Internal Auditing - Business Process & Risk

Card Set Information

Internal Auditing - Business Process & Risk
2014-09-21 17:09:19
Internal Auditing Business Process Risk

Internal Auditing - Business Process & Risk
Show Answers:

  1. Business Activities
    Operating Processes

    Management and Support Services

  2. BA - Operating Processes
    Understand Environment, Develop Strategy, Design Product or service, market and sell

    Mftg - process which it makes and sells product

    Service - process market and deliver service
  3. BA - Projects
    For unique jobs

    Project Operate: asset for itself(drill oil well and use)

    Project Delivery: asset to pass off(engineer makes coaster then passes to park)
  4. BA - Mgmgt Support Services
    Activities that oversee & support org core value

    HR, IT, Legal, Governance
  5. Business Model
    Auditors must understand to add value

    • Is org vision, mission and values
    • what they sell, how they market and supply/delivery
  6. Top Down Approach (Processes)
    • Top down: org objective to key processes
    • risk: overlooking processes that are critical
  7. Bottom-Up Approach (Processes)
    • Down up: begin by looking at all processes at the activity level.
    • id documentation by process owners
  8. Once Processes are ID, you determine what next
    Key objectives of the processes: why does it exist, how does it contribute etc.
  9. Once the objectives are understood, next step is to understand
    inputs/outputs of process and specific activities needed to achieve the process objectives
  10. Order of business model
    • Id Processes
    • Determine key objectives of processes
    • Understand inputs/outputs of processes
    • Evaluate business risks
    • Asses risks: impact & likelihood
    • Link risks to specific objectives
    • Develop responses to risk
  11. Once processes are id they should be
    Documented: by process owner
  12. Documentation options
    Process Maps: visual(flow chart)

    Process Narratives: written (oral part of flow)

    Can be high level or detailed level
  13. Process Maps should have
    • Mapping Symbols
    • Flow from left to right or top to bottom
  14. Business Risk
    • Strategic
    • Compliance
    • Reporting
    • Operation
  15. Strategic Risk examples
    • External: competition, technology
    • Internal: Reputation, Governance
  16. Compliance Risk examples
    • External: Regulatory, Litigation
    • Internal: Ethics, Fraud
  17. Reporting Risk examples
    • External: Acct/Finc Reporting, Taxation
    • Internal: Budgeting, Performance Issues

    also has Information Resources
  18. Operation Risk examples
    • Process: Supply chain,Cycle time
    • People: Manpower, communications
    • Financial: Interest rates, commodity pricing
  19. Assess Risk
    Impact and Likelihood

    3-5 categories (low, med, high)
  20. Likelihood of risk
    • Can be evaluated by assessing the odds or probability of the risk impact occuring 
    • x axis put in ranges (ex: remote 0-10%)
  21. Impact of Risk
    • adverse effect of risk if it occurs
    • Y axis needs boundaries
  22. Risk assessment Model
    Matrix of impact (y-axis) and likelihood (x-axis)

    combination of impact and likelihood determines importance/significance of risk
  23. Once risk is identified
    • Like risks with specific objectives
    • use matrix:
    • y-axis - objectives
    • x-axis - risks
  24. Once risks are Id
    Develop responses
  25. Risk Responses Types
    Avoidance: exit product line or sell division

    Reduction: Action taken to reduce likelihood or impact

    Sharing: Outsource, hedge, buy insurance

    Acceptance: no action taken
  26. Mapping business risk to business process
    To determine if risks are being managed correctly

    use Matrix with risk on top and process on left (key link and secondary link)

    EX: Int rates volatile + pricing based on int rates = a link
  27. Key Link
    those in which the process plays a direct and key role in managing risk
  28. Secondary Link
    Ones in which the process helps to manage the risk indirectly
  29. Can we use this for engagements
  30. Business Processing Outsourcing
    Act of transferring some of an organizations business processes to an outside providers