1 / 28

Role of Internal Audit in Risk Management

Rajkumar S. Adukia. 2. Internal Audit. Independent Objective Assurance Consulting Activity Add Value Improve OperationsEvaluate and improve the effectiveness of go

kioshi
Download Presentation

Role of Internal Audit in Risk Management

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

    1. Role of Internal Audit in Risk Management By, Rajkumar S. Adukia rajkumarfca@gmail.com / radukia@vsnl.com http://www.carajkumarradukia.com 093230 61049 / 093221 39642

    2. ©Rajkumar S. Adukia 2 Internal Audit Independent Objective Assurance Consulting Activity Add Value Improve Operations Evaluate and improve the effectiveness of governance, risk management and control processes.

    3. ©Rajkumar S. Adukia 3 Internal Control This includes all the policies and procedures adopted by the management of an entity to assist in achieving management’s objective: The orderly and efficient conduct of business Adherence to Management objectives The safeguarding of Assets Prevention of fraud and error Accuracy and completeness of Accounting records Timely preparation of reliable financial information

    4. ©Rajkumar S. Adukia 4 Internal Audit and Internal Control The Internal Audit function constitutes a separate component of Internal control with the objective of determining whether other internal controls are well designed and properly operated

    5. ©Rajkumar S. Adukia 5 Risk Management Process

    6. ©Rajkumar S. Adukia 6 Risk Management Process Risk management is a key responsibility of management. To achieve its business objectives, management should ensure that sound risk management processes are in place and functioning Each organization may choose a particular methodology to implement its risk management process information from the risk management process can be utilized by the auditor to plan his audit.

    7. ©Rajkumar S. Adukia 7 Risk Management process Risk management processes should be designed for the nature of an organization’s activities. Depending on the size and complexity of the organization’s business activities risk management processes can be: formal or informal  quantitative or subjective embedded in the business units or centralized at a corporate level. Internal auditors should recognize that there could be significant variations in the techniques used by various organizations for their risk management practices.

    8. ©Rajkumar S. Adukia 8 Role of Internal Auditors Obtain a document containing the enterprise risk management framework and accordingly ascertain that the process is both comprehensive and suitable for the nature of the organization. Research and review reference materials and background information on risk management methodologies as a basis to assess whether or not the process used by the organization is appropriate and represents best practices for the industry Determine whether the risk management procedures are clearly understood by all key levels involved in the risk management process Review corporate policies, board, and audit committee minutes to determine the organization’s business strategies, risk management philosophy and methodology, appetite for risk, and acceptance of risks.

    9. ©Rajkumar S. Adukia 9 Role of Internal Auditors…. Review previous risk evaluation reports by management, internal auditors, external auditors, and any other sources that may have issued such reports. Assist in planning the procedures in risk management framework based on his specialized knowledge of the business Assist by examining, evaluating, reporting, and recommending improvements on the adequacy and effectiveness of management’s risk processes Ensure that early warning mechanism of disaster exists Audit the risk management process across the entire entity Assess whether the risk management framework has to be updated and whether any improvements in the ERM process are needed.

    10. ©Rajkumar S. Adukia 10 Role of Internal Auditors…. Assess how well the risks identified by the management have been managed Conduct interviews with line and executive management to determine business unit objectives, related risks, and management’s risk mitigation and control monitoring activities Participate in the monitoring and reporting activities in the risk management process Provide training to the risk management committee and facilitate risk based work-shops Assess the business continuity plan and ensure that a comprehensive disaster plan exists. Provide support in case of a negative impact on the business by assisting the business to recover.

    11. ©Rajkumar S. Adukia 11 KEY ELEMENTS OF RISK MANAGEMENT

    12. ©Rajkumar S. Adukia 12 Risk Identification Risks may be due to internal or external factors. Internal factors may include changes in information systems, controls, and major projects and programs, employee turnover .etc External factors may include changes in the political and business environment and changes in markets and competitive conditions, social and economic conditions, and technological conditions.

    13. ©Rajkumar S. Adukia 13 Internal Auditor’s role: He should independently evaluate whether all probable risks have been identified and prioritized in the order of their significance. He should ascertain whether even events with a relatively low possibility of occurrence has been identified and considered if the impact of achieving an important objective is great.

