Execute A Risk Assessment

Uploaded by

Rhea Simone

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

135 views

Execute A Risk Assessment

Uploaded by

Rhea Simone

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 2

IIA Audit Tool

Category: Professional
Purpose: How To

Risk Engagement
Gather Information Planning Reporting
Assessment Execution

This tool references specific standards from the International Standards for the Professional Practice of Internal
Auditing. Additionally, internal auditors are encouraged to consult the IIA Practice Guide, Engagement Planning:
Establishing Objectives and Scope, which provides detailed information about building upon the risk assessment to
develop the engagement objectives and scope.

Because any single internal audit engagement cannot cover every risk, internal auditors assess the significance of
the risks identified by management, during previous internal audit engagements, and audits or assessments of other
internal or external entities or consultants as described in Standard 2050 – Coordination and Reliance.

Standard 2210 – Engagement Objectives states that objectives must be established for each engagement, and
Standard 2210.A1 requires a preliminary assessment of the risks relevant to the activity under review. Internal
auditors may interview relationship owners, business managers, procurement managers, legal personnel, and other
relevant personnel who have technical knowledge that can assist in identifying risks to the area or process under
review.

The internal audit activity is responsible for assessing the quality of management’s risk management framework and
processes to determine whether it is adequate in design and/or operation. Management’s risk management
processes should account for not only the financial, operational, and regulatory impact of risks, but also nonfinancial
impacts, such as damage to the organization’s reputation or relationships with customers. Even a small, contained
information breach can have a damaging impact on an organization’s reputation depending on the nature of the
breach. Some risks may appear insignificant on their own but should be considered in the context of the
organization’s overall risk management framework and process.

Internal audit activities vary in how they assess risk for their engagements. One effective way to perform and
document an engagement-level risk assessment is to leverage assessments that have already been completed as
long as they are within a reasonable time frame. Collect the appropriate documents and review them along with
management’s risk assessment documentation to ensure the risks as viewed by internal audit and management are
(reasonably) the same.

Consider creating a risk matrix listing the relevant inherent risks (e.g., risks that could exist if internal controls are not
applied), expanding the matrix to include measurement of the risk exposure when including the effectiveness of
relevant controls. A risk matrix may be created using a spreadsheet or similar document, with or without a software
program. The format of the matrix may vary but typically includes a row for each risk and a column for each risk
measure, such as impact and likelihood.

Once the internal audit activity has assessed the level of risk exposure presented to the organization by its risk
management framework and processes, the engagement risk matrix will result in a basic graph that may suggest
areas for further explanation. These may also be useful as heat maps.

If using heat maps and/or risk and control matrices in an assessment, include them in the engagement workpapers
within the preliminary risk assessment, supporting the internal audit activity’s decisions about risk significance and in
conformance with Standard 2330 – Documenting Information.

1
Implementation Guide 2210 ‒ Engagement Objectives states, “During engagement planning, it is helpful for internal
auditors to develop a planning memo, where they can document the objectives, scope, risk assessment, and
prioritized areas for testing.” In addition, heat maps and risk and control matrices will lend support to the engagement
results and conclusions.

ABOUT THE IIA

The Institute of Internal Auditors (IIA) is the internal audit profession’s most widely recognized advocate, educator, and provider of standards,
guidance, and certifications. Established in 1941, The IIA today serves more than 200,000 members from more than 170 countries and territories.
The association’s global headquarters is in Lake Mary, Fla. For more information, visit www.theiia.org.

