SlideShare ist ein Scribd-Unternehmen logo

Understanding and Managing Risks in Management Systems Auditing

PECB
PECB

This presentation has been delivered by Jacob McLean at the PECB Insights Conference 2017.

Bildung
1 von 44
Standards, Security, and Audit Understanding and Managing Risks in Management Systems Auditing
JACOB MCLEAN Job Positions Principal consultant and managing director of Kaizen Training & Management Consultants Limited (KTMC); PECB Certified Trainer, PECB Certified ISO 9001 and ISO 14001 Master; PECB Certified Advanced Management System Auditor; PECB ISO 22301 Lead Implementer and PECB Certified ISO 31000 Lead Risk Manager; PECB partner with 22 years of management systems experience. Contact Information 1 876 475 1963 jamclean@ktmcltd.com www.ktmcltd.com linkedin.com/in/Jacob-a-mclean twitter.com/jacobamclean
3 OVERVIEW Content • Understanding Risk • Understanding the Management System Audit • Risks related to Management System Auditing:  Finance and Accounting  ISO 19011:2011  ISO 17021-1:2015 • Risk-based Auditing • Managing Risks Related to Audit Programmes and Certification Audits • Questions and Answers
4 UNDERSTANDING RISK • Risk is defined as the effect of uncertainty on objectives: – An effect is a deviation from the expected — positive and/or negative. – Objectives can have different aspects (financial, health and safety or environmental). – Risk is often as a combination of the consequences of an event and the associated likelihood of occurrence. ISO 31000:2009 • This presentation will focus on the negative aspect of risk, that is, failure of the audit to provide reasonable assurance. Risk
5 UNDERSTANDING RISK Audit Risk From a financial perspective audit risk is the risk that an auditor expresses an incorrect conclusion based on audit findings. • Examples – Issuing an unqualified audit report where a qualification is reasonably justified; – Issuing a qualified audit opinion where no qualification is necessary; – Failing to emphasize a significant matter in the audit report; – Providing an opinion on financial statements where no such opinion may be reasonably given due to a significant limitation of scope in the performance of the audit.
6 UNDERSTANDING RISK Audit Risk • Risk is integral to the auditing of Management Systems: – Risk is inherent to the industry type; – Related to the controls implemented in the Management System; – The audit process itself is based on test methods which utilize sampling.
7 UNDERSTANDING RISK Audit Risk – Required Knowledge The auditor should have knowledge of risk management principles, methods and techniques relevant to the discipline and sector, such that she/he can evaluate and control the risks associated with the audit programme: — risk assessment and mitigation; — risk treatment (adaptive, proactive and reactive measures).
8 UNDERSTANDING MANAGEMENT SYSTEM AUDITING • ISO 19011: 2011, Clause 3.1, defines an audit as a systematic, independent and documented process for obtaining audit evidence and evaluating it objectively to determine the extent to which the audit criteria are fulfilled. Audit
9 AUDIT RISK • The risk associated with sampling is that the samples may not be representative of the population from which they are selected, and thus the auditor’s conclusion may be biased and be different from that which would be reached if the whole population was examined. • There may be other risks depending on the variability within the population sampled and the method chosen. Sampling
10 AUDIT RISK Sampling Audit sampling typically involves the following steps: — establishing the objectives of the sampling plan; — selecting the extent and composition of the population to be sampled; — selecting a sampling method; — determining the sample size to be taken; — conducting the sampling activity; — compiling, evaluating, reporting and documenting results.
11 AUDIT RISK Sampling • When a statistical sampling plan is developed, the level of sampling risk that the auditor is willing to accept is an important consideration. • This is often referred to as the acceptable confidence level. For example, a sampling risk of 5 % corresponds to an acceptable confidence level of 95 %. • A sampling risk of 5 % means the auditor is willing to accept the risk that 5 out of 100 (or 1 in 20) of the samples examined will not reflect the actual values that would be seen if the entire population was examined.
12 AUDIT RISK Other Audit Risks • Risks to the organization created by the audit: - Risks to the organization may result from the presence of the audit team members influencing health and safety, environment and quality; - Threats to the auditee’s products, services, personnel or infrastructure (e.g. contamination in clean room facilities). • Time constraints • Independence • Audit team dynamics
13 AUDIT RISK AND MATERIALITY Materiality • Limiting audit risks in order to provide reasonable assurance requires that an auditor places emphasis on processes and systems which are material. • Reasonable assurance is the level of confidence that the financial statements are not materially misstated that an auditor, exercising professional skill and care, is expected to provide, having performed an audit.
14 AUDIT RISK AND MATERIALITY Materiality • The concept of materiality is based on the significance of a process, procedure or other elements of the Management System. • A single critical element or a combination of less significant elements can be considered material depending on overall impact of non-conformance of the Management System.
15 AUDIT RISK AND MATERIALITY Materiality: Financial vs Management System Audits
16 AUDIT RISK AND MATERIALITY International Standard on Auditing 320, Materiality in Planning and Performing an Audit • Misstatements, including omissions, are considered to be material if they, individually or in the aggregate, could reasonably be expected to influence the economic decisions of users taken on the basis of the financial statements; • Judgments about materiality are made in light of surrounding circumstances, and are affected by the size or nature of a misstatement, or a combination of both; • Judgments about matters that are material to users of the financial statements are based on a consideration of the common financial information needs of users as a group. • The possible effect of misstatements on specific individual users, whose needs may vary widely, is not considered.
17 AUDIT RISK AND MATERIALITY ©2016, AICPA Materiality and Management System Audits • Four considerations are necessary in assessing materiality: - Risk appetite of management which will determine the level of errors acceptable - The auditors tolerance level for risk - The client’s risk appetite - Possible accumulation of minor errors
18 AUDIT RISK AND MATERIALITY Factors Influencing Materiality
19 AUDIT RISK AND MATERIALITY Overall Materiality • Overall materiality is the amount of errors that auditors are prepared to accept in the documentation review as a whole while still concluding that they provide a true and fair view of the audit. • The auditor should assess the magnitude of error, or materiality level, before audit commencement, based on understanding of the auditee, its business sector and industry.
20 RISK IN THE OVERALL AUDIT PROCESS Materiality, Audit Risk and Audit Planning
21 RISK IN THE OVERALL AUDIT PROCESS Materiality, Audit Risk and Audit Planning Materiality must be built into each step of audit planning: • Initial Contact: Materiality is taken into account to determine the duration of the audit as dictated by inherent risks related to the organization (industry sector, applicable laws and regulations, employee population, number of work stations, number of Management Systems, etc)
22 RISK IN THE OVERALL AUDIT PROCESS Materiality, Audit Risk and Audit Planning • Stage 1 Audit: Identification of key processes and their interactions to determine areas of focus during the on-site audit. • Stage 2 Audit (on-site audit): Adjust sampling plan based on materiality of each process and asset. • Other factors considered: – Audit test methods: document review, interviews, observation, technical verification, analysis. – Audit team experience
23 RISK IN THE OVERALL AUDIT PROCESS Materiality, Audit Risk and Audit Planning • The components of audit risks have a significant impact on audit planning. Audits must be planned such that: – Inherent risk is duly assessed; – Control risk is evaluated (planning, performing and evaluating of documented information); – The right mix of essential procedures are used to ensure that detection risks and by extension, audit risk, is reduced to the level acceptable to the auditor.
24 MANAGEMENT ASSERTIONS Definition of Management Assertion • An assertion is an expressed or implied representation by management about the financial statements of a business and their components. • The list of possible assertions represents all the various manners in which a specific control could affect a particular caption within the corporate income statement and balance sheet. • All of the assertions are directly tied to the Generally Accepted Accounting Principles and used by management to classify, measure, and disclose financial information affirming that the financial statements are correct.
