KnowRisk provides a technology platform that integrates the front-line risk management and compliance activities with internal audit functions, in effect giving checks and balances about the effectiveness or otherwise of the control environment.
Being independent of the business, Internal Audit plays a significant role in giving objective views about its findings in relation to business processes and procedures being followed in the strategic and operational contexts and to make recommendations for where improvements may be needed.
Module for Internal Audit
A KnowRisk module by definition relates to a particular type of risk strategy in which the scope or boundary of work is defined. CorProfit has built a range of modules for Internal Audit. Purchasing a pre-defined module has many benefits including saving time, quality of a proven approach, potential to avoid purchasing a point solution, reduced training costs and leveraging of your existing IT infrastructure. A Pre-defined KnowRisk Module consists of:
Approximately three days of training are allocated to the handover of material to you, more advisable for better understanding of your needs. Working collaboratively, the final look and feel of Internal Audit Forms is undertaken during this handover period, prior to any implementation.
CorProfit starts from where you are; from your current way of undertaking the particular risk strategy. Usually there are opportunities to make refinements to your approach based on some IP that CorProfit has. Alternatively you may prefer to just adopt the approach that CorProfit has designed into the module. Given the flexible nature of the KnowRisk software, you can adapt the module over time to take account of incorporating more aspects that are needed in the future, without you having to call CorProfit to perform specific customisation of the software.
An outline of the methodology is:
Look & Feel
A typical Form that staff will interact with is shown here.
In accordance with well established protocols, the Internal Audit Department prepares the annual Audit Plan which may take into consideration the level of risk being faced by the various business areas. It implements the Audit Plan in consultation with Board and reports to the Risk and Audit Committee (as appropriate to your organisation) on its findings. The more accepted practice is keeping the risk management functions at arm’s length from the internal audit function, where there are no formal relationships or routine information flows between Risk Management and the Internal Audit departments. However the Risk Framework does provide information flows where significant findings need to be brought to the attention of either party. Internal Audit expects the Risk Management function to be responsible for assisting business areas build their risk profiles and facilitate the risk processes. Internal Audit will be looking to see the completeness of risk identification, that risks have been rated and that a sound environment of key controls is in place. In some cases (for example smaller organisations) the Internal Audit Department also facilitates managing risks.