Assessing and Managing Strategic Risks
Richard J. Anderson, CPA, and Mark L. Frigo, PhD, CPA, CMA
Research on internal audit stakeholders conducted as part of The IIA’s Common Body of Knowledge (CBOK) 2015 study confirms that executive management and directors expect and value internal audit expanding its roles to include both providing assurance over the organization’s strategic risks and assisting management to enhance their risk management processes over strategic risks.
While the book discusses key concepts and possible roles and activities for internal audit related to strategic risks, the primary focus of the book is on two key processes: the assessment of strategic risks and strategic risk management. It provides frameworks on strategy and strategic risks and a basic strategic risk assessment methodology. Also included are helpful tools such as strategy maps, risk heat maps, a strategic risk management diagnostic, and detailed process charts.
This book is designed to provide internal auditors with sound, practical advice that can better enable them to meet this critical challenge and add this dimension to their existing risk assessment processes.
Audit Planning: A Risk-Based Approach
K.H. Spencer Pickett
More now than ever before, auditing is in the spotlight; legislators, regulators, and top executives in all types of businesses realize the importance of auditors in the governance and performance equation. Previously routine and formulaic, internal auditing is now high-profile and high-pressure! Being an auditor in today's complex, highly regulated business environment involves more than crunching the numbers and balancing the books; it requires ensuring that appropriate checks and balances are in place to manage risk throughout the organization. Designed to help auditors in any type of business develop the essential understanding, capabilities, and tools needed to prepare credible, defensible audit plans, Audit Planning: A Risk-Based Approach helps auditors plan the audit process so that it makes a dynamic contribution to better governance, robust risk management, and more reliable controls. Invaluable to internal auditors facing new demands in the workplace, this book is also a "hands-on" reference for external auditors, compliance teams, financial controllers, consultants, executives, small business owners, and others charged with reviewing and validating corporate governance, risk management, and controls. Audit Planning: A Risk-Based Approach gives new auditors principles and methodologies they can apply effectively and helps experienced auditors enhance their skills for success in the rapidly changing business world.
Become a Strategic Internal Auditor: Tying Risk to Strategy
Paul L. Walker, PhD, CPA
Businesses today are spending more time on strategic issues and seeking more help from those with strategic capabilities. This has created a unique opportunity for internal auditors to help their organizations both manage their risks and achieve their strategic goals.
In Become a Strategic Internal Auditor, you can learn how leading internal audit functions work with management to play a role in strategic initiatives.
• Stay connected to the business.
• Get involved earlier in the life cycle of strategic projects.
• Use ERM to raise risk and strategy questions.
• Employ leading-edge risk assessments to gain knowledge for strategic initiatives.
• Identify new skill sets needed to engage in strategic planning.
Become a Strategic Internal Auditor is based on multiple interviews and case studies at ADP, VMware, Raytheon, Harley-Davidson, and other leading organizations. It provides practical information that you can use to become a trusted strategic advisor for your organization.
Combined Assurance: Case Studies on a Holistic Approach to Organizational Governance
Gerrit Sarens, CIA, Loïc Decaux, and Rainer Lenz, CIIA, CMIIA
Risks today are so diverse that the internal audit function cannot provide assurance on its own; auditors have to coordinate with other assurance providers. Nevertheless, assurance providers often work in silos, leading to inefficiencies, inconsistencies, and a lack of transparency.
There is a clear need to combine and coordinate reporting from various assurance providers.
To meet this need, the concept of combined assurance has been introduced, providing a holistic approach to risk management and assurance. For the first time, internal audit researchers have provided an in-depth look at how six multinational organizations are in the process of implementing and benefiting from combined assurance.
Combined Assurance: Case Studies on a Holistic Approach to Organizational Governance provides:
• Critical success factors
• Methods to overcome challenges
• Leadership strategies for internal audit
COSO - Internal Control - Integrated Framework and Compendium - Bundle
American Institute of Certified Public Accountants (AICPA)
Save when you purchase the Internal Control – Integrated Framework and Compendium Bundle
Issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO), the 2013 Internal Control–Integrated Framework (Framework) is expected to help organizations design and implement internal control in light of many changes in business and operating environments since the issuance of the original Framework in 1992. The new Framework retains the core definition of internal control and the five components of internal control, and it continues to emphasize the importance of management judgment in designing, implementing, and conducting a system of internal control, and in assessing its effectiveness. It broadens the application of internal control in addressing operations and reporting objectives, and clarifies the requirements for determining what constitutes effective internal control. The Framework is comprised of three volumes including the following: Executive Summary – This provides a high-level overview intended for the board of directors, chief executive officer, and other senior management. The Executive Summary:
• Lays out the definition, and limitations, of internal control, and the requirements for an effective system of internal control, including a description of the roles of components and principles.
• Highlights several important enhancements and clarifications that are intended to ease use and application of the Framework.
Framework and Appendices – The Framework and Appendices sets forth the five components and seventeen principles of an effective system of internal control, illustrates many approaches and examples relating to entity objectives, and provides direction for all levels of management to use in designing, implementing and conducting a system of internal control, and in assessing its effectiveness. The Framework assists management, boards of directors, external stakeholders, and others interacting with the entity in their respective duties regarding an entity's system of internal control without being overly prescriptive. The Appendices provide additional reference material, including:
• A glossary of key terminology, a discussion of roles and responsibilities of both responsible and external parties,
• A discussion of the methodology used for revising the Framework,
• A discussion of comment letters received during the public exposures of the proposed drafts of the Framework,
• A summary of changes to the COSO Internal Control-Integrated Framework (1992), and
• A comparison with the COSO Enterprise Risk Management-Integrated Framework.
