4 T H EDITION

Internal Auditing:
Assurance &
Advisory Services

Internal Auditing: Assurance &Internal

AdvisoryAuditing:
Services,Assurance
4th Edition&©Advisory
2017 byServices,
the Internal
4th Edition
Audit Foundation.
© 2017 by the Internal Audit Foundation.
 CHAPTER 5

BUSINESS PROCESSES AND RISKS

Internal Auditing: Assurance &Internal

AdvisoryAuditing:
Services,Assurance
4th Edition&©Advisory
2017 byServices,
the Internal
4th Edition
Audit Foundation.
© 2017 by the Internal Audit Foundation.
Chapter 5: Business Processes and Risks

LEARNING OBJECTIVES
◼ Understand how organizations structure their
activities to achieve their objectives.
◼ Identify key business processes in an organization.
◼ Obtain an understanding of a given business process
and be able to document it.
◼ Understand basic types of business risks
organizations face.
◼ Identify and assess the key risks to an organization’s
objectives and how they are linked to business
processes.
◼ Develop an audit universe for an organization and
determine an annual internal audit plan based on key
business risks.
◼ Understand how to use risk assessment techniques
within assurance engagements.
◼ Obtain an awareness of the new risks that arise when
an organization outsources some of its key processes.

Internal Auditing: Assurance & Advisory Services, 4th Edition © 2017 by the Internal Audit Foundation.
Internal Auditing: Assurance & Advisory Services, 4th Edition © 2017 by the Internal Audit Foundation.
 Chapter 5: Business Processes and Risks

STANDARDS RELEVANT TO BUSINESS

PROCESSES AND RISKS

Internal Auditing: Assurance & Advisory Services, 4th Edition © 2017 by the Internal Audit Foundation.
Internal Auditing: Assurance & Advisory Services, 4th Edition © 2017 by the Internal Audit Foundation.
Chapter 5: Business Processes and Risks

BUSINESS PROCESSES

 How organizations structure their business to implement strategies

and achieve their business objectives
 Set of coordinated activities
 Types of business processes
• Operating processes
• Management and support processes
• Projects

Internal Auditing: Assurance & Advisory Services, 4th Edition © 2017 by the Internal Audit Foundation.
Internal Auditing: Assurance & Advisory Services, 4th Edition © 2017 by the Internal Audit Foundation.
Chapter 5: Business Processes and Risks

TYPES OF BUSINESS PROCESSES

Internal Auditing: Assurance & Advisory Services, 4th Edition © 2017 by the Internal Audit Foundation.
Internal Auditing: Assurance & Advisory Services, 4th Edition © 2017 by the Internal Audit Foundation.
Chapter 5: Business Processes and Risks

LEVELS OF PROCESS DESCRIPTION

Internal Auditing: Assurance & Advisory Services, 4th Edition © 2017 by the Internal Audit Foundation.
Internal Auditing: Assurance & Advisory Services, 4th Edition © 2017 by the Internal Audit Foundation.
Chapter 5: Business Processes and Risks

DOCUMENTING
PROCESSES

Internal Auditing: Assurance & Advisory Services, 4th Edition © 2017 by the Internal Audit Foundation.
Internal Auditing: Assurance & Advisory Services, 4th Edition © 2017 by the Internal Audit Foundation.
Chapter 5: Business Processes and Risks

DOCUMENTING PROCESSES

Internal Auditing: Assurance & Advisory Services, 4th Edition © 2017 by the Internal Audit Foundation.
Internal Auditing: Assurance & Advisory Services, 4th Edition © 2017 by the Internal Audit Foundation.
Chapter 5: Business Processes and Risks

DOCUMENTING PROCESSES

Internal Auditing: Assurance & Advisory Services, 4th Edition © 2017 by the Internal Audit Foundation.
Internal Auditing: Assurance & Advisory Services, 4th Edition © 2017 by the Internal Audit Foundation.
Chapter 5: Business Processes and Risks

Internal Auditing: Assurance & Advisory Services, 4th Edition © 2017 by the Internal Audit Foundation.
Internal Auditing: Assurance & Advisory Services, 4th Edition © 2017 by the Internal Audit Foundation.
Chapter 5: Business Processes and Risks

APPROACHES TO UNDERSTANDING THE

BUSINESS PROCESS

1. Strategic Top Down

 Start at entity level with organization’s
2. Business Process objectives
3. Risk Factor /  Identity key processes critical to success
Audit Universe  Match the key process to achieving the
objective
Approach
Bottom Up
 Start with processes at the activity level
 Then aggregate across the organization
 Works well for smaller organizations

Internal Auditing: Assurance & Advisory Services, 4th Edition © 2017 by the Internal Audit Foundation.
Internal Auditing: Assurance & Advisory Services, 4th Edition © 2017 by the Internal Audit Foundation.
Chapter 5: Business Processes and Risks

STRATEGIC APPROACH

Internal Auditing: Assurance & Advisory Services, 4th Edition © 2017 by the Internal Audit Foundation.
Internal Auditing: Assurance & Advisory Services, 4th Edition © 2017 by the Internal Audit Foundation.
Chapter 5: Business Processes and Risks

STRATEGIC APPROACH

Internal Auditing: Assurance & Advisory Services, 4th Edition © 2017 by the Internal Audit Foundation.
Internal Auditing: Assurance & Advisory Services, 4th Edition © 2017 by the Internal Audit Foundation.
Chapter 5: Business Processes and Risks

STRATEGIC APPROACH

Internal Auditing: Assurance & Advisory Services, 4th Edition © 2017 by the Internal Audit Foundation.
Internal Auditing: Assurance & Advisory Services, 4th Edition © 2017 by the Internal Audit Foundation.
Chapter 5: Business Processes and Risks

BUSINESS PROCESS APPROACH

Internal Auditing: Assurance & Advisory Services, 4th Edition © 2017 by the Internal Audit Foundation.
Internal Auditing: Assurance & Advisory Services, 4th Edition © 2017 by the Internal Audit Foundation.
Chapter 5: Business Processes and Risks

BUSINESS PROCESS APPROACH

Internal Auditing: Assurance & Advisory Services, 4th Edition © 2017 by the Internal Audit Foundation.
Internal Auditing: Assurance & Advisory Services, 4th Edition © 2017 by the Internal Audit Foundation.
Chapter 5: Business Processes and Risks

RISK FACTOR/AUDIT UNIVERSE

APPROACH

Definition of audit universe

Audit universe: the activities that the internal auditing function has identified
as auditable subjects, activities, units or functions.

Things to consider:
• audit charter
• mandatory coverage
• organization's formal structure

Internal Auditing: Assurance & Advisory Services, 4th Edition © 2017 by the Internal Audit Foundation.
Internal Auditing: Assurance & Advisory Services, 4th Edition © 2017 by the Internal Audit Foundation.
Chapter 5: Business Processes and Risks

RISK FACTOR APPROACH

Internal Auditing: Assurance & Advisory Services, 4th Edition © 2017 by the Internal Audit Foundation.
Internal Auditing: Assurance & Advisory Services, 4th Edition © 2017 by the Internal Audit Foundation.
Chapter 5: Business Processes and Risks

RISK FACTOR APPROACH

Internal Auditing: Assurance & Advisory Services, 4th Edition © 2017 by the Internal Audit Foundation.
Internal Auditing: Assurance & Advisory Services, 4th Edition © 2017 by the Internal Audit Foundation.
Chapter 5: Business Processes and Risks

EXAMPLE

Risk Control Matrix

Internal Auditing: Assurance & Advisory Services, 4th Edition © 2017 by the Internal Audit Foundation.
Internal Auditing: Assurance & Advisory Services, 4th Edition © 2017 by the Internal Audit Foundation.
Chapter 5: Business Processes and Risks

EXAMPLE

Internal Auditing: Assurance & Advisory Services, 4th Edition © 2017 by the Internal Audit Foundation.
Internal Auditing: Assurance & Advisory Services, 4th Edition © 2017 by the Internal Audit Foundation.
Chapter 5: Business Processes and Risks

EXAMPLE

Internal Auditing: Assurance & Advisory Services, 4th Edition © 2017 by the Internal Audit Foundation.
Internal Auditing: Assurance & Advisory Services, 4th Edition © 2017 by the Internal Audit Foundation.
Chapter 5: Business Processes and Risks

Internal Auditing: Assurance & Advisory Services, 4th Edition © 2017 by the Internal Audit Foundation.
Internal Auditing: Assurance & Advisory Services, 4th Edition © 2017 by the Internal Audit Foundation.
Chapter 5: Business Processes and Risks

TOOLS TO USE

Internal Auditing: Assurance & Advisory Services, 4th Edition © 2017 by the Internal Audit Foundation.
Internal Auditing: Assurance & Advisory Services, 4th Edition © 2017 by the Internal Audit Foundation.
Chapter 5: Business Processes and Risks

TOOLS TO USE

Internal Auditing: Assurance & Advisory Services, 4th Edition © 2017 by the Internal Audit Foundation.
Internal Auditing: Assurance & Advisory Services, 4th Edition © 2017 by the Internal Audit Foundation.
Chapter 5: Business Processes and Risks

TOOLS TO USE

Internal Auditing: Assurance & Advisory Services, 4th Edition © 2017 by the Internal Audit Foundation.
Internal Auditing: Assurance & Advisory Services, 4th Edition © 2017 by the Internal Audit Foundation.
Internal Auditing: Assurance & Advisory Services, 4th Edition © 2017 by the Internal Audit Foundation.
Internal Auditing: Assurance & Advisory Services, 4th Edition © 2017 by the Internal Audit Foundation.