25 MANAGEMENT ASSERTIONS Examples of Management Assertion • Completeness: All transactions and other events that occurred during a specific time period were indeed recorded for the period in which they took place. • Existence and/or occurrence: All transactions for assets, liabilities, and ownership interests exist for a specific date and represent events that actually occurred during that period. • Accuracy: All transactions, balances, and classifications have been correctly processed and recorded for the correct time period. Measurement and/or valuation: All transactions are mathematically correct and appropriately recorded for in the correct time period.
26 MANAGEMENT ASSERTIONS Examples of Management Assertion • Ownership (rights and obligations): The rights (i.e., assets) and obligations (i.e., liabilities) are correctly recorded for the correct time period. • Presentation and/or disclosure: All items in the financial statements have been properly recorded and accounted for in the correct time period. • Measurement and/or valuation: All transactions are mathematically correct and appropriately recorded in the correct time period. • Various: Any combination of multiple assertions listed above is relevant and appropriate.
27 MANAGEMENT ASSERTIONS Perceived Risks and Audit Planning related to Initial Assessment • Materiality risk assessment should be done on the following which explicitly or implicitly contains management assertions with the auditor utilizing his knowledge and experience of the industry: – Documented information – Internal audit report – Risk assessment report – Actions to address risks and opportunities – Management review – Outcome of interviews with top management
28 AUDIT RISK MODEL
29 AUDIT RISK MODEL Inherent Risk • Inherent Risk is the risk of a material misstatement in the financial statements arising due to error or omission as a result of factors other than the failure of controls (factors that may cause a misstatement due to absence or lapse of controls are considered separately in the assessment of control risk). • Inherent risk is generally considered to be higher where a high degree of judgment and estimation is involved or where transactions of the entity are highly complex.
30 AUDIT RISK MODEL • Control Risk is the risk of a material misstatement in the financial statements arising due to absence or failure in the operation of relevant controls of the entity. • Organizations must have adequate internal controls in place to prevent and detect instances of fraud and error. • Control risk is considered to be high where the audit entity does not have adequate internal controls to prevent and detect instances of fraud and error in the financial statements. Control Risk
31 AUDIT RISK MODEL • Detection Risk is the risk that the auditors fail to detect a material misstatement in the financial statements. • An auditor must apply audit procedures to detect material misstatements in the financial statements whether due to fraud or error. • Misapplication or omission of critical audit procedures may result in a material misstatement remaining undetected by the auditor. Detection Risk
32 AUDIT RISK MODEL • Some detection risk is always present due to the inherent limitations of the audit such as the use of sampling for the selection of transactions. • Detection risk can be reduced by auditors increasing the number of sampled transactions for detailed testing. Detection Risk
33 RISK-BASED AUDITING 17021-1:2015, 4.8 Risk-based approach Certification bodies need to take into account the risks associated with providing competent, consistent and impartial certification. Risks may include, but are not limited to, those associated with: – the objectives of the audit; – the sampling used in the audit process; – real and perceived impartiality; – legal, regulatory and liability issues; – the client organization being audited and its operating environment; – impact of the audit on the client and its activities; – health and safety of the audit teams; – perception of interested parties; – misleading statements by the certified client; – use of marks.
34 RISK-BASED AUDITING ISO 19011:2011 • This International Standard introduces the concept of risk to management systems auditing. • The approach adopted relates both to the risk of the audit process not achieving its objectives and to the potential of the audit to interfere with the auditee’s activities and processes.
35 RISK-BASED AUDITING ISO 19011:2011 • An organization needing to conduct audits should establish an audit programme that contributes to the determination of the effectiveness of the auditee’s management system. • The audit programme can include audits considering one or more management system standards, conducted either separately or in combination. • The top management should ensure that the audit programme objectives are established and assign one or more competent persons to manage the audit programme.
36 RISK-BASED AUDITING ISO 19011:2011 • The extent of an audit programme should be based on the size and nature of the organization being audited, as well as on the nature, functionality, complexity and the level of maturity of the management system to be audited. • Priority should be given to allocating the audit programme resources to audit those matters of significance within the management system. • These may include the key characteristics of product quality or hazards related to health and safety, or significant environmental aspects and their control.
37 RISK-BASED AUDITING ISO 19011:2011 - 5.3.1 Roles and responsibilities of the person managing the audit programme The person managing the audit programme should: — establish the extent of the audit programme; — identify and evaluate the risks for the audit programme; — establish audit responsibilities; — establish procedures for audit programmes; — determine necessary resources; — ensure the implementation of the audit programme, including the establishment of audit objectives, scope and criteria of the individual audits, determining audit methods and selecting the audit team and evaluating auditors; — ensure that appropriate audit programme records are managed and maintained; — monitor, review and improve the audit programme.
38 RISK-BASED AUDITING ISO 19011:2011, 5.3.4 Identifying and evaluating audit programme risks There are many different risks associated with establishing, implementing, monitoring, reviewing and improving an audit programme that may affect the achievement of its objectives. The person managing the programme should consider these risks in its development. These risks may be associated with the following: — planning, e.g. failure to set relevant audit objectives and determine the extent of the audit programme; — resources, e.g. allowing insufficient time for developing the audit programme or conducting an audit; — selection of the audit team, e.g. the team does not have the collective competence to conduct audits effectively; — implementation, e.g. ineffective communication of the audit programme; — records and their controls, e.g. failure to adequately protect audit records to demonstrate audit programme effectiveness; — monitoring, reviewing and improving the audit programme, e.g. ineffective monitoring of audit programme outcomes.
39 RISK-BASED AUDITING ISO 19011:2011 - 5.3.5 Establishing procedures for the audit programme The person managing the audit programme should establish one or more procedures, addressing the following, as applicable: — planning and scheduling audits considering audit programme risks; — ensuring information security and confidentiality; — assuring the competence of auditors and audit team leaders; — selecting appropriate audit teams and assigning their roles and responsibilities; — conducting audits, including the use of appropriate sampling methods; — conducting audit follow-up, if applicable; — reporting to the top management on the overall achievements of the audit programme; — maintaining audit programme records; — monitoring and reviewing the performance and risks, and improving the effectiveness of the audit programme.
40 MANAGING RISKS IN MANAGEMENT SYSTEM AUDITS Risk Management Process • Risk assessment: Identifying, analysing and evaluating relevant risks associated with achieving audit objectives. • Risk treatment options: - Changing likelihood/consequence or both - Risk avoidance - Risk removing - Risk retaining • Monitoring and reviewing
41 MANAGING RISKS IN MANAGEMENT SYSTEM AUDITS Risk Management Process
42 SUMMARY Risk is integral in management systems auditing therefore to be effective, the auditor must adopt the risk-based auditing approach, applying relevant risk management methodology throughout the audit process.
43 REFERENCES • AICPA GAAS section 320, 10-14 • Coleman, L.B. (2015). Advanced Quality Auditing. Mil, WI.,ASQ. • ISO. (2009). Risk management principles and guidelines. (ISO 31000:2009). Geneva, Switzerland • ISO. (2011). Guidelines for auditing management systems. (ISO 19011:2011). Geneva, Switzerland • ISO. (2015). Quality management systems –requirements. (ISO 9001:2015). Geneva, Switzerland • Madison, D. Process Mapping, Process Improvement, and Process Management (Kindle Locations 743-746). Paton Professional. Kindle Edition. • PECB Advanced Auditing Techniques Training Handbook
THANK YOU ? 1 876 475 1963 jamclean@ktmcltd.com www.ktmcltd.com linkedin.com/in/Jacob-a-mclean twitter.com/jacobamclean

