P3 Development and focus - 1.2
purpose and history
chang focus from control to risk based
role and responsibilities of key stakholder
importance developing positive relations
how IA add valude
- Created by: mumuna
- Created on: 21-05-13 10:51
IA APPROACH - compliance to system to risk based
Tranactional > assess adherence to systems and process to prescribed policies, plans, proecedure, laws and contract e.g. IA adopted to assess org's compliance with the UK Data Protection Act
Systems based >asses how well systems and internal control operate in delivery org objectives - key is expressing what controls achieve and reflection on org objectives thus actual operation versus prescription
Risk based> allow assurance to board that risk management process are managed effectively Encouraged by IIA as links IA process to org risk management framework e.g.
- documened in risk register
- operational re: risk affectivng business operation
- control and risk are recognised - system methodology using control to measure effectiveness of risk - IA provide assurance which add value on management of key business risk and effectiveness of how risk management frameworks and internal controls operate.
IA value
VALUE :objective and indepedent assurance on governance , risk management and control process
Board and SM able to trust as signed up to discrete knowledge and skill in IA compentency framwork
Our principals and value are set out in definition, code of ethics and standard for professional practice of internal auditing
PROMOTE CONTROL, ASSURANCE TO BOARD, PROCESS IMPROVEMENT , SUPPORT DIRECTORS REPORTING, EXTERNAL AUDIT RELIANCE, CHALLENGING ACCEPTED PRACTICE, COMMUNICATED GOOD PRACTICE, ID RISK, EXPOSURES AND TAKE ADVANTAGE OF RISKS
PURPOSE:
Protect assets and reputation of org providing assurance over RM control and governance, but also consultancy
Audit Assurance
PURPOSE - reporting defined by org
- assurance biz operating effecitively>provide IA opinion>set of recs agreed by mgmt
reporting annual - overall state risk management, control and governance process
- HIA deliver opinion as part of annual report and accounts regarding whether risk managed sufficiently within limites
formal report to SM and Board usually thorough audit committee
- result of individiual engagment activity
- follow up in year
- work of other assurance provided
- limitation on scope
- considers major recommendation not accepted
result of structured audit assurance programme
- Consider Board defined requirement in strategic planning
Role of IA in RM INCL CONSULTANCY
Assurance provided on risk managment framework in 3 area:
- risk managemet process - design and effectiveness
- manageme of risk regarding effectiveness of controls and responses
- reliable assessment of risks and reporting risk and control status
Also consultancy
- make tools and technique IA use to analyse risk and control
- champion ERM, expertise and knowldege
- faciltation workshop
- support id of risk by managemen e.g. siting and advising on project boards
IA NOT TAKE ROLE OF BUSINES
- E.G SET RISK APPETITE
- IMPOSE RISK MANAGEMENT
- DETERMINE RISK RESPONSE
POSITIVE RELATIONS WITH OTHER ASSURANCE PROVIDERS
IA WORK WITH OTHERS TO DETERMINE
- WHO REQUIRE ASSURANCE IN AND OUT OF ORG
- AREAS WHERE ASSURANCE REQUIRED
- WHO PROVIDE ASSURANCE
- FIT OF ASSURANCE
- GAPS AND OVERLAPS
- WHETHER ASSURANCE COSTS BE CONTROLLED
STAKEHOLDER HAVE VESTED INTEREST IN BEH IN ORG WHERE INTERNAL - DIRECTLY INVOLVED OR EXTERNALLY - NOT INVOLVED BUT AFFECTED
MANAGING RELATIONS HELPS - raise IA profile>negotiate resource and objs>co-ordinate sharing of inform and opinion>convince need for change>effective working>manage expectations>developm IA knowledge
MANAGING RELATIONS HELPS
STAKEHOLDER HAVE VESTED INTEREST IN BEH IN ORG WHERE INTERNAL - DIRECTLY INVOLVED OR EXTERNALLY - NOT INVOLVED BUT AFFECTED
- discussion hel confirm value of shared priorities
- encourage engagment that improves operations
- shows IA prepared to listen
- IA set criteria for evaluation
MANAGING RELATIONS HELPS -
- raise IA profile
- >negotiate resource and objs
- >co-ordinate sharing of inform and opinion
- >convince need for change
- >effective working>manage expectations
- >develop IA knowledge
BUT - IA MUST BE FREE FROM INTERFERENCE
Three lines of defence indicate responsibilities
Importance of clarifying the different roles that contribute to the provision of assurance over the management of risks.
Many have documented the various responsibilities using what is sometimes called the “three lines of defence” model.
Such models typically state the responsibilities of management / management control functions (as the first line of defence), risk management functions (second line) and internal audit (third line).
These models depict the roles that are unique in each organisation and clearly provide a good starting point for defining the specific relationships required.
Related discussions on The Student Room
- How should I space my revision plan for my A-Levels? »
- Stats and mechanics »
- alevel chem »
- 9489 History A2-level (CIE) »
- ADHD- GCSEs OK- Struggling in A level. please help »
- A Level resources »
- ADHD- in HK and struggling with grades »
- A level/revision help! »
- NEA Examples For AQA A Level Computer Science »
- sociology paper structure help »
Comments
No comments have yet been made