Jack helps to Improve Internal Audit Planning with Enterprise Risk Management

Lara is an extremely proficient auditor in Alan’s company. She clearly understands that Enterprise Risk Management plays a key role in ensuring that the company audit programme is truly risk-based.


water cooler meeting1  Jack helps Lara and Alan understand that ERM Software provides a risk-based approach, and discusses five advantages to add value to the internal audit process and guarantee business success.

Scoping by Objectives
It is ideal to work backwards while planning an audit plan with a risk-based approach. The process should start with goal definition; then create a process to deliver the goals, and move on to risk, controls and monitoring. ERM has risk taxonomy to enable internal auditors to pick a goal and get related business process risks, controls and tests across all areas in the organization.

Concentrating on High priority items
An ERM software system helps identify control weaknesses in each sub-process, and prioritize which risk, control and test combinations are truly important. This significantly trims down the low-risk and low-impact audit content in the company’s annual audit plans.

Scoping Resources
It is important to connect physical assets, people, IT assets and vendor partners that contribute most to the business processes and its corporate objectives. Usually, it is not just one vendor responsible for failure, but a group of other resources that result in critical harm. Auditing resources in seclusion is time consuming and needs sharp focus. With Enterprise risk management, it is easy to combine individual resource evaluation with business processes and vendor assessments. This prioritizes failing aspects of the organization that require auditing.

Deep understanding of the business
Enterprise Risk Assessment Data is not only useful in allowing the auditors to concentrate on high priority items.  If the data is detailed enough (i.e. risks linked to objectives, risk drivers clearly identified, controls documented and classified…etc) and up-to-date, it helps the auditors develop a good understanding of the business in a relatively short period and prepare the initial audit visit programs.

Risk Taxonomy
Having a simple framework in place breaks complexities and encourages everyone in the organization to chip in to their control environment. A standardized set of criteria, which are collectively applicable, makes risk information accessible on a structured basis. A Risk Taxonomy enabled move helps you with data and tools to practise resource-based scoping.

Lara Jack

With these five key points Lara is one happy auditor, Alan a happy CEO, and Jack as always, the superhero risk manager. What are the steps that you take in your organization to improve internal audit planning with ERM? Do share your thoughts.

Watch this space for more Alan-Jack episodes.



Jack helps to Improve Internal Audit Planning with Enterprise Risk Management was last modified: October 10th, 2014 by Mohammed Nasser Barakat
Be Sociable, Share!

Mohammed Nasser Barakat

Partner at CAREWeb
(Mohammed Nasser) Barakat, is the BRS Service Line Leader for the ME region. Nasser has an MBA in Professional Accounting and a BS Degree in Banking and Finance.He is a Certified Public Accountant in Colorado State, USA, a Certified Control Self Assessment Practitioner and a Certified Fraud Examiner. Find me on