Risk Based Internal Audit in Banks April 7, 2014 Agenda 1. Principles of Risk Based Internal Audit 2. Methodology 3. Risk Assessment 4. Annual Plan 5. Audit Engagement 6. Reporting 7. Benefits of Risk Based Audit Page 2 1. Principles of Risk Based Internal Audit Risk: The probability of occurring an event having effects on achievement to objectives. Risk has 4 components: Event Effect Likelihood
Result Risk Management: The process of identification of potential cases, assessment, managing and controlling in order to realize institutions objectives, for providing acceptable assurance. Risk Assessment Process Identification Classification Prioritization Measuring Page 3 1. Principles of Risk Based Internal Audit Risk Assessment Process A risk assessment is an effort to identify, measure, and prioritize risks organization faces, so that internal audit activities are focused on the auditable areas with the greatest significance. Through the risk assessment process, it is able to develop a risk-based Internal Audit Plan. Risk Assessment Goals
Inform senior management and the Board of Directors on risk assessment process. Get to know your client needs. Develop a project deliverables. plan, timeline, and agree upon Provides a framework for assessing and prioritizing risks. Page 4 1. Principles of Risk Based Internal Audit What is risk based internal audit? The Institute of Internal Auditors defines Risk Based Internal Auditing (RBIA) as: a methodology that links internal auditing to an organizations overall risk management framework that allows internal audit to provide assurance to the board that risk management processes are managing risk effectively, in relation to
the risk appetite Page 5 2. Methodology Assessing Risk Annual Plan Audit Engagement Reporting Page 6 3. Risk Assessment Evaluate the level of risk for each auditable area. Risk factors to consider include: Materiality Complexity of Process Business Environment Exposure to Loss Regulatory Environment Page 7
3. Risk Assessment Identify potential areas for internal auditing through discussions with key management and review of documentation. Key risks should be taken into account. Interview executive, senior management, middle management, and Board of Directors / Audit Committee. Review financial statements, strategic plans, budgets, policies and procedures, code of conduct, and other entity related information. Review industry information. Facilitate risk assessment sessions with management. Page 8 3. Risk Assessment Sample Heat Map Page 9 4. Annual Plan Establishing the Risk Based Internal Audit Plan According to IIA standards, a risk based internal audit plan should satisfy the
following issues: The internal audit activitys plan of engagements must be based on a documented risk assessment, undertaken at least annually. The input of senior management and the board must be considered in this process. The chief audit executive must identify and consider the expectations of senior management, the board, and other stakeholders for internal audit opinions and other conclusions. The chief audit executive should consider accepting proposed consulting engagements based on the engagements potential to improve management of risks, add value, and improve the organizations operations. Accepted engagements must be included in the plan. Page 10 4. Annual Plan In Turkey, regulations of Banking Regulation and Supervision Agency necessitate the following conditions for an efficient internal audit system: Annual risk assessments that consider all business units and operations of the bank shall be made. An annual audit plan shall be established conveniently to the results of risk assessments. Annual audit plan shall be approved by the Board. Page 11 4. Annual Plan Annual Audit Plan is determined by evaluation of
Risk matrix, Risk Matrices of Subsidiaries (If applicable) Risk level of activities Risk Indicators & Dynamic Risk Assessment Contemporary conditions and expectations Feedbacks of Board of Directors, Audit Committee & Senior Management, etc. SAMPLE AUDIT PLAN PROCESS Internal Audit Department Audit Committee (Approval) Board of Directors (Approval) Regulatory Authority (for information purposes only) Page 12 4. Annual Plan Sample Risk Assessment Process: Bank Example Identify Key Risks
Define Audit Universe Perform Risk Ranking Audit Plan The Banks Risk Matrix Risk Level of Banks Activities Risk Indicators Risk Assessment Reports AUDIT PLAN Auditable Entities Audit Period Identifying the Importance Level*
Corporate Finance Trading and Sales Retail Banking Credit Extension Deposit Collection and Investment Products Retail Banking Operations Retail Brokerage Commercial Banking Credit Extension Deposit Collection and Investment Products Commercial Banking Operations Payment and Settlement Agency Services Asset Management Mergers and Acquisitions Insurance Services Information Systems Human Resources Legal Proceedings New Technologies * A risk rating model can be used to define ideal audit periods. A risk rate can be given to each auditable entity from 1-High Risk to 5-Low Risk. Page 13 4. Annual Plan Sample Risk Based Annual Plan Audit Cycle / Area LENDING OPERATIONS
Commercial Loans Consumer Loans Real Estate Loans Credit Administration Secondary Marketing TREASURY MANAGEMENT Securities Cash Management Asset/Liquidity Management Wire Transfer Automated Clearing House Borrowings and Repurchase Agreements ACCOUNTING AND FINANCIAL REPORTING General Accounting Financial Reporting DEPOSIT OPERATIONS BRANCH OPERATIONS BANK ADMINISTRATION Human Resources Payroll Purchasing Insurance Coverage High (H); Medium (M); Low (L) Aggregate Risk from Audit Frequency Risk Assessment (1, 2, or 3 year Year - 1
Matrix rotation) M M M H L 2 2 2 1 3 X M L M H H L 2 3 2 1 1
3 X M M M M 2 2 2 2 M L L M 2 3 3 2 Year - 2 Year - 3
X X X X X X X X X X X X X X X X X X X X X X
X X X X X X X X X Page 14 5. Audit Engagement Subjects reviewed during the audit engagements vary according to the work performed by those units. According to the model, controls should provide tenable assurance about the following 4 issues. In the audit engagement controls on these issues are tested. Financial records, Operational records, Record keeping and reporting activities.
Policies for Segregation of Duties Evaluation of procedures designed against theft, forgery, illegal acts and etc. Reliability & Integrity of Information Compliance Policies, Procedures, Laws and regulations, Agreements. Safeguarding of Assets Effectiveness & Efficiency of Operations Efficiency of workflows, Evaluation of capacity
usage, Over/under employment. COSO is a committee composed of 5 professional organizations. This model is preferred and suggested by IIA (Institute of Internal Auditors.). Page 15 5. Audit Engagement SPECIFIC TECHNIQUES USED TO OBTAIN INFORMATION EXECUTING THE AUDITS Identifying Statistical Sampling ng Recomputing ile a t De
sti e dT Co nfi ing ew Observation & Inspection rm ati i erv Evaluation of Information on In t Analyzing
An Pr alyt oc i ed c al ur es Page 16 5. Audit Engagement Sample Audit Plan Sample Working Paper Risk based audit plans and working papers are prepared in audit engagement. Contents of these documents that are mentioned below identify the scope of assurance. Purpose, Scope, Analyzing Method, Sampling Method, Results Page 17
6. Reporting What is expected by the senior management and the board from internal audit reports? Compliance of the audited unit to the Law and other legal procedures Compliance of the audited unit to the internal policies and procedures Efficiency and effectiveness of processes in the audited unit and possible corrective actions that may be taken by the senior management Page 18 6. Reporting Internal Audit Reporting Sample lt Risk and SuggestionExamined Process Current State Number of Finding (High / Medium / Low) Headline 2013-910-H-001 Auditee Controls Finding
Any kind of controls that are currently available in the process Explaining the examined process briefly Highlighting the risky points Auditors opinions Related Process / Process from the audit plan in which the finding is Sub-Process detected Risk Suggestion Response of Auditee Risks regarding the process Suggestions to cover risk
The answer / opinion of the auditee regarding the finding, risk and suggestion Page 19 6. Reporting Reporting to the Audit Committee The internal audit function is ultimately reports and is accountable to the Audit Committee. Prior to meeting the Audit Committee, internal audit reports of the audit period are prepared and delivered to the members of the Audit Committee and other concerned parties. Reporting to Senior Management and the Board In IIA standards, reporting levels are explained as follows: The chief audit executive must report periodically to senior management and the board on the internal audit activitys purpose, authority, responsibility, and performance relative to its plan. Reporting must also include significant risk exposures and control issues, including fraud risks, governance issues, and other matters needed or requested by senior management and the board. Page 20 6. Reporting Monitoring Progress and Communicating the Acceptance of Risks The chief audit executive must establish and maintain a system to monitor the disposition of results communicated to management. When the chief audit executive concludes that management has accepted a level of risk that may be unacceptable to the organization, the chief audit executive must discuss the matter with senior management. If the chief audit
executive determines that the matter has not been resolved, the chief audit executive must communicate the matter to the board. The identification of risk accepted by management may be observed through an assurance or consulting engagement, monitoring progress on actions taken by management as a result of prior engagements, or other means. It is not the responsibility of the chief audit executive to resolve the risk. Page 21 7. Benefits of Risk Based Audit Conducting efficient audit activities Focusing on the most significant and risky auditable areas Fulfilling the stakeholders expectations Identifying the risk appropriately
Benefits of Risk Based Audit Affirmative cost-benefit impacts Page 22 Internal Audit Exam Exam Date: April 27th, 2014 Expected to Hire: 35 People Deadline to Application: April 18th, 2014 Exam Locations: stanbul
Ankara zmir Expected Date to Begin: July 2014 http://garantilikariyer.garanti.com.tr/ Page 23 April 7, 2014 - Istanbul Page 24
Beta Bias. This is tendency to ignore the differences between men and women. The assumption is that theories derived from research into men can also be applied to women. Kohlberg's research on moral development. Discuss the beta bias in Milgram's...
Carleton University. The setting. Course was SOCI3003: Quantitative Methods- Research Design And Data Analysis . Third year class - mandatory for Honours Degree ... Many Thanks to EDC. Teach the TAs and students at the same time. Incorporate syntax as...
Civil Liberties & Civil Rights 1st Amendment Issues Rights of the Accused & Criminal Justice Civil Rights * Lecture Outline The Bill of Rights and the States The Bill of Rights was written to restrict the powers of the new...
Value-based payment is a phrase used to describe a payment model in which the amount of payment for health care services is tied to performance on quality and/or cost measures. In other words, value-based payment programs are designed to reimburse...
VQManager Reversing an assessment plan sign off The principle for this is the same, below is an assessment plan signed off To reverse it, untick the sign off assessment plan box This enhancement is optional and must be requested. VQManager...
Q1 Grade 1 Science 2009-2010 District-Focused Mathematics and Science Professional Learning Atlanta Public Schools * Ask participants to reflect on the data. Think, Pair, Share with elbow partners on what they notice.
External Anatomy. Eyelids. Rehydrate and wash out dust and bacteria. Eyebrows and Eyelashes. keep dirt and sweat out of the eye. Internal Anatomy. Tears. Produced by lacrimal gland located above the eye. Wash dirt and bacteria from the eye.
Inventory with the processors is 1+ 0.4+0.6 = 2. On average there are 2 flow units with the processors; Inventory in the processors (Ii) ... Very Theoretical Flow Time is computed based on theoretical Activity Time ThUL(1+CWF) = Unit Load...
Ready to download the document? Go ahead and hit continue!