March 2021

MCT Grade 2 Math 2019
50% (2)
MCT Grade 2 Math 2019
21 pages
MCT Grade 2 Maths 2015
100% (1)
MCT Grade 2 Maths 2015
17 pages
Exam Ref SC-900 Microsoft Security, Compliance, and Identity Fundamentals Second Edition
No ratings yet
Exam Ref SC-900 Microsoft Security, Compliance, and Identity Fundamentals Second Edition
420 pages
2025 Trainocate Malaysia Training Calendar
No ratings yet
2025 Trainocate Malaysia Training Calendar
66 pages
CIA Challenge Exam Crash Course-1
100% (1)
CIA Challenge Exam Crash Course-1
2 pages
It Iia Australia
No ratings yet
It Iia Australia
4 pages
Corporate Treasury Review Audit Work Program
100% (1)
Corporate Treasury Review Audit Work Program
11 pages
Pega 60Q 1
No ratings yet
Pega 60Q 1
24 pages
Company X Sarbanes-Oxley Project FY 2017 Analysis of Internal Control at The Entity Level
No ratings yet
Company X Sarbanes-Oxley Project FY 2017 Analysis of Internal Control at The Entity Level
26 pages
Appendix IV - RoMM Control Objectives and Control Activities
100% (1)
Appendix IV - RoMM Control Objectives and Control Activities
133 pages
SRS - Online Movie Database Management System - 13000119116
100% (2)
SRS - Online Movie Database Management System - 13000119116
12 pages
Preparing A Risk Based Internal Audit Plan
No ratings yet
Preparing A Risk Based Internal Audit Plan
15 pages
Template 24 Fraud Risk Assessment Checklist
No ratings yet
Template 24 Fraud Risk Assessment Checklist
4 pages
Documento Científico
No ratings yet
Documento Científico
7 pages
Latco - Iuc Ipe
No ratings yet
Latco - Iuc Ipe
22 pages
Risk of Material Misstatement - How To Assess
No ratings yet
Risk of Material Misstatement - How To Assess
6 pages
2020 Internal Audit Capabilities and Needs Survey Webinar Presentation
No ratings yet
2020 Internal Audit Capabilities and Needs Survey Webinar Presentation
25 pages
Planning Completeness Questionnaire
No ratings yet
Planning Completeness Questionnaire
11 pages
Cybersecurity: The Role of Internal Audit
No ratings yet
Cybersecurity: The Role of Internal Audit
14 pages
Internal Audit Methodology: Overstrand Municipality
100% (2)
Internal Audit Methodology: Overstrand Municipality
33 pages
IA Strategy - IIA Australia
100% (1)
IA Strategy - IIA Australia
10 pages
3. Illustrative Tools for Assessing Effectiveness of a System of Internal Control — COSO 2013 Inte
No ratings yet
3. Illustrative Tools for Assessing Effectiveness of a System of Internal Control — COSO 2013 Inte
156 pages
Insights To Quality Implementing An Internal Audit Strategic Plan
100% (1)
Insights To Quality Implementing An Internal Audit Strategic Plan
2 pages
How To Guide - Sampling - Deciding When Appropriate To Use Sampling
No ratings yet
How To Guide - Sampling - Deciding When Appropriate To Use Sampling
16 pages
Presentation On Risk Based Auditing For NGOs
No ratings yet
Presentation On Risk Based Auditing For NGOs
26 pages
Sox Compliance AT Tata Motors, Lucknow: 1 December 27, 2004
No ratings yet
Sox Compliance AT Tata Motors, Lucknow: 1 December 27, 2004
64 pages
Corporate Treasury Review - Audit Report
No ratings yet
Corporate Treasury Review - Audit Report
18 pages
Illustrative Financial Statement Assertions and Examples of Substantive Procedures Illustrations For Inventories of A Manufacturing Company
No ratings yet
Illustrative Financial Statement Assertions and Examples of Substantive Procedures Illustrations For Inventories of A Manufacturing Company
4 pages
White Paper WP Audit Management
100% (1)
White Paper WP Audit Management
12 pages
Risk-Based Audit Approach
No ratings yet
Risk-Based Audit Approach
82 pages
Internal Control Over Financial Reporting
100% (1)
Internal Control Over Financial Reporting
24 pages
Recommendation For An Effective Continuous Audit Process ..1
No ratings yet
Recommendation For An Effective Continuous Audit Process ..1
11 pages
