《内部审计转向风险管理的风险.ppt》由会员分享,可在线阅读,更多相关《内部审计转向风险管理的风险.ppt(23页珍藏版)》请在三一办公上搜索。
1、,Internal Audit to Risk ManagementA risky migration?Terry Cunnington,Director,Risk Assurance,Deputy President IIA-UK,Summary of presentation,Integrating internal audit and operational risk-advantages and disadvantages,LIFFE risk management framework,Roles and responsibilities for risk management-how
2、 does internal audit fit in?,Defining operational risk and risk management?,Opportunities for internal audit arising from the Combined Code and Turnbull,Migration of internal audit to embrace risk management,Internal audit skill set going forward,What is operational risk?,The threat of an adverse ev
3、ent or action occurring,which may:,lead to failure to respond to unforseen circumstances,impact our stakeholders,prevent opportunities being exploited,impact the achievement of corporate goals,result directly or indirectly in losses of any kind,What is risk management?,Transfer risk to a third party
4、,Reduce impact should it occur,Reduce likelihood of a risk event occurring,Take the right risks,Avoid the risk altogether,Accept the risk,Who is responsible for risk management?,Operational Risk,Specialist Functions,Management,Audit Committee,Board,Internal Audit,Risk Management Responsibilities,Man
5、agement Specialist risk Corporate risk Internal audit hands-on hands-off,Facilitates CRSA and/or multi-disciplinary risk workshops,Proactive risk advice,support and training,Centre of expertise on risk processes,Facilitates improvements in risk management,Develops risk management strategy,Promotes r
6、isk awareness,Provides risk management framework and reporting,Operational Risk-Typical Functions,Hands on risk management(including risk transfer),Internal Audit,Promotes risk awareness,Proactive risk advice and support,Centre of excellence on risk management and control,Facilitates improvements in
7、 risk management and control,Provides assurance,Provides independent opinions,Risk based audits,Focuses audits on areas of risk,Integrating IA and operational risk,Advantages:,Link risk profiling/reporting with audit process,Not compromise objectivity,Easier to recruit and retain high quality staff,
8、Avoid unnecessary duplication,Overlap between risk based audit and operational risk,Risk based audit-prevention rather than cure,Integrating IA and operational risk,Disadvantages:,Cultural non-acceptance,Customer confusion,Priorities for resources,Hands-on risk management,Audit independence,Risk rep
9、orting and corporate governance,The directors should,at least annually,conduct a review at of the effectiveness of the groups system of internal control and should report to shareholders that they have done so.The review should cover all controls,including financial,operational and compliance contro
10、ls and risk management,TheCombinedCode,Principles of good governance and code of best practice,Turnbull-Some key points,Prime responsibility of management,Profit is the reward for successful risk taking,Continuous monitoring essential,Embedding risk management and control,Link between risk managemen
11、t and control,Objective assurance from internal audit,Internal audit opportunities post Turnbull,Raise the profile of Internal Audit,Holistic rather than cyclical approach,Scope should cover all activities of the business,Independent opinion on risk management and control,Well placed to provide/co-o
12、rdinate assurance to directors,Backwater to mainstream,Failure to deliver reliable opinions,Extinction or minor role for internal audit,Substitution by operational risk or consultants,Failure to change approach and skills base,Greater board expectations,Complacency,Threats to internal audit post Tur
13、nbull,How internal audit can meet the challenge,Change internaI audit skills base,Give proactive advice-prevention is better than cure,Position internal audit in risk management framework,Seize the opportunity to co-ordinate assurance,Cover the risks that matter across the business,Holistic approach
14、 to auditing and reporting,Facilitate risk management strategy,Dynamic planning and flexible response,LIFFE Risk Management Framework,Corporate Risk Profile-Inherent Risks,Systems,Personnel,Strategic&competitive,Business change,Financial,Reputational,Legal®ulatory,Corporate goals,Market operation
15、s,Premises,Corporate Risk Profile,BUSINESS CHANGE,Corporate risk profile-summary,Residual Risk Action Plan,Residual Risks,Probability of risk event occurring,Impact of risk event occurring,Transfer riskor contingencyplan,Manage byimprovingcontrols-if costjustified,Cease activityunless rewardshigh-ma
16、nageclosely,Accept risk,Low,High,High,Management of residual risks,Migrating IA to embrace operational risk,Change IA skills base,Innovate or die,Obtain buy-in,Where are you now?,Risk based audit?,Positioning,Credibility,Where do you want to be?,Positioning,Meet board needs re.Turnbull?,What operational risk functions?,How do you get there?,Establish credibility,Establish business case,Obtain mandate,Skill set for IA going forward,Customer focus,Mind set/profile,Wider business experience,Facilitation skills,Less is more,Staff development,