Part 1 3 – 1 V3.0 THE IIA’S CIA LEARNING SYSTEM TM 1.Establish a framework for assessing risk...
Transcript of Part 1 3 – 1 V3.0 THE IIA’S CIA LEARNING SYSTEM TM 1.Establish a framework for assessing risk...
![Page 1: Part 1 3 – 1 V3.0 THE IIA’S CIA LEARNING SYSTEM TM 1.Establish a framework for assessing risk 2.Use of the framework 3.Identify internal.](https://reader036.fdocuments.in/reader036/viewer/2022081504/56649e665503460f94b61ba2/html5/thumbnails/1.jpg)
Part 1 3 – 1V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
1. Establish a framework for assessing risk
2. Use of the framework
3. Identify internal audit resource requirements
Section Topics
4. Coordinate the internal audit activity’s efforts
5. Select engagements
Part 1, Section 3
![Page 2: Part 1 3 – 1 V3.0 THE IIA’S CIA LEARNING SYSTEM TM 1.Establish a framework for assessing risk 2.Use of the framework 3.Identify internal.](https://reader036.fdocuments.in/reader036/viewer/2022081504/56649e665503460f94b61ba2/html5/thumbnails/2.jpg)
Part 1 3 – 2V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
Control and Risk Management
“Any action taken by management, the board, and other parties to manage risk and increase the likelihood that established objectives and goals will be achieved”
“A process to identify, assess, manage, and control potential events or situations, to provide reasonable assurance regarding the achievement of the organization’s objectives”
Control Risk Management
Part 1, Section 3, Introduction
![Page 3: Part 1 3 – 1 V3.0 THE IIA’S CIA LEARNING SYSTEM TM 1.Establish a framework for assessing risk 2.Use of the framework 3.Identify internal.](https://reader036.fdocuments.in/reader036/viewer/2022081504/56649e665503460f94b61ba2/html5/thumbnails/3.jpg)
Part 1 3 – 3V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
Help management understand internal controls and risk management processes.
Develop and implement a risk assessment framework for internal audit planning.
Practice a systematic, disciplined auditing approach.
Provide objective and independent assurance.
Recommend improvements, as warranted.
Internal Audit Activity Role in Risk Management
Part 1, Section 3, Introduction
![Page 4: Part 1 3 – 1 V3.0 THE IIA’S CIA LEARNING SYSTEM TM 1.Establish a framework for assessing risk 2.Use of the framework 3.Identify internal.](https://reader036.fdocuments.in/reader036/viewer/2022081504/56649e665503460f94b61ba2/html5/thumbnails/4.jpg)
Part 1 3 – 4V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
A Risk-based Assessment Framework
• Identifies all sources of potential engagements and all potential auditable activities
• Assesses internal and external risks based primarily on their impact on organizational goals and objectives
• Evaluates proposed engagements • Establishes criteria and ranks risks• Considers staffing
Determine the audit universe.
Examine organizationalrisk factors.
Prioritize audits.
Annual audit plan
Part 1, Section 3, Topic 1
![Page 5: Part 1 3 – 1 V3.0 THE IIA’S CIA LEARNING SYSTEM TM 1.Establish a framework for assessing risk 2.Use of the framework 3.Identify internal.](https://reader036.fdocuments.in/reader036/viewer/2022081504/56649e665503460f94b61ba2/html5/thumbnails/5.jpg)
Part 1 3 – 5V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
The Audit Universe
Sourcesof
engagements
Other sources
External business relationships
Regulatory mandates
Operating entities
Management and employees
Management requests
Part 1, Section 3, Topic 2
Strategic plan
Information technology
![Page 6: Part 1 3 – 1 V3.0 THE IIA’S CIA LEARNING SYSTEM TM 1.Establish a framework for assessing risk 2.Use of the framework 3.Identify internal.](https://reader036.fdocuments.in/reader036/viewer/2022081504/56649e665503460f94b61ba2/html5/thumbnails/6.jpg)
Part 1 3 – 6V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
A.determine if risks must be handled by external auditors.
B.conduct a focus group with business unit leaders to discuss likelihood and impact.
C.survey management and employees to quantify attitudes and perceptions.
Answer: B. A focus group can help prioritize risks based on magnitude and probability of occurrence.
