You are on page 1of 12

ANALYSIS OF THE RISK IN THE PROCESS OF INTERNAL AUDIT

CRISTIAN DRAGAN

Constanta Maritime University, Romania

ABSTRACT

Risk analysis has become in recent years an increasingly widespread practice in all fields, serving in
choosing various possible options within them. Macro models for evaluation have been developed,
incorporating models for managerial options, being complex interactions between these components and
feedback relationships. In these conditions every manager is encouraged to become its own risk manager.
1. INTRODUCTION
2.
Risk analysis is a process in which gross
risks resulting from risk identification
process are grouped, filtered and
prioritized. The purpose of this activity
is to provide detailed descriptions of
organization risk, so that scenarios
concerning the higher risks and the
actions most appropriate for risk control
can be planned and implemented in the
next step of the risk management cycle.
Risk analysis is a dynamic and active
process through which the risks are
identified, analyzed and evaluated, so
that they can provide a basis for future
management decisions.
Risk analysis is not an exact science. By
establishing control activities, risks are
aimed to become medium or low, to
extinction. However the risks must
evolve downwards.
3. Analysis / assessment of risk is an
important stage in the activity of
auditors and it is performed for:
-

Developing a plan and an audit program


Establishing audit objectives

preparing, updating, assessment of the


risk register

4.
5. RISK ASSESSMENT
METHODOLOGY FOR
PREPARING THE INTERNAL
AUDIT PLAN
6.
Internal audit is an activity plan
based on risk assessment tttached to
auditable activities, according to law. Under
these circumstances, public entities
elaborate a multiannual plan 3-5 years to
audit all departments / activities / functions /
programs within the entity of which is
allocated to the annual internal audit plan.
For each mission in the annual work plan is
developed an intervention program on the
spot by the team of internal auditors.
7.
Risk analysis is a very important
procedure used in internal audit missions,
for identifying activity risks developed in an
organisations that can affect the performance
of achieving its basic goals. Based on
analyzing the risks, internal auditors will
audit only those activities with a high risk,
possible with medium risk, in the process of

risk analysis conducted in preparation of an


internal audit mission.
8.
In this material is developed a
risk assessment methodology for the
preparation of internal audit, in accordance
with the regulatory framework in force in
Romania, establishing the number of units to
be audited annually depending on the risk
analysis, depending on each entity that it is
to be audited, based on the same procedure
of risk analysis .
9.
Basedand on risk assessment
of the risks associated with the audited
activities, it was established an order of
priorities of the internal mission audit based
on the risks that will come in auditing and
which will be reflected in the internal audit
plan for the current year.
10. ESTABLISHING THE NUMBER OF
UNITS THAT WILL BE EXAMINED
BASED ON THE RISK ANALYSIS
11. Within the competence there are
30 public units - tertiary authorizing
officers and annually may not be heard
more than 10 entities, due to fewer
auditors hired to audit.
12. From this point of view it is
necessary, based on a risk analysis to be
performed, 12unitis with high and
medium risks must be selected ,
depending on the risk criteria that are
taken into consideration within this
analysis. The method used for analyzing
risks is the matrix method of
appreciation, starting from the
appreciated risk criterias their weights.
13. The stages will be as follows:
a. Establishment of criteria or risk
factors for the unit.

14. In this case, the risk criteria (Ci)


established are as follows:

controls performed on
the entity in the last 3
years- C1
fluctuations in
personnel departments
that will be audited
C2
the period of audit- the
date of the last auditC3
existing departments
reported to the
appropriate entity and
auditing areas - C4
the existence of
qualified human
resources C5
the entity that will be
audited must provide
materials and
calculation techniques
needed foor solving the
tasks- C6
complexity and volume
of tasks performed- C7
the number of persons
employed to perform
the work tasks -C8
the involvement of
general managers in
providing for the hired
staff so they can
accomplish in good
conditions their workC9
the existence of a
request from the unit for
auditing before the term
of 3 years C10
b. Score attribution (percentage)
per each risk criteria, this being
determined by the auditors

based on existing data , the


score is from 1 to 100.
15.
For each risk criteria a
risk percentage is established
for example for C1 they give P1
up to C10 to P10
c. Attribution of grade from the
auditors (Nci) from 1 to 3,
specific for each risk criteria:
Grade 1 Grade 2 Grade 3d. Determining scores or
percentage for each risk criteria
attributed (Pci) to the
organization
16.
This is determined by
by weighting the grades (Nci)
with the percentage attributed
for each criteria( pci) after the
formula:
17. Pci = Nci x pci where:
18. Pci= percentage for each criteria
19. Nci= the grade recived by each risk
criteria
20. pci= the wight attributed for each risk
criteria
e. determining the total score of
the audited unit (Tpc), by
summing up the score obtained
from all criteria the risk criteria,
as follows:

