+ All Categories
Home > Documents > CIA IIA Internal Auditor Role in Risk Management

CIA IIA Internal Auditor Role in Risk Management

Date post: 31-Oct-2014
Category:
Upload: hmad9rana
View: 110 times
Download: 0 times
Share this document with a friend
Description:
Sample Lecture for CIA IIA Students 2013
6
(2013 Sample Lecture) Brain Friendly Lecture Notes Internal Auditor Role in RISK MANAGEMENT (CIA Students) READ CAST by Hafiz Muhammad Adnan Rana Professional Accountant/Auditor Trained with A.F.Ferguson & Co – Chartered Accountants Author of following for CIA/Internal Auditing Proession Raising Above Personalities (Internal Control) – Travel to Chitral (Urdu Story based) Keeping the SOX on (Corporate Governance) – Real Life Examples Missing Millions (Fraud) – Travel to Dubai (Urdu Story based) Souls are Weak, They are Liability (Risk Management / ERM) – Travel to London (Urdu Story based) Chief Inspiring Officer @ Accurate Consultants, Sialkot Socialprenuer @ The Student College, Research and Training Centre, Sialkot
Transcript
Page 1: CIA IIA Internal Auditor Role in Risk Management

(2013 Sample Lecture)Brain Friendly Lecture Notes

Internal Auditor Role in RISK MANAGEMENT

(CIA Students)READ CAST by Hafiz Muhammad Adnan Rana

Professional Accountant/Auditor

Trained with A.F.Ferguson & Co – Chartered Accountants

Author of following for CIA/Internal Auditing Proession

Raising Above Personalities (Internal Control) – Travel to Chitral (Urdu Story based)

Keeping the SOX on (Corporate Governance) – Real Life Examples

Missing Millions (Fraud) – Travel to Dubai (Urdu Story based)

Souls are Weak, They are Liability (Risk Management / ERM) – Travel to London (Urdu Story based)

Chief Inspiring Officer @ Accurate Consultants, Sialkot

Socialprenuer @ The Student College, Research and Training Centre, Sialkot

Page 2: CIA IIA Internal Auditor Role in Risk Management

This lecture valid till 30 April, 2013 after that new syllabus prevails.

B1 – Establish a framework for assessing riskB2 – Use the framework toa. Identify the sources of potential engagements (audit universe, management request, regulatory mandate)b. Assess organizational wide riskc. Solicit potential engagement topics from various sourcesd. Collect and analyze data on proposed engagementse. Rand and validate risk priorities

C5 – Discuss areas of significant risk

C6 – Support board in enterprise wide risk management

C7 – Review positioning of the internal audit function within the risk management frameworkwithin the organizationC13-Assess compliance with policies in specific areasD2 – Risk Managementa. Develop and implement an enterprise wise risk and control frameworkb. Coordinate enterprise wide risk managementc. Report corporate risk assessment to boardd. Review business continuity planning processE4 – Risk Management Techniques

Business Context

Being highly volatile environment facing industries of Pakistan andgiven the fact that very few rarely apply RM/ERM. Lets kick off in ourrespective organizations as value added being iA/iAA.

Qualification Context

The IIA may ask candidates questions with circumstances that requireapplication of their knowledge of risk management.

Exam Context

CIA candidates should understand risk management to applyknowledge to assessing the adequacy of the risk management process.

Page 3: CIA IIA Internal Auditor Role in Risk Management

Internal Auditor is required to give judgment about effectiveness of riskmanagement. And this judgment is based on certain factors that will be remember with theword: OSTRICH: Internal Auditor can not hide head under the sand leaving all Org at risk.

O – Objectives of Organization support its mission.

S – Significant risk in achieving objectives identified.

T – Tabloid (a sort of newspaper with big heading withpix) of risk information is communicated across org.

R – Responses are selected while adhering to riskappetite.

