Risk Based Auditing Essay
Over the last few years, the need to manage risks has become recognised as an essential part of good corporate governance practice. This has put organisations under increasing pressure to identify all the business risks they face and to explain how they manage them.
In fact, the activities involved in managing risks have been recognised as playing a central and essential role in maintaining a sound system of internal control.
While the responsibility for identifying and managing risks belongs to management, one of the key roles of internal audit is to provide assurance that those risks have been properly managed.
We believe that a professional internal audit activity can best achieve its …show more content…
A dynamic process
RBIA is at the cutting edge of internal audit practice. As a result, it is an area that is evolving rapidly and where there is still little consensus about the best way to implement it.
It is more difficult to manage than traditional methodologies. Monitoring progress against an annual plan that is constantly changing is a challenge. Setting targets and appraising staff may become more complex.
But the advantages of RBIA are much greater.
By following RBIA internal audit should be able to conclude that:
Management has identified, assessed and responded to risks above and below the risk appetite
The responses to risks are effective but not excessive in managing inherent risks within the risk appetite
Where residual risks are not in line with the risk appetite, action is being taken to remedy that
Risk management processes, including the effectiveness of responses and the completion of actions, are being monitored by management to ensure they continue to operate effectively
Risks, responses and actions are being properly classified and reported.
This enables internal audit to provide the board with assurance that it needs on three areas: