Why Risk Based Audit is Essential in ERM?

Risk Based AuditRisk based internal audit has become more and more desirable for businesses. Organizations need to figure out what really matters to them, what are the undesirable for their business and above all, what are the key risks that their organization can be subjected to as well as their impact.

The main objective of internal auditing is to assist the auditors to plan the audit process so that it helps to a better governance and durable risk management.

The risk assessment process is initiated by defining the audit universe. The audit universe is a single platform for all business units, processes and operations. Apart from the through understanding of the values, objectives, inherent risks, the auditor should also consider the consequences of risks on the achievement of values of the organization.

Evolution of the Internal Audit Plan

While considering the evolution of the internal audit process, four distinct stages can be distinguished:

Traditional Avatar: In the initial stages, internal audit plan was extremely traditional in approach that mainly revolved round the financial aspects of the business. Apart from being a management affair, it was time consuming.

Systems Based: The stage of internal audit plan was the adoption of a system based plan. The concern of this approach was adequacy of controls and therefore turns out to be more constructive and collaborative.

Developmental Stage: The modern approach to the audit process, this plan can audit any function within the organization. The plan focuses more on the organization as a whole rather than the individual departments.

Forward Looking: This is the most advanced outlook for the internal audit process as it is operates more as a solution provider than a committee pointing out problems. It advises and mentors the risks involved in the business.

Purpose of Risk based audit plan

A good internal audit planning resolves all key strategic issues. Only the effective application of the Risk Based Audit framework can aid to the development of strategies specific to your business leading to the success of your business.

  • A through risk based audit plan highlights the areas with higher risks.
  • Gives a guarantee of the governance process.
  • It prioritizes the risk assessment and the governance process.

Advantages of having a perfect Risk based audit plan:

The risk based internal audit is necessary to analyze any risk that hinders the development and growth of the enterprise. When an enterprise follows a risk based audit plan, it can be evaluated that:

  • Proper report has been developed for the risks and the corresponding responses to it.
  • Ensures that the leadership team in the enterprise has been able to identify, assess and acted to the risk.
  • The plan of action was developed towards risk management.
  • Risk response has been monitored step by step by the management bodies.

Developing a Risk based audit methodology:

In order to draft a structured audit plan, a professional auditor requires to include the subsequent paragraphs and text that comprises a prologue from the chief internal auditor. A summarized details of the processes, risk assessment personnel involved to solve the issue, intended audits and areas of audit, that may encompass sales, cost, human resources etc. An effective audit plan provides a systematic solution to assign risks into high, moderate and low categories.

Preparing an entity level control pattern and evaluation of the indented controls against the auditable areas is desirable. An adequate overview of the planning must be provided that contains a process map, a risk register, the risk score board where each risk must be evaluated and given a score against a scale of 1-5.

The basic areas of focus for the internal audit team are:

  • ·Accounting controls
  • ·Outlay of the assets and resources
  • ·Security of the capital and assets
  • ·Systems under construction
  • The systems under construction is an advanced area to target for audit as it will determine the fate of these systems post-operation.

Other departments that are usually neglected while audit are:

  • Corporate planning
  • IT Strategic Planning
  • Relationship with Investors
  • Marketing
  • HR departments
  • Health & Safety

A strategic internal audit plan paves the way to better governance which can be established by the audit committee and senior management to confront and mitigate corporate issues like enterprise-wide risk and control.

Why Risk Based Audit is Essential in ERM? was last modified: October 10th, 2014 by Fadi Al-khatib
Be Sociable, Share!

Fadi Al-khatib

Manager at CAREWeb
Fadi has BA degree in Accounting, and he is a Certified Operational Risk Executive. He has more than three years practical experience in the field of internal audit in one of the biggest banks in Jordan Before joining Grant Thornton in 2008 as a Senior Consultant, where he has conducted audit assignments in several companies, branches and business units.  Fadi has participated in the preparation and execution of many CRSA workshops and the implementation of Operational Risk Management systems for large clients in various industries.