internal Audit System External Audit System For major Accounting Firm ERM Risk Framework For Construction firm www.pentana.com

  5. Entity structure • Risks and controls belong to “entities” • Equivalent to “auditable entities”, but risks and controls might be continually assessed whether or not you carry out a formal audit • Can use a library to assess similar risks and controls across entities www.pentana.com

  6. Re-using information • Many departments look at risks and controls • Compliance, Risk, ERM H&S • When audit is carrying out its work it can take advantage of work done www.pentana.com

  7. Multiple risk hierarchies • Risks are identified by entity and their organizational structure but you can add another dimension for analysis, either process structure, or by financial statement lines, linked through assertions • (Makes it good for SOX as well) www.pentana.com

  8. www.pentana.com

  9. Ongoing control assessment • For any control, you can add a new assessment and “Walkthrough test” at any time to confirm your understanding of the control and ensure its continued operation • Maintain a history of assessments, so you can produce a graph of overall risk and control levels over time www.pentana.com

  10. www.pentana.com

  11. Risk scoring flexibility • Derived from a risk system, there is: • Scoring flexibility • Central/Self assessment and comparisons • Overall group impact/local impact • Risk and control costing if required • Risk grouping to identify overall problem areas www.pentana.com

  12. www.pentana.com

  13. What about Auditing? • An audit is a formal review of some of the controls, with full testing and a formal report • An audit can be of all of an entity (typical), or some processes in an entity, or even one or more processes across entities www.pentana.com

  14. Audit view • The Audit level (red) shows risks and controls selected for audit from the parent entities, together with any associated tests from the test library and actions identified • As well as a Control oriented view, audit steps would also be seen in a normal audit program view. www.pentana.com

  15. www.pentana.com

  16. Single or multiple databases? • With appropriate security, the risk and audit departments can use a single database • Where more security is needed, create separate databases, and the audit department import risks and controls as required www.pentana.com

  17. For 2 years, our clients have shown you can integrate risk management, audit and even SOX in one package www.pentana.com

More Related