Emphasis on Risk Approach
The primary role of internal audit function is to support an organization in achieving its objectives. By definition, the internal audit function provides a systematic approach to evaluate and improve the effectiveness of risk management and governance processes.
The mission of internal audit is to protect and increase organizational value. This is done by providing risk based and objective assurance, insight and advice. The Core Principles of Internal Auditing as listed by the Institute of Internal Auditors include, inter alia, providing risk-based assurance and aligning internal audit activity with the strategies, objectives and risks of the organization.
Risk Assessment and Audit Planning
Internal Audit is expected to evaluate the organization’s governance, risk management and control processes using a systematic and risk-based approach.
While evaluating the risk management processes, the internal auditor should determine if
1) The organization’s objectives align with their mission
2) Significant risks are identified and assessed
3) the response to identified risks are appropriate, given the level of risk appetite of the organization.
The internal auditor is also expected to evaluate the potential for fraud risk in the organization and also the efforts taken by the organization to manage such risks.
Evaluation of Controls
While performing internal audit engagement field work, the auditor should evaluate if adequate controls exist to mitigate the risks identified. And such controls must be designed and operating effectively.
Reporting and Follow Up:
While reporting on the findings of the audit, the internal auditor should highlight the risks that arise out of the issues being reported. The auditor should also indicate the impact to the organization due to the risk exposure and lack of adequate controls. The report should also include recommendations detailing the course of action to mitigate the risk for each such finding.
During the follow-up process, internal auditors should assess whether management has taken action on the findings and suggestions. If management fails to adopt the recommended action plan in a timely manner, the organisation may face strategic, financial, and legal problems.
For enquires call @ +971 45 570 204 / Email Us : [email protected]