A0 Background Information and Document Request Checklist
No ratings yet
A0 Background Information and Document Request Checklist
11 pages
AI For Internal Auditors
100% (1)
AI For Internal Auditors
12 pages
Developing Audit Work Programs
100% (2)
Developing Audit Work Programs
4 pages
IIA Australia White Paper Engagement Risk Assessment 1720630977
No ratings yet
IIA Australia White Paper Engagement Risk Assessment 1720630977
8 pages
LCRCA Audit Strategy Memorandum 2020-21
No ratings yet
LCRCA Audit Strategy Memorandum 2020-21
36 pages
Access To Programs and Data Audit Work Program
No ratings yet
Access To Programs and Data Audit Work Program
2 pages
Iia Whitepaper - Balanced Scorecard Reporting
No ratings yet
Iia Whitepaper - Balanced Scorecard Reporting
9 pages
SPS Annual Risk Assessment and Audit Plan - October 2011
100% (1)
SPS Annual Risk Assessment and Audit Plan - October 2011
47 pages
Risk Based Internal Auditing in Taiwanese Banking Industry Yung Ming
No ratings yet
Risk Based Internal Auditing in Taiwanese Banking Industry Yung Ming
40 pages
WCGW
No ratings yet
WCGW
1 page
BSSOXFinancial Reporting Control Matrix
100% (2)
BSSOXFinancial Reporting Control Matrix
4 pages
Factsheet Operational Auditing
100% (1)
Factsheet Operational Auditing
2 pages
SOX Process
No ratings yet
SOX Process
6 pages
Financial Internal Audit
100% (1)
Financial Internal Audit
508 pages
Internal Financial Controls Sivaram Subramoniam
No ratings yet
Internal Financial Controls Sivaram Subramoniam
22 pages
Guidance Note On Risk Based Internal Audit
No ratings yet
Guidance Note On Risk Based Internal Audit
81 pages
Expenses Internal Audit
No ratings yet
Expenses Internal Audit
19 pages
Internal Audit Checklist 4
No ratings yet
Internal Audit Checklist 4
286 pages
16 April 16 Internal Financial Control Reporting - Practical Approach CA Murtuza Kanchwala
100% (1)
16 April 16 Internal Financial Control Reporting - Practical Approach CA Murtuza Kanchwala
100 pages
CAATs WP (Without Audit Procedure) - Generic (Custom)
No ratings yet
CAATs WP (Without Audit Procedure) - Generic (Custom)
13 pages
Internal Audit of Social Media
No ratings yet
Internal Audit of Social Media
24 pages
Icfr
No ratings yet
Icfr
12 pages
Investments Programfdgfgf
No ratings yet
Investments Programfdgfgf
30 pages
Risk Based Internal Auditing in Banks
100% (1)
Risk Based Internal Auditing in Banks
55 pages
Club Mahindra Audit Report Puducherry 2013-14
100% (1)
Club Mahindra Audit Report Puducherry 2013-14
100 pages
The Future of Internal Audit in Banking
No ratings yet
The Future of Internal Audit in Banking
15 pages
Is Audit and Management: Assignment Submitted To: Sir Rashid Qutub From:Mansoor Khan 22006
No ratings yet
Is Audit and Management: Assignment Submitted To: Sir Rashid Qutub From:Mansoor Khan 22006
23 pages
Risk Model Presentation For Risk and DD
100% (1)
Risk Model Presentation For Risk and DD
15 pages
Form 1840sdi-2 - Substantive Procedures Guide - Banking and Finance - Loans
No ratings yet
Form 1840sdi-2 - Substantive Procedures Guide - Banking and Finance - Loans
17 pages
Value Based Internal Audit
No ratings yet
Value Based Internal Audit
4 pages
Harnessinggenerativeai 1
No ratings yet
Harnessinggenerativeai 1
22 pages
Internal Control Standards 1701434064
100% (1)
Internal Control Standards 1701434064
28 pages
Information technology audit The Ultimate Step-By-Step Guide
From Everand
Information technology audit The Ultimate Step-By-Step Guide
Gerardus Blokdyk
No ratings yet
Continuous auditing Third Edition
From Everand
Continuous auditing Third Edition
Gerardus Blokdyk
No ratings yet
Grenada Informer March 15th 2024
No ratings yet
Grenada Informer March 15th 2024
32 pages
Practical - Cybersec Audit - PAF - Tauffik - Segara - Purba
No ratings yet
Practical - Cybersec Audit - PAF - Tauffik - Segara - Purba
18 pages
Pension Secretariat Statutory Declaration Form