Empfohlen

Information System Audit and Control
Information System Audit and ControlInformation System Audit and Control
Information System Audit and ControlAsad Raza
 
Information System Architecture and Audit Control Lecture 1
Information System Architecture and Audit Control Lecture 1Information System Architecture and Audit Control Lecture 1
Information System Architecture and Audit Control Lecture 1Yasir Khan
 
Information Systems Audit - Ron Weber chapter 1
Information Systems Audit - Ron Weber chapter 1Information Systems Audit - Ron Weber chapter 1
Information Systems Audit - Ron Weber chapter 1Sreekanth Narendran
 
Information System audit
Information System auditInformation System audit
Information System auditPratapchandra
 
Ppt on risk based internal audit
Ppt on risk based internal auditPpt on risk based internal audit
Ppt on risk based internal auditAmitaMistry2
 
Conducting an Information Systems Audit
Conducting an Information Systems Audit Conducting an Information Systems Audit
Conducting an Information Systems Audit Sreekanth Narendran
 
Auditing application controls
Auditing application controlsAuditing application controls
Auditing application controlsCenapSerdarolu
 
IT Audit For Non-IT Auditors
IT Audit For Non-IT AuditorsIT Audit For Non-IT Auditors
IT Audit For Non-IT AuditorsEd Tobias
 

Empfohlen

Information System Audit and Control
Information System Audit and ControlInformation System Audit and Control
Information System Audit and ControlAsad Raza
 
Information System Architecture and Audit Control Lecture 1
Information System Architecture and Audit Control Lecture 1Information System Architecture and Audit Control Lecture 1
Information System Architecture and Audit Control Lecture 1Yasir Khan
 
Information Systems Audit - Ron Weber chapter 1
Information Systems Audit - Ron Weber chapter 1Information Systems Audit - Ron Weber chapter 1
Information Systems Audit - Ron Weber chapter 1Sreekanth Narendran
 
Information System audit
Information System auditInformation System audit
Information System auditPratapchandra
 
Ppt on risk based internal audit
Ppt on risk based internal auditPpt on risk based internal audit
Ppt on risk based internal auditAmitaMistry2
 
Conducting an Information Systems Audit
Conducting an Information Systems Audit Conducting an Information Systems Audit
Conducting an Information Systems Audit Sreekanth Narendran
 
Auditing application controls
Auditing application controlsAuditing application controls
Auditing application controlsCenapSerdarolu
 
IT Audit For Non-IT Auditors
IT Audit For Non-IT AuditorsIT Audit For Non-IT Auditors
IT Audit For Non-IT AuditorsEd Tobias
 
Key risk indicators shareslide
Key risk indicators shareslideKey risk indicators shareslide
Key risk indicators shareslideZakaria Salah, Ph.D,MBA
 
Governance risk and compliance
Governance risk and complianceGovernance risk and compliance
Governance risk and complianceMagdalena Matell
 
The Role of Internal Audit
The Role of Internal AuditThe Role of Internal Audit
The Role of Internal AuditArmeniaFED
 
Practical approach to Risk Based Internal Audit
Practical approach to Risk Based Internal AuditPractical approach to Risk Based Internal Audit
Practical approach to Risk Based Internal AuditManoj Agarwal
 
Risk management
Risk managementRisk management
Risk managementbaderali2141
 
Internal Audit Plan 2015
Internal Audit Plan 2015Internal Audit Plan 2015
Internal Audit Plan 2015Mohammad Kashif
 
Introduction to it auditing
Introduction to it auditingIntroduction to it auditing
Introduction to it auditingDamilola Mosaku
 
Risk Overview & Risk management
Risk Overview & Risk managementRisk Overview & Risk management
Risk Overview & Risk managementSubhendu Datta
 
KRI (Key Risk Indicators) & IT
KRI (Key Risk Indicators) & ITKRI (Key Risk Indicators) & IT
KRI (Key Risk Indicators) & ITMax Neira Schliemann
 
