The Role of Internal Audit in Erm

In: Other Topics

Submitted By mka5356
Words 3877
Pages 16
September 29, 2004

The Role of Internal Auditing in Enterprise-wide Risk Management
In conjunction with the newly released Committee of Sponsoring Organizations of the Treadway Commission (COSO) Enterprise Risk Management - Integrated Framework, The Institute of Internal Auditors (IIA), in coordination with its IIAUK and Ireland affiliate, has issued a position paper on The Role of Internal Audit in Enterprise-wide Risk Management. The paper's purpose is to assist chief audit executives (CAEs) in responding to enterprise risk management (ERM) issues in their organizations. The paper suggests ways for internal auditors to maintain the objectivity and independence required by The IIA's International Standards for the Professional Practice of Internal Auditing (Standards) when providing assurance and consulting services. Internal auditing's core role with regard to ERM is to provide objective assurance to the board on the effectiveness of an organization's ERM activities to help ensure key business risks are being managed appropriately and that the system of internal control is operating effectively Recommended Roles The main factors CAEs should take into account when determining internal auditing's role are whether the activity raises any threats to the internal auditors' independence and objectivity, and whether it is likely to improve the organization's risk management, control, and governance processes. The IIA's position paper indicates which roles internal auditing should and should not play throughout the ERM process. Core internal auditing roles in regard to ERM. • • • • • Giving assurance on risk management processes. Giving assurance that risks are correctly evaluated. Evaluating risk management processes. Evaluating the reporting of key risks. Reviewing the management of key risks.

Legitimate internal auditing roles with safeguards. • • • • • • •…...

Similar Documents

Internal Audit

...Internal Audit Chapter 5 Review 1. A business process is the set of connected activities linked with each other for the purpose of achieving an objective or goal. 2. Two general types of business processes are present in most organizations that deliver goods and services: the operating processes and the management and support processes. The operating processes include strategic planning, product and service design and development, marketing, production/delivery, invoicing, and collection. The management and support processes include obtaining and managing the organization’s human resources (this could include hiring, training, benefits), managing financial resources (including budgeting, financial accounting, treasury), managing the information technology resources, managing physical resources (facilities management, security, maintenance, etc.), the organization’s compliance and governance systems, and the process for managing the organization’s external stakeholders (government relations, public relations, etc.). 5. A top-down approach begins at the entity level with the organization’s objectives, and then identifies the key processes critical to the success of each of the organization’s objectives. A bottom-up approach begins by looking at all processes directly at the activity level, and then aggregates the identified processes across the organization. 7. The two common methods used to document processes are process maps and process write-ups. Process...

Words: 4393 - Pages: 18

Research on Internal Audit Participate in Risk Management-Based on the Erm Framework of Coso

...换一个你的 School of Management, University of Glamorgan Research on Internal Audit Participate in Risk Management-Based on the ERM Framework of COSO By: Weichen Zhu Candidate no: 学号 September 2012 Supervised by: 你导师的名字 The dissertation is submitted as part of the requirement for the award of Masters of Science: 你专业的名字 Declaration This Dissertation has been prepared on the basis of my own work and that where other published and unpublished source materials have been used, these have been acknowledged. Word Count: Student Name: __________________ Signature: ______________________ Date of Submission:______________ Acknowledgement This is my first time to go aboard for studying. During different campus life in the UK, it is wonderful with deep impression. I learned how to use my internal power to make things happen and how to live my own life. All efforts contribute to my growth, but I cannot forget people who encourage and help me. Probably, I am not happy to study in my whole postgraduate time without support. Firstly, I would like to thank my supervisor 你导师的名字. He helps me develop the ideas and complete this dissertation. Especially, when I make a survey in China, I communicate with him through email. Sometimes, I am afraid that my timetable could have bad effects on him. However, he usually gives me feedback as soon as possible. Therefore, I only use 20 days to finish my survey. This kind of strong professional ethic is worth to......

Words: 20009 - Pages: 81

Internal Audit

...Internal Audit Internal auditing is a self-governing, objective assurance and consulting movement designed to add value and advance an organization's operations. The main objective of the internal audit activity is to determine whether the organization/company’s network of risk management, control, and governance processes, as designed and represented by the management, is adequate and functioning in a manner to ensure: risks are identified and managed, objectives are achieved, and compliance with policies are met. Along with internal auditing come developments, including standards and risk assessments for accounting and reporting practices. Sarbanes-Oxley Act The Sarbanes Oxley Act (the “Act”) of 2002 is a federal law passed in response to major corporate and accounting scandals including those of Enron, Tyco International, and Worldcom. These accounting scandals gave pause to the accounting world because of how complex and encompassing they were. They resulted in a decline of public trust in both accounting and reporting practices. It was then when the government realized that major reform was needed. This Act is now mandatory in the accounting world. All companies, whether small or large, must comply with the act. The corporate responsibility section of the Act calls for the establishment of an audit committee. The Act requires that all members of the audit committee be independent. Companies must disclose whether or not the audit committee includes at least one......

