https://www.auditnet.

org/audit-library/annual-audit-planning
https://global.theiia.org/standards-guidance/topics/pages/governance-risk-and-control.aspx
https://medium.com/w-i-t/internal-audit-the-annual-audit-planning-process-d7db89db9419
https://www2.deloitte.com/content/dam/Deloitte/us/Documents/center-for-board-effectiveness/us-
audit-committee-resource-guide-section-2.pdf
https://www.smallbusiness.wa.gov.au/business-advice/insurance-and-risk-management/risk-
management#riskplan
https://www.smallbusiness.wa.gov.au/business-advice/insurance-and-risk-management/risk-
management#riskplan
https://www.smallbusiness.wa.gov.au/business-advice/insurance-and-risk-management/risk-
management
https://global.theiia.org/standards-guidance/Public%20Documents/PP%20The%20Role%20of
%20Internal%20Auditing%20in%20Enterprise%20Risk%20Management.pdf
Hi, Good Evening Everyone. My discussion is about the “report on the effectiveness of
internal controls and risk management” in this topic we will learn why there is a need for
the CAE to report the effectiveness nan internal control sann risk management to the
board.

But before we go further on that topic, first ato anay himay himayun kun uno inin si
internal controls and risk management para masabot unoy connection ini sila sa pag
report sa board.

Internal control is accomplished by people at every level of organization. So within ini

sija sa organization including the management, those charged with governance and
entity’s staff personnel.

An pangutana who is responsible for internal controls?

Well, si management has the responsibility in establishing and maintaining
internal control para maachive an objectives nan isa ka entity.

In short, internal control is geared towards the achievement of the entitys objectives like
sa effectiveness and efficiency of operations-, compliance with laws and regulations and
reliability of financial reporting. Kailangan ma e maintain an policies and procedures
within the internal control ky basin baja jauy na mga illegal acts nan mga employees na
nabuhat like pangawat ng asset or conspiracy or uno rakan na mga unethical behaviors.

So kailagann gajud ni management to establish a control environment and maintain

policies and procedures to assist in achieving the entitys objectives.

Second, is the risk management. Risk management pertains to a process in which

businesses identify, assess and treat risks that could potentially affect their business
operations. An pasabot jaun na risk ky mga threats, mga balakid ba that will
adversely affect an organization’s ability to achieve its business objectives.
So dapat gajud an isa ka business may plan or strategies in dealing risks sa
business. for example, the risk of having equipment or money stolen as a result of
poor security procedures. 

So amo adtu an internal control and risk management. In connection with

that, the CAE needs to report the effectiveness ni internal control (kun okay
paba an pag operate nan management or mga empleyado or kun nasunod
paba adtun ila mga policies etc.) kailangan jaun ni CAE e report sa board
para ma aware and educate the board about the importance of controls
and risk management. The board has the overall responsibility for ensuring
that risk management and internal control system are managed.

Moving on to standard 2120 addresses the internal audit activity’s

responsibilty connected to risk management .

2120.A1- it implies that The internal audit activity kailangan e evaluate an

effectiveness nan risk management and contribute to the improvement of risk
management processes.

So para mahebaw an kun an risk management ba gajud is operating effectively, a

judgement resulting from the internal auditor’s assessment that:

Dapat an organizational objectives ni align and support sa mission sb ng organization

Significant risk are identified and assessed

Mga risk na may high probability likely to have a significant impact sa business are
identified and assessed na.

Appropriate risk responses are selected that align risks with the organizations risk
appetite

Meaning, dapat an organization may risk responses sa kun unhon nila pag take action
to enhance opportunities and reduce threats to the business objectives. team member is
assigned to take responsibility for each risk response.

Last is relevant risk information na dapat ma makuha and mae communicate on time that is
expected to be done across the organization, enabling staff, management, and the board to
carry out their responsibilities.
Risk management processes are monitored through ongoing management activites, separate
evaluations or both. Meaning an pag identify nan risk can be monitored through ongoing
activites . inin ongoing activites are built into the normal recurring activites- kun unoy ila
ginahemo usually or may routine basis sila. For example maghemo sila nan bank recon every
month. Mga usual na ginahemo nila. While inin separate evaluations are performed on a non
routine basis, , such as functions performed by internal auditors.