1 / 15

Next steps

Next steps. RAWG. WHAT WE HAVE. Risk assessment guideline for strategic and annual planning Identifying auditing universe Identification of risks Categorization of possible risks Estimating likelihood and impact of risks Developing 3-year plans Annual plan.

presta
Download Presentation

Next steps

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Next steps RAWG

  2. WHAT WE HAVE • Risk assessment guideline for strategic and annual planning • Identifying auditing universe • Identification of risks • Categorization of possible risks • Estimating likelihood and impact of risks • Developing 3-year plans • Annual plan

  3. WHAT HAPPENS AFTER PLANNING • Preparation for the audit engagement • Drafting a plan for the audit engagement • Appointing auditors for the engagement • Identifying the goals of the engagement • Executing the engagement • Collecting audit evidence • Developing a project and the final report (conclusion) • Post audit

  4. Is planning over at the stage of the annual plan? • Planning is just the overall direction of activity, a list of tasks and not a final decision on the audit engagement • At the preparation stage for the audit engagement the annual audit plan can change based on REEVALUATION OF RISKS

  5. Risks in IIA standards • 1210.А2 to evaluate the risk of fraud • 1210.А3 key information technology risks and controls • 1220.А1 adequacy and effectiveness of governance, risk management, and control processes • 1220.А3 must be alert to the significant risks

  6. Standard 2201 – Planning Considerations for audit engagements • The significant risks to the activity, its objectives, resources, and operations and the means by which the potential impact of risk is kept to an acceptable level; • The adequacy and effectiveness of the activity’s governance, risk management, and control processes compared to a relevant framework or model; • The opportunities for making significant improvements to the activity’s governance, risk management, and control processes.

  7. Standard 2210 — Engagement Objectives • 2210.А1 — Internal auditors must conduct a preliminary assessment of the risks relevant to the activity under review. Engagement objectives must reflect the results of this assessment. • 2210.А2 — Internal auditors must consider the probability of significant errors, fraud, noncompliance, and other exposures when developing the engagement objectives.

  8. Standard 2060 — Reporting to Senior Management and the Board • Reporting must also include significant risk exposures and control issues, including fraud risks, governance issues, and other matters needed or requested by senior management and the board.

  9. Standard 2450 – Overall opinion • The description of risk assessment or control methodology or of other criteria on which the opinion is based

  10. Standard 2600 — Communicating the Acceptance of Risks • When the chief audit executive concludes that management has accepted a level of risk that may be unacceptable to the organization, the chief audit executive must discuss the matter with senior management…..

  11. Suggestions • Preliminary risk assessment at the stage of audit engagement planning • Risk assessment when goals are set and audit evidence is collected • Risk assessment at post-audit stage • Assessment of fraud risks • Assessment of IT risks • etc. ….

  12. Preliminary risk assessment at the stage of audit engagement planning • Preparation throughout the year • Collection and assessment of information on risks • Assessment of risks related to legal documents adopted after the latest risk assessment • Identification of risks during consultations with senior management and first meeting

  13. Risk assessment when goals are set and audit evidence is collected • Based on the results of preliminary risk assessment of the audit objects: developing an engagement plan • Identification of most risky transactions • Setting the tasks for auditors and defining the selection method (statistical, non-statistical, mixed) • Setting other tasks and their possible changes

  14. Risk assessment at post-audit stage (Follow up) • Risk assessment of collected evidence • Defining priorities • Risk assessment of tasks execution or acceptance of risk by the leadership

  15. Glossary of terms that need to be explained • How to calculate • Major risks • Inherent risks • Residual risks • Acceptable risks • Risk appetite

More Related