Words: 527 - Pages: 3

Internal Audit

...The Art Of Auditing Internal Auditor, August, 2000 by Lawrence Metzger "Creativity" and "auditor" are not contradictory terms. In fact, creative thinking is the linchpin of effective internal auditing--and it's a skill you can learn and polish. The work of internal auditors is as much an art as it is a science or technique. The internal audit process encompasses far more than a series of rote checklists; it is much more akin to an archeological dig, where layers of information are methodically uncovered. To connect and understand the layers of organizations, the internal auditor must be able to think creatively. Not only is creativity an inherent aspect of successful internal auditing, but it has become a hot, sought-after commodity in all fields. In his book Jamming, John Kao observes that we are living in an age of creativity. He argues, for example, that global competition is increasingly about a company's ability to mobilize its ideas, talents, and creative abilities. Kao maintains, along with other observers, that companies will increasingly be measured by their knowledge, and he emphasizes that creativity is the crucial variable in the process of turning knowledge into value. Knowledge is more than mastery of facts and data; it is also insight-the ability to see into a situation and make connections. Ideas are interconnected insights that we can grab and run with. And it is creativity that enables the transformation of one form of knowledge to the next. Kao states that...

Words: 2783 - Pages: 12

Internal Audit

...AUD 610 TUTORIAL 1 (Professional conduct and ethics) Question 1 For each of the following situations, discuss whether there has been any violation of ethical conduct. Support your answers by reference to the relevant professional code and ethics. I. Wani is a CPA, a partner with Joe and Wani, a CPA firm. Her husband owns 30 percent of shares in an audit client of the firm, but she does not take part in the audit of the client and the value of her shares is not material in relation to her husband’s wealth. a) Yes this is violation. b) Under MIA By-Laws ; Professional Independence means unbiased viewpoint in the performance of audit test, evaluation of result and issuance of audit report. c) The reason is husband Wani holds 30 percent of shares in and audit client of her firm. Stated that in Section 290 MIA By-Laws, auditor are not considered to be independent if he or is spouse, or dependent son or daughter or any son or daughter holds directly or indirectly any interest in shares of the company. II. Fahmi is an audit partner of Amin & Ahmad. He is assigned to an audit engagement for Idaman Bhd. Fahmi’s son is working as an engineering in Idaman Bhd. a) No this is not violation. b) Under MIA By-Laws ; Professional Independence which is financial interest treats. If a member or immediate family has any financial interest directly or indirectly in the entity, then the said member is prohibited from accepting appointment as an auditor of the company. However the......

Words: 673 - Pages: 3

Impact of Internal Audit on Risk Management

...THE IMPACT OF INTERNAL AUDIT ROLE ON RISK MANAGEMENT IN UAE PHD proposal Presented to (Dr Puah Chin Hong) Faculty of Economics and Business University of Malaysia Sarawak Presented By Muhammad Usman Research Proposal for PHD Admission: Presented By Muhammad Usman Page 1 TABLE OF CONTENTS 1.0 2.0 INTRODUCTION BACKGROUND 2.1 2.2 2.3 2.4 3.0 4.0 A brief history of internal auditing The role of the internal auditor Role of the risk management function The internal auditor and the risk management process PROBLEM STATEMENT RESEARCH OBJECTIVES 4.1 Specific Research Questions 5.0 6.0 7.0 8.0 9.0 IMPORTANCE OF STUDY SCOPE OF STUDY RESEARCH DESIGN THE LITERATURE REVIEW DATA COLLECTION & SAMPLING 9.1 9.2 Survey by questionnaire and interviews Sample selection 10.0 11.0 DATA ANALYSIS REFERENCES Research Proposal for PHD Admission: Presented By Muhammad Usman Page 2 1.0 INTRODUCTION The audit function has been performed at least since the fifteenth century. However internal auditing has developed most rapidly throughout the twentieth century as a core tool of risk assessment. Today, in businesses worldwide, the internal audit function is becoming very important for achieving the objectives of organizations. In recent years, UAE market has recognized the importance of the internal audit function, which is why that function has been established in some public as well as private companies. These companies setup audit functions to deal with the......

