1 / 35

RISK BASED INTERNAL AUDIT (RBIA) EXPERIENCE SHARING

RISK BASED INTERNAL AUDIT (RBIA) EXPERIENCE SHARING. CA Nilesh Joshi. Contents. Meaning & Objectives Terms Used Advantages Types of Risks Nature of Risks RBIA Approach Risk Weightage Documentation Report. Risks are those uncertainties which impede the achievement of the objectives.

livi
Download Presentation

RISK BASED INTERNAL AUDIT (RBIA) EXPERIENCE SHARING

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. RISK BASEDINTERNAL AUDIT(RBIA)EXPERIENCE SHARING CA Nilesh Joshi

  2. Contents • Meaning & Objectives • Terms Used • Advantages • Types of Risks • Nature of Risks • RBIA Approach • Risk Weightage • Documentation • Report Chokshi & Chokshi

  3. Risks are those uncertainties which impede the achievement of the objectives. MEANING of RISKS OBJECTIVE of RBIA Provide independent assurance to the Board that Risk Management Processes which Management has put in place are of sound design and operating as intended. Chokshi & Chokshi

  4. Risk Capacity How much Risk can organisation absorb. Risk Appetite How much Risk is Management willing to accept. Risk Response The purpose of assessing and addressing risks is to constrain them to acceptable level. Tolerate : Exposure is tolerable without any further action. Transfer : Transfer risk by conventional insurance or outsourcing. Terminate : Terminate the activity itself. Treat : Action is taken to constrain risk to acceptable level. Terms Used Chokshi & Chokshi

  5. Advantages • Risk-based auditing is more efficient, because it directs audits at the high-risk areas, as opposed to financial areas, which may not represent such a great risk. • Ensures that resources are directed towards checking the management of the most significant risks. • RBIA involves the whole organisation and its processes – so no need to define which functions Internal Auditing should involve. ….cont… Chokshi & Chokshi

  6. Advantages .. • We can rank recommendations, to provide the greatest value added in terms of the risks mitigated. • RBIA provides an ‘audit trail’ from an individual audit report back through tests, controls and risks to objectives, and forward to the audit committee report on whether those objectives are threatened. (The recommendations made can be traced back through controls, risks and processes to the organisation's objectives.) Chokshi & Chokshi

  7. Types of Risks Business Risks Operational Risks Financial Risks Regulatory Risks Reputation Risks Credit Risks Chokshi & Chokshi

  8. Major Risks At Glance… • Business Risk Business Risks impede the achievement of the organisation’s goals and objectives. • Operational Risk The risk that the entity will experience problems in the performance of business functions or processes • Financial Risk Risk that the financial statement reported by the entity may be incorrect and not reconciled to accounting records. • Regulatory Risk Risk of non-compliance with regulatory requirements leading to censure and/or penalties. Chokshi & Chokshi

  9. Nature of Risks • Internal vs. External (HUMAN, TECHNOLOGICAL FACTOR VS. ECONOMIC, NATURAL FACTOR) • Controllable vs. Non-controllable (FIRE, THEFTH VS. RECESSION, NEW COMPETITOR) Chokshi & Chokshi

  10. RBIA Approach • Understanding Process • Identification of Risk • Identification of Controls • Verification of Effectiveness of Controls • Reporting Chokshi & Chokshi

  11. Overall Process Review Understand Organisation and Business Line Priorities Prepare Final Audit Plans Aggregate and Challenge Proposed Plans Understand Org Unit’s Key Objectives, Value Drivers and Auditable Units Create first draft Org Unit Audit Plan Discuss, Challenge and Classify Key Risks Assessment of Auditable Units (Initial prioritisation using 3-factor approach) Review and Completeness Test Chokshi & Chokshi

  12. Risk Register • Identify risks • Assess inherent risk by evaluating impact and likelihood • Identify existing controls • Assess controls design • If the risk is not mitigated sufficiently propose additional controls • Test operating effectiveness controls • Assessment of residual risk. Chokshi & Chokshi