21. Tpc= Pc1+Pc2+Pc3+..+Pc10


f.

framing the total score obtained


for all for risk criteria (Tci), in
the class of intervals established
for the determination of the
types of risks, as follows:

22. Scoring range: (1,00 1,66)


results a low risk
23.
results a mediun risk

(1, 66- 2,34)

24.
results a high risk

( 2,35- 3,00)

g. Risk ranking by the absolute


ranking method, for each
audited unit based on the total
score for all the risk criteria.
25. We will give an example of the
present methodology for
establishing the units that will be
audited in the current year:
26.
27.
28.
29.
30.
31.

32.
33.
34.
35.
A. Establishing the risk criteria for determining the audited units:

36.

Table concerning the selection criteria for determining necessary risks of the
units that will be audited in the current year

37.
N

38. Risk criteria

39. Established

40.

42. The level of the audits and controls


performed on audited units
46. Staff fluctuations at the audited system

43.

Attribute
d
percentag
e
44. 40%

41.
1
45.
2
49.
3
53.
4
57.
5
61.
6
65.
7
69.
8
73.
9
77.
1

47.

48. 7%

50. Time or period of auditing

51.

52. 3%

54. Existing of adequacy in audit


departments
58. the existence of human resources in the
audited systems
62. the existence of material resources in the
audited systems
66. the volume and complexity of audited
systems
70. The existence of professionally trained
persons
74. The professional involvement of the
managers
78. the existence of requests from audited
entities for conducting audits

55.

56. 5%

59.

60. 6%

63.

64. 5%

67.

68. 20%

71.

72. 5%

75.

76. 6%

79.

80. 3%

81.

82.

83. Total

84. 100%

85.
B. Realization of an algorithm for determining the audited units
86. Algorithm. For the 10 established criterias on unitis were attributed specific percentage.
87. Grades were given to each criterion( 1,2,3), as follows:
88. Grade 1: Signifies a BIG degree of safety and control
89. Grade 2: Signifies a MEDIUM degree of safety and control
90. Grade 3: Signifies a SMALL degree of safety and control
91. The risks were quantified
92. Intervals necessary for establishing risk were set :

93. Interval: 1,00- 1,66= small risk


94.

1,67-2,34= medium risk

95.

2,35-3,00= big risk

96.
97.

99.
100.

D. AUDIT UNIT AND AUDIT SYSTEMS ESTABLISHMENT FOR THE CURRENT


YEAR
101.

102. 103.
N
TYP
E
S

104.
A
UDITED
SYSTEM
S

105.
NIT

TABEL CONCERNING
U

106.
AUDI
D PERIOD

O
F

F
O
R

A
U
D
I
T

113.
INTER
VA
L

117.
0
125.
1

118.
1
126.
SYS
T
E
M

107.
PE
R
I
O
D

119.

127.
P
ERSONN
EL
REMUN
ERATIO
N
128.
129.
P
UBLIC
ACQUISI
TIONS

120.

130.
C
ounty
Police
Inspecto
rate

121.
4
131.
---------

114.
WOR
K
E
D
D
A
Y
S
122.
5
132.
35

108.
NUMB
ER
S
OF
A
U
DI
TO
RS

A
U
D
I
T
115.

123.
6
133.
-----

124.
7
134.
4

OF
PRODUC
TS,
SERVICE
S AND
WORKS
135. 136.
2
SYS
T
E
M

145. 146.
3
SYS
T
E
M

155. 156.
4
SYS
T

137.
P
ERSONN
EL
REMUN
ERATIO
N
138.
139.
P
UBLIC
ACQUISI
TIONS
OF
PRODUC
TS,
SERVICE
S AND
WORKS
147.
P
ERSONN
EL
REMUN
ERATIO
N
148.
149.
P
UBLIC
ACQUISI
TIONS
OF
PRODUC
TS,
SERVICE
S AND
WORKS
157.
P
ERSONN
EL

