ebook ebooks e-book e-books downloaden bei MyEbooks.ch downloaden

Risk-Based Internal Audit

:	Jason Lee Mefford
:	Risk-Based Internal Audit
:	BookBaby
:	9781631922626
:	1
:	CHF 33.50
:

:	Betriebswirtschaft
:	English

:	154
:	DRM
:	PC/MAC/eReader/Tablet
:	ePUB

Internal auditors are told they need to develop a risk-based audit plan, but many internal audit activities simply risk rank their audit universe and believe that is risk-based auditing. Risk-based internal auditing is about aligning the annual audit plan, and corresponding audit projects and efforts, with the objectives of the organization. This book takes a unique approach to risk-based auditing by incorporating risk management and internal audit concepts to create a new Risk-Based Internal Audit Framework, while still being consistent with internal auditing standards. The risk-based internal auditing framework includes seven related components: Understand, Identify, Assess, Plan, Perform, Report, and Monitor. The focus of this book is to explain how to approach the Understand, Identify and Assess components of the framework in an innovative way, improving the overall value internal audit can provide to its organization, instead of testing the same internal controls over and over again. The principles outlined in this book are applicable to internal audit activities in any organization. This book provides answers and practical how-to information to help internal audit activities take that next step in the evolution of the internal audit profession. It is a must read for any internal auditor.

Chapter 2:

The Big Picture of Business and Principled Performance

The Big Picture of Business and Principled Performance

Organizations are created to meet specific objectives or meet identified needs. For many organizations a major objective is to earn money and make a profit for its owners and investors. Even public sector and nonprofit entities are concerned about staying within financial budgets and providing a net contribution, after expenses, the organization can use for providing those services. Other objectives often relate to strategic, operational, customer, or processes. We will discuss objectives in more detail later in the book.

Regardless of the type of organization, a group of concerned individuals came together seeing some opportunities or needs in the marketplace. They created a business model to meet those objectives. Business models include strategy, processes, technology and infrastructure that help organizations meet their objectives.

Along the road to meeting objectives, uncertainty happens; uncertainty that invariably has an impact on whether or not the organization will meet its objectives. This uncertainty comes in the form of opportunities and threats, which we will discuss in more detail later in the book. This uncertainty creates obstacles the organization must navigate around on the way to meeting its objectives.

In addition to navigating around the obstacles, an organization must also stay within certain mandatory and voluntary boundaries. Mandatory boundaries include those requirements imposed on an organization by an external party: for example, laws and regulations. Voluntary boundaries are values, policies, procedures, processes, contracts and promises the organization has voluntarily chosen to follow. Often these voluntary promises are made in public statements expressed to its stakeholders or are in the form of agreements with its business partners.

A stakeholder is a person, group, or organization that has direct or indirect stake in an organization because it can affect or be affected by the organization's actions, objectives, and policies. This is a very broad definition, but in today’s inter-connected world it means almost anyone can be a stakeholder of your organization.

To summarize, organizations are trying to achieve certain objectives, while navigating around obstacles and staying within boundaries. Principled Performance2 is the reliable achievement of objectives while addressing uncertainty and acting with integrity. In order for an organization to reliably achieve its objectives, it must ensure it addresses opportunities, threats and requirements.

We can put all of these concepts together into a graphical representation like this:

Graphic: The Big Picture of Business

But if we are here to discuss risk-based auditing, you may be asking why are we spending time discussing this “Big Picture” of business?

Managers are concerned with meeting the organization’s objectives. They have implemented actions and controls to help ensure they meet organizational objectives and are not stopped by the obstacles they face. They also create processes and policies to help ensure they remain in compliance with the boundaries within which they are expected to remain. Risk-based internal auditing is concerned with focusing on objectives, not controls, which is also management’s concern.

Ofte