Risk Management & Internal Audit (RMIA) Department

Transcript:Risk Management & Internal Audit (RMIA) Department:
Risk Management & Internal Audit (RMIA) Department STRUCTURE OF RMIA BOARD, AUDIT COMMITTEE (BAC) Director/RMIA (1) AD/RMIA (1) AM/RMIA (1) DIRECTOR GENERAL Audit Officer (1) Audit Officer (1) Secretary (1) MANDATE OF RMIA – INTERNAL AUDITING Overall objective and the purpose; “an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.” Source: International Professional Practices Framework (IPPF) Guided by: Internal Audit Charter Standards for the Professional Practice of Internal Auditing (of The Institute of Internal Auditing INTERNAL AUDITING -Specific objectives Review operations or programs; Provide reasonable assurance: reliability and integrity (financial and operational information); Check compliance to policies, procedures, laws and regulations; Assess if assets safeguarded; Effectiveness of the system of internal controls: Appraise economy /efficiency of resource utilization; Assist in effective and successful performance of responsibilities by providing analysis, appraisals and value adding recommendations and other pertinent information concerning the activities being reviewed AUDIT PROCESS Approved Annual Audit Plan after Risk Assessment Audit Notification letter Preliminary survey Kick off meeting Carrying out audit – Fieldwork Formal DRAFT audit report; Closing meeting: - issues & recommendations; - factual accuracy Management comments, implementation responsibilities and timelines; FINAL audit report, Presentation to BAC. Follow up ROLE OF AUDIT MANDATE OF RMIA – RISK MANAGEMENT Definition of ERM “… a process, effected by an entity's board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risks to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.” Source: COSO Enterprise Risk Management – Integrated Framework. 2004. The Committee of Sponsoring Organizations of the Treadway Commission (COSO) Definition of Risk Risk; The effect of uncertainty on objectives ISO 31000 Risk Management principles and guidelines Guided by: Treasury circular No.3/2009: Development & Implementation of Institutional Risk Management Policy Framework (IRMPF) in the Public Sector Risk Management Basics Risk (uncertainty) may affect the achievement of objectives. Effective mitigation strategies/controls can reduce negative risks or increase opportunities. Residual risk is the level of risk after evaluating the effectiveness of controls. Acceptance and action should be based on residual risk levels. Benefits of Risk Management Increase risk awareness – What could affect the achievement of objectives?