Forget !!! ich (Source – Interpretation to Standard 2120)

Based on Syllabus Given above following are relevant documents to read and understand

Standard – S2120

Practice Advisories – PA 2120-1

Position Paper – The Role of internal auditing in Enterprise Wide Risk Management

Practice Guide–Assessing adequacy of Risk Management using ISO 31000

Page 4: CIA IIA Internal Auditor Role in Risk Management

This assessment is not that fun. Being judgment,Internal Auditor normally comes to the conclusion aftermultiple engagements which provides auditor withunderstanding of overall system of organization.

Lets begin Practice Advisory 2120-1

Description Board SeniorManagement

Internal Auditor

Lets first defineresponsibilities

Para 1

Board hasoversightresponsibility

Para 6/7

Implementationresponsibility ofRM rests withmanagementwhich decides RMon the basis ofmany factors tobe:-Formal/Informal(Informal in small org)-Quantitative/Subjective(Quantitative in large orgwith FinancialInstruments)-Embed in Departments or/Centralized

Para 2/3/4

As consultantiA/CAE can helpBoard andManagement inRM. (but in thislecture we areafter AssuranceRole of iA)whether org hasformal RM or not.

Para 5There are stages of RMwithin the Org and CAEneeds to be aware firstwork as consultant andthen assurance provideron RM withoutinvolving actually intoimplementation of RMthat is threat toIndependence and iAcan defense itself byhaving formal iACharter approved byBoard.

Page 5: CIA IIA Internal Auditor Role in Risk Management

In forming an opinion besides the factors we cover at the top there areAudit Procedures that are used by Internal Auditor on Risk Management which we willremember with the word TWILIGHT SAGA – Internal Auditor never follow 9-5 job.

Twilight refer to the darkness just before the sun rises, or just before the sun sets. SAGA means story.

T-Trends, recent developments in industry (research by iA) posing risk/exposures and Org whatprocedures Org develpoed to identify risks and how org adress.

W-Weaknesses in risk management practices discussed with Board/SM.

I-Interview with business heads regarding risk/controls in respective deptt.

L-Lines of reporting regarding risk monitoring are appropriate.

I-Independent review of Org policies (board mintures) regarding RM, appetite and business strategies.

G-Give due consideration to previous reports of management, iA, External Auditor

H-Hail (shout in order to attract attention) imporvements.

T-Timeliness of reporting on risk management results is appropriate.

S-Self assessment process of management are checked with observation, test of controls etc.

A-Actions taken (Risk Response) are appropriateto complete risk management cycle.

G-(Gad-Go around and around) – means monitoring of risk mitigation (control activities) is appropriate.

A-Agile (quick) c ommunication of risk and control activities.

(Source – Practice Advisory 2120-1 Para 8)

Page 6: CIA IIA Internal Auditor Role in Risk Management

BEST WISHES

Hafiz Muhammad Adnan Rana

[email protected]

www.stuco786.com

0346-538-8-538

Sialkot Pakistan

We have read condensed contents of PA 2120-1

Please read carefully the contents of PA 2120-1 now for your clear understanding.Please also have to go at the followings.

Position Paper – The Role of internal auditing in Enterprise Wide Risk Management

Practice Guide–Assessing adequacy of Risk Management using ISO 31000

BEST WISHES

Hafiz Muhammad Adnan Rana

[email protected]

www.stuco786.com

0346-538-8-538

Sialkot Pakistan

We have read condensed contents of PA 2120-1

Please read carefully the contents of PA 2120-1 now for your clear understanding.Please also have to go at the followings.

Position Paper – The Role of internal auditing in Enterprise Wide Risk Management

Practice Guide–Assessing adequacy of Risk Management using ISO 31000

BEST WISHES

Hafiz Muhammad Adnan Rana

[email protected]

www.stuco786.com

0346-538-8-538

Sialkot Pakistan

We have read condensed contents of PA 2120-1

Please read carefully the contents of PA 2120-1 now for your clear understanding.Please also have to go at the followings.

Position Paper – The Role of internal auditing in Enterprise Wide Risk Management

Practice Guide–Assessing adequacy of Risk Management using ISO 31000


Recommended