Suchergebnisse

• eBook-Kapitel aus dem Buch Global Management Challenges for Internal Auditors

  Governance Works, in Principle

  Neil Baker

  …corporate governance in the financial sector. There was much talk about the need for banks to improve their modelling and their risk management practices… …should “provide entrepreneurial leadership of the company within a frame- work of prudent and effective controls which enables risk to be assessed and man-… …financial controls and systems of risk management are robust and defensible.” Some bank boards have arguably failed to meet either of those principles. But… …managers who sit just below board level, such as the directors responsible for human resources and information technology and the chief risk officer. In a… …recently about the risk of companies fracturing into “organisational silos” based on highly techni- cal management functions. Poorly run companies often… …“lacked an effective forum in which senior business managers and risk managers could meet to discuss emerging issues frequently; some lacked even the… …“demonstrated a comprehensive approach to viewing firm-wide ex- posures and risk, sharing quantitative and qualitative information more effectively across the… …firm and engaging in more effective dialogue.” Baker 56 There was a risk of disconnect, the group said, between the people effectively run- ning… …prepare to ask ourselves some serious questions,” says Institute President Philip Ratcliffe. “The most basic objective of risk management is not… …departments, and boards which gave serious contemplation to the demands of good governance and risk management, have almost overnight gone to the wall.”…

  Alle Treffer im Inhalt anzeigen
• eBook-Kapitel aus dem Buch Global Management Challenges for Internal Auditors

  Contribution by Internal Audit to IT Compliance

  Thomas Lohre

  …considerable, latent uncertainty regarding the risk of possible rule violations. The avoidance of such risks by ensuring adher- ence to provisions is the… …Corporate governance, risk management, compliance. All of these are concepts that can no longer be imagined away from the current business vocabulary and… …of the Corporate Governance Code have been com- plied with or if deviations have occurred. IT compliance is represented by risk management, data… …control system and the BilMoG, regarding reporting on the internal control system and risk management system regarding the financial reporting process… …can therefore be understood as an element of functioning risk management within a company, whereby risk management generally has the aim of effectively… …ciently fulfilled/duties of care are not given sufficient attention. This risk must be handled within the context of risk management using suitable… …, directives regarding risk and commitment are not as important, even if a clear distinction needs to be made. For example, di- rectives for testing and… …year by the appropriate external auditor. 5.1 Risk-oriented Auditing Audit risk is regarded as the auditor’s risk of confirming circumstances, which… …. Contribution by Internal Audit to IT Compliance 71 Figure 3: Audit risk with risk-oriented audit50 Audit risk, as such, cannot be determined on an… …isolated basis, but rather, is a com- bination of the following individual risks: – Business risk Business risk is regarded as risks of a general nature…

  Alle Treffer im Inhalt anzeigen
• eBook-Kapitel aus dem Buch Global Management Challenges for Internal Auditors

  Continuous Auditing: Myth and Reality

  Adrian Garrido

  …risk? – In fact, what is exactly the meaning of “continuous”? Are we talking about real-time, daily or monthly activities? – Finally and most… …systems) that a project to monitor a business or a specific process runs the risk of becoming irrelevant even before having ended because the risks intended… …that follows two lines of work: – A Risk Assessment Module which receives information on a monthly basis re- garding risk factors (operational and… …be reviewed through physical audits, as well as the customers whose credit risk will be remotely analyze by means of another specific module. – A… …“false friends” in referring to ideas which appear very appealing at a theoretical level but can lead us down high risk paths if they are not properly… …that of obtaining shorter cycles that are more flexible and have a greater focus on risk. 4. Continuous Auditing is entirely based on Technology… …information 6.3 A (mainly) Qualitative Assessment of the Risks and Selection of the “Focal Points” The next stage is a Risk Assessment process (another… …what extend this data implies the appear- ance of new priorities or risks. In many cases, the methodologies for Risk Assessment involve numeric… …ranking by risk level. Continuous Auditing: Myth and Reality 89 Although these kinds of models work well for certain types of very homogeneous… …impacts). Obviously, the identification of these types of aspects as risk areas to be considered within an Audit Plan is not something new. But, the…

  Alle Treffer im Inhalt anzeigen
• eBook-Kapitel aus dem Buch Global Management Challenges for Internal Auditors

