rawg. risk assessment guideline for strategic and annual planning ◦ identifying auditing universe...
TRANSCRIPT
Next steps RAWG
Risk assessment guideline for strategic and annual planning ◦ Identifying auditing universe ◦ Identification of risks◦ Categorization of possible risks ◦ Estimating likelihood and impact of risks ◦ Developing 3-year plans ◦ Annual plan
WHAT WE HAVE
Preparation for the audit engagement Drafting a plan for the audit engagement Appointing auditors for the engagement Identifying the goals of the engagement Executing the engagement Collecting audit evidence Developing a project and the final report
(conclusion) Post audit
WHAT HAPPENS AFTER PLANNING
Planning is just the overall direction of activity, a list of tasks and not a final decision on the audit engagement
At the preparation stage for the audit engagement the annual audit plan can change based on REEVALUATION OF RISKS
Is planning over at the stage of the annual plan?
1210.А2 to evaluate the risk of fraud 1210.А3 key information technology risks and controls 1220.А1 adequacy and effectiveness of
governance, risk management, and control processes
1220.А3 must be alert to the significant risks
Risks in IIA standards
The significant risks to the activity, its objectives, resources, and operations and the means by which the potential impact of risk is kept to an acceptable level;
The adequacy and effectiveness of the activity’s governance, risk management, and control processes compared to a relevant framework or model;
The opportunities for making significant improvements to the activity’s governance, risk management, and control processes.
Standard 2201 – Planning Considerations for audit engagements
2210.А1 — Internal auditors must conduct a preliminary assessment of the risks relevant to the activity under review. Engagement objectives must reflect the results of this assessment.
2210.А2 — Internal auditors must consider the probability of significant errors, fraud, noncompliance, and other exposures when developing the engagement objectives.
Standard 2210 — Engagement Objectives
Reporting must also include significant risk exposures and control issues, including fraud risks, governance issues, and other matters needed or requested by senior management and the board.
Standard 2060 — Reporting to Senior Management and the Board
The description of risk assessment or control methodology or of other criteria on which the opinion is based
Standard 2450 – Overall opinion
When the chief audit executive concludes that management has accepted a level of risk that may be unacceptable to the organization, the chief audit executive must discuss the matter with senior management…..
Standard 2600 — Communicating the Acceptance of Risks
Preliminary risk assessment at the stage of audit engagement planning
Risk assessment when goals are set and audit evidence is collected
Risk assessment at post-audit stage Assessment of fraud risks Assessment of IT risks etc. ….
Suggestions
Preparation throughout the year Collection and assessment of information on
risks Assessment of risks related to legal
documents adopted after the latest risk assessment
Identification of risks during consultations with senior management and first meeting
Preliminary risk assessment at the stage of audit engagement planning
Based on the results of preliminary risk assessment of the audit objects: developing an engagement plan
Identification of most risky transactions Setting the tasks for auditors and defining
the selection method (statistical, non-statistical, mixed)
Setting other tasks and their possible changes
Risk assessment when goals are set and audit evidence is collected
Risk assessment of collected evidence Defining priorities Risk assessment of tasks execution or
acceptance of risk by the leadership
Risk assessment at post-audit stage (Follow up)
How to calculate ◦ Major risks◦ Inherent risks◦ Residual risks ◦ Acceptable risks ◦ Risk appetite
Glossary of terms that need to be explained