Accountancy Forum
Risk Management – An Expansion of Audit - Printable Version

+- Accountancy Forum (https://www.accountancy.com.pk/forum)
+-- Forum: The Profession (https://www.accountancy.com.pk/forum/forumdisplay.php?fid=4)
+--- Forum: Accounting and Audit (https://www.accountancy.com.pk/forum/forumdisplay.php?fid=7)
+--- Thread: Risk Management – An Expansion of Audit (/showthread.php?tid=5341)



Risk Management – An Expansion of Audit - awaisaftab - 01-28-2009

Risk Management is a terminology which is currently introduced in the field of audit. Infact is wide term which has been previously used in the business circles. But know many professional accounting bodies like ICMAP has recognized the concept of risk management with the subject of Audit. A subject naming Audit and Risk Management is being taught in the stage-V of ACMA course

<b>Risk Management</b>
The term risk management can be defined in the following words
Risk management is activity directed towards the assessing, mitigating (to an acceptable level) and monitoring of risks"
The concept of Risk is also very important with reference to the risk management. The concept can be defined in the following words
"Risk is a concept that denotes the precise probability of specific eventualities. Technically, the notion of risk is independent from the notion of value and, as such, eventualities may have both beneficial and adverse consequences. However, in general usage the convention is to focus only on potential negative impact to some characteristic of value that may arise from a future event".

In businesses, risk management entails organized activity to manage uncertainty and threats and involves people following procedures and using tools in order to ensure conformance with risk-management policies.

The strategies include transferring the risk to another party, avoiding the risk, reducing the negative effect of the risk, and accepting some or all of the consequences of a particular risk.

Some traditional risk management programs (e.g., health risk assessment) are focused on risks stemming from physical or legal causes (e.g. natural disasters or fires, accidents, ergonomics, death and lawsuits).
Financial risk management is main focused on auditing and internal control. The main object of audit is prevention of assets and frauds.

Risk management is mainly useful for internal auditors but also helpful for external auditors to successfully fulfill their legal and professional responsibilities.
Internal Audit has learnt through much experience that an audit approach must be flexible. The methodology used should take into consideration the needs of the individual client and the University environment and culture. Within this context Internal Audit expanded its risk management approach to auditing.

Risk management allows a consultative approach that can focus on the higher risk areas thus giving maximum value.

<b>Main Elements of Risk Management</b>
1. Establish the Context
2. Risk Identification
What are the risks associated with

Key services?
Impact of legislation?
Critical success factors?
3. Risk Analysis/Assessment
Is the combination of likelihood and consequences (will range from minor to major)
What are the existing controls? Are they adequate?
Likelihood and consequences with existing controls in place. (Level of risk is mitigated by internal controls and systems).
Use experience, judgment and intuition for the qualitative review
4. Risk Treatment
Where identified high risks are not mitigated by good internal controls and systems these areas will be the major focus of the audit review and subsequent recommendations.

5. Monitoring and Review
All audit recommendations are monitored and are subject to follow up audits. Progress reports must be submitted to audit as recommendations are implemented


Awais Aftab



- awaisaftab - 03-05-2009

I wrote this topic on January 28 but so far I do not have received from any one. I want to get comments from other professionals whether my view is right that risk management is an expanssion of Internal Audit. Please send me your comments. I requested it especially from mr Kamran

Regards,

Awais



- Toronto_Boy - 03-06-2009

Dear awaisaftab

Concepts of risk management are not new to profession, however, the role of internal auditors has increased significantly in last 3 decades. Nature of their job is consultative, and not authoritative. They add value through suggestions to management about improvements of controls, processes etc. to manage and mitigate risk. Management and Board of Directors are responsible for risk management and mitigation and to enforce suggestions from CIA. So, you can say that internal auditors have now added responsibilities to provide suggestions for risk management.

I hope it helps.

Regards


- wasim akram - 03-06-2009

Dear Awaisaftab,
Internal audit is based on management of risk.
Your topic is wide spreading and you have quite impresively and precisely commented on it. May I sugest you to interpret your topic in short segments. so that one can comment in short passage. It will save time(with excuses from my point of view) would be read and commented effectively. Subjective and objective rquirement of the topic should be identified. So one can understand quite in line with those of interpretor.
As far as your topic is concerned, It is my favourite becoz I spent almost 8 years at key post in globaly knowned group of companies. In the Element of Risk, I suggetn to add Dimension or Quantum of Risk. Remember Internal auditor is not the part of board of directors but allow Department of Internal Audit to check application of policies and procedures adopted by the board. An internal Auditor is supposed to look into the risks like ones own and suggest prudently managment of the risks without harrasment within the organization and so on .....
time and cost is again the greatest risk..............of my own.........till next.


- awaisaftab - 03-07-2009

Thnak you wasim for your comments and valuable addition.

Regards,

Awais



- awaisaftab - 12-30-2009

<blockquote id="quote"><font size="1" face="Verdana, Arial, Helvetica, san" id="quote">quote<hr height="1" noshade id="quote"><i>Originally posted by wasim akram</i>
<br />Dear Awaisaftab,
Internal audit is based on management of risk.
Your topic is wide spreading and you have quite impresively and precisely commented on it. May I sugest you to interpret your topic in short segments. so that one can comment in short passage. It will save time(with excuses from my point of view) would be read and commented effectively. Subjective and objective rquirement of the topic should be identified. So one can understand quite in line with those of interpretor.
As far as your topic is concerned, It is my favourite becoz I spent almost 8 years at key post in globaly knowned group of companies. In the Element of Risk, I suggetn to add Dimension or Quantum of Risk. Remember Internal auditor is not the part of board of directors but allow Department of Internal Audit to check application of policies and procedures adopted by the board. An internal Auditor is supposed to look into the risks like ones own and suggest prudently managment of the risks without harrasment within the organization and so on .....
time and cost is again the greatest risk..............of my own.........till next.
<hr height="1" noshade id="quote"></font id="quote"></blockquote id="quote">

Obviously Internal Auditor is not the part of Board of Directors. Howerver Code of Corporate Governance issued for the listed companies lays down that there should be effective coordination between Internal Auditor and the BOD. Under code 30 of CCG 2002

"The Board of Directors of every listed company shall establish an Audit Committee, which shall comprise not less than three members, including the chairman. Majority of the members of the Committee shall be from among the non-executive directors of the listed company andthe chairman of the Audit Committee shall preferably be a non-executive director. The names of members of the Audit Committee shall be disclosed in each annual report of the listed company"

Code 32 specifies

"The CFO, the head of internal audit and a representative of the external auditors shall attend meetings of the Audit Committee at which issues relating to accounts and audit are discussed.
Provided that at least once a year, the Audit Committee shall meet the external auditors without the CFO and the head of internal audit being present.
Provided further that at least once a year, the Audit Committee shall meet the head of internal audit and other members of the internal audit function without the CFO and the external auditors being present."
Under code 35 and 36 there should be an Internal Audit Function (Department) in each listed companies.

Audit committe of a listed company is responsible to ensure the effective implementation of internal audit function in the listed compan.