  The Financial Sector: Risks, Controls and Assurance after the Financial Crisis

  Daniel Nelson

  …summarise four main kinds of causes: macroeconomic, meaning big-picture economics issues; market discipline failures; inadequate market policies and risk… …situation. Lastly, risk management. One aspect is that risk management or risk mitigation has been viewed as more of a nuisance, more a need to adhere… …to compliance require- ments, rather than a useful and integrated part of the business. Most risk units in fact were also placed in a support function… …which has a different risk and return profile. The business model used by AIG was reportedly based on the principle that if the swaps activity, the CDSs… …area in an entity. Nelson 96 It has also been reported that enterprise risk management (ERM) and the finance complex did not have adequate… …oversight or coverage of the AIGFP business, par- ticularly on AIGFP’s valuation practices, its risk models. According to public re- cords, this appears to… …have been a major concern also for the external auditor. Other reports indicate that risk taking at AIGFP had deteriorated particularly in the last few… …lesson-learned here is obvious: internal audit should review the risk management governance and op- erational arrangements, to ensure that there are no such gaps… …requirement compared to the 2006 charter. The second change in the 2009 charter is the new wording added to the risk management section which indicates that… …the audit committee is not the only body responsible for oversight of AIG’s risk assessment and management. The 2009 charter also goes on to state…

  Alle Treffer im Inhalt anzeigen
• eBook-Kapitel aus dem Buch Global Management Challenges for Internal Auditors

  Doing More with Less

  Neil Baker

  …then audit all the high-risk areas within five years. “This downsizing puts us at risk of not being able to do that,” he says. Storms conveyed this… …first-time audits; a great deal of uncertainty existed around the level of inherent risk in some business areas, in addition to residual risk, he explains… …aware of any resource issues or challenges they face.” 3 Changing Risk Profile Budget cuts are not the only reason to revisit the audit plan in a… …downturn: The risk profile of the organisation is likely to be changing too. A recent survey from The IIA’s Global Audit Information Network – Knowledge… …changing economic climate. A third of organisa- tions in the survey say the downturn is affecting the focus of their work, with the risk of fraud… …control coverage, but the majority (58 %) have no plans to do any work on this risk. Jim LaTorre is managing partner of PricewaterhouseCoopers’ U.S… …. For some, that would entail a significant re-examination of internal audit’s role in relation to risk. Michael Fucilli, auditor general at the… …in the change business – how to address risk and how to make the company better. It’s not easy to audit this way, but if you search out areas where… …: 1. Review your last risk assessment. Everything has changed so dramatically in the last few months that you may be chasing risks that are… …needed to deal with the issues in the new risk assessment, look for short-term, creative ways to fill those gaps. One solution might be to bring in guest…

  Alle Treffer im Inhalt anzeigen
• eBook-Kapitel aus dem Buch Global Management Challenges for Internal Auditors

  Performance Measurement and Controlling of Internal Audit – More Than Just a Measurement Problem

  Dr. Andreas Langer, Andreas Herzig, Prof. Dr. Burkhard Pedell

  …distinct improvement to the companies' risk position. However, adequately documenting ___________________ 72 Dr. Andreas Langer is a Manager at… …Deloitte & Touche GmbH in the Enterprise Risk Man- agement division; Andreas Herzig is a Partner at Deloitte & Touche GmbH in the Enterprise Risk Services… …risk management, controls and the man- agement and monitoring processes, using a targeted approach, and helps to improve these (Deutsches Institut für… …Interne Revision e.V. (2005), p. 35).” In addition to traditional controlling functions, these include subjects such as reviewing the risk management… …corporate risk, should usually have a higher weighting than the number of final reports issued. 6.2 Reactivity The reactivity of the indicators is also… …Auditing & Business Risk, No. 1, 2006, p. 20–24. Mosiek, T. (2002), Interne Kundenorientierung des Controllings, Frankfurt a. M., Berlin et al. 2002…

  Alle Treffer im Inhalt anzeigen
• eBook-Kapitel aus dem Buch Global Management Challenges for Internal Auditors

