Scribd
Upload
88 views2 pages

IIA Australia - Internal Audit Management Risks & Issues

This document discusses risks and issues that may affect an internal audit function's ability to achieve its strategic objectives. It provides definitions of internal audit and risk, describes four types of internal audit risk assessments, and lists examples of specific risks such as capacity, competency, reputation, and talent attraction and retention.

Uploaded by

Rubel Khan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
88 views2 pages

IIA Australia - Internal Audit Management Risks & Issues

This document discusses risks and issues that may affect an internal audit function's ability to achieve its strategic objectives. It provides definitions of internal audit and risk, describes four types of internal audit risk assessments, and lists examples of specific risks such as capacity, competency, reputation, and talent attraction and retention.

Uploaded by

Rubel Khan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 2

Connect Support Advance

Factsheet: Internal Audit


Management Risks and Issues
This resource was prepared after the ‘Global Internal Audit Standards’ were published in 2024
Definitions 2. Risk assessment of the organisation environment to
ascertain risks to be considered when developing the
Internal Audit is: internal audit plan
An independent, objective assurance and advisory 3. Risk assessment for individual internal audit engagements
service designed to add value and improve an and services to ascertain risks applicable to the topic to
organisation’s operations. It helps an organisation be audited
accomplish its objectives by bringing a systematic,
disciplined approach to evaluate and improve the 4. Risk assessment for individual internal audit engagements
effectiveness of governance, risk management and and services to ascertain risks that may affect successful
control processes. completion of an individual internal audit engagement or
Global Internal Audit Standards service
Risk is: Risks Affecting the Internal Audit Function Achieving
its Strategic Objectives
The positive or negative effect of uncertainty on
objectives This Factsheet concentrates on risk assessment type 1:
Note – This is the definition as set out in the ‘Global Internal Audit
Standards’. Many organisations prefer the definition in AS ISO
31000:2018 ‘Risk management – Guidelines’. Application of the ‘Global Risk assessment to ascertain specific risks that may
Internal Audit Standards’ is not dependent on the definition of risk used. affect the internal audit function achieving its strategic
objectives.
An Issue is:
This risk assessment includes foundational internal audit
An issue is an important topic or set of circumstances components and considers such areas as:
that must be addressed by the organisation. It might
be a source of risk that cannot be ignored or it might › Strategy.
be the consequence of a risk crystallising. In risk
management, issue refers to something that has › Governance.
happened while a risk might happen.
Institute of Internal Auditors-Australia › People and resourcing.

Internal Audit Risk Assessment Types › Service delivery.

The IIA-Australia Factsheet ‘Internal Audit Risk Assessment’ › Technology enablement.


(2023) describes four internal audit risk assessment types:
› Reporting results.
1. Risk assessment to ascertain specific risks that may
affect the internal audit function achieving its strategic Internal audit function risks and issues affecting its ability to
objectives achieve its strategic objectives may include:

Capacity Internal audit may not have sufficient resources to deliver on its objectives
Competency Internal audit may not have the right resources to provide the range of assurance services the
organisation needs for example digital / operational technology / projects and business initiatives
Confidentiality Confidential data may be released accidentally or deliberately
Conflict of Interest Conflict of interest processes may not be fit-for-purpose or adequately managed leading to loss of
independence and objectivity
Digital Enablement Internal audit may not react swiftly to digital assurance requirements
Digital Capability Internal audit resource capability may not be digital ready
Health and Safety People may be subject to physical or mental injury because there are inadequate safety
management processes including for psychosocial risk

For more information, please call +61 2 9267 9155 or visit www.iia.org.au
© 2024 - The Institute of Internal Auditors - Australia
Connect Support Advance
ICT Internal audit specific ICT systems may not be available for a prolonged period that affects internal
audit ability to provide ongoing service delivery
Innovation Internal audit may not respond to new ideas or changed conditions
Integrated Assurance The organisation assurance environment may have duplication and gaps which leads to
Across all 3 Lines misallocation of internal audit resources
Internal Audit Agility Internal audit may not be sufficiently agile or have the set of services to quickly respond to
organisation needs
Internal Audit Internal audit may not establish its own robust governance processes
Governance
Internal Audit Quality Internal audit quality processes may not be sufficiently effective to ensure the quality and
credibility of internal audit services
Internal Audit Internal audit may be seen as old fashioned and not relevant
Relevance
Internal Audit Strategy The internal audit function may not adopt an effective strategy to set it up as a key agent of
change delivering the right internal audit services that support the strategic objectives and success
of their organisation, align with contemporary internal audit practice, and meet stakeholder
expectations
Lessons Learned Internal audit lessons from the past may not be captured to improve future outcomes
‘Problem Finder’ versus Internal audit may be seen to bring a negative rather than positive contribution
‘Problem Solver’
Performance There may be an expectation gap in delivery by co-sourced experts
Management of Co-
sourced Experts
Project Management Internal audit projects may not be adequately managed leading to failures, delays and cost over-
runs
Regulatory The internal audit function may not conform with regulatory requirements
Reputation The internal audit function’s reputation may be damaged by poor service delivery
Service Provider Conflict of interest processes for internal audit service providers may not be fit-for-purpose or
Conflict of Interest adequately managed leading to loss of independence and objectivity as a result of non-audit work
performed by a service provider
Soft Skills Internal auditors may not have the soft skills necessary to be successful
Stakeholder Stakeholders may not value the internal audit contribution
Engagement
Strengthening Business Internal audit services may not be aligned to the organisation strategy / objectives / risk profile
Alignment
Talent Attraction and Internal audit may not attract and retain the talent it needs
Retention
Training The internal audit workforce may not be adequately trained to safely and effectively perform their
work roles

Useful References
International Internal Auditing Standards Board, 2024. Global
Internal Audit Standards. [Online]
Available at: https://www.theiia.org/globalassets/site/
standards/globalinternalauditstandards_2024january9_
printable.pdf

The Institute of Internal Auditors - Australia, 2023. Factsheet:


Internal Audit Risk Assessment. [Online]
Available at: https://iia.org.au/technical-resources/fact-sheet/
iia-australia-factsheet-internal-audit-risk-assessment

For more information, please call +61 2 9267 9155 or visit www.iia.org.au
© 2024 - The Institute of Internal Auditors - Australia

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy