Enterprise Risk Assessment - PowerPoint PPT Presentation

1 / 21
About This Presentation
Title:

Enterprise Risk Assessment

Description:

Introduce concept of risk and how IIA/COSO believes it should drive an office's ... IIA glossary's definition of risk: 'The uncertainty of an event occurring that ... – PowerPoint PPT presentation

Number of Views:49
Avg rating:3.0/5.0
Slides: 22
Provided by: david2643
Category:

less

Transcript and Presenter's Notes

Title: Enterprise Risk Assessment


1
Enterprise Risk Assessment
2
Learning Objectives
  • Office wide audit plan vs. individual engagement
    audit plan.
  • Introduce concept of risk and how IIA/COSO
    believes it should drive an offices audit
    planning process.
  • Provide examples of city risk assessments.
  • Introduce concept of Enterprise Risk Management
    (ERM).

3
Traditional Approaches to Audit Office Planning
  • Cyclical/Rotational
  • Reactive/Request-driven

4
Risk
  • IIA glossarys definition of risk The
    uncertainty of an event occurring that could have
    an impact on the achievement of objectives.

5
Risk Acronym CARES
  • Compliance with laws, regulations and contracts
  • Accomplishment of goals and objectives
  • Reliability and integrity of financial and
    operational information
  • Efficient and effective operations
  • Safeguarded Assets

6
IIA Standards
  • 2010 Planning The chief audit executive should
    establish risk-based plans to determine the
    priorities of the internal audit activity,
    consistent with the organizations goals.

7
IIA Standards
  • 2010.A1 The internal audit activitys plan of
    engagements should be based on a risk assessment,
    undertaken at least annually. The input of
    senior management and the board should be
    considered in this process.

8
IIA Standards
  • 2010.C1 The chief audit executive should
    consider accepting proposed consulting
    engagements based on the engagements potential
    to improve management of risks, add value, and
    improve the organizations operations. Those
    engagements that have been accepted should be
    included in the plan.

9
IIA Standards
  • 2100 Nature of Work The internal audit
    activity should evaluate and contribute to the
    improvement of risk management, control, and
    governance processes using a systematic and
    disciplined approach.

10
IIA Standards
  • 2110 Risk Management The internal audit
    activity should assist the organization by
    identifying and evaluating significant exposures
    to risk and contributing to the improvement of
    risk management and control systems.

11
IIA Standards
  • 2110.A1 - The internal audit activity should
    monitor and evaluate the effectiveness of the
    organizations risk management system.

12
IIA Standards
  • 2110.A2 - The internal audit activity should
    evaluate risk exposures relating to the
    organizations governance, operations, and
    information systems regarding the
  •   Reliability and integrity of financial and
    operational information.
  •  Effectiveness and efficiency of operations.
  •  Safeguarding of assets.
  •  Compliance with laws, regulations, and
    contracts.

13
IIA Standards
  • 2120.A1 Control
  • Based on the results of the risk assessment, the
    internal audit activity should evaluate the
    adequacy and effectiveness of controls
    encompassing the organizations governance,
    operations, and information systems.

14
Government Auditing Standards
  • The significance of a matter is its relative
    importance to the audit objectives and potential
    users of the audit report. Auditors should
    consider the significance of a program or program
    component and the potential use that will be made
    of the audit results or report as they plan a
    performance audit. (Chapter 7)

15
Evaluating Risk
  • Likelihood
  • Consequences

16
Example of an Organizational Risk Assessment
Process
  • Identify risk factors and give them weights
  • Identify objectives/assets/auditable activities
  • Analyze the risks by considering their
    likelihood and consequence
  • Assign ratings to the risks
  • Review with audit client/management
  • Use rankings to develop audit priorities

17
Citywide Risk Assessment
  • San Jose Citywide Citywide risk assessment
    http//www.ci.san-jose.ca.us/auditor/citywidexplai
    n.html

18
GAO on High Risk Programs
  • GAOs Standards for Internal Control in the
    Federal Government is the model that they use to
    determine high-risk programs and functions
    (GAO/AIMD-00-2.1.3.1, 11/99)

19
Enterprise Risk Management
  • The process of identifying and analyzing risk
    from an integrated, companywide perspective.
    Its designed to identify potential events that
    may affect an organization, and to manage these
    risks to provide reasonable assurance that the
    organizations objectives will be achieved.

20
Recent COSO Release
  • Enterprise Risk Management Integrated Framework
    that describes the essential components,
    principles and concepts of enterprise risk
    management for all organizations, regardless of
    size.

21
IIA position on ERM
  • Go to IIA website to obtain the IIAs position
    paper on internal auditings role in ERM.
    http//www.theiia.org/
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Enterprise Risk Assessment" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!