Professional Documents
Culture Documents
منهجية المخاطر-Risk Methodology
منهجية المخاطر-Risk Methodology
The Internal Audit relies on a continuous risk assessment to carry out its duties (risk‐based
auditing), starting with the annual planning, semi‐annual plan review, preparing and
updating Internal Audit Programs, determining additional tasks, and others.
In order to adopt a comprehensive risk assessment, the Internal Audit is constantly aware
of the identified risks through:
- New activities and projects, and directions of the Organization (including the Strategic
Plan, SWOT Analysis, and others);
- Emerging trends and risks;
- New regulations and laws related directly or indirectly to the activities of the
Organization;
- Risks identified and other input by the Board of Trustees and the Management;
- The independent Internal Audit’s evaluation of the existing risks and the systems of
controls around them, as well as the emerging risks that were identified in the light of
developments affecting the Organization’s operations;
- Internal Audit’s gained information from previous audits as well as available data;
- The risk assessment available in the Organization from the “Risk Management”
department;
- Information acquired by communicating with the relevant parties in the Organization
ﻣﻨﻬﺠﻴﺔ اﳌﺨﺎﻃﺮ
ﺑﺪءاً ﳌﺨﻄﻂ،(Risk‐based auditing) ﺗﻌﺘﻤﺪ داﺋﺮة اﻟﺘﺪﻗﻴﻖ اﻟﺪاﺧﻠﻲ ﻋﻠﻰ ﺗﻘﻴﻴﻢ داﺋﻢ ﻟﻠﻤﺨﺎﻃﺮ ﻟﻠﻘﻴﺎم ﲟﻬﺎﻣﻬﺎ
. وﻏﲑﻫﺎ، ﲢﺪﻳﺪ اﳌﻬﺎم اﻹﺿﺎﻓﻴﺔ، ﲢﻀﲑ وﲢﺪﻳﺚ ﺑﺮاﻣﺞ اﻟﺘﺪﻗﻴﻖ اﻟﺪاﺧﻠﻲ، اﳌﺮاﺟﻌﺔ ﻧﺼﻒ اﻟﺴﻨﻮﻳﺔ،اﻟﺴﻨﻮي
ﺗﻄﱠﻠِﻊ داﺋﺮة اﻟﺘﺪﻗﻴﻖ اﻟﺪاﺧﻠﻲ ﺑﺸﻜﻞ ﻣﺴﺘﻤﺮ ﻋﻠﻰ اﳌﺨﺎﻃﺮ اﶈ ّﺪدة ﻣﻦ اﳌﺼﺎدر،ﺪف اﻋﺘﻤﺎد ﺗﻘﻴﻴﻢ ﺷﺎﻣﻞ ﻟﻠﻤﺨﺎﻃﺮ
:اﻟﺘﺎﻟﻴﺔ
وﻏﲑﻫﺎ(؛، SWOT analysis، اﻟﻨﺸﺎﻃﺎت واﳌﺸﺎرﻳﻊ اﳉﺪﻳﺪة وﺗﻮﺟﻬﺎت اﳌﺆﺳﺴﺔ )ﻣﻨﻬﺎ اﳋﻄﺔ اﻻﺳﱰاﺗﻴﺠﻴﺔ-
(؛emerging trends and risks) اﻻﲡﺎﻫﺎت واﳌﺨﺎﻃﺮ اﻟﻨﺎﺷﺌﺔ-
اﻟﻠﻮاﺋﺢ واﻟﻘﻮاﻧﲔ اﳉﺪﻳﺪة اﳌﺘﻌﻠﻘﺔ ﺑﻨﺸﺎﻃﺎت اﳌﺆﺳﺴﺔ ﺑﺸﻜﻞ ﻣﺒﺎﺷﺮ أو ﻏﲑ ﻣﺒﺎﺷﺮ؛-
ﳐﺎﻃﺮ ﳏ ّﺪدة أو ﻣﻌﻄﻴﺎت أﺧﺮى ﻣﻦ ﻗﺒﻞ ﳎﻠﺲ اﻷﻣﻨﺎء واﻹدارة؛-
ﻛﻤﺎ اﳌﺨﺎﻃﺮ اﻟﻨﺎﺷﺌﺔ اﻟﱵ ﺑﻨﻴﺖ ﻋﻠﻰ ﺿﻮء، ﺗﻘﻴﻴﻢ اﻟﺘﺪﻗﻴﻖ اﻟﺪاﺧﻠﻲ اﳌﺴﺘﻘﻞ ﻟﻠﻤﺨﺎﻃﺮ اﻟﻘﺎﺋﻤﺔ وأﻧﻈﻤﺔ اﻟﻀﻮاﺑﻂ ﺣﻮﳍﺎ-
اﳌﺴﺘﺠﺪات اﳌﺆﺛﺮة ﺑﻌﻤﻠﻴﺎت اﳌﺆﺳﺴﺔ؛
ﻣﻌﻠﻮﻣﺎت اﻟﺘﺪﻗﻴﻖ اﻟﺪاﺧﻠﻲ اﳌﻜﺘﺴﺒﺔ ﻣﻦ اﳌﺮاﺟﻌﺎت اﻟﺴﺎﺑﻘﺔ ﻛﻤﺎ اﳌﻌﻄﻴﺎت اﳌﺘﻮﻓﺮة؛-
-ﺗﻘﻴﻴﻢ اﳌﺨﺎﻃﺮ اﳌﺘﻮﻓﺮ ﰲ اﳌﺆﺳﺴﺔ ﻣﻦ داﺋﺮة "إدارة اﳌﺨﺎﻃﺮ"؛
-اﳌﻌﻠﻮﻣﺎت اﳌﻜﺘﺴﺒﺔ ﻋﻦ ﻃﺮﻳﻖ اﻟﺘﻮاﺻﻞ ﻣﻊ اﻷﻃﺮاف ذوي اﻟﺼﻠﺔ ﰲ اﳌﺆﺳﺴﺔ.
These risks are evaluated according to their impact and likelihood of occurrence as listed
in the following tables:
( ﲝﺴﺐ ﻣﺎ ﻫﻮ ﻣﺪرج ﰲ اﳉﺪاولLikelihood) ( واﺣﺘﻤﺎل ﺣﺪوﺛﻬﺎImpact) ﻳﺘﻢ ﺗﻘﻴﻴﻢ ﻫﺬﻩ اﳌﺨﺎﻃﺮ ﲝﺴﺐ ﺛﲑﻫﺎ
:اﻟﺘﺎﻟﻴﺔ
Materiality scale
Used to determine whether the misstatement as individual or aggregate materially misstated in
the financial statements. Moreover, those misstatements could be misleading the users who use
the financial information to make the incorrect decision.
When a misstatement occurs in the financial statements, identified individually or collectively,
then it will be evaluated by following the quantitative factors used in the table below.
To determine under which parameter the materiality misstatement will lay, we take the financial
factor that directly relates to the misstatement. In case it relates to multiple ones, we might take
the highest value of the financial factors. For example, higher sales revenue or total assets, and
then calculate the amount of percentage under each parameter, and compare the misstatement
with the amount of materiality misstatement.
Materiality Scale
Materiality Score 3 2 1
Financial impact of Significant Moderate Low
Sales Revenue 1% 0.5% and <1% <0.5%
Total Assets 2% 1% and <2% <1%
Gross Profit 2% 1% and <2% <1%
Shareholders’ Equity 5% 2% and <5% <2%
Net Profit 10% 5% and <10% <5%
Risk Matrix:
3 3 6 9
Likelihood
2 2 4 6
1 1 2 3
1 2 3
Impact
Risk Rating:
Low Medium High