01-28-2009, 02:02 PM
Risk Management is a terminology which is currently introduced in the field of audit. Infact is wide term which has been previously used in the business circles. But know many professional accounting bodies like ICMAP has recognized the concept of risk management with the subject of Audit. A subject naming Audit and Risk Management is being taught in the stage-V of ACMA course
<b>Risk Management</b>
The term risk management can be defined in the following words
Risk management is activity directed towards the assessing, mitigating (to an acceptable level) and monitoring of risks"
The concept of Risk is also very important with reference to the risk management. The concept can be defined in the following words
"Risk is a concept that denotes the precise probability of specific eventualities. Technically, the notion of risk is independent from the notion of value and, as such, eventualities may have both beneficial and adverse consequences. However, in general usage the convention is to focus only on potential negative impact to some characteristic of value that may arise from a future event".
In businesses, risk management entails organized activity to manage uncertainty and threats and involves people following procedures and using tools in order to ensure conformance with risk-management policies.
The strategies include transferring the risk to another party, avoiding the risk, reducing the negative effect of the risk, and accepting some or all of the consequences of a particular risk.
Some traditional risk management programs (e.g., health risk assessment) are focused on risks stemming from physical or legal causes (e.g. natural disasters or fires, accidents, ergonomics, death and lawsuits).
Financial risk management is main focused on auditing and internal control. The main object of audit is prevention of assets and frauds.
Risk management is mainly useful for internal auditors but also helpful for external auditors to successfully fulfill their legal and professional responsibilities.
Internal Audit has learnt through much experience that an audit approach must be flexible. The methodology used should take into consideration the needs of the individual client and the University environment and culture. Within this context Internal Audit expanded its risk management approach to auditing.
Risk management allows a consultative approach that can focus on the higher risk areas thus giving maximum value.
<b>Main Elements of Risk Management</b>
1. Establish the Context
2. Risk Identification
What are the risks associated with
Key services?
Impact of legislation?
Critical success factors?
3. Risk Analysis/Assessment
Is the combination of likelihood and consequences (will range from minor to major)
What are the existing controls? Are they adequate?
Likelihood and consequences with existing controls in place. (Level of risk is mitigated by internal controls and systems).
Use experience, judgment and intuition for the qualitative review
4. Risk Treatment
Where identified high risks are not mitigated by good internal controls and systems these areas will be the major focus of the audit review and subsequent recommendations.
5. Monitoring and Review
All audit recommendations are monitored and are subject to follow up audits. Progress reports must be submitted to audit as recommendations are implemented
Awais Aftab
<b>Risk Management</b>
The term risk management can be defined in the following words
Risk management is activity directed towards the assessing, mitigating (to an acceptable level) and monitoring of risks"
The concept of Risk is also very important with reference to the risk management. The concept can be defined in the following words
"Risk is a concept that denotes the precise probability of specific eventualities. Technically, the notion of risk is independent from the notion of value and, as such, eventualities may have both beneficial and adverse consequences. However, in general usage the convention is to focus only on potential negative impact to some characteristic of value that may arise from a future event".
In businesses, risk management entails organized activity to manage uncertainty and threats and involves people following procedures and using tools in order to ensure conformance with risk-management policies.
The strategies include transferring the risk to another party, avoiding the risk, reducing the negative effect of the risk, and accepting some or all of the consequences of a particular risk.
Some traditional risk management programs (e.g., health risk assessment) are focused on risks stemming from physical or legal causes (e.g. natural disasters or fires, accidents, ergonomics, death and lawsuits).
Financial risk management is main focused on auditing and internal control. The main object of audit is prevention of assets and frauds.
Risk management is mainly useful for internal auditors but also helpful for external auditors to successfully fulfill their legal and professional responsibilities.
Internal Audit has learnt through much experience that an audit approach must be flexible. The methodology used should take into consideration the needs of the individual client and the University environment and culture. Within this context Internal Audit expanded its risk management approach to auditing.
Risk management allows a consultative approach that can focus on the higher risk areas thus giving maximum value.
<b>Main Elements of Risk Management</b>
1. Establish the Context
2. Risk Identification
What are the risks associated with
Key services?
Impact of legislation?
Critical success factors?
3. Risk Analysis/Assessment
Is the combination of likelihood and consequences (will range from minor to major)
What are the existing controls? Are they adequate?
Likelihood and consequences with existing controls in place. (Level of risk is mitigated by internal controls and systems).
Use experience, judgment and intuition for the qualitative review
4. Risk Treatment
Where identified high risks are not mitigated by good internal controls and systems these areas will be the major focus of the audit review and subsequent recommendations.
5. Monitoring and Review
All audit recommendations are monitored and are subject to follow up audits. Progress reports must be submitted to audit as recommendations are implemented
Awais Aftab
