Rating: 4 out of 5 stars
4/5
Ebook145 pages1 hour
Risk-Based Internal Audit
Rating: 4.5 out of 5 stars
4.5/5
()
About this ebook
Internal auditors are told they need to develop a risk-based audit plan, but many internal audit activities simply risk rank their audit universe and believe that is risk-based auditing.
Risk-based internal auditing is about aligning the annual audit plan, and corresponding audit projects and efforts, with the objectives of the organization. This book takes a unique approach to risk-based auditing by incorporating risk management and internal audit concepts to create a new Risk-Based Internal Audit Framework, while still being consistent with internal auditing standards.
The risk-based internal auditing framework includes seven related components: Understand, Identify, Assess, Plan, Perform, Report, and Monitor. The focus of this book is to explain how to approach the Understand, Identify and Assess components of the framework in an innovative way, improving the overall value internal audit can provide to its organization, instead of testing the same internal controls over and over again.
The principles outlined in this book are applicable to internal audit activities in any organization.
This book provides answers and practical how-to information to help internal audit activities take that next step in the evolution of the internal audit profession. It is a must read for any internal auditor.
Risk-based internal auditing is about aligning the annual audit plan, and corresponding audit projects and efforts, with the objectives of the organization. This book takes a unique approach to risk-based auditing by incorporating risk management and internal audit concepts to create a new Risk-Based Internal Audit Framework, while still being consistent with internal auditing standards.
The risk-based internal auditing framework includes seven related components: Understand, Identify, Assess, Plan, Perform, Report, and Monitor. The focus of this book is to explain how to approach the Understand, Identify and Assess components of the framework in an innovative way, improving the overall value internal audit can provide to its organization, instead of testing the same internal controls over and over again.
The principles outlined in this book are applicable to internal audit activities in any organization.
This book provides answers and practical how-to information to help internal audit activities take that next step in the evolution of the internal audit profession. It is a must read for any internal auditor.
Related to Risk-Based Internal Audit
Related ebooks
A Step By Step Guide: How to Perform Risk Based Internal Auditing for Internal Audit Beginners The Executive’S Guide to Internal Auditing Rating: 0 out of 5 stars0 ratingsMastering Internal Audit Fundamentals A Step-by-Step Approach Rating: 4 out of 5 stars4/5Internal audit Third Edition Rating: 0 out of 5 stars0 ratingsHardening by Auditing: A Handbook for Measurably and Immediately Improving the Security Management of Any Organization Rating: 0 out of 5 stars0 ratingsImplementing an Integrated Management System (IMS): The strategic approach Rating: 5 out of 5 stars5/5Risk Management Simplified: A Definitive Guide For Workplace and Process Risk Management Rating: 5 out of 5 stars5/5Hardening by Auditing: A Handbook for Measurably and Immediately Iimrpving the Security Management of Any Organization Rating: 0 out of 5 stars0 ratingsLean Auditing: Driving Added Value and Efficiency in Internal Audit Rating: 5 out of 5 stars5/5SWANSON on Internal Auditing: Raising the Bar Rating: 5 out of 5 stars5/5Risk based internal audit A Complete Guide Rating: 0 out of 5 stars0 ratingsAuditing Essentials Rating: 3 out of 5 stars3/5Internal Auditing A Complete Guide - 2020 Edition Rating: 0 out of 5 stars0 ratingsAudit Process A Complete Guide - 2019 Edition Rating: 0 out of 5 stars0 ratingsCourageous Auditing Rating: 0 out of 5 stars0 ratingsDare to Be Different: An Auditors Personal Guide to Excellence Rating: 5 out of 5 stars5/5Frequently Asked Questions in International Standards on Auditing Rating: 1 out of 5 stars1/5Remote Audit: From Planning to Implementation Rating: 4 out of 5 stars4/5Audit Planning: A Risk-Based Approach Rating: 4 out of 5 stars4/5Internal Audit A Complete Guide - 2019 Edition Rating: 0 out of 5 stars0 ratingsHow to Audit Your Account without Hiring an Auditor Rating: 0 out of 5 stars0 ratingsCOSO ERM A Complete Guide - 2021 Edition Rating: 5 out of 5 stars5/5
Auditing For You
(ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide Rating: 3 out of 5 stars3/5Auditing Your Human Resources Department: A Step-by-Step Guide to Assessing the Key Areas of Your Program Rating: 0 out of 5 stars0 ratings2022 Best Ways To Make Money Online Rating: 4 out of 5 stars4/5How To Earn $1000 Weekly Proofreading & Copyediting Rating: 0 out of 5 stars0 ratingsStrategic Consulting Frameworks: Consulting Preparation Rating: 0 out of 5 stars0 ratingsAuditing For Dummies Rating: 4 out of 5 stars4/5Budgeting: How to Make a Budget and Manage Your Money and Personal Finances Like a Pro Rating: 0 out of 5 stars0 ratingsBudgeting - The Right Way Rating: 0 out of 5 stars0 ratingsThe Internal Auditing Pocket Guide: Preparing, Performing, Reporting and Follow-up Rating: 0 out of 5 stars0 ratingsCutting Edge Internal Auditing Rating: 3 out of 5 stars3/5Fraud Casebook: Lessons from the Bad Side of Business Rating: 0 out of 5 stars0 ratingsExecutive's Guide to COSO Internal Controls: Understanding and Implementing the New Framework Rating: 0 out of 5 stars0 ratingsSocial Media Marketing Revolution Rating: 0 out of 5 stars0 ratingsTax Cuts and Jobs Act: The Complete Bill Rating: 0 out of 5 stars0 ratingsConstruction Contractors: Advanced Issues Rating: 0 out of 5 stars0 ratingsArtificial Intelligence for Audit, Forensic Accounting, and Valuation: A Strategic Perspective Rating: 0 out of 5 stars0 ratingsHealthcare Fraud: Auditing and Detection Guide Rating: 0 out of 5 stars0 ratingsTrafficking and the Traffickers: JUSTICE Rating: 0 out of 5 stars0 ratingsThe Prosperity Bible Rating: 5 out of 5 stars5/5Essentials of Corporate Fraud Rating: 0 out of 5 stars0 ratingsInternal Audit Quality: Developing a Quality Assurance and Improvement Program Rating: 0 out of 5 stars0 ratingsLean Auditing: Driving Added Value and Efficiency in Internal Audit Rating: 5 out of 5 stars5/5Trade-Based Money Laundering: The Next Frontier in International Money Laundering Enforcement Rating: 0 out of 5 stars0 ratingsMadoff Talks: Uncovering the Untold Story Behind the Most Notorious Ponzi Scheme in History Rating: 4 out of 5 stars4/5Detecting Accounting Fraud Before It's Too Late Rating: 0 out of 5 stars0 ratingsFinancial Statement Fraud: Prevention and Detection Rating: 0 out of 5 stars0 ratingsBreaking Into Risk Management In Banks Rating: 4 out of 5 stars4/5Courageous Auditing Rating: 0 out of 5 stars0 ratingsThe Layman's Guide GDPR Compliance for Small Medium Business Rating: 5 out of 5 stars5/5
Related podcast episodes
080: SMS Pt 1 - Safety Management System Defined: What is a Safety Management System (SMS)? 0% found this document useful447: How To Get Performance Alignment: www.dale-carnegie.co.jp 0% found this document usefulJason Andrew - Bridging the gap between Accounting, Finance and the Marketing function - S3 Ep1 0% found this document usefulBe the Influencer in your Team | Brian Smith 0% found this document usefulThe Keys to Impactful Executive Compensation Programs ft. Robin Ferracone 0% found this document useful1 in 4 Will Lose Their Job in 2020: The Grim Reality of Not Creating ROI 0% found this document usefulWBSP212: Grow Your Business by Understanding the Nuances of Internal Audit w/ Michael Venner 0% found this document usefulEp 483: How To Actually Read Your Numbers At Scale (It's Not What You Think) with Jordan Salvit, Salvit Advisors 0% found this document usefulThe eCommerce Maturity Curve with Christina Vail 0% found this document usefulWhy Trusting Your Gut Leads to Better Decisions - MediaCom CSO, Anush Prabhu 0% found this document useful152: Free to Fee—How to Start Charging for Planning, Even in a BD World w/ Bryan Jansen 0% found this document usefulZach Farris Flying Fairly Fast For Future Freedom PART 2 0% found this document usefulZach Farris Flying Fairly Fast For Future Freedom PART 1 0% found this document usefulMI305: Exploring the DNA of Quality Businesses w/ Lawrence Cunningham 0% found this document usefulThe 5 Financial Metrics Top Agencies Get Right w/ Ryan Watson 0% found this document usefulEp 537: Why Agencies Suck Part 2 - How To Work With Your Agency with Jordan West 0% found this document usefulStakeholder Capitalism + ESG - Uncovering Hidden Enterprise Value with Renee Cullinan 0% found this document usefulAgency Principles For P&C Growth | Insurance Agency Playbook 0% found this document usefulDiscovering Demand Drivers Through AI with NWO.ai’s Miro Dimitrov 0% found this document useful
Related articles
4 Ways to Protect Your Business Against Employee Fraud and Theft EntrepreneurArticle
4 Ways to Protect Your Business Against Employee Fraud and Theft
May 1, 2015
3 min readIs It Time To Hire A Sales Execution Auditor? ThinkSalesArticle
Is It Time To Hire A Sales Execution Auditor?
