Risk-Based Internal Audit (RBIA)
A comprehensive mind map about Risk-Based Internal Audit (RBIA).
Tags:
Similar Mind Maps
Outline




1. understand objective (industry & organization)
know comp vission, mission, who the competitors
2. consider IPPF
CAE must ensure planning develop the standard, code of ethics
3. understand stakeholder expectation
CAE must communicate directly to stakeholder. Expectation always change depends on situations
CAE will confirm and document (compile) the expectation
4. update ia vission & mission (to ensure allign with stakeholder expectation)
5. define critical success factor
positioning, process, people
6. perform SWOT
7. identify key initiaitves

collection the data/evidence
interview -> verify -> pbservation -> reperform ->questionnaire -> analytical procedure -> CAATs -> physical inspection -> review report -> confirmation
documentation (prepared by internal auditor, review by management ia)

monitor proces to follow the effect of recommendation
factor consider

criteria
process

evaluation & conclusion process(recommendation)
evaluation & conclusion process(recommendation)
evaluation & conclusion process(recommendation)

(1). understand organization
identifying objective, strategies, structure
review key document
consulting with key stakeholder
create/revisi audit universe
(2). identify, assess, prioritize risk
1. understanding bus. objective, strategies, risk
2. linking
3. documenting risk
communicate the risk to let the comp know about the risk
4. risk assessment approach
specific-risk approach (consider bottom-up: identify specific auditable unit in audit universe)
risk-by-process approach (consider by bus. process as auditable unit)
risk-factor approach (consider top-down: look at high level that common across in auditable unit)
5. measuring risk
consider inherent risk and residual risk (CAE must document the reasons of residual risk)
(3). coordinating with other providers
(4). estimating resources
CAE determine resources need to implement the plan: poeple(labour hours,skill). technology(tools & technique),funding(budget need)
CAE need to maintain skill & knowledge to fulfill expectation
(5). draft ia plan
(6). propose plan & solicating feedback
(7). communicate to finalize the plan, approval
