020713_post
DESCRIPTION
3456TRANSCRIPT
![Page 1: 020713_Post](https://reader034.vdocument.in/reader034/viewer/2022051821/5695d04e1a28ab9b0291ec48/html5/thumbnails/1.jpg)
1
Risk Based Audi,ng with
Raven Catlin Raven Global Training
1
Raven Catlin, CPA, CIA, CFSA ! Call me: 571-‐283-‐1878 ! Email me: [email protected] ! Check out www.ravenglobaltraining.com ! TwiLer: @raventraining ! Your mission:
! Have Fun! ! Think ! Ask Ques,ons ! Share something ! Learn something 2
![Page 2: 020713_Post](https://reader034.vdocument.in/reader034/viewer/2022051821/5695d04e1a28ab9b0291ec48/html5/thumbnails/2.jpg)
2
• 2010.A1 – The internal audit ac,vity’s plan of engagements should be based on a risk assessment, undertaken at least annually.
• 2120.A1 – Based on the results of the risk assessment, the internal audit ac,vity should evaluate the adequacy and effec,veness of controls encompassing the organiza,on’s governance, opera,ons, and informa,on systems.
Risk-‐Based Audit Standards
3
3
RISK & CONTROL CONCEPTS OVERVIEW AND REFRESHER
4
4
![Page 3: 020713_Post](https://reader034.vdocument.in/reader034/viewer/2022051821/5695d04e1a28ab9b0291ec48/html5/thumbnails/3.jpg)
3
What is Risk? ! All businesses have risks ! Those risks must be iden,fied and addressed
! Risk is the threat that an event, ac,on, or non-‐ac,on will affect an organiza,on’s ability to achieve its business objec,ves and execute its strategies successfully.
! “Risk blindness” 5
5
Risk: Types and Assessment ! What types of risk are there? ! Inherent
! Residual
! How do we assess risk? ! Impact
! Likelihood 6
6
![Page 4: 020713_Post](https://reader034.vdocument.in/reader034/viewer/2022051821/5695d04e1a28ab9b0291ec48/html5/thumbnails/4.jpg)
4
AUDIT PLANNING STEPS
7
7
Building a Risk Based Audit Plan
1. Inventory the business processes or auditable en,,es
2. Correlate business processes with objec,ves or risks
3. Iden,fy universal risk factors 4. Weight the risk factors 5. Create the risk profile for the organiza,on 6. Select audits to be performed 7. Iden,fy gaps and resource needs 8. Gain agreement from management
8
8
![Page 5: 020713_Post](https://reader034.vdocument.in/reader034/viewer/2022051821/5695d04e1a28ab9b0291ec48/html5/thumbnails/5.jpg)
5
Risk Factors ! Transac,on complexity ! Management stability ! Liquidity conversion ! Degree of automa,on ! Confidence in management
! Extent of major change ! Employee turnover ! Environmental factors
! Compe,,ve pressures ! Control environment ! Time since last audit ! Con,nuous audi,ng results
! Degree of financial materiality
! Volume of transac,ons
9
9
Ques,ons for Management
! What could go wrong? ! Who could we fail? ! Where are we vulnerable? ! What resources do we need to protect? ! What must go right for us to succeed? ! How could our opera,ons be disrupted? ! What informa,on must we rely on? ! What decisions require the most judgment? 10
10
![Page 6: 020713_Post](https://reader034.vdocument.in/reader034/viewer/2022051821/5695d04e1a28ab9b0291ec48/html5/thumbnails/6.jpg)
6
Ques,ons for Management con,nued
! What ac,vi,es are the most complex? ! What ac,vi,es are regulated? ! What is our greatest legal exposure? ! How could someone convert assets? ! How successful will be at managing change? ! How will we retain cri,cal resources? ! What is the worst thing that happened in your department this year, last year, 5 years ago?
11
11
Engagement Level Risk Assessment (ELRA) / Risk Control Matrix (RCM)
! Start with business / process objec,ves ! Iden,fy risks ! Assess risks ! Document scope considera,ons ! Iden,fy controls ! Assess adequacy of controls ! Document effec,veness of controls ! Document audit findings
12
12
![Page 7: 020713_Post](https://reader034.vdocument.in/reader034/viewer/2022051821/5695d04e1a28ab9b0291ec48/html5/thumbnails/7.jpg)
7
Priori,ze Your ELRA
! Priori,ze iden,fied risks (risk matrix) ! For high risks, increase audit intensity ! Iden,fy control aLributes ! Priori,ze your controls
13
13
Seing Objec,ves
! Preliminary (ini,al) objec,ves ! Type of audit
• Opera,onal • Financial • Compliance • Performance • IT • Others..
