1 / 24

The Internal Audit Process - Risk-Based Process-Focused Audit Approach

The Internal Audit Process - Risk-Based Process-Focused Audit Approach. Communicate Results. Understand the Auditee. Assess Risk. Develop Audit Plan. Execute the Audit. Co-Develop Expectations. The Risk-Based, Process-Focused Approach (RBPFA) to audit is divided into six activities:.

ranger
Download Presentation

The Internal Audit Process - Risk-Based Process-Focused Audit Approach

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The Internal Audit Process - Risk-Based Process-Focused Audit Approach

  2. Communicate Results Understand the Auditee Assess Risk Develop Audit Plan Execute the Audit Co-Develop Expectations

  3. The Risk-Based, Process-Focused Approach (RBPFA) to audit is divided into sixactivities: A. Co-develop expectations B. Understand the Auditee C. Assess Risk D. Develop Audit Plan E. Execute the Audit F. Communicate Results

  4. A. Co-developExpectations Key to Success Understand the expectation of the senior management and the value of the internal audit to the organizations Preliminary discussions with the management on the areas to be reviewed and identify other concerns of the senior management

  5. Co- develop Expectations(continued) Objective No. 1 • To have a clear understanding of the focus of the audit as agreed upon with senior/line management and subsequently with the oversight bodies thru the Audit Committees, as applicable

  6. Co- develop Expectations(continued) Objective No. 2 To provide adequate focus and efficiency, better allocation of resources and a higher probability of success in meeting the expectations of the key players involved.

  7. Co- develop Expectations(continued) • The Co-develop Expectations phase covers the next four sections of the RBPFA, and can be further divided into two main categories: • Entity Level • Process Level

  8. Co- develop Expectations(continued) • At the entity level, Co-develop Expectations • involves: • - Understanding the Auditee, • - Risk Assessment, and • - Develop Strategic and Annual Audit Plans • Discussions on this level are mainly • concentrated with senior management and • the oversight bodies of the auditee.

  9. Co- develop Expectations(continued) • At the Process level, Co-develop Expectations • Involves activities at the Execution Phase • It focuses the discussion on the senior/line • management and of the processes or risk areas included in the Audit Plan.

  10. B. Understand the Auditee • Purpose - • To preliminarily identify Auditee risks • To focus the audit efforts on the elements critical to the Auditee’s operations.

  11. B. Understand the Auditee(continued) Activities: • Obtain information on the Auditee’s mandate, strategies, critical processes, financial and operational performance, and overall control environment to aid in the identification of the risks that will be the focus of the audit effort.

  12. B. Understand the Auditee(continued) • Understanding the Auditee or UTA is one of the most critical factors in delivering high value auditing services; it is a “core competency” that auditors need to maintain and continuously improve.

  13. C. Risk Assessment • Risk is defined as the threat that an event, • action or inaction will adversely affect the • auditee’s ability to successfully achieve its • mandate, and objectives and execute its • strategies successfully.

  14. C. Risk Assessment Main Activities

  15. C. Risk Assessment(continued) Objectives: • 1. To identify and assess the impact of significant risks that may threaten the Auditee’s objectives. • 2. To create the potential audit universe and audit plan.

  16. D. Develop Strategic Audit Plan Objectives: • To develop and document the audit plan, identify the resource requirements and obtain approval from senior management and the oversight bodies.

  17. D. Develop Strategic Audit Plan(continued) Objective 1: • To summarize the information gathered during the Understand the Auditee and Risk Assessment sections, and to document the audit universe, which identifies the high priority areas that should • be the focus of audit.

  18. D. Develop Strategic Audit Plan(continued) Objective 2: • To determine the most efficient and effective way to audit the high priority areas. • When developing the audit areas, the Auditee May want to structure the audit plan by unit, geographic location, or function, (i.e., branches, provincial departments, etc., or process).

  19. D. Develop Strategic Audit Plan(continued) • In determining the appropriate approach, the internal audit department should consider the auditee structure (including provincial departments etc.), cost effectiveness, report audiences, use of special resources, or other offices.

  20. E. Audit Execution • Implementation of the Audit Plan based on the results of the Understand the Auditee and Risk Assessment sections, • Before the actual start of fieldwork, line management will be briefed on the work planned, including the audit objectives.

  21. E. Audit Execution(continued) Activities: • Review “covered” systems and processes and collection information through discussions with auditee personnel, observations and performance of audit tests • During the fieldwork, preliminary discussions are made with the process and activity owners to validateunderstanding of the process, enhance the communication process, and achieve better buy-in and cooperation of the auditee.

  22. F. Communicating Results • At the end of each assignment: • The auditors will meet with line management to finalize the discussion of findings or areas of concern noted during the audit • To assist management to formulate specific action points meant to address such concerns within an agreed timetable.

  23. F. Communicating Results (continued) • Internal Audit periodically follows up the implementation of the agreed action points meant to address critical risks and reports the status of accomplishment to the head of the auditee. The monitoring and follow-up process may be done within six months after the exit conference or after one year, depending on the result of the audit.

More Related