Security audit
Security auditSecurity audit
Security auditRosaria Dee
 
Operational Risk Management - A Gateway to managing the risk profile of your...
Operational Risk Management - A Gateway to managing the risk profile of your...Operational Risk Management - A Gateway to managing the risk profile of your...
Operational Risk Management - A Gateway to managing the risk profile of your...Eneni Oduwole
 
Risk Management Training
Risk Management TrainingRisk Management Training
Risk Management TrainingQuality Improvement Consulting
 
Internal Audit Methodology
Internal Audit MethodologyInternal Audit Methodology
Internal Audit MethodologyManoj Agarwal
 
Information systems audit and control
Information systems audit and controlInformation systems audit and control
Information systems audit and controlKashif Rana ACCA
 
Information system control and audit
Information system control and auditInformation system control and audit
Information system control and auditAstri Stiawaty
 
Sharing Practice on Enterprise Risk Management (ERM)
Sharing Practice on Enterprise Risk Management (ERM)Sharing Practice on Enterprise Risk Management (ERM)
Sharing Practice on Enterprise Risk Management (ERM)Diane Christina
 
Internal control and Control Self Assessment
Internal control and Control Self AssessmentInternal control and Control Self Assessment
Internal control and Control Self AssessmentManoj Agarwal
 
Information risk management
Information risk managementInformation risk management
Information risk managementAkash Saraswat
 
Chapter 11, Tests of Controls
Chapter 11, Tests of ControlsChapter 11, Tests of Controls
Chapter 11, Tests of ControlsSazzad Hossain, ITP, MBA, CSCA™
 
Risk Based Internal Audit and Sampling Techniques
Risk Based Internal Audit and Sampling TechniquesRisk Based Internal Audit and Sampling Techniques
Risk Based Internal Audit and Sampling TechniquesManoj Agarwal
 
0210-RISK-BASED-AUDIT-APPROACH-new-20211020142926.ppt
0210-RISK-BASED-AUDIT-APPROACH-new-20211020142926.ppt0210-RISK-BASED-AUDIT-APPROACH-new-20211020142926.ppt
0210-RISK-BASED-AUDIT-APPROACH-new-20211020142926.pptSiraj332397
 
AUDIT - AUDITING STRATEGIES.pptx
AUDIT - AUDITING STRATEGIES.pptxAUDIT - AUDITING STRATEGIES.pptx
AUDIT - AUDITING STRATEGIES.pptxMohamed Fazil M
 

Weitere ähnliche Inhalte

Was ist angesagt?

Governance risk and compliance
Governance risk and complianceGovernance risk and compliance
Governance risk and complianceMagdalena Matell
 
The Role of Internal Audit
The Role of Internal AuditThe Role of Internal Audit
The Role of Internal AuditArmeniaFED
 
Practical approach to Risk Based Internal Audit
Practical approach to Risk Based Internal AuditPractical approach to Risk Based Internal Audit
Practical approach to Risk Based Internal AuditManoj Agarwal
 
Internal Audit Plan 2015
Internal Audit Plan 2015Internal Audit Plan 2015
Internal Audit Plan 2015Mohammad Kashif
 
Introduction to it auditing
Introduction to it auditingIntroduction to it auditing
Introduction to it auditingDamilola Mosaku
 
Risk Overview & Risk management
Risk Overview & Risk managementRisk Overview & Risk management
Risk Overview & Risk managementSubhendu Datta
 
Operational Risk Management - A Gateway to managing the risk profile of your...
Operational Risk Management - A Gateway to managing the risk profile of your...Operational Risk Management - A Gateway to managing the risk profile of your...
Operational Risk Management - A Gateway to managing the risk profile of your...Eneni Oduwole
 
Internal Audit Methodology
Internal Audit MethodologyInternal Audit Methodology
Internal Audit MethodologyManoj Agarwal
 
Information systems audit and control
Information systems audit and controlInformation systems audit and control
Information systems audit and controlKashif Rana ACCA
 
Information system control and audit
Information system control and auditInformation system control and audit
Information system control and auditAstri Stiawaty
 
Sharing Practice on Enterprise Risk Management (ERM)
Sharing Practice on Enterprise Risk Management (ERM)Sharing Practice on Enterprise Risk Management (ERM)
Sharing Practice on Enterprise Risk Management (ERM)Diane Christina
 
Internal control and Control Self Assessment
Internal control and Control Self AssessmentInternal control and Control Self Assessment
Internal control and Control Self AssessmentManoj Agarwal
 
Information risk management
Information risk managementInformation risk management
Information risk managementAkash Saraswat
 
Risk Based Internal Audit and Sampling Techniques
Risk Based Internal Audit and Sampling TechniquesRisk Based Internal Audit and Sampling Techniques
Risk Based Internal Audit and Sampling TechniquesManoj Agarwal
 

Was ist angesagt? (20)

Key risk indicators shareslide
Key risk indicators shareslideKey risk indicators shareslide
Key risk indicators shareslide
 
Governance risk and compliance
Governance risk and complianceGovernance risk and compliance
Governance risk and compliance
 
The Role of Internal Audit
The Role of Internal AuditThe Role of Internal Audit
The Role of Internal Audit
 
Practical approach to Risk Based Internal Audit
Practical approach to Risk Based Internal AuditPractical approach to Risk Based Internal Audit
Practical approach to Risk Based Internal Audit
 
Risk management
Risk managementRisk management
Risk management
 
Internal Audit Plan 2015
Internal Audit Plan 2015Internal Audit Plan 2015
Internal Audit Plan 2015
 
Introduction to it auditing
Introduction to it auditingIntroduction to it auditing
Introduction to it auditing
 
Risk Overview & Risk management
Risk Overview & Risk managementRisk Overview & Risk management
Risk Overview & Risk management
 
KRI (Key Risk Indicators) & IT
KRI (Key Risk Indicators) & ITKRI (Key Risk Indicators) & IT
KRI (Key Risk Indicators) & IT
 
Security audit
Security auditSecurity audit
Security audit
 
Operational Risk Management - A Gateway to managing the risk profile of your...
Operational Risk Management - A Gateway to managing the risk profile of your...Operational Risk Management - A Gateway to managing the risk profile of your...
Operational Risk Management - A Gateway to managing the risk profile of your...
 
