Leading the way in Enterprise Risk Management

Internal Audit

Internal Audit in KnowRisklogo-kr250

KnowRisk provides a technology platform that integrates the front-line risk management and compliance activities with internal audit functions, in effect giving checks and balances about the effectiveness or otherwise of the control environment.
Being independent of the business, Internal Audit plays a significant role in giving objective views about its findings in relation to business processes and procedures being followed in the strategic and operational contexts and to make recommendations for where improvements may be needed.

Module for Internal Audit

A KnowRisk module by definition relates to a particular type of risk strategy in which the scope or boundary of work is defined. CorProfit has built a range of modules for Internal Audit. Purchasing a pre-defined module has many benefits including saving time, quality of a proven approach, potential to avoid purchasing a point solution, reduced training costs and leveraging of your existing IT infrastructure. A Pre-defined KnowRisk Module consists of:

  • An overview of the Internal Audit strategy
  • Methods & Steps (the configuration file which the Subject Matter "Expert" or "Super User" work with to set the scope of fields and sequence of the process)
  • Forms with preconfigured look & feel.
  • Sample reports (some which may be used to set requirements to be charted in other tools such as BI / dashboards)
  • Start of a staff training guide that you tailor as needed.

Approximately three days of training are allocated to the handover of material to you, more advisable for better understanding of your needs. Working collaboratively, the final look and feel of Internal Audit Forms is undertaken during this handover period, prior to any implementation.

Methodology

CorProfit starts from where you are; from your current way of undertaking the particular risk strategy. Usually there are opportunities to make refinements to your approach based on some IP that CorProfit has. Alternatively you may prefer to just adopt the approach that CorProfit has designed into the module. Given the flexible nature of the KnowRisk software, you can adapt the module over time to take account of incorporating more aspects that are needed in the future, without you having to call CorProfit to perform specific customisation of the software.

An outline of the methodology is:

IA2

Look & Feel

A typical Form that staff will interact with is shown here.

  • Completely configurable.
  • Build in business rules (such as validation of what is reviewed) 
  • Build the workflow (have KnowRisk be proactive)
  • Create alignment with the Risk Management Process, integrating a seamless level of working between the two.

 

Internal Audit Graphics 1

In accordance with well established protocols, the Internal Audit Department prepares the annual Audit Plan which may take into consideration the level of risk being faced by the various business areas. It implements the Audit Plan in consultation with Board and reports to the Risk and Audit Committee (as appropriate to your organisation) on its findings. The more accepted practice is keeping the risk management functions at arm’s length from the internal audit function, where there are no formal relationships or routine information flows between Risk Management and the Internal Audit departments. However the Risk Framework does provide information flows where significant findings need to be brought to the attention of either party. Internal Audit expects the Risk Management function to be responsible for assisting business areas build their risk profiles and facilitate the risk processes. Internal Audit will be looking to see the completeness of risk identification, that risks have been rated and that a sound environment of key controls is in place. In some cases (for example smaller organisations) the Internal Audit Department also facilitates managing risks.

Looking for a solution to your problem?

We are here to help