Skip to content
BOL Conferences
Thread Options
#702728 - 03/19/07 06:13 AM Audit Rating
Joe Offline
Member
Joe
Joined: Aug 2003
Posts: 74
Overseas
We are prposing the following audit rating methdology for our clients. Do you have any other suggestions. Thanks

Proposal for risk rating methodology:

Good: An audit reveals no high risks and 0, 1 or maximum 2 medium risks

Satisfactory: An audit reveals no high risk and between 1 and 8 medium risks

Marginally satisfactory: An audit reveals 1 high risk and 0 to 10 medium risks or an audit reveals 0 high risks but more than 10 medium risk

Unsatisfactory: An audit reveals 2 to 5 high risks and between 0- 25 medium risks

Unacceptable: An audit reveals more than 5 high risks and between 0 to 25 medium risk issues or an audit reveals more than 3 high risk issues and more than 25 medium risk issues.

Return to Top
Audit
#702867 - 03/19/07 03:06 PM Re: Audit Rating Joe
SavannahOne Offline
Diamond Poster
Joined: Sep 2005
Posts: 1,163
Georgia
Define the difference in high and medium risks.

Return to Top
#702876 - 03/19/07 03:16 PM Re: Audit Rating SavannahOne
A_G Offline
10K Club
Joined: Jul 2004
Posts: 18,989
I think that I would somehow incorporate low risk findings in there as well. Defining a risk as simply "high" or "moderate" might not give you much wiggle room.
_________________________
With the lights out, it's less dangerous.

Return to Top
#708363 - 03/28/07 10:00 PM Re: Audit Rating A_G
dach Offline
100 Club
Joined: Mar 2006
Posts: 135
How would you define high, medium and low risks? Do you base it on monetary penalty? likeliness? reimbursable? reputation?

Return to Top
#708372 - 03/28/07 10:19 PM Re: Audit Rating dach
David Dickinson Offline
10K Club
David Dickinson
Joined: Nov 2000
Posts: 18,762
Central City, NE
Good point dach. If you're going to use terms like those, you'd better have definitions.
_________________________
David Dickinson
http://www.bankerscompliance.com

Return to Top
#708479 - 03/29/07 01:31 PM Re: Audit Rating David Dickinson
A_G Offline
10K Club
Joined: Jul 2004
Posts: 18,989
We do define each of the terms in the audit reports...
_________________________
With the lights out, it's less dangerous.

Return to Top
#708482 - 03/29/07 01:35 PM Re: Audit Rating David Dickinson
A_G Offline
10K Club
Joined: Jul 2004
Posts: 18,989
We do define each of the terms in the audit reports...
_________________________
With the lights out, it's less dangerous.

Return to Top
#708682 - 03/29/07 04:39 PM Re: Audit Rating A_G
dach Offline
100 Club
Joined: Mar 2006
Posts: 135
Actually, I was curious how others define their risks? I am trying to set this up at my bank as well. I know that monetary penalties pay a big part but what other factors do most people use?

Return to Top
#709124 - 03/30/07 01:48 PM Re: Audit Rating dach
Neytiri Offline
Platinum Poster
Neytiri
Joined: Jul 2002
Posts: 645
Pandora
I use a risk matrix that I believe someone at BOL was kind enough to give me quite a while back:

HIGH - High risk of loss, high monetary exposure, regulatory concern, key controls not in place or not operating effectively, indicates a serious control weakness/deficiency requiring action

MEDIUM - Policy or compliance issue, moderate risk of loss or monetary exposure, key controls are partially in place or only somewhat effective, indicates a control concern which requires action to be taken

LOW - Minor documentation error or minor control issue, low risk of loss, key controls are in place but could be improved

You can then further define these based on criteria you want to use at your particular shop.

Return to Top

Moderator:  Andy_Z