RISK TOPIC 4: INTERNAL AUDITING & RM (Role of Internal Auditors…
RISK TOPIC 4: INTERNAL AUDITING & RM
includes all the policies and procedures adopted by the management of an entity to assist in achieving management’s objective:
The orderly and efficient conduct of business
dherence to Management objectives
The safeguarding of Assets
Prevention of fraud and error
Accuracy and completeness of Accounting records
Timely preparation of reliable financial information
Risk Management Process
is a key responsibility of management. To achieve its business objectives, management should ensure that sound risk management processes are in place and functioning
Each organization may choose a particular methodology to implement its risk management process
Information from the risk management process can be utilized by the auditor to plan his audit.
Depending on the size and complexity of the organization’s business activities risk management processes can be:
-formal or informal
-quantitative or subjective
-embedded in the business units or centralized at a corporate level.
Role of Internal Auditors
Obtain a document
containing the enterprise risk management framework and accordingly ascertain that the process is both comprehensive and suitable for the nature of the organization.
Research and review reference materials
and background information on risk management methodologies as a basis to assess whether or not the process used by the organization is appropriate and represents best practices for the industry
Determine whether the risk
management procedures are clearly understood
by all key levels involved in the risk management process
Review corporate policies, board, and audit committee minutes
to determine the organization’s business strategies, risk management philosophy and methodology, appetite for risk, and acceptance of risks.
Review previous risk evaluation
reports by management, internal auditors, external auditors, and any other sources that may have issued such reports.
Assist in planning
the procedures in risk management framework based on his specialized knowledge of the business.
Assist by examining, evaluating, reporting, and recommending
improvements on the adequacy and effectiveness of management’s risk processes
that early warning mechanism of disaster exists.
the risk management process across the entire entity.
whether the risk management framework has to be updated and whether any improvements in the ERM process are needed.