Discussion QuestionA meeting between the CAE and the general counsel identifies several key business risks. A logical next step is to
Part 1, Section 3, Topic 2
![Page 7: Part 1 3 – 1 V3.0 THE IIA’S CIA LEARNING SYSTEM TM 1.Establish a framework for assessing risk 2.Use of the framework 3.Identify internal.](https://reader036.fdocuments.in/reader036/viewer/2022081504/56649e665503460f94b61ba2/html5/thumbnails/7.jpg)
Part 1 3 – 7V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
Examples:• Interviews• Focus groups• Observations• Meetings
Examples:• Studies • Reports • Surveys
Qualitative Data Quantitative Data
Subjective, or soft, measures Measures derived from
concrete, objective criteria
+
Part 1, Section 3, Topic 2
![Page 8: Part 1 3 – 1 V3.0 THE IIA’S CIA LEARNING SYSTEM TM 1.Establish a framework for assessing risk 2.Use of the framework 3.Identify internal.](https://reader036.fdocuments.in/reader036/viewer/2022081504/56649e665503460f94b61ba2/html5/thumbnails/8.jpg)
Part 1 3 – 8V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
Assessing Organization-wide Risk
Takes a systematic look at the nature of risks and opportunities
Risk identification
Evaluates the potential impact of risks based on the probability of occurrence
Risk measurement
Ranks risks and establishes relative strengths and potential consequences
Risk prioritization
Part 1, Section 3, Topic 2
![Page 9: Part 1 3 – 1 V3.0 THE IIA’S CIA LEARNING SYSTEM TM 1.Establish a framework for assessing risk 2.Use of the framework 3.Identify internal.](https://reader036.fdocuments.in/reader036/viewer/2022081504/56649e665503460f94b61ba2/html5/thumbnails/9.jpg)
Part 1 3 – 9V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
Audit plan should be based on the audit universe, input from senior management and the board, and an assessment of risk and exposures affecting the organization.
Key audit objectives are usually to provide senior management and the board with assurance and information to help them accomplish the organization’s objectives, including an assessment of the effectiveness of management’s risk management activities.
Proposed Engagements
Practice Advisory 2010-1, “Linking the Audit Plan to Risk and Exposures”
Part 1, Section 3, Topic 2
![Page 10: Part 1 3 – 1 V3.0 THE IIA’S CIA LEARNING SYSTEM TM 1.Establish a framework for assessing risk 2.Use of the framework 3.Identify internal.](https://reader036.fdocuments.in/reader036/viewer/2022081504/56649e665503460f94b61ba2/html5/thumbnails/10.jpg)
Part 1 3 – 10V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
Which of the following are decision factors used to rank and validate risk priorities? Respond “yes” or “no.”
Discussion Question
1. Quality of existing internal controls
2. Asset liquidity
3. Likelihood of coordination with external auditors
4. Potential financial impact
Answers:
Yes
No
Yes
Yes
Part 1, Section 3, Topic 2
![Page 11: Part 1 3 – 1 V3.0 THE IIA’S CIA LEARNING SYSTEM TM 1.Establish a framework for assessing risk 2.Use of the framework 3.Identify internal.](https://reader036.fdocuments.in/reader036/viewer/2022081504/56649e665503460f94b61ba2/html5/thumbnails/11.jpg)
Part 1 3 – 11V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
Reinforcing Activity 1-6Part 1, Section 3, Topics 1 and 2
Establish and Use Frameworkfor Assessing Risk
Part 1, Section 3, Topic 2
![Page 12: Part 1 3 – 1 V3.0 THE IIA’S CIA LEARNING SYSTEM TM 1.Establish a framework for assessing risk 2.Use of the framework 3.Identify internal.](https://reader036.fdocuments.in/reader036/viewer/2022081504/56649e665503460f94b61ba2/html5/thumbnails/12.jpg)
Part 1 3 – 12V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
A. seek the advice of the audit committee about which engagements should be delayed.
B. look at ways to coordinate engagements with regulatory bodies and other assurance functions.
C. communicate the impact of resource limitations to the board and senior management.
D. ask for additional resources.
Answer: C. The CAE must communicate the impact of resource limitations to the board/senior management.
Discussion QuestionTen high-risk engagements have been identified. The CAE can staff only seven. The BEST course of action is to
Part 1, Section 3, Topic 3
![Page 13: Part 1 3 – 1 V3.0 THE IIA’S CIA LEARNING SYSTEM TM 1.Establish a framework for assessing risk 2.Use of the framework 3.Identify internal.](https://reader036.fdocuments.in/reader036/viewer/2022081504/56649e665503460f94b61ba2/html5/thumbnails/13.jpg)
Part 1 3 – 13V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
• Apply a systematic, disciplined approach to evaluate and improve risk management, control, and governance processes.
