150 likes | 262 Views
Next steps. RAWG. WHAT WE HAVE. Risk assessment guideline for strategic and annual planning Identifying auditing universe Identification of risks Categorization of possible risks Estimating likelihood and impact of risks Developing 3-year plans Annual plan.
E N D
Next steps RAWG
WHAT WE HAVE • Risk assessment guideline for strategic and annual planning • Identifying auditing universe • Identification of risks • Categorization of possible risks • Estimating likelihood and impact of risks • Developing 3-year plans • Annual plan
WHAT HAPPENS AFTER PLANNING • Preparation for the audit engagement • Drafting a plan for the audit engagement • Appointing auditors for the engagement • Identifying the goals of the engagement • Executing the engagement • Collecting audit evidence • Developing a project and the final report (conclusion) • Post audit
Is planning over at the stage of the annual plan? • Planning is just the overall direction of activity, a list of tasks and not a final decision on the audit engagement • At the preparation stage for the audit engagement the annual audit plan can change based on REEVALUATION OF RISKS
Risks in IIA standards • 1210.А2 to evaluate the risk of fraud • 1210.А3 key information technology risks and controls • 1220.А1 adequacy and effectiveness of governance, risk management, and control processes • 1220.А3 must be alert to the significant risks
Standard 2201 – Planning Considerations for audit engagements • The significant risks to the activity, its objectives, resources, and operations and the means by which the potential impact of risk is kept to an acceptable level; • The adequacy and effectiveness of the activity’s governance, risk management, and control processes compared to a relevant framework or model; • The opportunities for making significant improvements to the activity’s governance, risk management, and control processes.
Standard 2210 — Engagement Objectives • 2210.А1 — Internal auditors must conduct a preliminary assessment of the risks relevant to the activity under review. Engagement objectives must reflect the results of this assessment. • 2210.А2 — Internal auditors must consider the probability of significant errors, fraud, noncompliance, and other exposures when developing the engagement objectives.
Standard 2060 — Reporting to Senior Management and the Board • Reporting must also include significant risk exposures and control issues, including fraud risks, governance issues, and other matters needed or requested by senior management and the board.
Standard 2450 – Overall opinion • The description of risk assessment or control methodology or of other criteria on which the opinion is based
Standard 2600 — Communicating the Acceptance of Risks • When the chief audit executive concludes that management has accepted a level of risk that may be unacceptable to the organization, the chief audit executive must discuss the matter with senior management…..
Suggestions • Preliminary risk assessment at the stage of audit engagement planning • Risk assessment when goals are set and audit evidence is collected • Risk assessment at post-audit stage • Assessment of fraud risks • Assessment of IT risks • etc. ….
Preliminary risk assessment at the stage of audit engagement planning • Preparation throughout the year • Collection and assessment of information on risks • Assessment of risks related to legal documents adopted after the latest risk assessment • Identification of risks during consultations with senior management and first meeting
Risk assessment when goals are set and audit evidence is collected • Based on the results of preliminary risk assessment of the audit objects: developing an engagement plan • Identification of most risky transactions • Setting the tasks for auditors and defining the selection method (statistical, non-statistical, mixed) • Setting other tasks and their possible changes
Risk assessment at post-audit stage (Follow up) • Risk assessment of collected evidence • Defining priorities • Risk assessment of tasks execution or acceptance of risk by the leadership
Glossary of terms that need to be explained • How to calculate • Major risks • Inherent risks • Residual risks • Acceptable risks • Risk appetite