Jun 26, 2019
3 min read3 Surprising Insights from a Former Financial Adviser KiplingerArticle
3 Surprising Insights from a Former Financial Adviser
Jun 7, 2018
It's been more than a year since I've moved on from being a financial adviser to providing financial education. This transition has given me the benefit of both time and perspective, enabling me to take a fresh look at the financial advisory business
2 min readWhy Adviser Rankings May Not Be All They Seem KiplingerArticle
Why Adviser Rankings May Not Be All They Seem
Apr 17, 2019
People love rankings, whether they involve college basketball, universities or the best places to live. Rarely do consumers dig deeper to determine the criteria behind the rankings. One of the findings of behavioral finance is that humans love shortc
2 min readA Focus on ESG Cannabis & Tech TodayArticle
A Focus on ESG
Oct 19, 2021
2 min readA Scorecard for Your Financial Adviser KiplingerArticle
A Scorecard for Your Financial Adviser
Apr 24, 2019
Sometimes it can be difficult to fully grasp the value of a financial adviser. Do they mostly manage my money? Are they doing a good job for me? How would I even know? These are important questions that can often be difficult to answer. There ar
2 min readIn Trust We Grow MarketingArticle
In Trust We Grow
Mar 23, 2020
Seamless CX is often highlighted as the key to delivering an organisation’s success. In today’s globalised marketplace, however, the issue of ‘trust’ plays a far more critical role. An erosion of trust creates a barrier preventing many organisations
4 min readThe 5 Things People Ask Potential Advisers and Why They Are Wrong KiplingerArticle
The 5 Things People Ask Potential Advisers and Why They Are Wrong
Oct 11, 2018
We recently had a prospective client ask us to send out our Form ADV Part 2. That was their only question. This SEC filing is essentially a marketing brochure that duplicates information on our website. We sent it, of course, but we're certain it did
4 min readRethinking Employee Wellbeing In 2021 NZBusiness and ManagementArticle
Rethinking Employee Wellbeing In 2021
Apr 25, 2021
3 min readTrim the Fat From Your Startup EntrepreneurArticle
Trim the Fat From Your Startup
Feb 1, 2014
2 min readDear Home Business Home Business MagazineArticle
Dear Home Business
Mar 25, 2021
3 min readBuilding A Future-proof Company – Four Cornerstones Of Transformative Corporate Foresight The European Business ReviewArticle
Building A Future-proof Company – Four Cornerstones Of Transformative Corporate Foresight
Feb 25, 2021
5 min readHow To Turn Customer Insight Into Growth Rotman ManagementArticle
How To Turn Customer Insight Into Growth
May 1, 2017
10 min readFruitful Feedback Inc.Article
Fruitful Feedback
Feb 27, 2024
2 min readChoosing The Best Fit Finweek - EnglishArticle
Choosing The Best Fit
Aug 7, 2020
all investments have an impact – either positive or negative. A positive impact can be generated deliberately or unintentionally. Selecting the right metrics is an important tenet of the impact measurement and management process. But simply measuring
2 min readAre You Predicting ‘Effective Retention’ When Hiring Sales Execs? ThinkSalesArticle
Are You Predicting ‘Effective Retention’ When Hiring Sales Execs?
Dec 1, 2017
4 min readThrive in 2021 Home Business MagazineArticle
Thrive in 2021
Mar 25, 2021
13 min readWhat Is A Finance Function? Parents in BizArticle
What Is A Finance Function?
Jun 12, 2023
4 min readHow A Differentiated Sales Organisation Strategy Drives Revenue Growth And Margin Improvement ThinkSalesArticle
How A Differentiated Sales Organisation Strategy Drives Revenue Growth And Margin Improvement
Jun 26, 2019
5 min readFor Your Money, Which is Better: The Algorithm or the Adviser? KiplingerArticle
For Your Money, Which is Better: The Algorithm or the Adviser?
May 29, 2018
We've seen a massive movement toward convenience and automation in nearly every industry. As consumers move toward the option of ordering products online from sites like Amazon, the retail world has seen a record-breaking number of brick-and-mortar
4 min readSimon Says... NZBusiness and ManagementArticle
Simon Says...
