Your SlideShare is downloading. ×
Risk Assessment For Internal Auditors
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Introducing the official SlideShare app

Stunning, full-screen experience for iPhone and Android

Text the download link to your phone

Standard text messaging rates apply

Risk Assessment For Internal Auditors

2,038
views

Published on


0 Comments
4 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
2,038
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
143
Comments
0
Likes
4
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Risk Assessments for Audit Planning
    • James P. Giordano, CPA, CFE, CCFS
    • Audit Manager, Management Audits
    • Office of Internal Audits
  • 2. Risk & Assessment - Definitions Risk - the threat that an event, action, or non-action will adversely affect an organization’s ability to achieve its business objectives and execute its strategies successfully. Risk is measured in terms of consequences and likelihood. Risk assessment - the identification and analysis of risks to the achievement of business objectives. It forms the basis for determining how risks should be managed.
  • 3. Risk Assessments
    • Allows an entity to understand the extent to which potential events might impact objectives.
    • Assesses risks from two perspectives:
    • - Likelihood
    • - Impact
    • Are used to assess risks and can also used to measure the related business objectives.
  • 4. Risk Assessments Employ a combination of both qualitative and quantitative methodologies. Relate time horizons to objective horizons. Assesses risk on both an inherent and a residual basis.
  • 5. Inherent Risk Vs. Residual Risk Inherent Risk The risk that exists before you address it, i.e., the risk to your Facility or Network in the absence of any actions taken to alter either the likelihood or impact. Every company faces it, not all manage it effectively. Residual Risk Also know as ” vulnerability ” or “ exposure .” It is the risk that remains after your Facility or Network has attempted to mitigate the inherent risks.
  • 6. Risk Analysis Control It Share or Transfer It Diversify or Avoid It Risk Management Process Level Activity Level Entity Level Risk Monitoring Identification Measurement Prioritization Risk Assessment
  • 7.
      • Internal control is a process, effected by management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories:
        • Effectiveness and efficiency of operations;
        • Reliability of financial reporting; and
        • Compliance with applicable laws and regulations.
    “ These distinct but overlapping categories address different needs and allow a directed focus to meet the separate needs.” Definition of Internal Control
  • 8.
      • Internal control is a process . It is a means to an end, not an end in itself.
      • Internal control is effected by people . It’s not merely policy manuals and forms, but people at every level of an organization.
      • Internal control can be expected to provide only reasonable assurance , not absolute assurance, to an entity’s management and board.
      • Internal control is geared to the achievement of objectives in one or more separate but overlapping categories.
      • While internal control is a process, its effectiveness is a state or condition of the process at one or more points in time.
      • Internal control is a process . It is a means to an end, not an end in itself.
      • It is effected by people . It’s not merely policy manuals and forms, but people at every level of an organization.
      • It can be expected to provide only reasonable assurance , not absolute assurance, to an entity’s management and board.
      • It is geared to the achievement of objectives in one or more separate but overlapping categories.
      • While internal control is a process , its effectiveness is a state or condition of the process at one or more points in time.
    Internal Control Key Concepts
  • 9. FACT: Internal control starts with a strong control environment . While internal auditors play a key role in the system of control, management is the primary owner of internal control. Internal control is integral to every aspect of business. Internal control makes the right things happen the first time. Internal controls should be built “into,” not “onto” business processes. Internal Control Myths and Facts MYTH: Internal control starts with a strong set of policies and procedures. Internal control: That’s why we have internal auditors! Internal control is a finance thing. Internal controls are essentially negative, like a list of “thou-shall-not's.” Internal controls take time away from our core activities of patient services, financial reporting, and supply chain, payroll and core business processes.
  • 10.
    • Implementing a risk-based approach to audit planning and executing the internal audit process.
    • Ensuring that internal auditing resources are directed at those areas most important to the organization.
    • Challenging the basis of management’s risk assessments and evaluating the adequacy and effectiveness of their risk treatment strategies.
    Internal Auditors add value by:
  • 11.
    • Reviewing critical control systems and risk management processes.
    • Performing an effectiveness review of management's risk assessments and the internal controls.
    • Providing advice in the design and improvement of control systems and risk mitigation strategies.
    Internal Auditors add value by:
  • 12.
    • Performing thorough risk assessments :
    • Will help focus the annual audit plan in key business risks and support management’s decision making processes.
    • Will make detailed audit procedures more efficient and focused on areas where problems may exist, or where positive action can be taken to improve a process.
    Benefits of Risk Assessments
  • 13.
    • It will assist in development of a multi-year internal/compliance audit plan.
    • It helps to identify specific areas of concern that require immediate attention.
    • It can be used to support internal Network/Facility initiatives.
    • It can be utilized to dissuade unfocused internal initiatives
    • It helps realigns priorities and refocuses existing resources.
    Why Do a Risk Assessment? Will help focus the annual audit plan in key business risks and support management’s decision making processes. Will make detailed audit procedures more efficient and focused on areas where problems may exist, or where positive action can be taken to improve a process.
  • 14.
    • Ascertain process goals and objectives;
    • Determine who’s responsible/ accountable;
    • Review the tenure of key employees;
    • Document & flowchart process flows ;
    • Review process maturity (documentation, monitoring); and
    • Key performance indicators and 5-year trends.
    Risk Assessment Components
  • 15. Risk Assessment Process Analyze Risks Risk Assessment Summary
  • 16. The Keys to Success in Risk Assessment
    • Buy-in and support from executive/ senior management and Board
    • Solid Framework to organize activities
    • Link risk management activities to other management activities, strategic planning
    • Clearly articulated risk management goals and objectives
    • Commonly understood risk language
  • 17.
    • Questions?
  • 18. We Wish to Thank the following Corporations for Their Assistance
    • Crowe Horwath LLP
    • The Institute of Internal Auditors
    • Deloitte
    • HCPro, Inc.