Risk Management Training
Risk Management TrainingRisk Management Training
Risk Management Training
 
Internal Audit Methodology
Internal Audit MethodologyInternal Audit Methodology
Internal Audit Methodology
 
Information systems audit and control
Information systems audit and controlInformation systems audit and control
Information systems audit and control
 
Information system control and audit
Information system control and auditInformation system control and audit
Information system control and audit
 
Sharing Practice on Enterprise Risk Management (ERM)
Sharing Practice on Enterprise Risk Management (ERM)Sharing Practice on Enterprise Risk Management (ERM)
Sharing Practice on Enterprise Risk Management (ERM)
 
Internal control and Control Self Assessment
Internal control and Control Self AssessmentInternal control and Control Self Assessment
Internal control and Control Self Assessment
 
Information risk management
Information risk managementInformation risk management
Information risk management
 
Chapter 11, Tests of Controls
Chapter 11, Tests of ControlsChapter 11, Tests of Controls
Chapter 11, Tests of Controls
 
Risk Based Internal Audit and Sampling Techniques
Risk Based Internal Audit and Sampling TechniquesRisk Based Internal Audit and Sampling Techniques
Risk Based Internal Audit and Sampling Techniques
 

Ähnlich wie Understanding and Managing Risks in Management Systems Auditing

0210-RISK-BASED-AUDIT-APPROACH-new-20211020142926.ppt
0210-RISK-BASED-AUDIT-APPROACH-new-20211020142926.ppt0210-RISK-BASED-AUDIT-APPROACH-new-20211020142926.ppt
0210-RISK-BASED-AUDIT-APPROACH-new-20211020142926.pptSiraj332397
 
AUDIT - AUDITING STRATEGIES.pptx
AUDIT - AUDITING STRATEGIES.pptxAUDIT - AUDITING STRATEGIES.pptx
AUDIT - AUDITING STRATEGIES.pptxMohamed Fazil M
 
Risk Based Approach to Auditing Financial Statements.pptx
Risk Based Approach to Auditing Financial Statements.pptxRisk Based Approach to Auditing Financial Statements.pptx
Risk Based Approach to Auditing Financial Statements.pptxhesnib
 
Chapter 9Audit Risk AssessmentPrepared by Dr Phil Saj1.docx
Chapter 9Audit Risk AssessmentPrepared by Dr Phil Saj1.docxChapter 9Audit Risk AssessmentPrepared by Dr Phil Saj1.docx
Chapter 9Audit Risk AssessmentPrepared by Dr Phil Saj1.docxmccormicknadine86
 
Quality management system(qrm)
Quality management system(qrm)Quality management system(qrm)
Quality management system(qrm)DPSRU,NEW DELHI
 
Understanding of entity and inherent risk assessment (including case studies)
Understanding of entity and inherent risk assessment (including case studies)Understanding of entity and inherent risk assessment (including case studies)
Understanding of entity and inherent risk assessment (including case studies)MUHAMMAD HUZAIFA CHAUDHARY
 
2016 - IQPC - Understanding and Assessing Corruption Risk
2016 - IQPC - Understanding and Assessing Corruption Risk2016 - IQPC - Understanding and Assessing Corruption Risk
2016 - IQPC - Understanding and Assessing Corruption RiskDr Darren O'Connell AGIA
 
Auditing in pharmacutical industries
Auditing in pharmacutical industriesAuditing in pharmacutical industries
Auditing in pharmacutical industriesPriyanka Kandhare
 
PECB Webinar: The significance of auditing in maintaining a certified ISO 900...
PECB Webinar: The significance of auditing in maintaining a certified ISO 900...PECB Webinar: The significance of auditing in maintaining a certified ISO 900...
PECB Webinar: The significance of auditing in maintaining a certified ISO 900...PECB
 
Risk Assessments Best Practice and Practical Approaches Webinar
Risk Assessments Best Practice and Practical Approaches WebinarRisk Assessments Best Practice and Practical Approaches Webinar
Risk Assessments Best Practice and Practical Approaches WebinarAviva Spectrum™
 
Risk-Assessment-and-Internal-Control.pdf
Risk-Assessment-and-Internal-Control.pdfRisk-Assessment-and-Internal-Control.pdf
Risk-Assessment-and-Internal-Control.pdfBestInsurance2
 
Internal Audit Best Practices for Safety, Environment, and Quality Audits
Internal Audit Best Practices for Safety, Environment, and Quality AuditsInternal Audit Best Practices for Safety, Environment, and Quality Audits
Internal Audit Best Practices for Safety, Environment, and Quality AuditsNimonik
 
Audit report- Consideration of Internal Control
Audit report- Consideration of Internal ControlAudit report- Consideration of Internal Control
Audit report- Consideration of Internal Controlnellynljcoles
 

Ähnlich wie Understanding and Managing Risks in Management Systems Auditing (20)

0210-RISK-BASED-AUDIT-APPROACH-new-20211020142926.ppt
0210-RISK-BASED-AUDIT-APPROACH-new-20211020142926.ppt0210-RISK-BASED-AUDIT-APPROACH-new-20211020142926.ppt
0210-RISK-BASED-AUDIT-APPROACH-new-20211020142926.ppt
 
AUDIT - AUDITING STRATEGIES.pptx
AUDIT - AUDITING STRATEGIES.pptxAUDIT - AUDITING STRATEGIES.pptx
AUDIT - AUDITING STRATEGIES.pptx
 
Risk Based Approach to Auditing Financial Statements.pptx
Risk Based Approach to Auditing Financial Statements.pptxRisk Based Approach to Auditing Financial Statements.pptx
Risk Based Approach to Auditing Financial Statements.pptx
 
The EISA Audit Presentation
The EISA Audit PresentationThe EISA Audit Presentation
The EISA Audit Presentation
 
module_1.pptx
module_1.pptxmodule_1.pptx
module_1.pptx
 
Chapter 9Audit Risk AssessmentPrepared by Dr Phil Saj1.docx
Chapter 9Audit Risk AssessmentPrepared by Dr Phil Saj1.docxChapter 9Audit Risk AssessmentPrepared by Dr Phil Saj1.docx
Chapter 9Audit Risk AssessmentPrepared by Dr Phil Saj1.docx
 
Quality management system(qrm)
Quality management system(qrm)Quality management system(qrm)
Quality management system(qrm)
 
Audit Risk Assessment Chapter 9
Audit Risk Assessment Chapter 9Audit Risk Assessment Chapter 9
Audit Risk Assessment Chapter 9
 
Understanding of entity and inherent risk assessment (including case studies)
Understanding of entity and inherent risk assessment (including case studies)Understanding of entity and inherent risk assessment (including case studies)
Understanding of entity and inherent risk assessment (including case studies)
 
2016 - IQPC - Understanding and Assessing Corruption Risk
2016 - IQPC - Understanding and Assessing Corruption Risk2016 - IQPC - Understanding and Assessing Corruption Risk
2016 - IQPC - Understanding and Assessing Corruption Risk
 
Auditing in pharmacutical industries
Auditing in pharmacutical industriesAuditing in pharmacutical industries
Auditing in pharmacutical industries
 
Risk Assessment
Risk AssessmentRisk Assessment
Risk Assessment
 
PECB Webinar: The significance of auditing in maintaining a certified ISO 900...
PECB Webinar: The significance of auditing in maintaining a certified ISO 900...PECB Webinar: The significance of auditing in maintaining a certified ISO 900...
PECB Webinar: The significance of auditing in maintaining a certified ISO 900...
 
