Audit UniverseRisk assessment for strategic and annual internal audit plan
Yerevan 2013
Audit UniverseInternal Audit can audit all public entities: RA President’s Office,Administration of People’s
Assembly,Government Administration, Ministries and agencies.
Audit UniverseAs well, internal audit can audit:Public non-commercial entities,Joint stock companies with public
share of over 50%.
Internal audit structure in RAAudit units are set up only in public
entities and city Prefects’ Offices.
The above units are obliged to carry out audits in non-commercial entities and closed joint-stock companies within the scope of these entities or prefects’ offices.
Objects of Audit
Objects of audit in Armenia are such business processes in an entity which are carried out in order to achieve its objectives.
Procedure for Identification of Business ProcessesThe audit unit identifies all ongoing processes in a unit and groups them into respective business processes
Identification is done by employing horizontal, vertical and aggregate system.
Classification of business processesThe audit unit assigns individual ID code to each identified process. The ID code contains information about the manager of the process and who is responsible for its implementation (including the unit in charge).
Models employed in risk assessmentA number of risk assessment models are applied in Armenia, such as :Model based on risk indicators,Model based on criteria
applicable to groups of organizations.
Model based on risk indicatorsIndicators are scenarios which,
once they appear, we add scores to each of them, and the risk is assessed depending on the score
This model is used by Customs Authorities
Model based on criteria applicable to a group of organizations.Selection of organizations follows
a number of criteria, for instance: annual turnover or budget financing, number of public contracts, etc.
This model is used by the Financial Control Inspection
Model underlying the Guidelines for Internal Audit in the Republic of ArmeniaThe risk assessment relies on
self-assessment of auditees
Identification of RisksEntities or persons in charge of implementation and development of respective processes must submit their risk assessment per each process to the audit unit before the beginning of the reporting year, both from the point of view of eventual failure to implement this process and potential impact due to non-implementation of this process.
Identification of risksInformation on the nature of the risk is submitted along with the risk assessment to the internal audit unit
Scores are applied from 1 to 4
N Brief description of process
Nature of risk Probability assessment
Impact assessment
12
Actions undertaken by the auditors while reviewing risk indicators
Having received information on risk assessment from auditees, the Internal Audit Unit applies review factors.Review factors are selected within range from 0.5 to 1.5.
Risk indicator = A*a*b*…*n
Review factorsRate of financingComplaints receivedIncentives Structural or other changesother
Risk AssessmentProbabi
lity4 5 5 5
3 4 5 5
2 3 4 5
1 2 3 4
Impact
Risk Group Field
High 5
Significant 4
Medium 3
Low 1 և 2
17
Risk Groups
Risk group Selection rate
High 100%
Significant 33%
Medium 17%
Low 5%
18
Selection rates by risk groups
Priorities in selectionWhile selecting for significant,
medium and low risk groups, it is necessary to establish priorities, i.e. the processes to be selected for strategic and annual planning.
Establishing prioritiesThese are established based on risk
value in the previous 3 years.To estimate the priority ratio, it is
necessary to compare the risk value as obtained by the auditors with the risk value in each of the previous years.
The first ratio shall be determined depending on how the risk value has changed
Estimate Ratio Matrix (R)
Impact by years
Previous Year 3
Previous Year 2
Previous Year
Preemptive ratio (PR) 1 2 3
Priority Ratio (PR) Formula
PR = (R1)x(PR1) + (R2)x(PR2) + (R3)x(PR3)
Making a strategic planAfter all these estimates all selected processes must be included in the straegic plan
Yet, having prepared their strategic plan, the auditors must estimate technical and human resources required to carry out the respective audit tasks
EstimatesResources are estimated in order
to identify what is needed to implement the audit tasks
If the resources are not sufficient for implementation of the annual plan, the audit unit shall attract additional resources, including experts.
Table to Estimate of Available Resources
Description Persons/day Estimate
Available resources
Annual leave
Holidays and off-days
Absence for health reasons
Trainings
Emergencies
Available resources per year
An estimate of the required resource
Action plan Planning Implementation of procedures Report Follow up Total
Secretariat 1 1 2 2 6Administration
3 15 15 5 38
Law Unit1 5 3 1 10
Shirak Regional Unit2 15 15 15 47
Syunik Regional Unit2 15 15 15 47
Total 9 51 50 38 148