Wondershare EdrawMind

Log in
Sign up

Return to Mind Map Gallery

Risk-Based Internal Audit (RBIA)

A comprehensive mind map about Risk-Based Internal Audit (RBIA).

Similar Mind Maps

Outline

level

RBIA(framework ia process)

level

(1) strategic audit planning

level

develop by CAE and report to AC

level

AC responsible to look into the planning to ensure align with objective

1. understand objective (industry & organization)

know comp vission, mission, who the competitors

2. consider IPPF

CAE must ensure planning develop the standard, code of ethics

3. understand stakeholder expectation

CAE must communicate directly to stakeholder. Expectation always change depends on situations

CAE will confirm and document (compile) the expectation

4. update ia vission & mission (to ensure allign with stakeholder expectation)

5. define critical success factor

positioning, process, people

6. perform SWOT

7. identify key initiaitves

level

(3) performing engagement(implement the plan)

collection the data/evidence

interview -> verify -> pbservation -> reperform ->questionnaire -> analytical procedure -> CAATs -> physical inspection -> review report -> confirmation

documentation (prepared by internal auditor, review by management ia)

level

(6) follow up

monitor proces to follow the effect of recommendation

factor consider

level

(5) reporting (communication)

criteria

process

level

(4) evaluation/conclusion

evaluation & conclusion process(recommendation)

evaluation & conclusion process(recommendation)

evaluation & conclusion process(recommendation)

level

(2) engagement planning(development)

(1). understand organization

identifying objective, strategies, structure

review key document

consulting with key stakeholder

create/revisi audit universe

(2). identify, assess, prioritize risk

1. understanding bus. objective, strategies, risk

2. linking

3. documenting risk

communicate the risk to let the comp know about the risk

4. risk assessment approach

specific-risk approach (consider bottom-up: identify specific auditable unit in audit universe)

risk-by-process approach (consider by bus. process as auditable unit)

risk-factor approach (consider top-down: look at high level that common across in auditable unit)

5. measuring risk

consider inherent risk and residual risk (CAE must document the reasons of residual risk)

(3). coordinating with other providers

(4). estimating resources

CAE determine resources need to implement the plan: poeple(labour hours,skill). technology(tools & technique),funding(budget need)

CAE need to maintain skill & knowledge to fulfill expectation

(5). draft ia plan

(6). propose plan & solicating feedback

(7). communicate to finalize the plan, approval

level

update the plan

Risk-Based Internal Audit (RBIA)

2

154

level

RBIA(framework ia process)

level

(1) strategic audit planning

level

develop by CAE and report to AC

level

AC responsible to look into the planning to ensure align with objective

1. understand objective (industry & organization)

know comp vission, mission, who the competitors

2. consider IPPF

CAE must ensure planning develop the standard, code of ethics

3. understand stakeholder expectation

CAE must communicate directly to stakeholder. Expectation always change depends on situations

CAE will confirm and document (compile) the expectation

4. update ia vission & mission (to ensure allign with stakeholder expectation)

5. define critical success factor

positioning, process, people

6. perform SWOT

7. identify key initiaitves

level

(3) performing engagement(implement the plan)

collection the data/evidence

interview -> verify -> pbservation -> reperform ->questionnaire -> analytical procedure -> CAATs -> physical inspection -> review report -> confirmation

documentation (prepared by internal auditor, review by management ia)

level

(6) follow up

monitor proces to follow the effect of recommendation

factor consider

level

(5) reporting (communication)

criteria

process

level

(4) evaluation/conclusion

evaluation & conclusion process(recommendation)

evaluation & conclusion process(recommendation)

evaluation & conclusion process(recommendation)

level

(2) engagement planning(development)

(1). understand organization

identifying objective, strategies, structure

review key document

consulting with key stakeholder

create/revisi audit universe

(2). identify, assess, prioritize risk

1. understanding bus. objective, strategies, risk

2. linking

3. documenting risk

communicate the risk to let the comp know about the risk

4. risk assessment approach

specific-risk approach (consider bottom-up: identify specific auditable unit in audit universe)

risk-by-process approach (consider by bus. process as auditable unit)

risk-factor approach (consider top-down: look at high level that common across in auditable unit)

5. measuring risk

consider inherent risk and residual risk (CAE must document the reasons of residual risk)

(3). coordinating with other providers

(4). estimating resources

CAE determine resources need to implement the plan: poeple(labour hours,skill). technology(tools & technique),funding(budget need)

CAE need to maintain skill & knowledge to fulfill expectation

(5). draft ia plan

(6). propose plan & solicating feedback

(7). communicate to finalize the plan, approval

level

update the plan

Mind Map

Outline

1

Page-1

This work was published by EdrawMind user WS8rW5Zx and does not represent the position of Edraw Software.

100%