Skip to content
BOL Conferences
Thread Options
#1530989 - 04/03/11 10:10 PM Internal Audit Planning/ Risk Assessment
kcaudit Offline
New Poster
Joined: Feb 2011
Posts: 7
I just found out I will need to put together my Bank's audit plan for the upcoming fiscal year (approaching very soon). I took a look at the risk assessment used previously to develop the audit plan and I would like to take a more methodical approach (i.e. using a standard methodology with all rationales documented). The RA in the tools section looks great - http://www.bankersonline.com/tools/operational/risk.html. Does anyone have any comments or suggestions that may be of use? Are there different risk assessment/audit planning tools anyone is particularly fond of?

Thanks for any guidance you can provide.

Return to Top
Audit
#1530990 - 04/03/11 10:20 PM Re: Internal Audit Planning/ Risk Assessment kcaudit
kcaudit Offline
New Poster
Joined: Feb 2011
Posts: 7
I should probably add that the internal audit leadership has left recently so I don't have any guidance for how the previous risk assessments were put together.

The RA I linked to has these standard assessment areas for each key banking area:
--Value per transaction
--Complexity of transactions
--Total value of transactions on daily basis
--Complexity of balancing procedures
--Frequency of reconciliations
--Overall loss exposure to the bank
--Existence of segregation of duties or comp. controls
--Overall regulatory exposure
--Level of employee training
--Employee's problem solving ability
--Level of independent review of reconciliations
--Existence of audit trail
--Employee Turnover in this area
--Frequency of findings in this area

Most I could answer easily, but a few appear initially challenging:
--Value per transaction
--Total value of transactions on daily basis
--Overall loss exposure to the bank
--Overall regulatory exposure
--Employee's problem solving ability


Can anyone elaborate on the assesment intent for these areas or share how they might approach assessing these items?

Return to Top
#1531625 - 04/05/11 06:06 PM Re: Internal Audit Planning/ Risk Assessment kcaudit
Black & Gold Offline
Junior Member
Black & Gold
Joined: Aug 2008
Posts: 35
Dark Side of the Moon
Do you have any workpapers from the former internal auditor to give you a starting point?

The Risk Assessment should include management's input and assessment of risks and their ratings of those risks - impact and likelihood. Also, the template you're looking at has a hidden column on the 'Data Sheet' tab, which includes risk weightings for each of the categories you mentioned in your post. Those risk weightings may not be accurate for your institution, so take that into consideration.

I would be happy to share with you my Risk Assessment templates. Please send me a PM with your email address if you're interested.
_________________________
"Who would have thought that the thing that would save this company would be work. And pancakes." - Michael Scott-The Office

Return to Top
#1531792 - 04/05/11 09:09 PM Re: Internal Audit Planning/ Risk Assessment Black & Gold
kcaudit Offline
New Poster
Joined: Feb 2011
Posts: 7
Thanks for the response. I will definitely PM you. I do not have ANY workpapers for prior risk assessment. All I have is a one page, three year audit plan. The far left column is the area (i.e. "investments"), then there are two columns "risk rating" and "risk trend," then what year the area should be audited.

I have nothing indicating the rationale for areas being marked as high/medium/low or what support was reviewed to indicate risk trends as increasing/stable/or declining. As I've mentioned, I'd like to take a much more nuanced approach, with all rationales documented. Thanks again for the response.

Return to Top
#1533475 - 04/08/11 06:27 PM Re: Internal Audit Planning/ Risk Assessment kcaudit
Dolly Nugent Offline
Diamond Poster
Dolly Nugent
Joined: Nov 2000
Posts: 1,820
Southern California
I really like this tool; however, I would like some clarification on the same items as kcaudit.

--Value per transaction (is this based on the dollar amount?)
--Total value of transactions on daily basis (is this also based on dollar amounts?)
--Overall loss exposure to the bank (Is this based on the bank's history of losses?)
--Overall regulatory exposure (Is this based on the current regulatory environment?)
--Employee's problem solving ability (Is this based on the employees level of experience in the area being audited?)I.
_________________________
Dolly Nugent
CRCM
Opinions expressed are my own.

Return to Top
#1537412 - 04/19/11 04:10 PM Re: Internal Audit Planning/ Risk Assessment Dolly Nugent
Justin Wesson Offline
Member
Joined: Jun 2008
Posts: 83
There are lots of ways to do this, some people evaluate the 5 P's
People, Products, Procedures, Politics, Prior Audits

Our risk assessment methodology is based on a two-part process which involves establishing a weighting base for each significant area of risk utilizing the Bank’s internal experience in key areas (“Relative Risk”) and applying the base against external or industry risks associated with each area, to arrive at the level of risk specific to the Bank’s markets and regulatory environment (“Combined Risk”).

Relative Risk Factors include:
Previous Audits (audits, exams, or other outside review results)
Changes in Processes, Procedures or Systems
Changes in Products
Changes in Personnel and Management
Size and Complexity of the Department or Function
Experience and Training

Combined Risk Factors include:
Credit
Market
Liquidity
Operational
Legal
Reputation
Relative Risk
_________________________
THANK YOU GOVERNMENT:
“If I seem unduly clear to you, you must have misunderstood what I said” - A. Greenspan

Return to Top
#1537416 - 04/19/11 04:14 PM Re: Internal Audit Planning/ Risk Assessment Justin Wesson
Justin Wesson Offline
Member
Joined: Jun 2008
Posts: 83
Regarding your question on these attributes...
Most I could answer easily, but a few appear initially challenging:
--Value per transaction
--Total value of transactions on daily basis
--Overall loss exposure to the bank
--Overall regulatory exposure
--Employee's problem solving ability

--Think of Wires vs ATM transactions for the first 3.
--For regulatory exposure, anything like that is a current hot topic for the regulators would score high here...
--For the last one...That might be somthing I consider going forward...experience is not enough, there are plenty of old dogs that refuse to learn new tricks...
_________________________
THANK YOU GOVERNMENT:
“If I seem unduly clear to you, you must have misunderstood what I said” - A. Greenspan

Return to Top

Moderator:  Andy_Z