Sep 23, 2019
4 min readWhat’s Next? Using The Coronavirus Crisis To Assess Your Business And Come Back Stronger Parents in BizArticle
What’s Next? Using The Coronavirus Crisis To Assess Your Business And Come Back Stronger
Jul 6, 2020
Many businesses are currently grappling with the impact that Covid-19 is having on their day-to-day life. It is a worrying time as businesses adjust to sudden changes in demands from consumers, and potentially having to literally stop trading. If you
3 min readChoosing a Financial Adviser: The Fiduciary Dimension KiplingerArticle
Choosing a Financial Adviser: The Fiduciary Dimension
Mar 22, 2019
Even the most experienced investors sometimes reach a point where the challenges of balancing a broad range of financial objectives are too complex or time-consuming. That's where a trusted financial adviser can help. Many people find financial adv
3 min readHiring a Financial Adviser? Start the Conversation Simply with These Top 3 Questions KiplingerArticle
Hiring a Financial Adviser? Start the Conversation Simply with These Top 3 Questions
Jul 18, 2019
No matter where you are in your career, the prospect of working with a financial adviser may bring on a flurry of finance-related questions. For baby boomers, questions may be centered on "How much do I need to retire?" and "When can I retire?" For
3 min read5 Ways Financial Advisers Misrepresent Themselves KiplingerArticle
5 Ways Financial Advisers Misrepresent Themselves
Dec 28, 2018
A financial adviser is someone you should be able to trust, someone who has complete transparency and who is on the lookout for your best interests. But there are some using bogus titles, misrepresenting their credentials and misstating facts in orde
3 min readEffective Succession Planning Leads to Business Longevity KiplingerArticle
Effective Succession Planning Leads to Business Longevity
Apr 27, 2020
Choosing the right successor can make or break the future of your business. The next-in-line should have long-lasting passion for the work, the company's respect and the expertise needed to maximize profits and promote business longevity. Can your s
4 min readIs Your Adviser an Investment Manager or a Life Coach (or Both)? KiplingerArticle
Is Your Adviser an Investment Manager or a Life Coach (or Both)?
Dec 27, 2018
Investors who seek financial services can have a wide range of needs. They can be relatively simple, such as access to investment vehicles like class Y mutual funds, or they can be complex, like a matriarch of a family of multi-generational wealth wi
3 min readIn And Out Facility ManagementArticle
In And Out
Aug 23, 2018
5 min read4 Steps to Effectively Transition or Sell Your Business KiplingerArticle
4 Steps to Effectively Transition or Sell Your Business
Jun 17, 2019
Did you know 70% to 80% of middle-market, closely held businesses put on the market do not sell? And 83% of businesses lack a formal, written transition plan? I've had many discussions with middle-market business owners about planning for the future
3 min readHow to Measure a Financial Adviser's Credibility KiplingerArticle
How to Measure a Financial Adviser's Credibility
Apr 10, 2019
Financial advisers wield a large amount of influence over your financial health. It's important to remember that not all financial advisers are created equal, and not all individuals who claim to be financial advisers are educated or experienced in p
4 min read
Reviews for Risk-Based Internal Audit
Rating: 4.5 out of 5 stars
4.5/5
20 ratings7 reviews
- Rating: 5 out of 5 stars5/5It gave me an overview of the three risk management frameworks.
- Rating: 4 out of 5 stars4/5Informative yet relatively simplistic. Explains terms used by auditors in general and more. Loved it!
- Rating: 1 out of 5 stars1/5Too much theory, less practical. Lead to understanding, not wisdom. Suitable for basic IA
- Rating: 5 out of 5 stars5/5This book help me to prepare annual audit plan and understand risk based audit.
- Rating: 5 out of 5 stars5/5Simple and informative, with a welcome focus on alignment business objectives
- Rating: 5 out of 5 stars5/5good book for internal auditors for planning and executing risk based audit.
- Rating: 4 out of 5 stars4/5EXCELLENT PRESENTATION,CLEARLY AND VERY EASY TO UNDERSTAND
THANK YOU !
Book preview
Risk-Based Internal Audit - Jason Lee Mefford
www.grc-certifications.com
PART I: INTRODUCTION
Chapter 1:
Introduction
Introduction
As internal auditors, we are told to use a risk-based approach in developing an annual audit plan. In fact, professional standards specifically require this (IPPF Standard 2010). Most internal audit departments I talk with are doing some form of a risk-based audit plan but struggle in knowing how to incorporate a risk-based approach into their activities. This book provides you with answers and how-to information to help you take that next step in the evolution of your audit department. It is intended to be a summary and overview of the topic.