140.
E
MERGE
NCY
INSPEC
TORAT
E

141.
---------

142.
35

143.
-----

144.
4

150.
E
MERGE
NCY
INSPEC
TORAT
E

151.
---------

152.
35

153.
-----

154.
4

160.
B
ORDER
POLICE

161.
---------

162.
35

163.
-----

164.
4

E
M

165. 166.
5
SYS
T
E
M

175. 176.
6
SYS
T
E
M

REMUN
ERATIO
N
158.
159.
P
UBLIC
ACQUISI
TIONS
OF
PRODUC
TS,
SERVICE
S AND
WORKS
167.
P
ERSONN
EL
REMUN
ERATIO
N
168.
169.
P
UBLIC
ACQUISI
TIONS
OF
PRODUC
TS,
SERVICE
S AND
WORKS
177.
P
ERSONN
EL
REMUN
ERATIO
N
178.
179.
P
UBLIC
ACQUISI
TIONS
OF
PRODUC

INSPEC
TORAT
E

170.
C
ounty
Police
Inspecto
rate

171.
---------

172.
35

173.
-----

174.
4

180.
E
MERGE
NCY
INSPEC
TORAT
E

181.
---------

182.
35

183.
-----

184.
4

185. 186.
7
SYS
T
E
M

195. 196.
8
SYS
T
E
M

205. 206.
9
SYS
T
E
M

TS,
SERVICE
S AND
WORKS
187.
P
ERSONN
EL
REMUN
ERATIO
N
188.
189.
P
UBLIC
ACQUISI
TIONS
OF
PRODUC
TS,
SERVICE
S AND
WORKS
197.
P
ERSONN
EL
REMUN
ERATIO
N
198.
199.
P
UBLIC
ACQUISI
TIONS
OF
PRODUC
TS,
SERVICE
S AND
WORKS
207.
P
ERSONN
EL
REMUN
ERATIO
N
208.

190.
C
OUNTY
GENDA
RMERI
E
INSPEC
TORAT
E

191.
---------

192.
35

193.
-----

194.
4

200.
B
ORDER
POLICE
INSPEC
TORAT
E

201.
---------

202.
35

203.
-----

204.
4

210.
C
ounty
Police
Inspecto
rate

211.
---------

212.
35

213.
-----

214.
4

215. 216.
1
SYS
T
E
M

225. 226.
1
SYS
T
E
M

235. 236.

209.
P
UBLIC
ACQUISI
TIONS
OF
PRODUC
TS,
SERVICE
S AND
WORKS
217.
P
ERSONN
EL
REMUN
ERATIO
N
218.
219.
P
UBLIC
ACQUISI
TIONS
OF
PRODUC
TS,
SERVICE
S AND
WORKS
227.
P
ERSONN
EL
REMUN
ERATIO
N
228.
229.
P
UBLIC
ACQUISI
TIONS
OF
PRODUC
TS,
SERVICE
S AND
WORKS
237.
P

220.
E
MERGE
NCY
INSPEC
TORAT
E

221.
---------

222.
35

223.
-----

224.
4

230.
P
OLICE
AGENT
S
SCHOO
L

231.
---------

232.
35

233.
-----

234.
4

240.

241.

242.

243.

244.

SYS
T
E
M

ERSONN
EL
REMUN
ERATIO
N
238.
239.
P
UBLIC
ACQUISI
TIONS
OF
PRODUC
TS,
SERVICE
S AND
WORKS

OUNTY
GENDA
RMERI
E
INSPEC
TORAT
E

---------

35

-----

245.
246.

3. REFERENCES:

247.
[1] ALBU, IONEL. AUDITUL
INTERN
I
MANAGEMENTUL
RISCURILOR.
N:
TRIBUNA
ECONOMIC, V. 19, NR. 8, P. 56-60,
2008;
248.
[2]
BRBULESCU,
SEVASTIAN.
GESTIONAREA
RISCURILOR - FUNCIE MANAGERIAL
LA [3] NIVELUL UNEI ORGANIZAII
PUBLICE. N: REVISTA FINANE
PUBLICE I CONTABILITATE, V. 19, NR.
4, P. 24-30, 2008;

249.
[4] BJELIC, ALEKSANDAR.
RISCUL
COMPONENT
A
ORGANIZAIILOR.
N:
TRIBUNA
ECONOMIC, V. 18, NR. 22, P. 25-28,
2007;
250.
[5]CHORAFAS, DIMITRIS N.
MANAGING RISK IN THE NEW
ECONOMY. NEW YORK: NEW YORK
INSTITUTE OF FINANCE, 2001;
251.
[6]CIOCOIU,
CARMEN
NADIA. MANAGEMENTUL RISCULUI:
VOL
1:
TEORII,
PRACTICI,
METODOLOGII. BUCURETI: EDITURA
ASE, 2008;
252.

You might also like