! Management objec,ves ! Refined objec,ves 14
14
![Page 8: 020713_Post](https://reader034.vdocument.in/reader034/viewer/2022051821/5695d04e1a28ab9b0291ec48/html5/thumbnails/8.jpg)
8
Determining Audit Scope
! Es,mated ,me budget • Fixed, closed-‐end date driven • Hours
! Impact of other audits ! Audit intensity ! Use of technology ! Dependence on en,ty level controls ! Types of audit tests ! Sampling method 15
15
IDENTIFYING AND DOCUMENTING CONTROLS
…Intelligent Internal Controls vs. process ste …interviews, surveys, ques,onnaires, documenta,on reviews
16
16
![Page 9: 020713_Post](https://reader034.vdocument.in/reader034/viewer/2022051821/5695d04e1a28ab9b0291ec48/html5/thumbnails/9.jpg)
9
Iden,fy Controls ! Categories ! Experience ! Guidance material ! Other risk and control matrices ! Risk examples for others in industry ! Team effort ! Interviews / walkthroughs ! Process maps / flowcharts ! ICQs / Surveys 17
17
Basic Control Objec,ves ! Authoriza,on ! Accuracy ! Completeness ! Existence ! Valua,on ! Classifica,on ! Timeliness / Cutoff ! Segrega,on of Du,es (separate authoriza,on, custody, and accoun,ng)
! Safeguarding Assets 18
18
![Page 10: 020713_Post](https://reader034.vdocument.in/reader034/viewer/2022051821/5695d04e1a28ab9b0291ec48/html5/thumbnails/10.jpg)
10
Key Controls
! Significant controls that both ensure and give assurance that the organiza,on is achieving key business objec,ves.
! The control that management is most dependent upon to makes certain the right things get completed the right way.
! When the absence of that control would increase residual risk
19
19
Key Controls …con,nued ! Controls for significant accounts and
processes ! Transac,on ini,a,on, authoriza,on,
processing, and repor,ng ! Key check points for each transac,on ! Controls designed to prevent or detect
fraud ! Controls that management depend on ! Controls that show management C.A.R.E.S ! Controls that mi,gate more than one risk
20
20
![Page 11: 020713_Post](https://reader034.vdocument.in/reader034/viewer/2022051821/5695d04e1a28ab9b0291ec48/html5/thumbnails/11.jpg)
11
TESTING ADEQUACY & EFFECTIVENESS OF CONTROLS
…assessing adequacy of controls …tes,ng effec,veness of controls
21
21
Control Adequacy Weaker Stronger
Manual Automated
Detec,ve Preven,ve
Single Mul,ple / Overlapping
Complex: Many steps Single: One step
High level Transac,on level
Uses sampling Done 100%
Takes place later Done real ,me 22
22
![Page 12: 020713_Post](https://reader034.vdocument.in/reader034/viewer/2022051821/5695d04e1a28ab9b0291ec48/html5/thumbnails/12.jpg)
12
Techniques to Test Control Effec,veness
! Surveys ! Control Self Assessment ! Con,nuous Monitoring ! Con,nuous Audi,ng ! Analy,cal Reviews ! Paper reviews ! Audits
23
23
CAATs Scope
! Know your data ! Know how to get your data ! Understand data warehouse ! Know what you need to get manually
24
24
![Page 13: 020713_Post](https://reader034.vdocument.in/reader034/viewer/2022051821/5695d04e1a28ab9b0291ec48/html5/thumbnails/13.jpg)
13
CAATs Uses
! Substan,ve tes,ng ! Compliance tes,ng ! Financial tes,ng (end-‐of-‐year transac,ons and balances)
! Analy,cal review ! Efficiency analysis ! System controls tes,ng
25
25
Determining Sampling Sizes
! Iden,fy your popula,on 1st ! Base sample size on risk ! Consider transac,on frequency ! Establish a sampling technique / process ! Consider the number of excep,ons you expect to find (more excep,ons = more samples) – set your error rate
! Ask your external auditor 26
26
![Page 14: 020713_Post](https://reader034.vdocument.in/reader034/viewer/2022051821/5695d04e1a28ab9b0291ec48/html5/thumbnails/14.jpg)
14
Tes,ng other controls
! 1st you must know a deficiency is s,ll a deficiency even if a compensa,ng control is present
! Test complementary and compensa,ng controls as needed to assist with deficiency assessment
! Redundant controls are “redundant”
27
27
COMMUNICATING RISK BASED AUDIT RESULTS
…residual risk …what really maLers?
28
28
![Page 15: 020713_Post](https://reader034.vdocument.in/reader034/viewer/2022051821/5695d04e1a28ab9b0291ec48/html5/thumbnails/15.jpg)
15
What is a good audit report?
! Complies with communica,on standards of our profession
! Meets the needs of the target audience ! Maintains appropriate tone ! Helps the company mi,gate risks and improve processes
29
29
Ques,ons ?
Raven Catlin [email protected]
DC Metro 571-283-1878 www.ravenglobaltraining.com
@raventraining
30
30