Risk-oriented analysis applying the internal audit

In recent years, risk-based audit as an important audit principles and practices, increasingly widely used in various types of audit practice. The Application of the internal audit risk-based audit, internal audit department for the reasonable and efficient allocation of audit resources to further improve the audit quality control audit risk have an important role. The introduction of risk-based audit, internal audit for the law conform to business development, strengthen self-construction, better play, "immune system" also has far-reaching implications.

First, the internal audit risk-based audit is an inevitable trend.

For internal audit, the so-called risk-based audit refers to internal auditors and internal risk control systems to fully understand and evaluate, based on the analysis, to determine the likelihood of risk and its impact, the establishment of the audit risk model and risk rating criteria, develop corresponding internal audit strategy, audit plan and audit procedures, allocation of audit resources to focus on high risk areas, internal audit risk will be reduced to an acceptable level of audit model. concerned about the risk-based audit target high-risk areas of the audit, it will risk identification, analysis and evaluation throughout the audit work has always been, only apply risk-based audit practice of the audit, the audit can also be applied to business planning, and establish enterprise-wide risk management system phase matching system audit policy. Therefore, risk-based audit of the audit is not just a technology, it is the result of the audit concept generated by the change in audit mode, the audit approach innovation.

Economic and social development and the evolution of modern business management techniques is the risk-based audit of the root causes. First, changes in business environment, the expansion of business scale, the extension of the value chain, the increase in types of business, as well as the diversification of trading, business risk are the increasingly complex and varied, but also to the audit environment has changed dramatically. internal audit in conditions of limited audit resources, continue to implement the detailed audit is no longer realistic. Second, enterprises in accordance with the requirements of the capital market, or the on improving profitability and remain competitive considerations, step by step evolution of a comprehensive risk management, strategic management, and other modern management techniques, as the risk-based audits have laid a theoretical foundation. Third, the internal audit in enterprise risk management internal control increasing emphasis on the role of management, business trust of the internal audit department the constant increase, they want to be able to advance with the times of internal audit, business management in the timely detection of loopholes and fraud control. In this context, the internal audit In order to avoid increasing the risk of audit, based on the understanding and assessment of risk to develop the audit strategy and audit plan, risk-based audit of the introduction of the practice of internal auditing has become an inevitable choice.

Second, the risk-based audit will evaluate their overall risk analysis as the basis for audit.

With the traditional audit methods are more risk-based audit of the audit idea and brought a significant shift in audit methods. Risk-based audit is not only dependent on the internal control system design and implementation of testing and evaluation, but also extended to the audit perspective internal and external environment of enterprises, corporate governance, strategic management, and other aspects of the comprehensive risk assessment, audit, internal audit staff has always reasonable professional care, and risk assessment techniques and analytical review procedures applied to the whole process of audit.

(A strengthening of the audit risk awareness, expanding the scope of the audit, the audit of internal control testing center before the move from the corporate level risk assessment, continuous, dynamic risk assessment throughout the entire audit process. Risk-based audit is no longer simply a direct implementation of internal control evaluation, but rather through the business environment, development strategy, corporate governance, risk assessment strategies, etc., to identify potential risk management, and its gradual decomposition to specific business processes and internal control activities, which determine the scope and focus of the audit.

(B greater emphasis on the use of analytical procedures. In the risk assessment process, multi-level, multi-line, multi-dimensional analytical review procedures to be applied more frequently, for any audit objects, are measures that will be the first use of analytical review risk areas. of a wider range, from the accounting statements and other data analysis after the event, extended to the company's strategy, risk management system, results of operations, comprehensive budget and other risk management point of data analysis, a more scientific analysis tools, through the introduction of the computer audit techniques, and strengthen the text, data processing analysis capabilities, also make the audit sample results are more reasonable, more diverse analysis of the object, of all financial and non-financial data analysis procedures can be used. through analytical procedures can be found in multi-angle the same risk event in different business areas, the various representations of different aspects of the process, making risk assessment more reliable.

(C enhanced audit program targeted to improve efficiency in the use of audit resources. The risk assessment process so that the internal audit staff on important business risk with a more intuitive and comprehensive understanding of standards and quantification of risk control measures to be taken in the risk assessment process has gradually clear, easy to develop for different types of risk, the implementation of personalized audit procedures. the means of risk assessment and audit procedures combine to focus audit resources targeted to key risk areas and promote their efficient allocation and utilization, and improve audit efficiency.

Third, in-depth practice of risk-based internal audit concept for development of internal audit to create opportunities.

