Professional Documents
Culture Documents
What is RBIA?
The Institute of Internal Auditors defines Risk Based Internal Auditing (RBIA)
as:
a methodology that links internal auditing to an organisations overall risk
management framework
that allows internal audit to provide assurance to the board that risk
management processes are managing risk effectively, in relation to the
risk appetite
:( IIA)
.
.
RBIA Requirements
RBIA Requirements
RBIA Requirements
The inherent risks are recorded and assessed in some way that
permits them to be ranked in order of threat.
.
RBIA Requirements
RBIA Stages
:
Audit Visits
RBIA Stages
:
Throughput
Value of
Transactions
Stability
Complexity
Annual Audit
Planning
Management
Control
Environment
Time Since
Last Audit
RBIA Stages
:
First Stage
Second Stage
Planning
Execution
Reporting
Monitoring Progress
Third Stage
Fourth Stage
Audit Visits
Planning
Preparing Audit
/ Program
Preliminary desk
review
Drafting and
agreeing the
Execution
Compliance
Tests
Updating the
Risk Profile
Substantive
Tests
Conducting compliance tests (Tests of Controls) to check whether the existing internal
controls are being applied as prescribed
) (
Compliance tests results are reflected on the risk profile and in case some of the mitigating
controls are not working as intended, additional risks (weaknesses) are highlighted.
( )
Substantive tests are conducted -while concentrating on important weaknesses to check
whether risk have occurred and measure the resulting outcome.
.
Reporting
Communicate
Convince
Convincing the
Management by the results
and the value of the
recommendations
Highlighting the risks and
)related losses (if any
) (
) (
Monitoring Progress
Complying to the IIA standards, the chief audit executive must establish a followup process to monitor and ensure that management actions have been effectively
implemented or that senior management has accepted the risk of not taking
action (2500. A1).
)(
) (2500. A1
Rating Matrix
Key
Controls
Working
Within
Acceptable
Gap
1%-20%
Above
Acceptable
20%-40%
Above
Acceptable
>40%
Above
Acceptable
All
B+
Up to 80%
C+
50%-80%
20%-50%
<20%