CHAPTER 3

1. What are the benefits of the internal audit function establishing a risk-based plan when
identifying the priorities of the internal audit activity?

Risk Based Internal Audit is a methodology that links internal auditing to an organisation's overall risk
management framework. The advantages of risk based audit approach are that the organisations
become proactive rather than being purely reactive, preventing the undesired effects and promoting the
continual improvements. Prevention setup is automatic when a management system is risk-based. The
following are the some of the advantages

 Management has identified, assessed and responded to risks.

 The responses to risks are effective but not excessive in managing inherent risks.
 Risk management processes, including the effectiveness of responses and the completion
ofactions, are being monitored by management to ensure they continue to operate effectively
 Risks, responses and actions are being properly classified and reported.

2. Describe three ways that internal auditors can better identify the risks related to the area
under review.

 Form of a list of risks

 Exercise people with an extensive knowledge of the program or process that will be
analyzed
 To use a prepared list

3. What are three internal and three external factors affecting a typical organization? How do
these factors affect the future prospects of the organization?

* INTERNAL FACTORS

Unlike the external environment, the company has control over these factors. It is important to
recognize potential opportunities and threats outside company operations. However, managing the
strengths of internal operations is the key to business success.

Organizational and operational

These are a part of the operational and administrative procedures. This includes disorganized or
inaccurate record keeping. Interruptions to your supply chain and outdated or faulty IT systems are also
factors you should evaluate. If you do not overcome these, your customers might see you as unreliable.
You can also lose all your data.

Strategic risks

These affect your firm’s ability to reach the goals in the business plan. They could be due to the impacts
of changes in technological evolutions or customer demand. These factors could pose as threats as they
can alter how customers perceive your product. Based on these, customers might think a product is
overpriced, dull and outdated.

Innovation

Your business needs innovation in order to keep up with competitors. It is essential to get one step
ahead. Innovation could come in the form of marketing. It could also be through promotional initiatives
in the marketing plan, staff training, and welfare. Embracing new technology is the best way to keep up
with technological advancements.A lack of innovation can pose a serious risk to a growing business. No
innovation will cause a company to remain boring. The company will become dull, stagnant and
irrelevant.

Financial

The financial risks depend on the financial structure of your business. It is also dependent on your
business transactions and the financial systems. For example, changes in interest rates or being overly
reliant on one customer could affect business.

Employee risks

Employees are vital to business success. But, there are risks associated with them. For an industry, strike
action could lead to a lot of problems.

* EXTERNAL FACTORS

The economy, politics, competitors, customers, and even the weather are all uncontrollable factors that
can influence an organization’s performance.

(P)olitical: The extent to which a government may influence the economy and thereby impact
organizations within a certain industry. This includes government policy, political stability, and trade and
tax policy.

(E)conomic: How economic conditions shift supply and demand to directly affect a company. This
includes economic growth or decline, and changes in interest and inflation rates.

(S)ocial: Changes in the sociocultural market environment that illustrate customer needs and wants.
This includes emerging trends, population analytics, and demographics.
(T)echnological: How innovation and development evolve a market or industry. This includes
automation, technology awareness and adoption rates, and new services or products.

(E)nvironmental: The ecological and environmental aspects that affect a company’s operations or
consumer demand. This includes access to renewable resources, weather or climate changes, and
corporate responsibility initiatives.

(L)egal: The current legal allowances or requirements within countries or territories in which an
organization operates. This includes health and safety requirements, labor laws, and consumer
protection laws.
4. Describe an event that has transformed or disrupted an industry and include: (1) An
example of an organization that benefited from that opportunity and (2) an example of
another organization that mismanaged it and suffered losses as a result.
5. List three organizations that provide lists of common vulnerabilities useful during a risk
assessment.
6. List three of the benefits of CSA programs.

 CSAs are designed to address the gap on management responsibilities

 CSAs require managers to think about the design and condition of their areas of responsibility,
and assess the presence and quality of the related controls.
 CSA programs require communication, linkage to internal audit results, providing feedback on
the gap analysis, and reinforcement

7. Describe three risks that are unique to each of the following two manufacturing
approaches: made to order (MTO) and made to stock (MTS).

 MTO (Make To Order)

- Irregular sale demands , Material stock falling behind , Customer wait times

 MTS ( Make To Stock)

- Unpredictable nature of consumer trends , Inventory levels , The difficulty making accurate
sales forecasts

8. Explain why internal auditors should consider bottlenecks, long cycle times, redundancies,
and reprocessing as operational risks.
9. What are the risk implications of outsourcing? Explain why management must remain
vigilant even if a process and related activities have been outsourced to another organization.
10. What are some of the practices expected of organizations to fight corruption and support
efforts to decrease institutional corruptions.
Business leaders, policy makers, internal auditors, and other stakeholders use Corruption Perception
Index (CPI) and other reports from TI as a gauge and input when performing risk assessments. Internal
auditors should examine where their organizations operate, where their suppliers operate and where
their customers reside, and evaluate the implications of their unique geographical network to their risk
profile. Higher corruption indicators would naturally suggest the need for more robust audit procedures.