Beruflich Dokumente
Kultur Dokumente
&
A L I D I T I N G
auditing
28
because risks are only releviint in the context of these objectives. For example, if
an individual's objective is to .stay at home
and watch TV, he wouldn't worry about
the risk of a flat tire: however, he might
worry about being intermpted by his children, attending to a phone call, or cooking dinner, because tliese risks impact the
objecdve of watching TV.
Essentially,riskpattems help
intemal auditors identify those
risks that together, interact to
form a dangerous situation.
EXHIBIT 1
Sun/ey Example
Objective
Excellent
Good
Fair
Below Average
Excessive Overtime
Poor
Pervasive
Frequent
Average
Infrequent
Rare
29
assessing the effectiveness of various controls to mitigate those risLs. It's ;in expansive andtime-consumingactivity that is typically carried out by multiple auditors,
asing multiple independent applications, pR>
cesses, workpapers, ;uid tcxils. Without adequate communication and coordination
between them, it is likely that intemal audit
activities would be duplicated at various
points across the organization, thus lowering
efficiency and raising co.sts.
But what if tiiere was one single system
to unite all audit processes, entities, systems,
tools, and workflows? Communication
across the enterpiise would be enhanced, visibility into risks and audits would improve,
and duplicate and redundant audit activities
could be eliminated.
Technology enables a centralized audit
infrastructure that can provide a single
point ofreferenceto identify and assess ri.sks
across the enterprise, gather and share risk
information, and manage the entire audit life
cycle. It also enables tiie creation of centralized libraries where the entire risk
inventoryalong with controls, assessments,
audit data, and reportscan be efficiently
organized, stored, managed, and shared.
With these centralized repositories of
information, intemal auditors and managers
are better equipped to understand risks and
their relationship to the organization's
objectives. They can al.so more accurately
map risks to processes, controls, entities,
and regulations. This, in tum, simplifies the
creation of the audit universe and helps formulate a systematic and resource-efficient
plan for audit management.
Because surveys are a major part of tiie
risk-ba.sed audit plan, technology can help
by streamlining the entire prcx;ess of survey design, distribution, implementation,
andrespon.secollection across depiutments,
business units, and geographic liK-ations.
In addition, it can automate the pnx'ess of
monitoring risk controls and creating
reports, as well as ensure that findings
and problem areas identified tiirough audits
are appropriately investigated and resi)lved.
In this way, intemal auditoi-s can .save valuable time and re.sources and eliminate Uie
need for cumbersome spreadsheets. Some
technological tcx)ls such as dashboanls. risk
heat maps, and chiirts ciui facilitate transparency in audits by providing valuable
risk insights and intelligence that can be
presented to stakeholders.
Creating Value
EXHIBIT 2
Risk Patterns by Objective
100%
90%
Risk F
I Risk E
50%
RiskD
ELEMENTS OF A
GOOD RISK-BASED
AUDIT PLAN:
I Risk C
40%
RiskB
I Risk A
30%
20%
10%
0%
Accurate Financial
Reporting
30
Reduce Supplier
Costs
Employee Safety
Copyright of CPA Journal is the property of New York State Society of CPAs and its content may not be copied
or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission.
However, users may print, download, or email articles for individual use.