Illustrative Tools for Assessing a System of Internal Control (Tools) – The Tools provide illustrative templates and scenarios that may be useful in applying the Framework. It can help management in assessing whether a system of internal control meets the requirements for effective internal control.The scenarios illustrate several practical examples of how the templates can be used to support an assessment of effectiveness of a system of internal control. The templates and scenarios focus on evaluating components and relevant principles, not the underlying controls (e.g., transaction level control activities) that affect the relevant principles. Customizable templates included with your purchase!
You will receive a link inside of the book to an Excel file containing four different templates from the Illustrative Tools, including:
• Overall Assessment
DeficienciesYou may customize the blank templates to match the facts and circumstances in your particular organization for your assessment process.The Bundle also incudes: Internal Control Over External Financial Reporting: A Compendium of Approaches and Examples — This publication has been developed to assist those users of the Internal Control – Integrated Framework (2013) who are responsible for designing, implementing, and conducting a system of internal control over external financial reporting that supports the preparation of financial statements and other external financial reporting.
COSO Enterprise Risk Management - Integrating with Strategy and Performance
Committee of Sponsoring Organizations of the Treadway Commission
This new 2017 update highlights the importance of considering risk in both the strategy-setting process and in driving performance. The first part of this updated publication offers a perspective on current and evolving concepts and applications of enterprise risk management. The second part, the Framework, is organized into five easy-to-understand components that accommodate different viewpoints and operating structures, and enhance strategies and decision-making.
In short, this update:
• Provides greater insight into the value of enterprise risk management when setting and carrying out strategy.
• Enhances alignment between performance and enterprise risk management to improve the setting of performance targets and understanding the impact of risk on performance.
• Accommodates expectations for governance and oversight.
• Recognizes the globalization of markets and operations and the need to apply a common, albeit tailored, approach across geographies.
• Presents new ways to view risk to setting and achieving objectives in the context of greater business complexity.
• Expands reporting to address expectations for greater stakeholder transparency.
• Accommodates evolving technologies and the proliferation of data and analytics in supporting decision-making.
Driving Audit Value (Vol. I): Audit Function Strategy
Audit Function Strategy differs from all the other books about Internal Audit, in the way it combines the theoretical knowledge and the best practice frameworks with the practical experiences of a seasoned CAE:
• This is the first and only book that develops a clear strategy for the IA Function. It reflects on the IA Function from an entirely new perspective by defining its added value, how this added value can be measured, and how this added value can be attained through value drivers and value enables.
• The IA Function Strategic Model© provides transparency for the main success principles for an IA Function, providing a unique new frame of reference for understanding and managing audit strategy at the IA Function level.
This book includes the practical experiences, examples, tips and foremost solutions, from a seasoned CAE. The content of this book draws upon 28 years of business experience, of which 16 years as leader of Internal Audit Functions of globally operating corporations.
Driving Audit Value, Vol. II - Audit Risk Management
The best practice strategy guide for minimizing the audit risks and achieving the Internal Audit strategies and objectives Audit Risk Management is the best practice guide for ensuring internal audit's success in the company. Follow the strategic risk management principles explained in this book to becoming successful in achieving the objectives of the audit function. Apply the fundamental audit risk management principles and a successful career as CAE is easily attainable.
Companies lose over $100 billion a year due to corporate scandals. Where were the internal auditors? Think about the VW diesel emissions scandal, the Yahoo hacking scandal, the BP oil spill scandal or the Petrobras corruption scandal. When the 1st and 2nd Lines of Defence failed to prevent these scandals, could the 3rd Line of Defence, the Internal Auditors, have prevented these? The answer can be yes, if those Internal Audit Functions would have managed their audit risks. The Beumer Audit Risk Management Model© shows the strategic audit risk management framework for the audit risk identification, measurement and mitigation. The model connects 60 audit risks, in 6 audit risk categories, to 30 audit objectives. Depending on the audit risk appetite and the audit risk prevention, the CAE can apply up to 66 audit risk mitigation measures for reducing the audit risks to an acceptable level.
Driving Audit Value, Vol. III - Audit Engagement Strategy
Audit Engagement Strategy& is the best practice guide for implementing a value-added internal audit engagement strategy. Follow the strategic principles and become successful in achieving the objectives of the audit engagements. Apply the fundamental success principles described in this book and your audit engagements will generate the desired added value.& Audit Engagement Strategy& differs from all the other books about internal audit, in the way it combines the theoretical knowledge with the practical experiences of a seasoned CAE:
• This is the first and only book that develops a clear strategy for the internal audit engagements. It reflects on the audit engagements from an entirely new perspective by defining its added value and how this added value can be attained through the value drivers and value enables.
• The Beumer Audit Engagement Strategic Models©& provide transparency for the main success principles for an internal audit engagement, presenting a unique new frame of reference for understanding, managing and deploying the audit strategy at the audit engagement.
This book includes the practical experiences, examples, tips and foremost solutions, from an experienced CAE. The content of this book draws upon 28 years of business experience, of which 16 years as leader of audit functions of globally operating corporations.
Fraud Risk Assessment: Building a Fraud Audit Program
Leonard W. Vona
Billions of dollars a year are lost to business fraud. Is your business next?
Times are changing. At one time, it was not directly an auditor's responsibility to detect fraud, and even professional standards avoided the word "fraud." Today, it is accepted that the auditor has an obligation to respond to the risk of fraud. In Fraud Risk Assessment: Building a Fraud Audit Program, author and industry expert Leonard Vona reveals a fraud audit approach that helps you answer the following questions within your own organization:
• Who may be committing fraud within my organization?
• What type of fraud should I be looking for?
• Should fraud be viewed as an inherent risk?
• How might fraud opportunity impact internal controls?
• How might fraud be concealed within our business systems?
• How can we incorporate the fraud theory into our audit approach?
• How should we use fraud auditing to detect fraud?