August 2013
Intermediate to advanced
304 pages
7h 3m
English
Content preview from Audit Planning: A Risk-Based Approach
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
7
KEEPING THE ACCENT ON RISK
Risk—The possibility of an event occurring that will have an impact on the achievement of objectives. Risk is measured in terms of impact and likelihood.
—IIA Glossary of Terms
INTRODUCTION
We have used the term “risk-based audit planning” throughout this book to highlight the way audits can be aligned to the risk management process that operates within the organization in question. This short chapter seeks to reinforce the focus on risk by developing a suitable model. Risk-based audit planning is about:
- Targeting high-risk areas for audit coverage.
- Promoting a discussion of risk with the management.
- Starting with risk as the first step in the risk-based auditing process.
- Building a role for internal auditing within the ERM framework.
- Developing good knowledge of risk appetite, risk triggers, and the corporate approach to risk management.
- Enabling audit to validate the risk management process that runs across the organization.
One view suggests that there are several different approaches to planning audit work:
Systematic risk scoring. Here, key factors are developed to reflect the audit view of risk and then the entire organization is scored against these factors. The approach is logical and can be consistently applied across the organization. A database of relevant factors can be compiled to represent the risk assessments, which can be weighed and updated as new information comes on line. The drawback is that the approach is old fashioned and suggests ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.