Start networking and exchanging professional insights

Register now or log in to join your professional community.

Follow

What are the factors and basis on which the internal auditor builds a risk-based assessment of a company that does not have a strategic plan?

It is essential that the risk-based audit plan be built according to the strategic objectives of the company. However, in the absence of strategic objectives, how will it be managed? Will the plan be built at the level of processes and procedures? In this case, the work will be doubled and the risk of gaps in risk assessment will increase.

user-image
Question added by Fekri Abu Sharkh , Head of Internal Audit , Ministry of Justices and Islamic Affairs and Waqf – Sunni Waqf Directorate
Date Posted: 2017/08/13
IMAD AL-DEEN DEEB
by IMAD AL-DEEN DEEB , مدقق , BDO JORDAN

The internal auditor builds a risk-based assessment of a company on several factors and bases, even if the company does not have a strategic plan.

Understanding the Organization: This includes identifying the organization’s objectives, strategies, and structure.
Reviewing Key Documents: This can provide insights into the organization’s operations and potential risks.
Consulting with Key Stakeholders: Stakeholders can provide valuable insights into the risks facing the organization.
Internal Audit’s Risk Assessment: This involves understanding the significance of independent assessment, understanding business objectives, strategies, and risks, documenting risks, measuring risks, and validating risk assessment with management.
Accommodating Management and Board Requests: The internal audit function should be flexible to accommodate requests from management and the board.
Assessing Skills: The internal audit function should have the necessary skills to carry out the risk assessment.
Coordinating with Other Providers of Assurance and Consulting Services: This can help to ensure a comprehensive risk assessment.
Nature and Scope of the Business Unit and/or Function: The nature and scope of the business unit and/or function and the nature and scope of the product and/or service line.
Nature of Transactions: Their size, volume, complexity, or distinct geographic location.
Quality of the Current Internal Control Environment: The competence and integrity of the staff, the size of the unit, complexity of the unit operations, and extent of automation, amongst other factors.
It’s important to note that while the internal auditor can use other risk assessments conducted by other entities within the organization, they still need to apply their own independent professional judgment before using and integrating risk assessments conducted by functions other than internal audit into their own risk-based audit plans. Moreover, risk ought to be continuously assessed and the plan would ideally be periodically updated, with the same regularly reported to the audit committee for updates.

More Questions Like This