Part 1 2 – 1V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
1. Risk and control terminology
2. Risk elements
3. Control elements
Section Topics
Part 1, Section 2
Part 1 2 – 2V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
• Identifying and evaluating significant exposures to risk.
• Contributing to the improvement of risk management and control systems.
• Monitoring and evaluating the risk management system.
The Nature of Work for the Internal Audit Activity
Risk Control Governance
Help manage risk by: Help maintain effective controls by:• Evaluating the
effectiveness and efficiency of controls.
• Promoting the continuous improvement of the control environment.
Help assess and improve governance by:• Promoting appropriate
ethics and values.• Ensuring effective
performance management and accountability.
• Effectively communicating risk and control information.
• Effectively coordinating the activities and communicating information.
Part 1, Section 2, Introduction
Part 1 2 – 3V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
Risk and Control
“The possibility of an event occurring that will have an impact on the achievement of objectives; it is measured in terms of impact and likelihood.”
“Any action taken by management, the board, and other parties to manage risk and increase the likelihood that established objectives and goals will be achieved.”
Risk Control
Part 1, Section 2, Topic 1
Source: Standards Glossary.
Part 1 2 – 4V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
Identify the following statements as true or false.
Answers:
Discussion Question
Risk begins with strategy formulation and objective setting.
Risk reflects a single outcome.
Risks may present threats to an organization or be the failure to achieve positive outcomes.
Business risks are uncertainties related tothe achievement of business objectives.
False
True
True
True
Part 1, Section 2, Topic 1
Part 1 2 – 5V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
Identify the terms described below.
Answers:
Discussion Question
1. The business impact that would be experienced if certain risks became realized.
2. The risk derived from the environment without the mitigating effects of internal controls.
3. The risk remaining after management takes action to reduce the impact and likelihood of anadverse event, including control activities.
4. The level of risk an organization is willing to accept.
Inherent risk
Residual risk
Risk appetite
Acceptable risk
Part 1, Section 2, Topic 1
Part 1 2 – 6V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
The list of terms provides a common language to use with the board, management, and others in all communications.
Any questions about other terms?
Terminology
Part 1, Section 2, Topic 1
Part 1 2 – 7V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
Risk Assessment Process
Part 1, Section 2, Topic 2
Part 1 2 – 8V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
Identify the following items as likelihood or impact factors.
Answers:
Discussion Question
1. Negative press about a discriminatory employment practice
2. Increasing complexity of environmental regulations
3. Length of time a plant remains shutdown after a fire
4. Probability estimates for a new productlaunch
Likelihood
Impact
Impact
Likelihood
Part 1, Section 2, Topic 2
Part 1 2 – 9V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
Risk Map for Likelihood and Impact
High Impact
Low Likelihood
High Impact
High Likelihood
Low Impact
Low Likelihood
Low Impact
High Likelihood
Low High
High
Impact
Likelihood
Part 1, Section 2, Topic 2
Part 1 2 – 10V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
Internal control can:
+ Achieve performance and profitability targets.
+ Prevent loss of resources.
+ Support reliable financial reporting.
+ Support compliance with laws and regulations, avoiding damage to reputation or other consequences.
Internal control cannot:
– Ensure organizational success or even survival.
– Ensure the reliability of financial reporting.
– Ensure absolute compliance with laws and regulations.
Benefits and Limitations of Internal Control
Helps mitigate risk and ensure that management strategies and objectives are carried out
Part 1, Section 2, Topic 3
Part 1 2 – 11V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
Types of ControlsType of Control
Description Examples
Preventive Proactive controls that deter undesirable events from occurring
• Ethical “tone at the top”• Effective empowerment• Mutual trust• Performance standards
Detective Reactive controls that detect undesirable events that have occurred
• Input controls• Processing controls• Output controls
Directive Proactive controls that cause or encourage a desirable event to occur
• Guidelines• Training programs• Incentive plans
Mitigating Controls that reduce the potential impact should an event occur
• Insurance
Compensating Controls that compensate for the lack of an expected control
• Close supervision in lieu of segregation of duties
Part 1, Section 2, Topic 3
Part 1 2 – 12V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
Identify the following items as active or passive controls.
Discussion Question
1. Independent verification of performance
2. Accounts payable transaction procedures
3. Information system controls limiting transactions
4. Plant heating, ventilation, and air conditioning system
5. Senior and operating managementstatus meetings
Answers:
Active
Passive
Active
Active
Passive
Part 1, Section 2, Topic 3
Part 1 2 – 13V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
The Control Loop
Part 1, Section 2, Topic 3
Part 1 2 – 14V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
Which of the following characterize effective controls? (Select all that apply.)I. Root cause identificationII. Efficiency in achieving intended objectivesIII. Alignment to strategic objectivesIV. Redundant controls to ensure accuracy
Answer: I, II, and III. Excessive and/or redundant controls can lead to confusion and frustration.
Discussion Question
Part 1, Section 2, Topic 3
Part 1 2 – 15V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
Reinforcing Activity 1-5Part 1, Section 2, Topics 1, 2, and 3
Risk and Control Elements
Part 1, Section 2, Topics 1, 2, and 3
Top Related