Words: 2567 - Pages: 11

Benefits of an Internal Audit

...An internal accountant is a helpful resource to help reform an organization with a out-of-control system. In the following paragraphs there will be information provided to justify the benefits of using an internal auditor to help the client’s organization. There will also be a referral of a prime candidate for an internal auditor based on his or her background. Lastly there will be an explanation of how the candidate’s background will be beneficial to client. Benefits of using an Internal Audit Internal auditor’s role in the organization is to monitor, assess and analyze the risk and controls of the organization. They do this by reviewing and confirming the information in the organization’s policy and procedures. The internal audit in a large organization is not performed by just one person. It is usually done by a team of auditors and they are assigned to different departments within the organization that needs auditing of its procedures and processes. These audits may also include the audit of its computer systems to make sure certain controls are in place. The benefits of an internal audit is to provide upper management and the audit committee assurance that the risks are low and the organizations governance is solid. The internal auditors also makes recommendations in an effort to enhance its policies, processes, and procedures (Cornell University, 2007). According to Cornell University (2007), “Internal auditors sometimes look at the same data or perform some of the......

Words: 603 - Pages: 3

Internal Audit

...Internal Audit Guidebook Providing a framework for understanding and delivering Grant Thornton’s Internal Audit Services in a consistent, high-quality way 2012 Internal audit guidebook 1 Contents Page Introduction 2 Common service delivery methodology 6 Determine client needs 8 Scope and arrange work 10 Plan 13 Analyze and assess 20 Report and recommend 28 Implement 32 Evaluate 33 Determine business and technology context 36 Manage engagement performance, quality and risk 38 Communicate and enable change 40 Appendix 42 Internal audit engagement checklist 43 © Grant Thornton LLP. All rights reserved. Updated August 1, 2012 Internal audit guidebook 2 Introduction What is internal audit? The Institute of Internal Auditors (IIA) defines internal auditing as: Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes. (1010) An internal audit objectively assesses the management of risks that a company faces. (2100 series) The aim is to • understand the current state, • assess the current state using appropriate standards and criteria, and • develop findings and......

Words: 15851 - Pages: 64

Internal Audit

...Chapter 1 Internal audit is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It help an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management control, and government processes. Objective- what an organization wants to achieve. Strategy- how management plans to achieve to organization’s objective. 4 types of objectives -Strategic objectives: value creation choices management makes on behalf of the organization’s stakeholders. -Operations objectives: effectiveness of and efficiency of the organization’s operations. -Reporting objectives: reliability of internal and external reporting of financial and nonfinancial information -Compliance objectives: adherence to applicable laws and regulations Governance is the process conducted by the board of directors to authorize, direct, and oversee management toward the achievement of the organization’s objectives. Risk management is the process conducted by management to understand and deal with uncertainties that could affect the organization’s ability to achieve its objectives. Control is the process conducted by management to mitigate risks to acceptable levels. Independence is the freedom from conditions that threaten objectivity or the appearance of objectivity. Objectivity is an unbiased mental attitude that allows internal auditors to......

Words: 989 - Pages: 4

Erm Paper Internal Auditing

...Casualty Actuarial Society Committee on Enterprise Risk Management has adopted the following definition which includes the purpose of ERM : “ERM is the discipline by which an organization in any industry assesses, controls, exploits, finances, and monitors risks from all sources for the purpose of increasing the organization’s short – and long-term value to its stakeholders.” In the US, COSO published its ERM-Integrated framework in 2004. COSO identified a need for robust framework to help companies effectively identify, assess, and manage risk. The resulting framework has eight components and four objectives. The eight components are:- * Internal Environment- It encompasses the tone of an organization, and sets the basis for how risk and control are viewed and addressed by an entity’s people. * Objective setting –Objectives must be aligned with the organization’s risk appetite, which derives risk tolerance levels for the organization. * Event identification-Management identifies potential events that, if they occur, will affect the entity’s ability to successfully implement the strategy and achieve objectives adversely or positively. * Risk Assessment-It allows an entity to consider the extent to which potential events have an impact on achievement of objectives. * Risk response-It includes risk avoidance, reduction, sharing and acceptance. * Control Activities-These are the policies & procedures that help ensure the management’s risk responses...

Words: 1368 - Pages: 6

Internal Audit

...attracting and retaining skilled employees. Internal audit is no different. The numerous career options available to new entrants and the seasoned audit practitioner make it imperative for audit managers to continually re-evaluate their approaches to ensure that the internal audit department is adequately staffed both in terms of numbers as well as skill sets to discharge its functions effectively. The IIA Attribute Standards / and Performance Standards are very clear and definitive on this: i) Attribute Standard 1210 - Proficiency Internal auditors should possess the knowledge, skills and other competencies needed to perform their individual responsibilities. The internal audit activity collectively should possess or obtain the knowledge, skills and other competencies needed to perform its responsibilities. ii) Performance Standard 2030 - Resource Management The Chief Audit Executive should ensure that internal audit resources are appropriate, sufficient and effectively deployed to achieve the approved plan. Professionalism Internal auditing is grounded in professionalism and efficiency. Today's internal auditors are a far cry from the 'fault finders' or 'policeman' role that the profession has long been associated with. Modern day internal auditors are routinely consulted on all aspects of the organisation's activities from strategic planning issues to the standard day-to-day operational issues relating to the risk environment and internal control framework. They are......