The 2013 State of the Internal Audit Profession Study¹ by PriceWaterhouseCoopers (PwC) showed a large disconnect between what value board members and internal auditors believe internal audit brings to an organization versus the value perceived by management. In fact only 44% of executive management surveyed believe internal audit contributes significant value to their organizations. I believe one of the reasons for this disconnect is internal audit often focuses on auditing areas of the business that do not directly relate to helping the organization meet its objectives. They focus too much time on detailed internal controls (the trees) while forgetting to concentrate on the organization’s objectives (the forest).
What I am proposing is a way for internal auditors to provide assurance on the performance, risk, and compliance aspects of an organization while focusing on business objectives instead of internal controls. Only considering and auditing to see if internal controls are working does not provide assurance on whether the organization is meeting, or is on target to meet, its objectives.
Risk based internal auditing is focused on objectives rather than controls. For many seasoned auditors, this will sound like blaspheme seeming to ignore internal controls, but bear with me and you will see how this focus is much more in line with what our organizations want from internal auditors. It is not only more in line with what they want, it also helps us provide much better assurance on what the governance group and management is really concerned about - meeting the organization’s objectives.
Our insistence on making everything about internal controls has cheapened and diminished our effectiveness as internal auditors. As a quick illustration, there are four different ways to respond to risks, and only one of them includes creating internal controls. So why do so many internal auditors insist management must respond to every risk with an internal control? Likely because they do not really understand risk management.
The principles outlined in this book are applicable to all internal audit activities, regardless of geographic location, industry, or type of organization. They can be used in the private or public sector, for profit or non-profit, large or small organizations. The concepts you will learn in this book can be used to improve the audit quality in any organization and ensure the internal audit activity is adding value by focusing on helping the organization meet its objectives, not just adding and testing internal controls.
Why have I chosen to use the term Risk Based Internal Audit instead of something else? Risk based internal auditing is required by the IIA standards and is a term that auditors are talking about now. It is something that is getting attention. It is something I feel most internal auditors are only doing half-heartedly.
Internal auditors may consider risk when doing the annual audit plan, but then they tend to go right back to auditing internal controls where they are more comfortable. They audit internal controls instead of focusing on the biggest threats, and corresponding risks, to the organization meeting its objectives. Risk based internal auditing is also a lot shorter than: Internal Auditing of Business Objectives in the Areas of Performance, Risk and Compliance. At times during this book, risk based internal auditing will also be abbreviated to RBIA.
Before we get too far ahead of ourselves, though, it is important to remember the reason organizations exist. Understanding and reminding ourselves of the big picture
of business will be a constant theme in this book and a tool to use in developing and implementing risk-based auditing. It is the reason why we are even concerned with risk management and providing independent, objective assurance.
¹http://www.pwc.com/us/en/risk-assurance-services/publications/pwc-2013-state-of-profession.jhtml
Chapter 2:
The Big Picture of Business and Principled Performance
The Big Picture of Business and Principled Performance
Organizations are created to meet specific objectives or meet identified needs. For many organizations a major objective is to earn money and make a profit for its owners and investors. Even public sector and nonprofit entities are concerned about staying within financial budgets and providing a net contribution, after expenses, the organization can use for providing those services. Other objectives often relate to strategic, operational, customer, or processes. We will discuss objectives in more detail later in the book.
Regardless of the type of organization, a group of concerned individuals came together seeing some opportunities or needs in the marketplace. They created a business model to meet those objectives. Business models include strategy, processes, technology and infrastructure that help organizations meet their objectives.
Along the road to meeting objectives, uncertainty happens; uncertainty that invariably has an impact on whether or not the organization will meet its objectives. This uncertainty comes in the form of opportunities and threats, which we will discuss in more detail later in the book. This uncertainty creates obstacles the organization must navigate around on the way to meeting its objectives.
In addition to navigating around the obstacles, an organization must also stay within certain mandatory and voluntary boundaries. Mandatory boundaries include those requirements imposed on an organization by an external party: for example, laws and regulations. Voluntary boundaries are values, policies, procedures, processes, contracts and promises the organization has voluntarily chosen to follow. Often these voluntary promises are made in public statements expressed to its stakeholders or are in the form of agreements with its business partners.
A stakeholder is a person, group, or organization that has direct or indirect stake in an organization because it can affect or be affected by the organization's actions, objectives, and policies. This is a very broad definition, but in today’s inter-connected world it means almost anyone can be a stakeholder of your organization.
To summarize, organizations are trying to achieve certain objectives, while navigating around obstacles and staying within boundaries. Principled Performance² is the reliable achievement of objectives while addressing uncertainty and acting with integrity. In order for an organization to reliably achieve its objectives, it must ensure it addresses opportunities, threats and requirements.
We can put all of these concepts together into a graphical representation like this:
Enjoying the preview?
Page 1 of 1