Please enable JavaScript.
Coggle requires JavaScript to display documents.
Part II Sec A, 3) Source of Potential Engagement, 1) Policies and…
Part II Sec A
3) Source of Potential Engagement
a) Risk and Control
Mgt respon:
mgr risk and increase the likelihood
-> established obj & goals will be achieved
IA:
assist both mgt and oversight body in ERM by:
help mgt to understand GRC
develop and implement a risk assessm framework for IA planning
bringing a systematic, disciplined auditing approach to assessing the effectiveness of IC & risk mgt processes
providing obj and independent assurance that the org's risk - app mitigated
making recommendations for improvem
b) Audit
Maturity Lv
Controls-based auditing
Process-based auditing
Risk-based auditing
ERM-based auditing ** Goal
c) Audit Universe
Identify the audit universe is vital
in laying the foundation for IA’s annual
risk assessm and planning process.
major functions
applicable areas
regulatory mandate
d) Org's Strategic Plan
use SWOT to identify and classify elements
-> help/ hinders org/ its strategic plans/ activities
Audit Universe be influenced by the result of risk mgt process
e) Mgt & Employees
(potential audit universe)
Executive/ key operational mgr
(est plan, def risk tolerances, allocate resources, monitor activities, review results)
Employee (close to bus activities)
IA gather info technique:
Interview
Focus group
Questionnaire/ Survey
f) Regulatory Mandates (force of laws)
g) External Bus Relationships and Third-party Risk
act on behalf of the org
-> manage the risks through contracts
h) Info Technology (IT)
def IT environment
identify the role of risk assessm
formalize annual audit plan
i) Relevant Mkt and Industry Trends
risk issues by current industry/ econ situation
org diversity:
entirely driven by a pdt’s life cycle
org's risk appetite
residual risk lv
IA:
understand the root
causes of these changes
what types of pressures
these are creating for the org
j) Emerging Issues
k) Other Issues
Internal assurance
external assurance
provider
1) Policies and Procedures
for Internal Audit Operations
a) Policies and Procedures
Process of:
Planning (strategic lv)
Organizing (operational lv)
Directing (tasks)
Monitoring (budgets)
b) Audit manuals
Purpose:
provide guidance to activity
def high lv of perf expectations for staff
focus on key obj and value
coordinate roles and responsibilities
codify critical processes
provide basis for evaluate IA activity perf
c) Audit Activity
Org Chart
->CAE
-> Audit Manager (IT)
-> Senior Auditor (IT)
-> Auditor (IT)
2) Administrative Activity
of Internal Audit
a) Budget
Key component of planning
-> enable IA activity to perform
its mission on time & within
established fin parameters
b) Staffing
workforce planning (resources)
position descriptions and org charts
recruiting and contractor sourcing
recruit and contractor selection
employee and contractor on-Boarding,
training, and management
develop process to
support engagem work
provide guide to member abt activity's obj,
the way to accomplish, and the use of std