goj audit commission conference 2016
play

GoJ Audit Commission Conference 2016 Tips on Reviewing a Risk-Based - PowerPoint PPT Presentation

GoJ Audit Commission Conference 2016 Tips on Reviewing a Risk-Based Audit Plan 11/8/2016 Jacque Chevers BH{L}, CA, CRMA, MSc, BSc, AAT 1 RISK ASSESSMENT Risk-Based Audit Planning Where RISK, Meets STRATEGY 11/8/2016 Jacque Chevers BH{L},


  1. GoJ Audit Commission Conference 2016 Tips on Reviewing a Risk-Based Audit Plan 11/8/2016 Jacque Chevers BH{L}, CA, CRMA, MSc, BSc, AAT 1

  2. RISK ASSESSMENT Risk-Based Audit Planning Where RISK, Meets STRATEGY 11/8/2016 Jacque Chevers BH{L}, CA, CRMA, MSc, BSc, AAT 2

  3. Audit Development Process Stage 1 Identification of the Audit Universe – All areas that are available to be audited within the organization. – To define the universe, the Internal Audit Unit divides the organization into manageable auditable activities such as: • Function or activity, • Organizational unit or division, or • Project or program. 11/8/2016 Jacque Chevers BH{L}, CA, CRMA, MSc, BSc, AAT 3

  4. Audit Development Process Stage 2 • Objective Setting – This phase is to determine the key objective for each business operative to ensure that risks identified were objective-specific. 11/8/2016 Jacque Chevers BH{L}, CA, CRMA, MSc, BSc, AAT 4

  5. Audit Development Process Stage 3 • Risk Assessment – Involves identification, evaluation and estimation of the levels of risk associated with the organization operations. 11/8/2016 Jacque Chevers BH{L}, CA, CRMA, MSc, BSc, AAT 5

  6. Risk Definition Risk Definition (+) Opportunities Event (-) Risks 11/8/2016 Jacque Chevers BH{L}, CA, CRMA, MSc, BSc, AAT 6

  7. OBJECTIVE • Bolt win ning the race 11/8/2016 Jacque Chevers BH{L}, CA, CRMA, MSc, BSc, AAT 7

  8. Risk Cause (Trip & Consequences Broken Fall) Lost Race Shoelace 11/8/2016 Jacque Chevers BH{L}, CA, CRMA, MSc, BSc, AAT 8

  9. OBJECTIVE • Bet on Bolt to win the race to get money . 11/8/2016 Jacque Chevers BH{L}, CA, CRMA, MSc, BSc, AAT 9

  10. Risk Consequences (Lost Cause Lost Bet i.e. Race) Trip & Fall Money 11/8/2016 Jacque Chevers BH{L}, CA, CRMA, MSc, BSc, AAT 10

  11. Risk Categories • Strategic Risk – governance structure, management experience • Operational Risk – internal processes, people, system, etc • Financial Risk – risk relating to financing of an organization’s operations. • Compliance Risk – conformance with regulations and policies. 11/8/2016 Jacque Chevers BH{L}, CA, CRMA, MSc, BSc, AAT 11

  12. Risk Factors 11/8/2016 Jacque Chevers BH{L}, CA, CRMA, MSc, BSc, AAT 12

  13. Determine Risk Factors Risk Factors I/P Complexity of Operations P Quality of Internal Control P Public Exposure I Compliance with Regulations P Last Audited P Strategic Importance I Strength of Governance Structure I Going Concern P Susceptibility to Fraud I Dollar/Volume of Transactions I 11/8/2016 Jacque Chevers BH{L}, CA, CRMA, MSc, BSc, AAT 13

  14. Principles used to Assess Risk Level Risk Factor Process Main Focus The level of compliance to Compliance Governmental Acts, Compliance with Regulations, Policies and Regulations Guidelines. Public Overall impact to the Reputation Exposure organization’s reputation Governance Physical environment and Operations security of the facilities, Strategy data, records and department personnel. 11/8/2016 Jacque Chevers BH{L}, CA, CRMA, MSc, BSc, AAT 14

  15. Principles used to Assess Risk Level Risk Factor Process Main Focus Management Evaluate the way the entity is Governance Philosophy & managed, (formal vs. informal) as well Operating Style as the general attitude towards financial reporting Susceptibility to Consider the dollar magnitude of Financial Fraud exposure; consider the potential Governance override of controls by management, Compliance areas where controls are weak or lack of segregation of duties. Assess incentives, opportunities and the pressures to commit fraud. Distance from head office. 11/8/2016 Jacque Chevers BH{L}, CA, CRMA, MSc, BSc, AAT 15

  16. Principles used to Assess Risk Level Risk Factor Process Main Focus • Financial Quality of Assessed internal controls known. • Compliance Internal Control Looked at the possibility of potential • Governance misstatements arising from • Operations fraudulent financial reporting, management influence over the control environment, operating characteristics and financial stability. • Operations Competence Evaluate the ability of an individual to do a job properly 11/8/2016 Jacque Chevers BH{L}, CA, CRMA, MSc, BSc, AAT 16

  17. Principles used to Assess Risk Level Risk Factor Process Main Focus Management Consider management’s background, time Governance Experience in service level, type and nature of experience. Financial A measure of exposure to potential loss or Financial Exposure embarrassment due to the cash nature of Reputation transactions and the ease or difficulty of assets being converted to cash. Going Threat to the continuance of the business Financial Concerns 11/8/2016 Jacque Chevers BH{L}, CA, CRMA, MSc, BSc, AAT 17

  18. Audit Development Process Stage 3 • Velocity – the time it takes for the risk event to have an effect, that is, the time that elapses between the occurrence of the event and the point at which the entity first feels the impact. • Control Factor - Systematic measures such as reviews, checks and balances, methods and procedures)instituted 11/8/2016 Jacque Chevers BH{L}, CA, CRMA, MSc, BSc, AAT 18

  19. Audit Development Process Stage 3 Risk Assessment Legend Ratings 1 2 3 4 5 Negligible Minor Moderate Critical Catastrophic Impact Probability Improbable Seldom Occasional Likely Frequent Several Few Days Immediately Velocity Very slow months months (1.00) (0.95) (0.90) (0.85) (0.8) Control No Control Minor Moderate Adequate Very Good Factor Controls Controls Controls 11/8/2016 Jacque Chevers BH{L}, CA, CRMA, MSc, BSc, AAT 19

  20. Risk Analysis Result • Activity • Objective • Key Risks • Impact Factors • Probability Factors • Velocity • Inherent Risk • Control Factor • Residual Risk • Risk Rating 11/8/2016 Jacque Chevers BH{L}, CA, CRMA, MSc, BSc, AAT 20

  21. Activity Objective Key Risks I P V IR CR RR Limited cash flow, Bank & Cash Fund expenditures and meet misappropriation of management obligations as they fall due funds M substandard gds. & Contracts & serv., corrupt acts Procurement Receive value-for-money e.g. Nepotism 5 5 4 100 0.85 85 Construct new buildings Insufficient funding, upgrade and maintain existing cost overruns, Facilities structure to provide suitable substandard work, Management accommodation for staff corruption 5 5 5 125 0.9 113 secure optimal information technology and systems Loss or destruction Information efficiency while giving support of data and/or Technology to the wider portfolio information, hacking 5 5 5 125 0.95 119 Human Resource Acquire competent ("best fit") Corrupt practices Management persons such as nepotism 5 4 3 60 0.85 51 Key: I=Impact, P=Probability, V=Velocity, IR=Inherent Risk, CR=Control Risk, RR=Residual Risk M=Mandatory 11/8/2016 Jacque Chevers BH{L}, CA, CRMA, MSc, BSc, AAT 21

  22. Audit Development Process Stage 4 • Formulation of the Audit Plan – risk ratings, – available audit days (# of auditors x # of works days/yr) – audit cycle (estimated time to complete the audit) – a combination of high, medium and mandatory areas as well as weaknesses highlighted in the Auditor General Annual Report and special requests by senior managers. – Other activities such as leave, training, unscheduled and pre-audits 11/8/2016 Jacque Chevers BH{L}, CA, CRMA, MSc, BSc, AAT 22

  23. Allocation of Available Audit Days Posts CIA AS4 AS3 AS2 AS1 TOTAL 1 2 4 8 3 18 Staff size by position Total audit days available 254 508 1016 2032 762 4572 4572 Less estimated leave: Vacation 15 30 40 80 30 195 Sick 8 16 32 40 19 115 10 20 40 50 29 149 Departmental Total estimated leave 33 66 112 170 78 459 459 Less Schedule Audits (including reviews): Engagement b/f 67 1,725 Regular SATF 702 294 Contingency for special requests Pre-Audit Activities 884 Administration 322 119 Training/Meetings Jacque Chevers BH{L}, CA, CRMA, MSc, BSc, 11/8/2016 23 Available audit days net of leave 4113 AAT 4572

  24. Audit Development Process Stage 4 Priority Level Remarks 1 Mandatory Audits 2 • Main concerns highlighted in the AG Report • Unfavorable results of past internal audit reviews 3 High risk rating 4 Moderate and low risk rating 11/8/2016 Jacque Chevers BH{L}, CA, CRMA, MSc, BSc, AAT 24

  25. Audit Time Table Jacque Chevers BH{L}, CA, CRMA, MSc, BSc, 11/8/2016 25 AAT

  26. Type of Audits • Performance/Operational Audits examine the use of department/university resources to evaluate whether those resources are being utilized in the most efficient and effective way to fulfill the department‘s mission and objectives. An operational audit may include elements of a compliance audit, a financial audit, and an information systems audit . • Information Systems Audits address the internal control environment of automated information processing systems and how these systems are used. IS audits typically evaluate system input, output and processing controls, backup and recovery plans, and system security, as well as computer facility reviews . 11/8/2016 Jacque Chevers BH{L}, CA, CRMA, MSc, BSc, AAT 26

Recommend


More recommend