    14. ©Rajkumar S. Adukia 14 Risk Assessment Risks are to be assessed as to their potential severity of loss and to the probability of occurrence

    15. ©Rajkumar S. Adukia 15 Internal auditor’s role: He should ascertain that the organization has adopted the appropriate techniques to assess the severity of the risks. He should ascertain that the management has used a combination of qualitative and quantitative techniques in risk assessment

    16. ©Rajkumar S. Adukia 16 Risk Treatment Risk response or risk treatment refers to the measures adopted to alter either the likelihood or impact of a particular negative event.. The risk treatment should result in an effective and efficient functioning of the organization. The various ways of responding to risk include risk transfer, risk avoidance, risk retention and risk acceptance

    17. ©Rajkumar S. Adukia 17 Internal auditor’s role: He should ascertain that any system of risk treatment should be designed to bring anticipated risk likelihood and impact within tolerance level. The risk response should ensure effective internal controls and adhere to applicable laws and regulations

    18. ©Rajkumar S. Adukia 18 Risk reporting Information is required at all levels of the organization. The Board of Directors should receive periodic reports that the risk management process is running efficiently. Similarly external parties including the regulators and stakeholders need to be convinced of an efficient and effective risk management process

    19. ©Rajkumar S. Adukia 19 Internal auditor’s role: He should ascertain that the reporting is both timely and effective. He should ensure that significant deficiencies discovered in the risk management process are clearly documented

    20. ©Rajkumar S. Adukia 20 Monitoring There should be an ongoing monitoring activity to periodically reassess risk and the controls exercised to manage risks. The monitoring activity should determine whether the procedures followed were appropriate and did not deviate from the intended objectives

    21. ©Rajkumar S. Adukia 21 Internal auditor’s role: He should be satisfied that appropriate controls exist in the organization and that monitoring activities are progressing in an efficient manner. He should be satisfied that separate evaluations focus on the effectiveness of the enterprise risk management.

    22. ©Rajkumar S. Adukia 22 Checklist Has the management established entity-wise and activity wise objectives after considering associated risks and their implications? Has the management communicated the objectives to all the employees? Has the risk management plan been drawn in consistent with the objectives? Have the concerned personnel understood the policies and procedures in risk management? Have the key personnel understood the level of responsibility and accountability?

    23. ©Rajkumar S. Adukia 23 Is the mechanism adequate to identify risks from external sources internal sources Does the management select technique that fit its risk management process and does the entity develop risk identification capabilities Is information gathered pertinent and assimilated in a proper form? Are the risk analysis and evaluation techniques effective? Does the management consider additional risk that might result from a response selected to treat a risk? In selecting a control technique does management consider how control activities co-relate? Is the communication activity across the organization adequate? Is the information provided timely, efficient and sufficient?

    24. ©Rajkumar S. Adukia 24 Is the follow-up action timely and appropriate? Have the training workshops/seminars been effective? Is the internal control system effective? Is importance given to documentation including policy manuals, organization charts, operating instructions, documentation of evaluation process etc? Is there a mechanism in place to identify changes that could affect achievement of objectives? Are policies and procedures modified as and when necessary? Is the competence of the personnel commensurate with their responsibilities?

    25. ©Rajkumar S. Adukia 25 Internal Audit should not include the roles of: Making decisions on the risk responses Setting the risk appetite Imposing the risk management process Accountability for risk management

    26. ©Rajkumar S. Adukia 26 Relevant web-sites Risk management standard by IRM. AIRMIC and ALARM, the National Forum for Risk Management in the Public Sector. http://www.theirm.org/publications/documents/Risk_Management_Standard_030820.pdf 2) Risk management standards http://www.riskreports.com/standards.html 3) Internal web portal for auditors http://www.auditnet.org/

    27. ©Rajkumar S. Adukia 27 4) Institute of Internal Auditors UK and Ireland http://www.iia.org.uk/about/internalaudit/ 5) COSO framework http://www.coso.org/

    28. ©Rajkumar S. Adukia 28 QUESTIONS? COMMENTS? SUGGESTIONS?

More Related