Risk Assessments Best Practice and Practical Approaches Webinar
Risk Assessments Best Practice and Practical Approaches WebinarRisk Assessments Best Practice and Practical Approaches Webinar
Risk Assessments Best Practice and Practical Approaches Webinar
 
Risk-Assessment-and-Internal-Control.pdf
Risk-Assessment-and-Internal-Control.pdfRisk-Assessment-and-Internal-Control.pdf
Risk-Assessment-and-Internal-Control.pdf
 
chapter2-190516054412.pdf
chapter2-190516054412.pdfchapter2-190516054412.pdf
chapter2-190516054412.pdf
 
ICH Q9.pptx
ICH Q9.pptxICH Q9.pptx
ICH Q9.pptx
 
Internal Audit Best Practices for Safety, Environment, and Quality Audits
Internal Audit Best Practices for Safety, Environment, and Quality AuditsInternal Audit Best Practices for Safety, Environment, and Quality Audits
Internal Audit Best Practices for Safety, Environment, and Quality Audits
 
SFC Plan of engagement
SFC Plan of engagementSFC Plan of engagement
SFC Plan of engagement
 
Audit report- Consideration of Internal Control
Audit report- Consideration of Internal ControlAudit report- Consideration of Internal Control
Audit report- Consideration of Internal Control
 

Mehr von PECB

Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactPECB
 
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of CybersecurityDORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of CybersecurityPECB
 
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI GovernanceSecuring the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI GovernancePECB
 
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...PECB
 
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...PECB
 
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks EffectivelyISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks EffectivelyPECB
 
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...PECB
 
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital TransformationISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital TransformationPECB
 
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulationsManaging ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulationsPECB
 
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?PECB
 
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...PECB
 
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...PECB
 
Student Information Session University KTMC
Student Information Session University KTMC Student Information Session University KTMC
Student Information Session University KTMC PECB
 
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...PECB
 
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...PECB
 
Student Information Session University CREST ADVISORY AFRICA
Student Information Session University CREST ADVISORY AFRICA Student Information Session University CREST ADVISORY AFRICA
Student Information Session University CREST ADVISORY AFRICA PECB
 
IT Governance and Information Security – How do they map?
IT Governance and Information Security – How do they map?IT Governance and Information Security – How do they map?
IT Governance and Information Security – How do they map?PECB
 
Information Session University Egybyte.pptx
Information Session University Egybyte.pptxInformation Session University Egybyte.pptx
Information Session University Egybyte.pptxPECB
 
Student Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptxStudent Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptxPECB
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023PECB
 

Mehr von PECB (20)

Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
 
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of CybersecurityDORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
 
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI GovernanceSecuring the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
 
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
 
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
 
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks EffectivelyISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
 
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
 
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital TransformationISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
 
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulationsManaging ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulations
 
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
 
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
 
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
 
Student Information Session University KTMC
Student Information Session University KTMC Student Information Session University KTMC
Student Information Session University KTMC
 
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
 
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
 
Student Information Session University CREST ADVISORY AFRICA
Student Information Session University CREST ADVISORY AFRICA Student Information Session University CREST ADVISORY AFRICA
Student Information Session University CREST ADVISORY AFRICA
 
IT Governance and Information Security – How do they map?
IT Governance and Information Security – How do they map?IT Governance and Information Security – How do they map?
IT Governance and Information Security – How do they map?
 
Information Session University Egybyte.pptx
Information Session University Egybyte.pptxInformation Session University Egybyte.pptx
Information Session University Egybyte.pptx
 
Student Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptxStudent Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptx
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023
 

Kürzlich hochgeladen

Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfciinovamais
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...EduSkills OECD
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfSoniaTolstoy
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104misteraugie
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfchloefrazer622
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingTechSoup
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphThiyagu K
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityGeoBlogs
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationnomboosow
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionSafetyChain Software
 
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...fonyou31
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13Steve Thomason
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAssociation for Project Management
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactdawncurless
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsTechSoup
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Krashi Coaching
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docxPoojaSen20
 

Kürzlich hochgeladen (20)

Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdf
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot Graph
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptxINDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communication
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory Inspection
 
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across Sectors
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
 
Advance Mobile Application Development class 07
Advance Mobile Application Development class 07Advance Mobile Application Development class 07
Advance Mobile Application Development class 07
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
 
