《内部审计转向风险管理的风险》由会员分享,可在线阅读,更多相关《内部审计转向风险管理的风险(23页珍藏版)》请在金锄头文库上搜索。
1、Internal Audit to Risk ManagementA risky migration?Terry CunningtonDirector, Risk AssuranceDeputy President IIA-UKSummary of presentation Integrating internal audit and operational risk - advantages and disadvantages LIFFE risk management framework Roles and responsibilities for risk management - ho
2、w does internal audit fit in? Defining operational risk and risk management? Opportunities for internal audit arising from the Combined Code and Turnbull Migration of internal audit to embrace risk management Internal audit skill set going forwardWhat is operational risk?The threat of an adverse eve
3、nt or action occurring, which may: lead to failure to respond to unforseen circumstances impact our stakeholders prevent opportunities being exploited impact the achievement of corporate goals result directly or indirectly in losses of any kindWhat is risk management?Transfer risk to a third party R
4、educe impact should it occur Reduce likelihood of a risk event occurring Take the right risks Avoid the risk altogether Accept the riskWho is responsible for risk management? Operational Risk Specialist Functions Management Audit Committee Board Internal AuditIdentify riskEvaluate riskManage riskTak
5、e riskOwn riskInsuranceSecurityBusinesscontinuityHealth &safetyRisk strategyRisk frameworkMonitor andco-ordinateRisk reportingIndependentauditsAssuranceOpinionProactive advice and supportFacilitate improvementsRisk Management ResponsibilitiesManagement Specialist risk Corporate risk Internal audit h
6、ands-on hands-off Facilitates CRSA and/or multi-disciplinary risk workshops Proactive risk advice, support and training Centre of expertise on risk processes Facilitates improvements in risk management Develops risk management strategy Promotes risk awareness Provides risk management framework and r
7、eporting Operational Risk - Typical Functions Hands on risk management (including risk transfer) Internal Audit Promotes risk awareness Proactive risk advice and support Centre of excellence on risk management and control Facilitates improvements in risk management and control Provides assurance Pro
8、vides independent opinions Risk based audits Focuses audits on areas of riskIntegrating IA and operational riskAdvantages: Link risk profiling / reporting with audit process Not compromise objectivity Easier to recruit and retain high quality staff Avoid unnecessary duplication Overlap between risk
9、based audit and operational risk Risk based audit - prevention rather than cureIntegrating IA and operational riskDisadvantages: Cultural non-acceptance Customer confusion Priorities for resources Hands-on risk management Audit independenceRisk reporting and corporate governanceThe directors should,
10、 at least annually, conduct a review at of the effectiveness of the groups system of internal control and should report to shareholders that they have done so. The review should cover all controls, including financial, operational and compliance controls and risk managementTheCombinedCodePrinciples
11、of good governance and code of best practiceTurnbull - Some key points Prime responsibility of management Profit is the reward for successful risk taking Continuous monitoring essential Embedding risk management and control Link between risk management and control Objective assurance from internal a
12、uditInternal audit opportunities post Turnbull Raise the profile of Internal Audit Holistic rather than cyclical approach Scope should cover all activities of the business Independent opinion on risk management and control Well placed to provide / co-ordinate assurance to directors Backwater to main
13、stream Failure to deliver reliable opinions Extinction or minor role for internal audit Substitution by operational risk or consultants Failure to change approach and skills base Greater board expectations Complacency Threats to internal audit post TurnbullHow internal audit can meet the challenge C
14、hange internaI audit skills base Give proactive advice - prevention is better than cure Position internal audit in risk management framework Seize the opportunity to co-ordinate assurance Cover the risks that matter across the business Holistic approach to auditing and reporting Facilitate risk mana
15、gement strategy Dynamic planning and flexible responseLIFFE Risk Management FrameworkRiskmanagementstrategyDefines RiskRoles & ResponsibilitiesRisk OwnershipRisk AppetiteCentres on Risk ProfileunderpinsCorporateRiskProfileCorporateRiskProfileCorporateRiskProfileRisk basedaudits orother responseAudit
16、sConsultancyWorkshopProactive advicedrivesCorporateriskprofileInherent RisksMitigating ControlsResidual RisksCo-ordinates assuranceMonitoringReporting / OpinionOwnership / ActionsCorporate Risk Profile - Inherent RisksInherentrisksSystemsPersonnelStrategic & competitiveBusiness changeFinancial Reput
17、ationalLegal & regulatoryCorporate goalsMarket operationsPremisesCorporate Risk ProfileBUSINESS CHANGEaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaRisk Coverageaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
18、aaaaaaaaaaaaaaaaaaResidual RisksaaaaaaaaaaaaaaaaaaaaaaaInability to cope with the nature and volume of business changeXYZInherent RisksProjects not delivered on time, to budget or to the required qualityABCOpinionUSQuantified inrelative termsImpact ProbCorporate risk profile - summaryRisk categoryBu
19、siness ChangeStrategic & compReputationalPersonnelFinancialSystemsMarket OperationsLevel of riskCommentaryaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaResidual Risk Action P
20、lanRespXYZXYZABCNOPMilestoneDec 97Mar 98Jun 98Jan 98Oct 97Feb 98Action Planned to Mitigate Riskaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
21、aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaOpinionSUPSResidual RisksaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaProbability of risk event occurringImpact of risk event occurringTransfer riskor contingenc
22、yplanManage byimprovingcontrols - if costjustifiedCease activityunless rewardshigh - managecloselyAccept riskLowHighHighManagement of residual risksMigrating IA to embrace operational risk Change IA skills base Innovate or die Obtain buy - inWhere are you now? Risk based audit? Positioning Credibili
23、tyWhere do you want to be? Positioning Meet board needs re. Turnbull? What operational risk functions?How do you get there? Establish credibility Establish business case Obtain mandateSkill set for IA going forward Customer focus Mind set / profile Wider business experience Facilitation skills Less is more Staff developmentI survivedthe migration
