audit universe risk assessment for strategic and annual internal audit plan

Download Audit Universe Risk assessment for strategic and annual internal audit plan

Post on 22-Feb-2016




1 download

Embed Size (px)


Audit Universe Risk assessment for strategic and annual internal audit plan. Yerevan 2013. Audit Universe. Internal Audit can audit all public entities: RA President’s Office, Administration of People’s Assembly, Government Administration, Ministries and agencies. Audit Universe. - PowerPoint PPT Presentation


Audit UniverseRisk assessment for strategic and annual internal audit planYerevan 2013

Audit UniverseInternal Audit can audit all public entities: RA Presidents Office,Administration of Peoples Assembly,Government Administration, Ministries and agencies.Audit UniverseAs well, internal audit can audit:Public non-commercial entities,Joint stock companies with public share of over 50%.

Internal audit structure in RAAudit units are set up only in public entities and city Prefects Offices.

The above units are obliged to carry out audits in non-commercial entities and closed joint-stock companies within the scope of these entities or prefects offices. Objects of AuditObjects of audit in Armenia are such business processes in an entity which are carried out in order to achieve its objectives. Procedure for Identification of Business ProcessesThe audit unit identifies all ongoing processes in a unit and groups them into respective business processes

Identification is done by employing horizontal, vertical and aggregate system.Classification of business processesThe audit unit assigns individual ID code to each identified process. The ID code contains information about the manager of the process and who is responsible for its implementation (including the unit in charge).Models employed in risk assessmentA number of risk assessment models are applied in Armenia, such as :Model based on risk indicators,Model based on criteria applicable to groups of organizations.

Model based on risk indicatorsIndicators are scenarios which, once they appear, we add scores to each of them, and the risk is assessed depending on the scoreThis model is used by Customs AuthoritiesModel based on criteria applicable to a group of organizations.Selection of organizations follows a number of criteria, for instance: annual turnover or budget financing, number of public contracts, etc. This model is used by the Financial Control InspectionModel underlying the Guidelines for Internal Audit in the Republic of ArmeniaThe risk assessment relies on self-assessment of auditeesIdentification of RisksEntities or persons in charge of implementation and development of respective processes must submit their risk assessment per each process to the audit unit before the beginning of the reporting year, both from the point of view of eventual failure to implement this process and potential impact due to non-implementation of this process. Identification of risksInformation on the nature of the risk is submitted along with the risk assessment to the internal audit unit

Scores are applied from 1 to 4NBrief description of process

Nature of riskProbability assessmentImpact assessment12Actions undertaken by the auditors while reviewing risk indicatorsHaving received information on risk assessment from auditees, the Internal Audit Unit applies review factors.Review factors are selected within range from 0.5 to 1.5.

Risk indicator = A*a*b**nReview factorsRate of financingComplaints receivedIncentives Structural or other changesotherRisk AssessmentProbability4555345523451234ImpactRisk GroupFieldHigh5Significant4Medium3Low1 217Risk GroupsRisk groupSelection rateHigh100%Significant33%Medium17%Low5%18Selection rates by risk groupsPriorities in selectionWhile selecting for significant, medium and low risk groups, it is necessary to establish priorities, i.e. the processes to be selected for strategic and annual planning.Establishing prioritiesThese are established based on risk value in the previous 3 years.To estimate the priority ratio, it is necessary to compare the risk value as obtained by the auditors with the risk value in each of the previous years.The first ratio shall be determined depending on how the risk value has changedEstimate Ratio Matrix (R)

Impact by yearsPrevious Year 3 Previous Year 2Previous Year

Preemptive ratio (PR)123Priority Ratio (PR) FormulaPR = (R1)x(PR1) + (R2)x(PR2) + (R3)x(PR3)23Making a strategic planAfter all these estimates all selected processes must be included in the straegic plan

Yet, having prepared their strategic plan, the auditors must estimate technical and human resources required to carry out the respective audit tasksEstimatesResources are estimated in order to identify what is needed to implement the audit tasksIf the resources are not sufficient for implementation of the annual plan, the audit unit shall attract additional resources, including experts.

25Table to Estimate of Available ResourcesDescriptionPersons/dayEstimateAvailable resourcesAnnual leaveHolidays and off-daysAbsence for health reasonsTrainingsEmergencies Available resources per yearAn estimate of the required resourceAction planPlanningImplementation of proceduresReport Follow upTotal Secretariat11226Administration31515538Law Unit153110Shirak Regional Unit215151547Syunik Regional Unit215151547Total 9515038148Thank you for attention!

Grigor Aramyan

tel: +37491 40-70-67e-mail:


View more >