Mind Map Gallery Risk-Based Internal Audit (RBIA)
- Page:01
无数据
- 215
- 2
Risk-Based Internal Audit (RBIA)
A comprehensive mind map about Risk-Based Internal Audit (RBIA).
Edited at 2021-06-27 11:00:38
- Recommended to you
- Outline
RBIA(framework ia process)
(1) strategic audit planning
develop by CAE and report to AC
AC responsible to look into the planning to ensure align with objective
1. understand objective (industry & organization)
know comp vission, mission, who the competitors
2. consider IPPF
CAE must ensure planning develop the standard, code of ethics
3. understand stakeholder expectation
CAE must communicate directly to stakeholder. Expectation always change depends on situations
CAE will confirm and document (compile) the expectation
4. update ia vission & mission (to ensure allign with stakeholder expectation)
5. define critical success factor
positioning, process, people
6. perform SWOT
7. identify key initiaitves
(3) performing engagement(implement the plan)
collection the data/evidence
interview -> verify -> pbservation -> reperform ->questionnaire -> analytical procedure -> CAATs -> physical inspection -> review report -> confirmation
documentation (prepared by internal auditor, review by management ia)
(6) follow up
monitor proces to follow the effect of recommendation
factor consider
(5) reporting (communication)
criteria
process
(4) evaluation/conclusion
evaluation & conclusion process(recommendation)
evaluation & conclusion process(recommendation)
evaluation & conclusion process(recommendation)
(2) engagement planning(development)
(1). understand organization
identifying objective, strategies, structure
review key document
consulting with key stakeholder
create/revisi audit universe
(2). identify, assess, prioritize risk
1. understanding bus. objective, strategies, risk
2. linking
3. documenting risk
communicate the risk to let the comp know about the risk
4. risk assessment approach
specific-risk approach (consider bottom-up: identify specific auditable unit in audit universe)
risk-by-process approach (consider by bus. process as auditable unit)
risk-factor approach (consider top-down: look at high level that common across in auditable unit)
5. measuring risk
consider inherent risk and residual risk (CAE must document the reasons of residual risk)
(3). coordinating with other providers
(4). estimating resources
CAE determine resources need to implement the plan: poeple(labour hours,skill). technology(tools & technique),funding(budget need)
CAE need to maintain skill & knowledge to fulfill expectation
(5). draft ia plan
(6). propose plan & solicating feedback
(7). communicate to finalize the plan, approval
update the plan