Risk-based internal audit (RBIA) is an internal
methodology
In its most common sense, methodology is the study of research methods. However, the term can also refer to the methods themselves or to the philosophical discussion of associated background assumptions. A method is a structured procedure for bri ...
which is primarily focused on the inherent
risk
In simple terms, risk is the possibility of something bad happening. Risk involves uncertainty about the effects/implications of an activity with respect to something that humans value (such as health, well-being, wealth, property or the environ ...
involved in the activities or system and provide assurance that risk is being managed by the management within the defined risk appetite level. It is the
risk management
Risk management is the identification, evaluation, and prioritization of risks, followed by the minimization, monitoring, and control of the impact or probability of those risks occurring. Risks can come from various sources (i.e, Threat (sec ...
framework of the management and seeks at every stage to reinforce the responsibility of management and BOD (
Board of Directors
A board of directors is a governing body that supervises the activities of a business, a nonprofit organization, or a government agency.
The powers, duties, and responsibilities of a board of directors are determined by government regulatio ...
) for managing risk.
Overview
Risk based internal audit is conducted by internal audit department to help the risk management function of the company by providing assurance about the risk mitigation. RBIA allows internal audit to provide assurance to the board that risk management processes are managing risks effectively, in relation to the risk appetite.
Risk capacity
Is the maximum amount of risk that an entity can bear which is linked to capital, liquid assets, borrowing capacity etc. Maximum amount of bearable risk by an entity.
Risk appetite
It is the amount of risk that an entity (on broad level) willing to accept within its overall Capacity. It provides the threshold of acceptable risk and determining the risk appetite is continuous process, it can't be set once and leave.
Risk appetite is developed on the basis of risk level of company like risk hunger company may develop high risk appetite while risk averse company may develop low risk appetite level.
Risk
Risk is the potential of losing something of value, weighed against the potential to gain something of value. Risk hinders the achievement of objective and it has two attributes.
#Likelihood: Probability of Risk Event (P)
#Consequences: Impact of Risk Event (I)
In Risk based internal auditing two types of risks are considered.
;Inherent risk
Risk that existed in the absence of any action or control or modification of an event.
;Residual risk
Risk that remains after controls are implemented or we can say residual of inherent risk.
Risk register
It is a log that contains all of the information related to the risk management activities. It includes following details related to risk management activities.
It contains;
#Risks
#Potential response
#Root cause of risks
#Risk categories and ranking
Risk assessment
Allows an entity to understand the possibility and impact of risk event. Use two prospectives;
* Likelihood: Probability of risk event (P)
* Consequences: Impact of risk event (I)
See also
*
Cost auditing
A cost audit represents the verification of cost accounts and checking on the adherence to cost accounting plan. Cost audit ascertains the accuracy of cost accounting records to ensure that they are in conformity with cost accounting principles, ...
*
Technical audit
Technical audit (TA) is an audit performed by an auditor, engineer or subject-matter expert evaluates deficiencies or areas of improvement in a process, system or proposal. Technical audit covers the technical aspects of the project implemented in ...
References
{{reflist
Internal audit
Risk management in business