Emphasis on Risk Approach 

The primary role of internal audit function is to  support an organization in achieving its  objectives. By definition, the internal audit  function provides a systematic approach to  evaluate and improve the effectiveness of risk  management and governance processes.  

The mission of internal audit is to protect and  increase organizational value. This is done by  providing risk based and objective assurance,  insight and advice. The Core Principles of Internal Auditing as listed by the Institute of  Internal Auditors include, inter alia, providing  risk-based assurance and aligning internal  audit activity with the strategies, objectives  and risks of the organization.  

Risk Assessment and Audit Planning 

Internal Audit is expected to evaluate the  organization’s governance, risk management  and control processes using a systematic and  risk-based approach.  

While evaluating the risk management  processes, the internal auditor should  determine if 

1) The organization’s objectives align with  their mission  

2) Significant risks are identified and assessed 

3) the response to identified risks are  appropriate, given the level of risk appetite of  the organization. 

The internal auditor is also expected to evaluate the potential for fraud risk in the  organization and also the efforts taken by the  organization to manage such risks. 

Evaluation of Controls 

While performing internal audit engagement  field work, the auditor should evaluate if  adequate controls exist to mitigate the risks  identified. And such controls must be designed  and operating effectively.  

Reporting and Follow Up: 

While reporting on the findings of the audit, the  internal auditor should highlight the risks that  arise out of the issues being reported. The  auditor should also indicate the impact to the  organization due to the risk exposure and lack  of adequate controls. The report should also  include recommendations detailing the  course of action to mitigate the risk for each  such finding. 

During the follow-up process, internal auditors should assess whether management has taken action on the findings and suggestions. If management fails to adopt the recommended action plan in a timely manner, the organisation may face strategic, financial, and legal problems.

For enquires call @ +971 45 570 204 / Email Us : [email protected]

What KGRN Clients are saying?