(One Application of risk-based audit, the overall quality of the internal audit staff put a higher demand, will lead the internal audit agency audit team building emphasis. Positive change in the current mode of development companies pay more attention to the development of quality and efficiency of the internal audit profession requires company can continue to adapt to the level of development and change, but corresponding to the internal auditors lack of widespread knowledge management, lack of experience of such issues is not strong, difficult to forge a keen professional ability to judge, unable to adapt to risk-based audit requirements . Therefore, the internal audit should be risk-based audit of the Application as an opportunity to increase the vocational training, the introduction of corporate governance, legal, information technology professionals, to optimize the professional structure of the audit. strive to expand the audit staff on macroEconomic, strategic management, performance management, marketing, information technology, mathematical statistics, the composite knowledge, foster Economic policies, laws and regulations, the ability to grasp, and the ability to understand and analyze the risks, the risks in the complicated world to maintain an attitude of professional prudence and independence, the use of the system, the strategic point of view in which a full assessment of the internal and external business environment and the adequacy of control measures to reduce audit risk. [Research Papers Download hi138 \ Com]

(B prompted the audit of internal audit agency to promote information technology, and actively use information technology audit tools to improve audit efficiency. Risk-based audit requirements of the internal audit staff in the audit process, collect enough environment, strategy, management, budgets, reports, statistics and other financial and non-financial data in order to fully assess the risk of the corporate level, the internal auditors also need to analyze the data collected, processed, refined, but the data collection and analysis, audit personnel manual alone is difficult achieved. internal audit should be established within the enterprise group of powerful information systems, and management information systems and core business systems embedded audit module, or the establishment of information systems and internal audit data interface, first, to achieve more efficient various types of data acquisition, collection, review, collation, analysis, and second, to make audits more representative sampling, to reduce subjective judgments and the third is to achieve production and operational data of the real-time monitoring, is conducive to what the risk analysis , early warning and subsequent risk assessment, prompted to meet the internal audit staff to conduct risk evaluation.

(C actively promote the establishment of a sound internal control system, improve risk-oriented internal audit system. Application of risk-based audit method, which requires first of all internal audit staff understand the company from the risk management and internal control to start, so the sound system of internal control the degree of risk and internal audit costs are directly related. To the extent possible, reduce audit risk, internal audit organizations should fully implement monitoring, evaluation and advisory functions, internal audit to actively play a role in the overall risk management, promoting the company establish a sound internal control system, strengthening the institutional basis of risk management. Meanwhile, with the state audit regulations, guidelines, comprehensive risk management requirements and the needs of the company's existing rules and regulations to conduct a comprehensive audit of combing and optimize and improve risk-based audit of the specific procedures and methods of risk based audit rules to follow.

Although the Application of risk-based audit of the original intention was to improve audit efficiency of resource use, but because of the risk assessment test the depth, breadth increases, and human resources, information systems investment, will bring in a short time a substantial increase in audit costs, which Internal audit also needs to adapt to take the initiative to transition company to go through. fixed the increase in audit costs, audit resources will be synchronized to bring the structure optimization and integration, the implementation of the internal audit agency audit of business management, project management and quality control more efficient. Therefore, in the long run, the application is more conducive to risk-based audit of the audit objectives.

Fourth, risk-based approach to improve internal audit practice in the application of results.

(An internal audit department should further enhance the internal and external business risks faced by the understanding and improve the understanding of risk and ability to grasp. Not only to the operator's field of vision to measure national legislation, macroEconomic, industry regulatory policy, competition, etc. various production and operation of environmental factors on the formation of the external risks, but also to the vision of managers to look at corporate governance structure, strategic planning, resource allocation, internal control and other factors can form a virtuous cycle of risk management system. Only the internal audit department fully understand the business risk in order to better complete the risk identification, decomposition and quantization, to accurately grasp the direction and focus of the audit.

(B internal audit department should establish a dynamic and comprehensive risk assessment mechanism. After the risk of internal and external investigation, combined with the enterprise production and management features, according to top-down approach, combing the management mechanism and core business processes, identify the core mechanisms and processes of each key risk points and their standard of internal control measures specifically for each department, each employee in the responsibilities of risk control activities, while establishing normalization of risk reporting, collection, analysis and evaluation system to ensure that the internal audit risk database continuously enriched and improved.

(C practice in internal audit, the audit should pay attention to balance cost control and audit risk control, rational and effective allocation of audit resources. The essence of risk-based audit is to accurately identify high risk areas, and will focus on allocation of audit resources to high risk audit areas. application of risk-based approach does not mean that audit content and audit procedures of the simple addition, but the overall audit risk in the control based on the current status of audit resources, audit content and audit procedures have arrested a place on the different risk-taking targeted audit. For assessed that there is no important risk areas, can be taken to reduce sample size, or walk through the appropriate testing methods such as streamlining the audit process.

(D internal audit department should be a gradual introduction of risk-based audit approach, and gradually explore and improve the actual risks for the enterprise-oriented internal audit mode. If we ignore the Company's management based on unrealistic blindly copy the mode of risk-based audit will greater audit of internal audit risk. internal audit process of transformation, in the traditional auditing project dialectical means of introducing risk-based audit, make up the traditional audit risk identification, analysis and evaluation of deficiencies, to achieve control of audit risk and audit cost milestones. When the company management and audit resources based on risk-based audit can be implemented to meet the conditions, the internal audit department to audit the project in more even in the audit business planning, management, use of risk-based audit model.

Study of modern risk-based audit approach, internal audit and applied to business management and project implementation, for achieving the audit objectives, to ensure audit quality, save audit resources, improve work efficiency is of great significance for enhancing the value of internal audit, internal glow Audit of vigor and vitality also has far-reaching implications. Therefore, the internal audit work should be in the audit practice, and actively explore the modern risk-based audit approach, constantly sum up experience in auditing, so that in the audit work to play a greater performance. [Free Download Center Papers hi138.com]