Documente Academic
Documente Profesional
Documente Cultură
internal auditing
– an introduction
Slides of figures
and appendices
©David M Griffiths
An
internal control
is a process which
manages a risk
A
risk
is a set of
circumstances
that hinder the
achievement of
objectives
5
Supplementary
10 15 IR 20 25
Issue Issue Unacceptable Unacceptable Unacceptable
4 8 12 16 20
Likelihood of risk
Internal control
Supplementary
Acceptable Issue Issue Unacceptable Unacceptable
Possible (3)
3 6 9 12 15
Supplementary
Acceptable Issue Issue Issue Unacceptable
Unlikely (2)
2 4 6 8 10
Supplementary Supplementary
Acceptable Acceptable Issue Issue Issue
1 2 3 4 5
Rare(1)
Acceptable Acceptable
RR
Acceptable Acceptable Issue
Insignificant (1) Minor (2) Moderate (3) Major (4) Catastrophic (5)
Consequence of risk
Unacceptable: Immediate action required to manage the risk
Issue: Action required to manage the risk
Supplementary issue: Action is advisable if resources are available
Acceptable: No action required
Management's
Risk Register
(if available)
Risk Defined
Management's
Facilitate risk Risk Register Use organisation's
identification (amended) risks
Stage 2
Individual audit
Audit report
Stage 3
Feedback results
into RAU
risks risks
scores scores
controls controls
Audit
audit
Committee
reports
report
Filter risks
Risks not requiring an
Risks which will be
audit in this period
tolerated
Risks on which
assurance is
required
Categorise risks
Audit Universe
Link risks to
audits
Alllocate
resources to
audits
Audit Committee
Audit plan
report
5 10
15 20 25
Every three Every two
Every year Every year Every year
years years
Likelihood of inherent risk
4 8 12
16 20
Every three Every two
Never years years
Every year Every year
Possible (3)
3 6 9 12
15
Every three Every two Every two
Never years years years
Every year
Unlikely (2)
2 4 6 8 10
Every three Every three Every two
Never Never years years years
1 2 3 4 5
Rare(1)
Every three
Never Never Never Never years
Insignificant (1) Minor (2) Moderate (3) Major (4) Catastrophic (5)
0.75 1 1
Time since last audit
2 years
0.5 0.75 1
1 year
Audit plan
Conclude on risk
maturity for the
area audited
Decide on audit
approach
Meetings to determine
Agreed scope
objectives, risks and
agree scope
Obtain relevant
documentation on
processes
5 10 15 20 25
Supplementary
Issue Issue Unacceptable Unacceptable Unacceptable
Likelihood of residual risk
4 8 12 16 20
Supplementary
Acceptable Issue Issue Unacceptable Unacceptable
Possible (3)
3 6 9 12 15
Supplementary
Acceptable Issue Issue Issue Unacceptable
Unlikely (2)
2 4 6 8 10
Supplementary Supplementary
Acceptable Acceptable Issue Issue Issue
1 2 3 4 5
Rare(1)
Supplementary
Acceptable Acceptable Acceptable Acceptable Issue
Insignificant (1) Minor (2) Moderate (3) Major (4) Catastrophic (5)
risks
Objective level 2
Devise a Establish
Set up a Set up Establish
strategy for delivery
system which agreements functions to
the next five systems to
enables us to with donors deliver food
support the
years to
predict to obtain when and where field
deliver our
famine areas food it is required operations
objectives
Objective level 3
Establish Decide how
contacts future needs Identify
Set up Set up
with are to be Lorries to how to
possible strategy for
shipping met, by be properly recruit at
companies local carrier alternativ prioritizing
maintained short
to anticipate or own e routes camps
notice
problems lorries
Level 2 objectives
2 3
Set up a Set up 4
1
system which agreements Establish 5
Devise a
enables us to with donors delivery Establish
strategy for
predict to obtain systems to functions to
the next five
famine areas food deliver food support the
years to
when and field
deliver our
where it is operations
objectives
required
Level 3 objectives
4.1 4.2
4.5
Establish Decide how 4.4
4.3 Set up 4.6
contacts with future needs Identify how
Lorries to be possible Set up strategy
shipping are to be to recruit
properly alternative for prioritizing
companies to met, by local drivers at
maintained routes for camps
anticipate carrier or own short notice
delivery
problems lorries
5 10 2 15 20
1 25
5
Supplementary
Issue Issue Unacceptable Unacceptable Unacceptable
4 8 12 16 20
Likelihood of risk
Supplementary
Acceptable Issue Issue Unacceptable Unacceptable
Possible (3)
3 6 9 12 15
6
Supplementary
Acceptable Issue Issue Issue Unacceptable
Unlikely (2)
2 4 6 8 10
Supplementary Supplementary
Acceptable Acceptable Issue Issue Issue
1 2 3 3 4 5 4
Rare(1)
Insignificant (1) Minor (2) Moderate (3) Major (4) Catastrophic (5)
Consequence of risk
Objectives
1
The
4 audit
An
internal control
is a process which 3
manages a risk
A
risk 2
is a set of
circumstances
that hinder the Significant risks generate
achievement of
objectives the audit plan
©David M Griffiths www.internalaudit.biz