No ratings yet
Pension Secretariat Statutory Declaration Form
1 page
MCT Grade 2 Maths 2014
No ratings yet
MCT Grade 2 Maths 2014
17 pages
Loans by Economic Sector
No ratings yet
Loans by Economic Sector
2 pages
Study Transformation of Caribbean Maritime Port Services Industry 1
100% (1)
Study Transformation of Caribbean Maritime Port Services Industry 1
133 pages
Impacts of Use of Data Analytics Performance Consulting Activities
No ratings yet
Impacts of Use of Data Analytics Performance Consulting Activities
11 pages
Jeoparty Fraud Week 2022 Editable
No ratings yet
Jeoparty Fraud Week 2022 Editable
65 pages
APPENDIX 2 - Final Public Relations and Media
No ratings yet
APPENDIX 2 - Final Public Relations and Media
9 pages
Data Migration Strategy Guide - 3
100% (1)
Data Migration Strategy Guide - 3
12 pages
Step 5 Auditing-Report-Writing-Toolkit
100% (1)
Step 5 Auditing-Report-Writing-Toolkit
19 pages
Audit Management 5 Overview Guide
No ratings yet
Audit Management 5 Overview Guide
16 pages
Personnel File Management
No ratings yet
Personnel File Management
18 pages
HR Audit, Records, Research, HRIS - Spirit of HR
No ratings yet
HR Audit, Records, Research, HRIS - Spirit of HR
6 pages
Complaints Audit 250121
No ratings yet
Complaints Audit 250121
9 pages
GSMA SAS SM Remote Audits Auditee Self Assessment v1 - 1
No ratings yet
GSMA SAS SM Remote Audits Auditee Self Assessment v1 - 1
235 pages
COSO ERM Governance Culture Training and Developmentt
No ratings yet
COSO ERM Governance Culture Training and Developmentt
10 pages
COSO
No ratings yet
COSO
3 pages
Company Secretary Legal Audit Program
No ratings yet
Company Secretary Legal Audit Program
4 pages
Auditing Investments - A Guide - CPA Hall Talk
No ratings yet
Auditing Investments - A Guide - CPA Hall Talk
14 pages
Sap Query Basics
100% (1)
Sap Query Basics
9 pages
Dbms Lab Manual 2015-16
No ratings yet
Dbms Lab Manual 2015-16
50 pages
aATP in SAP
No ratings yet
aATP in SAP
112 pages
Floor Plan Manager
No ratings yet
Floor Plan Manager
126 pages
Platipus
No ratings yet
Platipus
14 pages
CO CPTD JPN Perform Template Allocation-Collective
0% (1)
CO CPTD JPN Perform Template Allocation-Collective
20 pages
Core Java Static
No ratings yet
Core Java Static
2 pages
58970
No ratings yet
58970
77 pages
Technical Quiz
No ratings yet
Technical Quiz
18 pages
SAP HANA Data Tiering With SAP NSE
No ratings yet
SAP HANA Data Tiering With SAP NSE
21 pages
Auditing in CIS Midter Exam Questions
No ratings yet
Auditing in CIS Midter Exam Questions
3 pages
Cit 012849
No ratings yet
Cit 012849
2 pages
Ims ppt1
100% (1)
Ims ppt1
74 pages
History of C Language
No ratings yet
History of C Language
3 pages
CIS417 Term Paper - Investigating Data Theft
No ratings yet
CIS417 Term Paper - Investigating Data Theft
9 pages
Mid 2 Objective Questions
No ratings yet
Mid 2 Objective Questions
6 pages
Nutanix TN 2072 ESXi AHV Migration Version 2.2
No ratings yet
Nutanix TN 2072 ESXi AHV Migration Version 2.2
23 pages
Xray Vs Zephyr - Xray
No ratings yet
Xray Vs Zephyr - Xray
7 pages
Anjali Yadav Freshernoida
No ratings yet
Anjali Yadav Freshernoida
3 pages
Data Mining and Warehousing
100% (3)
Data Mining and Warehousing
30 pages
GPFS-Concepts, Planning and Installation Guide-5.1.9-Latest
No ratings yet
GPFS-Concepts, Planning and Installation Guide-5.1.9-Latest
716 pages
Procedure For Masm Debuger
No ratings yet
Procedure For Masm Debuger
4 pages
Reactive Spring
No ratings yet
Reactive Spring
378 pages
IDOC Development Process
No ratings yet
IDOC Development Process
34 pages
Atmos Administrator's Guide
No ratings yet
Atmos Administrator's Guide
258 pages
2024 25 ODD CE449 BDA Syllabus
No ratings yet
2024 25 ODD CE449 BDA Syllabus
4 pages

Execute A Risk Assessment

Uploaded by

Execute A Risk Assessment

Uploaded by

IIA Audit Tool

ABOUT THE IIA

You might also like