Scribd Logo
Carica

Benvenuto in Scribd!

  • CIA Training Presentation

    Caricato da

    Anonymous x8b1E3LyGg
    34 visualizzazioni20 pagine
    part 2

    Copyright

    © © All Rights Reserved

    Formati disponibili

    PPTX, PDF, TXT o leggi online da Scribd

    Hai trovato utile questo documento?

    Questo contenuto è inappropriato?

    Segnala questo documento
    part 2

    Copyright:

    © All Rights Reserved
    Scarica in formato PPTX, PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    34 visualizzazioni20 pagine

    CIA Training Presentation

    Caricato da

    Anonymous x8b1E3LyGg
    part 2

    Copyright:

    © All Rights Reserved
    Scarica in formato PPTX, PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    di 20

    PART 2 UNIT 2

    ESTABLISH RISK-BASED INTERNAL


    AUDIT PLAN

    March 2016

    Title of publication Focus area of publication

    Managing the Internal Audit Function

    March 2016

    2014 Deloitte Touche Tohmatsu Limited. All rights reserve

    Managing the Internal Audit Function


    Risk-Based Audit Plan

    Identify Internal Audit Resource


    Requirements

    Reporting to Senior Management and the


    Board

    2014 Deloitte Touche Tohmatsu Limited. All rights reserve

    Risk-Based Audit Plan


    Internal Audit Activitys Audit Plan

    Audit universe

    Input from
    senior
    management
    and the board

    Assessed risk
    and exposures

    2014 Deloitte Touche Tohmatsu Limited. All rights reserve

    Risk-Based Audit Plan


    Internal Audit Activitys Audit Plan
    Responsibility:
    Chief audit executive
    The chief audit executive must establish a riskbased plan to determine the priorities of the
    internal audit activity, consistent with the
    organizations goals.

    2014 Deloitte Touche Tohmatsu Limited. All rights reserve

    Risk-Based Audit Plan


    Risk Models
    Based on risk factors such as (but not limited to):

    quality of and adherence to controls


    degree of change
    timing and results of last engagement
    Impact
    Likelihood
    Materiality
    asset liquidity
    management competence
    complexity, and
    employee and government relations

    2014 Deloitte Touche Tohmatsu Limited. All rights reserve

    Risk-Based Audit Plan


    Risk register
    (impact likelihood)
    Addresses:
    (a)significant risks,
    (b)inherent and residual risk ratings,
    (c)key controls, and
    (d)mitigating factors.

    2014 Deloitte Touche Tohmatsu Limited. All rights reserve

    Risk-Based Audit Plan


    Risk register

    2014 Deloitte Touche Tohmatsu Limited. All rights reserve

    Risk-Based Audit Plan


    Risk register

    2014 Deloitte Touche Tohmatsu Limited. All rights reserve

    Risk-Based Audit Plan


    Audit risk
    the risk that the auditor expresses an inappropriate audit
    opinion
    when the financial statements are materially
    misstated.

    Exist independently of the


    audit engagement

    Misapplication
    of engagement
    procedures

    Inverse relationship between inherent risk & control risk

    2014 Deloitte Touche Tohmatsu Limited. All rights reserve

    Risk-Based Audit Plan


    Audit risk
    Inherent risk
    the susceptibility of an assertion . . . to a misstatement
    that could be material . . . before consideration of any related
    controls.
    Control risk
    the risk that a misstatement that could occur in an
    assertion . . . and that could be material . . . will not be prevented,
    or detected and corrected, on a timely basis by the entitys
    internal control.
    Detection risk
    the risk that the procedures performed by the auditor to reduce
    audit risk to an acceptably low level will not detect a
    misstatement that exists and that could be material . . . .

    2014 Deloitte Touche Tohmatsu Limited. All rights reserve

    Risk-Based Audit Plan

    2014 Deloitte Touche Tohmatsu Limited. All rights reserve

    Identify Internal Audit Resource


    Requirements
    1. Managing internal audit resources
    2. Outsourcing the internal audit activity
    The chief audit executive must ensure that
    internal audit resources are appropriate,
    sufficient, and effectively deployed to achieve
    the approved plan.

    2014 Deloitte Touche Tohmatsu Limited. All rights reserve

    Identify Internal Audit Resource


    Requirements

    The CAE is primarily responsible for the


    sufficiency and management of resources,
    including communication of needs and status to
    senior management and the board.

    2014 Deloitte Touche Tohmatsu Limited. All rights reserve

    Identify Internal Audit Resource


    Requirements
    Resources may include employees, service providers,
    financial support, and IT-based audit methods.
    Resource planning considers
    a) The audit universe,
    b) Relevant risk levels,
    c) The internal audit plan,
    d) Coverage expectations, and
    e) An estimate of unanticipated activities

    2014 Deloitte Touche Tohmatsu Limited. All rights reserve

    Identify Internal Audit Resource


    Requirements
    1. Managing internal audit resources
    2. Outsourcing the internal audit activity
    When an external service provider serves as
    the internal audit activity, the provider must
    make the organization aware that the
    organization has the responsibility for
    maintaining an effective internal audit activity.

    2014 Deloitte Touche Tohmatsu Limited. All rights reserve

    Reporting To Senior Management And


    The Board
    1. The CAEs Duty to Report
    2. Communication and Approval
    The chief audit executive must report
    periodically to senior management and the
    board on the internal audit activitys purpose,
    authority, responsibility, and performance
    relative to its plan. Reporting must also include
    significant risk exposures and control issues,
    including fraud risks, governance issues, and
    other matters needed or requested by senior
    management and the board.

    2014 Deloitte Touche Tohmatsu Limited. All rights reserve

    Reporting To Senior Management And


    The Board
    The CAE annually submits
    (a) A summary of the internal audit plan,
    (b) A summary of the work schedule,
    (c) A summary of the staffing plan, and
    (d) A summary of the financial budget.
    (e) all significant interim changes.
    (f) the scope of work and any limitations on it should be
    disclosed.

    2014 Deloitte Touche Tohmatsu Limited. All rights reserve

    Reporting To Senior Management And


    The Board
    1. The CAEs Duty to Report
    2. Communication and Approval
    The chief audit executive must communicate
    the internal audit activitys plans and resource
    requirements, including significant interim
    changes, to senior management and the
    board for review and approval. The chief
    audit executive must also communicate the
    impact of resource limitations.

    2014 Deloitte Touche Tohmatsu Limited. All rights reserve

    Questions?

    2014 Deloitte Touche Tohmatsu Limited. All rights reserve

    Potrebbero piacerti anche