Study Guide on overall Chapters Flashcards
The core role of internal audit in an organisation is to:
provide assurance that the main business risks are being managed and that internal controls are operating effectively. Internal audit thus takes holistic view of risk and control and works closely with the risk managers to ensure that the recommended risk management procedures are being followed.
The main functions of internal audit is:
To ensure the adequacy of financial operational and management controls which means that once the decision to purchase overseas properties has been made, it will be important for internal audit to verify that the risk management policies for property purchase are followed to the letter. This answer assumes that such policies are in place and fully documented, and that the management of compliance is the responsibility of the internal audit function.
Risk management process and it’s purpose
Risk management is the process of identifying risks facing an organisation, assessing the scale of the risk (in terms of likelihood and consequences). A risk response strategy is determined for each risk that takes into account the organisation’s risk appetite, and a system of controls are put in place for the reporting and management of risks. There needs to be a risk treatment or response strategy whereby risks are managed through alternative courses of action: stopping an activity; influencing either or both the likelihood or impact of the risk; sharing risk through techniques such as insurance; or the risk may be accepted. One of the strategies for managing risk is internal control.
Importance of risk management
Risk management improves the ability to respond to and mitigate risks that occur; it minimises surprises; enables advantage to be taken of opportunities; maintains the organisation’s reputation; and helps the organisation to be socially responsible and be seen as a good corporate citizen. It is important, while recognizing all 200+ risks, to especially emphasize risk management for the major identified risks identified in the scenario.
Relationship of risk management with internal control system
An internal control system includes all the policies and procedures necessary to ensure that organisational objectives are achieved including the orderly and efficient conduct of the business; the safeguarding of assets; the prevention and detection of fraud and error; the accuracy and completeness of the accounting records; and the timely preparation of reliable financial information.
Board of Directors (BoD) responsibilities
The BOD is responsible for the company’s system of internal controls. It should set appropriate policies on internal controls and seek regular assurance that will enable it to satisfying self that the system is functioning effectively. The board must further ensure that the system of internal controls is effective in managing risks in the manner which it has approved.
the BoD’s deliberations should include consideration of the following factors
- The nature and extent of the risks facing the company
- The extent and categories of risk which it regards as acceptable for the company to bear;
- The likelihood of the risks concerned materialising;
- The company’s ability to reduce the incidence and impact on the business of risks that do materialise; and
- The costs of operating particular controls relative to the benefit thereby obtained in managing the related risks.
Risk management strategies include:
- TRANSFERring the risk to another party
- AVOIDING the risk
- REDUCING the negative effect of the risk, and
- ACCEPTING some of all of the consequences of a particular risk
Objective of risk management
reduce different risks related to a preselected domain to the level accepted by society. It may refer to numerous types of threats caused by environment, technology, humans, organisation and politics. On the other hand, it involves all means available for humans, or in particular, for a risk management entity (person, staff, organisation).
An anti-fraud strategy components
- Prevention
- Detection
- Deterrence
- Response
Fraud prevention techniques
- The introduction of policies
- Procedures and controls
- Activities such as training and fraud awareness to stop fraud from occurring
On of the most effective ways to deal with the problem of fraud is to:
- adopt methods that will decrease motive;
- restrict opportunity
- limit the ability for potential fraudsters to rationalise their actions
- remove temptation
Why fraud prevention is needed?
- It is profitable
2. Fraud prevention activities can help ensure the stability and continued existence of a business.
Fraud detection should involve
- Use of analytical; and
- Other procedures to highlight anomalities,
- Introduction of reporting mechanisms that provide for communication of suspected fraudulent acts.
Key elements of a comprehensive fraud detection system would include
- Exception reporting
- Data mining
- Trend analysis; and
- Ongoing risk assessment