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docx
 

Understanding and Managing Risks in Management Systems Auditing

  • 1. Standards, Security, and Audit Understanding and Managing Risks in Management Systems Auditing
  • 2. JACOB MCLEAN Job Positions Principal consultant and managing director of Kaizen Training & Management Consultants Limited (KTMC); PECB Certified Trainer, PECB Certified ISO 9001 and ISO 14001 Master; PECB Certified Advanced Management System Auditor; PECB ISO 22301 Lead Implementer and PECB Certified ISO 31000 Lead Risk Manager; PECB partner with 22 years of management systems experience. Contact Information 1 876 475 1963 jamclean@ktmcltd.com www.ktmcltd.com linkedin.com/in/Jacob-a-mclean twitter.com/jacobamclean
  • 3. 3 OVERVIEW Content • Understanding Risk • Understanding the Management System Audit • Risks related to Management System Auditing:  Finance and Accounting  ISO 19011:2011  ISO 17021-1:2015 • Risk-based Auditing • Managing Risks Related to Audit Programmes and Certification Audits • Questions and Answers
  • 4. 4 UNDERSTANDING RISK • Risk is defined as the effect of uncertainty on objectives: – An effect is a deviation from the expected — positive and/or negative. – Objectives can have different aspects (financial, health and safety or environmental). – Risk is often as a combination of the consequences of an event and the associated likelihood of occurrence. ISO 31000:2009 • This presentation will focus on the negative aspect of risk, that is, failure of the audit to provide reasonable assurance. Risk
  • 5. 5 UNDERSTANDING RISK Audit Risk From a financial perspective audit risk is the risk that an auditor expresses an incorrect conclusion based on audit findings. • Examples – Issuing an unqualified audit report where a qualification is reasonably justified; – Issuing a qualified audit opinion where no qualification is necessary; – Failing to emphasize a significant matter in the audit report; – Providing an opinion on financial statements where no such opinion may be reasonably given due to a significant limitation of scope in the performance of the audit.
  • 6. 6 UNDERSTANDING RISK Audit Risk • Risk is integral to the auditing of Management Systems: – Risk is inherent to the industry type; – Related to the controls implemented in the Management System; – The audit process itself is based on test methods which utilize sampling.
  • 7. 7 UNDERSTANDING RISK Audit Risk – Required Knowledge The auditor should have knowledge of risk management principles, methods and techniques relevant to the discipline and sector, such that she/he can evaluate and control the risks associated with the audit programme: — risk assessment and mitigation; — risk treatment (adaptive, proactive and reactive measures).
  • 8. 8 UNDERSTANDING MANAGEMENT SYSTEM AUDITING • ISO 19011: 2011, Clause 3.1, defines an audit as a systematic, independent and documented process for obtaining audit evidence and evaluating it objectively to determine the extent to which the audit criteria are fulfilled. Audit
  • 9. 9 AUDIT RISK • The risk associated with sampling is that the samples may not be representative of the population from which they are selected, and thus the auditor’s conclusion may be biased and be different from that which would be reached if the whole population was examined. • There may be other risks depending on the variability within the population sampled and the method chosen. Sampling
  • 10. 10 AUDIT RISK Sampling Audit sampling typically involves the following steps: — establishing the objectives of the sampling plan; — selecting the extent and composition of the population to be sampled; — selecting a sampling method; — determining the sample size to be taken; — conducting the sampling activity; — compiling, evaluating, reporting and documenting results.
  • 11. 11 AUDIT RISK Sampling • When a statistical sampling plan is developed, the level of sampling risk that the auditor is willing to accept is an important consideration. • This is often referred to as the acceptable confidence level. For example, a sampling risk of 5 % corresponds to an acceptable confidence level of 95 %. • A sampling risk of 5 % means the auditor is willing to accept the risk that 5 out of 100 (or 1 in 20) of the samples examined will not reflect the actual values that would be seen if the entire population was examined.
  • 12. 12 AUDIT RISK Other Audit Risks • Risks to the organization created by the audit: - Risks to the organization may result from the presence of the audit team members influencing health and safety, environment and quality; - Threats to the auditee’s products, services, personnel or infrastructure (e.g. contamination in clean room facilities). • Time constraints • Independence • Audit team dynamics
  • 13. 13 AUDIT RISK AND MATERIALITY Materiality • Limiting audit risks in order to provide reasonable assurance requires that an auditor places emphasis on processes and systems which are material. • Reasonable assurance is the level of confidence that the financial statements are not materially misstated that an auditor, exercising professional skill and care, is expected to provide, having performed an audit.
  • 14. 14 AUDIT RISK AND MATERIALITY Materiality • The concept of materiality is based on the significance of a process, procedure or other elements of the Management System. • A single critical element or a combination of less significant elements can be considered material depending on overall impact of non-conformance of the Management System.
  • 15. 15 AUDIT RISK AND MATERIALITY Materiality: Financial vs Management System Audits
  • 16. 16 AUDIT RISK AND MATERIALITY International Standard on Auditing 320, Materiality in Planning and Performing an Audit • Misstatements, including omissions, are considered to be material if they, individually or in the aggregate, could reasonably be expected to influence the economic decisions of users taken on the basis of the financial statements; • Judgments about materiality are made in light of surrounding circumstances, and are affected by the size or nature of a misstatement, or a combination of both; • Judgments about matters that are material to users of the financial statements are based on a consideration of the common financial information needs of users as a group. • The possible effect of misstatements on specific individual users, whose needs may vary widely, is not considered.
  • 17. 17 AUDIT RISK AND MATERIALITY ©2016, AICPA Materiality and Management System Audits • Four considerations are necessary in assessing materiality: - Risk appetite of management which will determine the level of errors acceptable - The auditors tolerance level for risk - The client’s risk appetite - Possible accumulation of minor errors
  • 18. 18 AUDIT RISK AND MATERIALITY Factors Influencing Materiality
  • 19. 19 AUDIT RISK AND MATERIALITY Overall Materiality • Overall materiality is the amount of errors that auditors are prepared to accept in the documentation review as a whole while still concluding that they provide a true and fair view of the audit. • The auditor should assess the magnitude of error, or materiality level, before audit commencement, based on understanding of the auditee, its business sector and industry.
  • 20. 20 RISK IN THE OVERALL AUDIT PROCESS Materiality, Audit Risk and Audit Planning
  • 21. 21 RISK IN THE OVERALL AUDIT PROCESS Materiality, Audit Risk and Audit Planning Materiality must be built into each step of audit planning: • Initial Contact: Materiality is taken into account to determine the duration of the audit as dictated by inherent risks related to the organization (industry sector, applicable laws and regulations, employee population, number of work stations, number of Management Systems, etc)
  • 22. 22 RISK IN THE OVERALL AUDIT PROCESS Materiality, Audit Risk and Audit Planning • Stage 1 Audit: Identification of key processes and their interactions to determine areas of focus during the on-site audit. • Stage 2 Audit (on-site audit): Adjust sampling plan based on materiality of each process and asset. • Other factors considered: – Audit test methods: document review, interviews, observation, technical verification, analysis. – Audit team experience
  • 23. 23 RISK IN THE OVERALL AUDIT PROCESS Materiality, Audit Risk and Audit Planning • The components of audit risks have a significant impact on audit planning. Audits must be planned such that: – Inherent risk is duly assessed; – Control risk is evaluated (planning, performing and evaluating of documented information); – The right mix of essential procedures are used to ensure that detection risks and by extension, audit risk, is reduced to the level acceptable to the auditor.