  13. Audit Schedule for Manufacturing Unit Chokshi & Chokshi

  14. Audit Schedule for Bank Chokshi & Chokshi

  15. Understanding Process - Mfg. Manufacturing Department Stores Accounts Gather Quotations and selects Vendor Stores Quality Control Goods Received Accounts Payment to Vendor Chokshi & Chokshi

  16. Identification of Risks Manufacturing Department Stores Accounts RC1 Gather Quotations and selects Vendor RC2 RC3 Stores Quality Control Goods Received RC4 Accounts RC5 Payment to Vendor Chokshi & Chokshi

  17. Identification of Controls Manufacturing Department Stores Accounts C 1 RC1 Gather Quotations and selects Vendor RC2 RC3 Stores Quality Control Goods Received C 2 C 3 RC4 C 4 Accounts RC5 Payment to Vendor C 5 Chokshi & Chokshi

  18. Risk Register C 1 RC1 C 2 RC2 C 3 C 4 RC3 C 5 RC4 Chokshi & Chokshi RC5

  19. Understanding Process - Bank Sending Application to Sanctioning Authority Approval from Sanctioning Authority Rcpt .of Application for OD agst FD Obtaining discharged FD Marking lien in the System Execution of Documents Disbursing of Advances Chokshi & Chokshi

  20. Identification of Risks Sending Application to Sanctioning Authority Approval from Sanctioning Authority Rcpt .of Application for OD agst FD RC1 Obtaining discharged FD RC3 RC2 Marking lien in the System Execution of Documents RC4 Disbursing of Advances Chokshi & Chokshi

  21. Identification of Controls Sending Application to Sanctioning Authority Approval from Sanctioning Authority Rcpt .of Application for OD agst FD RC1 C1 Obtaining discharged FD RC3 RC2 Marking lien in the System Execution of Documents C3 C2 RC4 C4 Disbursing of Advances Chokshi & Chokshi

  22. Risk Register C 1 RC1 C 2 RC2 C 3 C 4 RC3 RC4 Chokshi & Chokshi

  23. Risk Weightage (Unit) Chokshi & Chokshi

  24. Documentation • Terms of Engagement • Risk Register • Audit Plan • Test Work Sheet • Audit Closure Form Chokshi & Chokshi

  25. Audit Plan Chokshi & Chokshi

  26. Test Work Sheet Chokshi & Chokshi

  27. Audit Closure Form Chokshi & Chokshi

  28. Report Style: • Concise Reporting • Solution Oriented Reporting • Connecting to audience Define: • Criteria • Condition Chokshi & Chokshi

  29. Report - Contents Chokshi & Chokshi • Auditee Profile • Processes Covered • Period Covered • Executive Summary • Opinion • Detailed Observations • Background • Detailed Findings • Risk- Nature & Level • Recommendation

  30. Audit Opinion • Strong: The impact of identified control weaknesses exposes the area in scope to minimal level of risk. Management action not required. • Sufficient: The impact of identified control weaknesses exposes the area in scope to limited level of risk. Management action is required to mitigate identified risks. • Insufficient: The impact of identified control weaknesses exposes the area in scope to a serious level of risk. Significant steps are required to mitigate identified risks as soon as possible. • Critical: The impact of identified control weaknesses exposes the area in scope to an unacceptable level of risk. Major steps required to mitigate identified risks. Chokshi & Chokshi

  31. Basis for Audit Opinion • Strong (Total Risk Wgt. < 6) Consisting of only Low risk findings. • Sufficient (Total Risk Wgt. >6 & <=18) High category risks are not more than one and Medium category risks are not more than three. • Insufficient (Total Risk Wgt. >18 & <=48) High category risks are not more than four and Medium category risks are not more than six. • Critical (Total Risk Wgt. >48) High category risks are more than four and Medium category risks are more than six. Chokshi & Chokshi

  32. Example Chokshi & Chokshi

  33. Chokshi & Chokshi

  34. Financial Inclusion Chokshi & Chokshi

  35. Chokshi & Chokshi

More Related