Words: 2392 - Pages: 10

Internal Audit

...Internal Control Topic List 1. What is internal control? 2. Components of internal control 3. Information about controls Learning outcomes On completion of this section you should be able to: • State the reasons for organisations having effective systems of controls • Identify factors which contribute to an effective control environment • Identify the components of internal control in both manual and IT environments • Identify types of control activity • Distinguish between general controls and application controls • Identify inherent limitations of a system of internal controls • Specify the composition of an audit committee Internal Control [pic] Internal control: ‘The process designed, implemented and maintained by those charged with governance*, management, and other personnel to provide reasonable assurance about the achievement of an entity’s objectives with regard to:- • Effectiveness and efficiency of operations • Reliability of financial reporting, • Compliance with applicable laws and regulations. The term “controls” refers to any aspects of one or more of the components of internal control. A key audit question is: “How does management control the business?” *Usually directors - remember the difference between exec and non-exec Company Objectives • To ensure it correctly reports its financial position to shareholders • To ensure it operates effectively......

Words: 2434 - Pages: 10

Internal Audit

...Framework A successful organization is built on a solid framework of data and information. The Framework explains how IT processes deliver the information that the business needs to achieve its objectives. This delivery is controlled through 34 high-level control objectives, one for each IT process, contained in the four domains. The Framework identifies which of the seven information criteria (effectiveness, efficiency, confidentiality, integrity, availability, compliance and reliability), as well as which IT resources (people, applications, technology, facilities and data) are important for the IT processes to fully support the business objective. Audit Guidelines Analyze, assess, interpret, react, implement. To achieve your desired goals and objectives you must constantly and consistently audit your procedures. Audit Guidelines outlines and suggests actual activities to be performed corresponding to each of the 34 high-level IT control objectives, while substantiating the risk of control objectives not being met. Control Objectives The key to maintaining profitability in a technologically changing environment is how well you maintain control. COBIT’s Control Objectives provides the critical insight needed to delineate a clear policy and good practice for IT controls. Included are the statements of desired results or purposes to be achieved by implementing the 318 specific, detailed control objectives throughout the 34 high-level control......

Words: 666 - Pages: 3

Internal Audit Role

...Internal audit’s role in modern corporate governance Thought leadership series Risk and Advisory Services Internal audit’s role in modern corporate governance Recent events have highlighted the critical role of boards of directors in promoting good corporate governance. In particular, boards are being charged with ultimate responsibility for the effectiveness of their organisations’ internal control systems. An effective internal audit function plays a key role in assisting the board to discharge its governance responsibilities. Yet how does the board – and its audit committee – satisfy itself that internal audit is functioning effectively and efficiently? The board’s responsibility for internal controls Through working with a broad range of organisations in Hong Kong and internationally, KPMG has identified a number of best practices in relation to the role played by the board audit and/or risk management committees. s Recent events have highlighted the critical role of boards of directors in s s s s s s s Assessing the scope and effectiveness of the systems established by management to identify, assess, manage and monitor the various risks arising from the organisation’s activities. Ensuring senior management establishes and maintains adequate and effective internal controls. Satisfying itself that appropriate controls are in place for monitoring compliance with laws, regulations, supervisory requirements and relevant internal policies....

Words: 2896 - Pages: 12

Roles of Audit Committee

...Roles of audit committee An Audit Committee does not focus solely on internal audit activities or on financial issues. Recent trends are for it to take on broader roles and responsibilities. The establishment of an Audit Committee affords the opportunity to set aside time to focus on governance, risk and control issues. The key responsibilities of an Audit Committee include: overseeing the risk management framework and processes; reviewing compliance related matters and internal controls; overseeing the relationship, appointment and work of the external and internal auditors; and reviewing the annual financial statements and recommending them for governing body approval. As it relates to oversight of the internal audit function, the responsibilities of Committee’s include: ensuring that internal audit activity is structured to achieve organisational independence; ensuring the internal audit charter permits full and unrestricted access to top management, the Audit Committee and the governing body; ensuring unrestricted access by internal auditors to records, personnel, and physical properties; ensuring the function is appropriately resourced; and ensuring the function is operating effectively. In relation to its other roles, Audit Committee responsibilities could include: review, with management, the adequacy of policies and practices for risk management and the operation of the internal control system; review, with management, the......

Words: 801 - Pages: 4

Silver Gravekeeper | #171 - Chapter 171 08-29-2016 | The Handmaid's Tale