Professional Documents
Culture Documents
CP3 Internal Audit
CP3 Internal Audit
Threats and opportunities are two di erent concepts that are often used in the context of risk management.
A threat is an event or condition that has the potential to negatively impact an organization's ability to achieve its
objectives. Threats may arise from a variety of sources, such as changes in the external environment, competitive
pressures, regulatory changes, or internal weaknesses or vulnerabilities.
On the other hand, an opportunity is an event or condition that has the potential to positively impact an
organization's ability to achieve its objectives. Opportunities may arise from changes in the external environment,
such as shifts in consumer preferences or emerging market trends, or from internal strengths or capabilities that can be
leveraged for strategic advantage.
ff
ff
ff
ffi
The Process of Risk Management
The Process of Risk Management
Identify Risk
As part of their role in risk management, internal auditors should
identify and assess risks that could impact the organization's
ability to achieve its objectives. Here are some key points that
internal auditors should consider when identifying risks:
By following these key points, internal auditors can identify and assess
risks that could impact the organization's ability to achieve its
objectives, and develop e ective strategies to mitigate those risks.
ff
Risk Assesment
Risk assessment is an important part of the internal auditor's role, and involves identifying and
assessing risks that could impact the organization's ability to achieve its objectives. The
following are some of the steps that an internal auditor may take to perform risk assessments:
1. Identify the areas of the organization that are most susceptible to risk
Overall, the internal auditor's role in risk assessment is to provide assurance to management
and other stakeholders that the organization's risks are being e ectively managed. By
identifying and assessing risks, and developing strategies to mitigate them, the internal auditor
helps to ensure that the organization is well-positioned to achieve its objectives in an e cient,
e ective, and compliant manner.
ff
ff
ffi
Risk Assesment
Likelihood is a measure used in risk assessment to describe the probability or chance
of a risk occurring. In other words, it is an assessment of how likely it is that a particular
event or scenario will happen. Likelihood can be expressed in qualitative terms, such as
low, medium, or high, or it can be expressed as a quantitative measure, such as a
percentage or a ratio.
In risk assessment, likelihood is often evaluated in conjunction with the potential impact
or consequences of a risk event. By assessing the likelihood of risks, internal auditors
can prioritize their e orts and focus on the risks that are most likely to occur and have
the greatest potential impact.
ff
Impact in Risk Assesment
Impact is a measure used in risk assessment to describe the potential consequences or
e ects of a risk event. In other words, it is an assessment of the magnitude or severity of the
harm that could be caused if a particular event or scenario were to occur. Impact can be
expressed in qualitative terms, such as low, medium, or high, or it can be expressed as a
quantitative measure, such as a dollar amount or a numerical rating.
In risk assessment, impact is often evaluated in conjunction with the likelihood of a risk event.
By assessing the impact of risks, internal auditors can prioritize their e orts and focus on the
risks that have the greatest potential consequences or e ects. This enables them to develop
e ective risk mitigation strategies and provide assurance to management that the organization's
risks are being e ectively managed.
ff
ff
ff
ff
ff
Manage Risk
Risk management is a dynamic process for taking all reasonable steps to nd out and deal with
risks that impact on our objectives. Organizational resources and processes are aligned to handle
risk wherever it has been identi ed. We are close to preparing the risk management cycle and
incorporating this into our original risk model. Before we get there we can turn to project
management standards for guidance on the bene ts of systematic risk management which include:
Armed with the knowledge of what risks are signi cant and which are less so, the process requires
the development of strategies for managing high impact, high likelihood risks. This ensures that all
key risks are tackled and that resources are channelled into areas of most concern, which have
been identi ed through a structured methodology.
fl
fi
fi
ff
ff
fi
fi
fi
fi
Review Risk
Internal audit reviews risk by conducting a systematic and comprehensive risk
assessment process. The process typically involves the following steps:
ff
fi
fi
ff
ff
fi
fi
COSO Philosphy
The philosophy of COSO emphasizes that e ective internal
control is essential for organizations to achieve their objectives
and succeed in their mission. By adopting the COSO framework,
organizations can design and implement internal control systems
that are tailored to their speci c needs and risks. The framework
provides a comprehensive and integrated approach to internal
control that helps organizations to identify and manage risks,
improve performance, and ensure the reliability of nancial
reporting.
COSO de nes risk as "the possibility that an event will occur and
adversely a ect the achievement of objectives." In other words, risk
refers to the uncertainty associated with achieving objectives.
fi
fi
ff
fi
ff
ff
fi
COSO Philosophy
COSO recognizes that not all risks are
negative, and that some risks may present
opportunities for organizations to achieve
their objectives. The framework distinguishes
between two types of risk:
COSO emphasizes the importance of integrating risk
management into an organization's overall
1. Inherent risk: This refers to the risk that management process. This includes identifying and
exists before any management action is assessing risks, developing strategies to manage
taken to address it. Inherent risk is those risks, and monitoring the e ectiveness of risk
determined by external factors, such as management activities over time. By adopting a risk-
market conditions or regulatory based approach to management, organizations can
requirements, as well as internal factors, better understand the risks they face, make informed
such as the nature of the organization's decisions about how to allocate resources, and
ultimately achieve their objectives more e ectively.
operations and the quality of its internal
controls.
3. Detection Risk: This is the risk that the auditor will not
detect a material misstatement in the nancial
statements, even though it exists. It is determined by
the e ectiveness of the audit procedures performed by
the auditor.
1. Engagement Risk
2. Reporting Risk
3. Operational Risk.
To mitigate these risks, internal auditors must adhere to professional standards and
best practices, maintain independence and objectivity, and ensure that their
ndings and recommendations are communicated e ectively to the appropriate
stakeholders.
fi
ff
fi
RISK audit
In internal auditing, assertions refer to
management's explicit or implicit claims
or representations about the
completeness, accuracy, existence, 1. Existence
3. Fault Tree
4. What-If
5. Monte Carlo
6. Quantitative Risk.
2. Process Mapping
3. Control Self-Assessments
4. Data Analysis
5. Scenario Analysis
fi
ff
fi
TUGAS
• Buat risk assesement terkait satu tujuan kalian dalam hidup serta
tambahkan pengendalian apa yang dilakukan atas resiko
tersebut.