• Concerned with all aspects of the organization.
• Focus on future events.
• Defined by Section 2100 of the Standards.
Scope for Internal and External Auditors
Internal auditors
External auditors
• Ordinary examination is designed to obtain sufficient evidential matter to support an opinion on the overall fairness of the annual financial statements.
• Approach is historical.
• Defined by their professional standards.
Part 1, Section 3, Topic 4
![Page 14: Part 1 3 – 1 V3.0 THE IIA’S CIA LEARNING SYSTEM TM 1.Establish a framework for assessing risk 2.Use of the framework 3.Identify internal.](https://reader036.fdocuments.in/reader036/viewer/2022081504/56649e665503460f94b61ba2/html5/thumbnails/14.jpg)
Part 1 3 – 14V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
Achieve effective coordination of work.
Minimize duplication with internal auditing coverage.
Assist external auditors—possibly agreeing to perform some work.
Regularly evaluate the coordination between internal and external auditors.
The CAE’s Role in Coordination with External Auditors
Practice Advisory 2050-1, “Coordination”
Part 1, Section 3, Topic 4
![Page 15: Part 1 3 – 1 V3.0 THE IIA’S CIA LEARNING SYSTEM TM 1.Establish a framework for assessing risk 2.Use of the framework 3.Identify internal.](https://reader036.fdocuments.in/reader036/viewer/2022081504/56649e665503460f94b61ba2/html5/thumbnails/15.jpg)
Part 1 3 – 15V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
Which of the following describe appropriate coordination activities? (Select all that apply.)
I. Evaluating corrective actions taken to reducehazardous waste
II. Comparing annual internal and external audit plans
III. Reviewing related regulatory reports
IV. Exchanging audit schedules and reportswith the quality control function
Answer: All of these are valid coordination efforts to maximize audit coverage and minimize redundancies.
Discussion Question
Part 1, Section 3, Topic 4
![Page 16: Part 1 3 – 1 V3.0 THE IIA’S CIA LEARNING SYSTEM TM 1.Establish a framework for assessing risk 2.Use of the framework 3.Identify internal.](https://reader036.fdocuments.in/reader036/viewer/2022081504/56649e665503460f94b61ba2/html5/thumbnails/16.jpg)
Part 1 3 – 16V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
Coordination with Other Internal Assurance Functions
Internal Audit Activity
Compliance
Quality control
Security
Safety
Enterprise risk management
Part 1, Section 3, Topic 4
![Page 17: Part 1 3 – 1 V3.0 THE IIA’S CIA LEARNING SYSTEM TM 1.Establish a framework for assessing risk 2.Use of the framework 3.Identify internal.](https://reader036.fdocuments.in/reader036/viewer/2022081504/56649e665503460f94b61ba2/html5/thumbnails/17.jpg)
Part 1 3 – 17V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
Reinforcing Activity 1-7Part 1, Section 3, Topics 3 and 4
Identify Resources and CoordinateIA Activity’s Efforts
Part 1, Section 3, Topics 3 and 4
![Page 18: Part 1 3 – 1 V3.0 THE IIA’S CIA LEARNING SYSTEM TM 1.Establish a framework for assessing risk 2.Use of the framework 3.Identify internal.](https://reader036.fdocuments.in/reader036/viewer/2022081504/56649e665503460f94b61ba2/html5/thumbnails/18.jpg)
Part 1 3 – 18V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
The Internal Audit Activity’s Contributions to Risk-based Planning
Communicate and obtain approval.
Select engagements.
Participate in selection process.
Updates
1
2
34
Part 1, Section 3, Topic 5
![Page 19: Part 1 3 – 1 V3.0 THE IIA’S CIA LEARNING SYSTEM TM 1.Establish a framework for assessing risk 2.Use of the framework 3.Identify internal.](https://reader036.fdocuments.in/reader036/viewer/2022081504/56649e665503460f94b61ba2/html5/thumbnails/19.jpg)
Part 1 3 – 19V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
Reinforcing Activity 1-8Part 1, Section 3, Topic 5
Select Engagements
Part 1, Section 3, Topic 5
![Page 20: Part 1 3 – 1 V3.0 THE IIA’S CIA LEARNING SYSTEM TM 1.Establish a framework for assessing risk 2.Use of the framework 3.Identify internal.](https://reader036.fdocuments.in/reader036/viewer/2022081504/56649e665503460f94b61ba2/html5/thumbnails/20.jpg)
Part 1 3 – 20V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
Questions?
End of Section 3
Part 1, Section 3