  Internal Auditor – Generalist or Specialist

  Dr. Heinrich Schmelter

  …audit methodology 3. Internal control and risk management knowledge 4. Internal audit experience 5. Financial knowledge 6. Technology knowledge 7. IT… …internal audit manager’s function as the “top” risk manager of a company. 2.6 Specific Professional Ethos Internal auditors are (similar to external… …Risk Management Knowledge Internal control and risk management include specific specialist knowledge, which can only – and almost exclusively – be… …monitoring function, the audit department must primarily ensure the functionality of internal control and ensure sufficient risk management84. In order to… …. Because neither internal control, nor risk management are common (university) education subjects, these specific professional requirements essentially need… …particu- larly include standardised approaches with risk analysis, audit planning, prepara- tion, implementation, post-processing (with archiving of working… …audit experience is the collective product of many years of work in internal audit. Beyond internal audit methodology, internal control and risk man-… …(detail) auditor, as well as a con- vincing process advisor86, 87. Particularly regarding internal control and risk man- agement88, he/she is always regarded… …the company for internal control and risk management. This audit and advisory activity is ultimately also based on the specific professional ethos…

  Alle Treffer im Inhalt anzeigen
• eBook-Kapitel aus dem Buch Global Management Challenges for Internal Auditors

  Audit Marketing

  Dr. Hannes Schuh

  …. in the core compe- tences Systems Risk minimization, qual- ity improvement based on risk-oriented audit plans Improvement po- tential… …concerning risk management systems, internal control systems condensed view of systems and their potential; audit system Co n te n t o f i n… …, contribution towards the organization being fit for the future Improvement po- tential concerning corporate risk management, corporate govern- ance… …annual plan towards a medium and long-term risk map. – Its work is (mostly) confidential and is not published, unlike for example with Court of Auditors… …. in particular concerning o quantitative and qualitative audit methods o internal control systems o risk management o corporate governance o fraud…

  Alle Treffer im Inhalt anzeigen
• eBook-Kapitel aus dem Buch Leitfaden zur Prüfung von Projekten

  Audit Universe – Prüfgebiete und Prüffelder

  DIIR – Deutsches Institut für Interne Revision e. V., Robert Düsterwald, Susanne Fries-Palm, Michael Peis, u.a.
• eBook-Kapitel aus dem Buch Leitfaden zur Prüfung von Projekten

  Projektbegleitende Revision in den einzelnen Projektphasen

  DIIR – Deutsches Institut für Interne Revision e. V., Robert Düsterwald, Susanne Fries-Palm, Michael Peis, u.a.

  …sind dies: � Die Vollumfängliche Projektbegleitung � Die Audit-Serie � Der Advisory Service bzw. das Risk Screening Dabei nimmt der Aufwand der… …Revision von der Vollumfänglichen Projekt- begleitung hin zum Risk Screening ab. In der Praxis kommen immer wieder Mischformen vor. 6.4.1 Vollumfängliche… …zu Beginn einer jeden Einzelprüfung auf eine angemessene Aktualisierung projektspezifischer Informationen zu achten. 6.4.3 Risk Screening Das Risk… …wichtiger Projekte, für die eine Prüfung im eigentlichen Sinn (noch) nicht vorgesehen ist. Beim Risk Screening eines Projektes lässt sich die Interne… …Interne Revision ohne größere Vorerhe- bungsphase in der Lage, kurzfristig ein solches durchzuführen. Vorteile von Risk Screening Risk Screening ist eine… …hocheffiziente Form der Projektbegleitung. 111 Formen der projektbegleitenden Revision Risiken von Risk Screening Da Risk Screening aufgrund seiner… …Block anfällt. Wird dies vernachlässigt, leidet die Informationsaufnahme. Zudem wird Risk Screening meist parallel zu Arbeiten an einer ,regulären‘… …vernachlässigen. Empfehlungen Risk Screening empfiehlt sich bei der Begleitung besonders risikobehafte- ter, unternehmenswichtiger Projekte, für die eine Prüfung… …ist es sinnvoll, beim Risk Screening den Revisionsmitarbeiter in den Informationsfluss des Projektes fest einzubinden, der im Fall der Fälle auch die… …Projektbegleitung Neben den genannten Formen kann es Mischformen geben. Als Beispiel sei hier nur die Audit-Serie mit Risk Screening genannt: Ein für das…

  Alle Treffer im Inhalt anzeigen