Fundamentals of Risk Management
Download 3.45 Mb. Pdf ko'rish
|
Fundamentals of Risk Management
- Bu sahifa navigatsiya:
- Internal audit activities scope of internal audit
|
Risk assurance
410 Whilst the work of the external auditor is not primarily conducted for the benefit of the organization, the audit and risk assurance committee should nevertheless engage with this activity. As well as considering the results of external audit work and resolution of identified weaknesses, they should enquire about and consider the planned audit approach of the external auditor. They should also consider the way in which the external auditor is co-operating with internal audit to maximize overall audit efficiency, capture opportunities to derive a greater level of assurance and minimize unnecessary duplication of work. In addition, they should review and consider the potential implications for the organization of the wider work carried out by the external auditor, for example, value for money reports and good practice findings. HM Treasury (2016) Level of risk assurance 35 Internal audit activities scope of internal audit There needs to be a close working relationship between risk management and internal audit. The responsibilities allocated to each of these functions will vary according to the nature, type and size of the organization. This is an important working relation- ship, because successful management of risk depends on four important risk-based outputs, which can be summarized as MADE2: ● ● mandatory as required by laws, customers/clients and standards; ● ● assurance for the management team and other stakeholders; ● ● decision making based on the best information available; ● ● effective and efficient core processes throughout the organization. It is clear that if these outputs are to be successfully delivered, all stakeholders need to work together, and that includes co-operation between risk management and internal audit. The range of activities that are related to risk assurance are explored in Chapter 34. The important contribution made by internal audit and the range of activities that the internal audit department undertake are considered in more detail in this chapter. Internal control is concerned with the methods, procedures and checks that are in place to ensure that a business organization meets its objectives. Because internal control is concerned with the fulfilment of objectives, there is a clear link with risk management activities. Internal control activities within a large organization are likely to be evaluated by the internal audit department. In some cases, the internal audit function may be outsourced to an external accountancy firm. Although there is a distinction between the approach and activities of internal audit and of risk management, there are areas of common interest. It is generally accepted that risk management is an executive function that should be undertaken by the executive members of the organization. This leads to the conclusion that the risk management committee should be chaired by an executive board-level director. Internal audit is primarily concerned with risk assurance, and this will be the con- cern of the non-executive audit committee in a large organization. Given that internal Download 3.45 Mb. Do'stlaringiz bilan baham: 
|