  • 24. 24 MANAGEMENT ASSERTIONS Definition of Management Assertion • An assertion is an expressed or implied representation by management about the financial statements of a business and their components. • The list of possible assertions represents all the various manners in which a specific control could affect a particular caption within the corporate income statement and balance sheet. • All of the assertions are directly tied to the Generally Accepted Accounting Principles and used by management to classify, measure, and disclose financial information affirming that the financial statements are correct.
  • 25. 25 MANAGEMENT ASSERTIONS Examples of Management Assertion • Completeness: All transactions and other events that occurred during a specific time period were indeed recorded for the period in which they took place. • Existence and/or occurrence: All transactions for assets, liabilities, and ownership interests exist for a specific date and represent events that actually occurred during that period. • Accuracy: All transactions, balances, and classifications have been correctly processed and recorded for the correct time period. Measurement and/or valuation: All transactions are mathematically correct and appropriately recorded for in the correct time period.
  • 26. 26 MANAGEMENT ASSERTIONS Examples of Management Assertion • Ownership (rights and obligations): The rights (i.e., assets) and obligations (i.e., liabilities) are correctly recorded for the correct time period. • Presentation and/or disclosure: All items in the financial statements have been properly recorded and accounted for in the correct time period. • Measurement and/or valuation: All transactions are mathematically correct and appropriately recorded in the correct time period. • Various: Any combination of multiple assertions listed above is relevant and appropriate.
  • 27. 27 MANAGEMENT ASSERTIONS Perceived Risks and Audit Planning related to Initial Assessment • Materiality risk assessment should be done on the following which explicitly or implicitly contains management assertions with the auditor utilizing his knowledge and experience of the industry: – Documented information – Internal audit report – Risk assessment report – Actions to address risks and opportunities – Management review – Outcome of interviews with top management
  • 29. 29 AUDIT RISK MODEL Inherent Risk • Inherent Risk is the risk of a material misstatement in the financial statements arising due to error or omission as a result of factors other than the failure of controls (factors that may cause a misstatement due to absence or lapse of controls are considered separately in the assessment of control risk). • Inherent risk is generally considered to be higher where a high degree of judgment and estimation is involved or where transactions of the entity are highly complex.
  • 30. 30 AUDIT RISK MODEL • Control Risk is the risk of a material misstatement in the financial statements arising due to absence or failure in the operation of relevant controls of the entity. • Organizations must have adequate internal controls in place to prevent and detect instances of fraud and error. • Control risk is considered to be high where the audit entity does not have adequate internal controls to prevent and detect instances of fraud and error in the financial statements. Control Risk
  • 31. 31 AUDIT RISK MODEL • Detection Risk is the risk that the auditors fail to detect a material misstatement in the financial statements. • An auditor must apply audit procedures to detect material misstatements in the financial statements whether due to fraud or error. • Misapplication or omission of critical audit procedures may result in a material misstatement remaining undetected by the auditor. Detection Risk
  • 32. 32 AUDIT RISK MODEL • Some detection risk is always present due to the inherent limitations of the audit such as the use of sampling for the selection of transactions. • Detection risk can be reduced by auditors increasing the number of sampled transactions for detailed testing. Detection Risk
  • 33. 33 RISK-BASED AUDITING 17021-1:2015, 4.8 Risk-based approach Certification bodies need to take into account the risks associated with providing competent, consistent and impartial certification. Risks may include, but are not limited to, those associated with: – the objectives of the audit; – the sampling used in the audit process; – real and perceived impartiality; – legal, regulatory and liability issues; – the client organization being audited and its operating environment; – impact of the audit on the client and its activities; – health and safety of the audit teams; – perception of interested parties; – misleading statements by the certified client; – use of marks.
  • 34. 34 RISK-BASED AUDITING ISO 19011:2011 • This International Standard introduces the concept of risk to management systems auditing. • The approach adopted relates both to the risk of the audit process not achieving its objectives and to the potential of the audit to interfere with the auditee’s activities and processes.
  • 35. 35 RISK-BASED AUDITING ISO 19011:2011 • An organization needing to conduct audits should establish an audit programme that contributes to the determination of the effectiveness of the auditee’s management system. • The audit programme can include audits considering one or more management system standards, conducted either separately or in combination. • The top management should ensure that the audit programme objectives are established and assign one or more competent persons to manage the audit programme.
  • 36. 36 RISK-BASED AUDITING ISO 19011:2011 • The extent of an audit programme should be based on the size and nature of the organization being audited, as well as on the nature, functionality, complexity and the level of maturity of the management system to be audited. • Priority should be given to allocating the audit programme resources to audit those matters of significance within the management system. • These may include the key characteristics of product quality or hazards related to health and safety, or significant environmental aspects and their control.
  • 37. 37 RISK-BASED AUDITING ISO 19011:2011 - 5.3.1 Roles and responsibilities of the person managing the audit programme The person managing the audit programme should: — establish the extent of the audit programme; — identify and evaluate the risks for the audit programme; — establish audit responsibilities; — establish procedures for audit programmes; — determine necessary resources; — ensure the implementation of the audit programme, including the establishment of audit objectives, scope and criteria of the individual audits, determining audit methods and selecting the audit team and evaluating auditors; — ensure that appropriate audit programme records are managed and maintained; — monitor, review and improve the audit programme.
  • 38. 38 RISK-BASED AUDITING ISO 19011:2011, 5.3.4 Identifying and evaluating audit programme risks There are many different risks associated with establishing, implementing, monitoring, reviewing and improving an audit programme that may affect the achievement of its objectives. The person managing the programme should consider these risks in its development. These risks may be associated with the following: — planning, e.g. failure to set relevant audit objectives and determine the extent of the audit programme; — resources, e.g. allowing insufficient time for developing the audit programme or conducting an audit; — selection of the audit team, e.g. the team does not have the collective competence to conduct audits effectively; — implementation, e.g. ineffective communication of the audit programme; — records and their controls, e.g. failure to adequately protect audit records to demonstrate audit programme effectiveness; — monitoring, reviewing and improving the audit programme, e.g. ineffective monitoring of audit programme outcomes.
  • 39. 39 RISK-BASED AUDITING ISO 19011:2011 - 5.3.5 Establishing procedures for the audit programme The person managing the audit programme should establish one or more procedures, addressing the following, as applicable: — planning and scheduling audits considering audit programme risks; — ensuring information security and confidentiality; — assuring the competence of auditors and audit team leaders; — selecting appropriate audit teams and assigning their roles and responsibilities; — conducting audits, including the use of appropriate sampling methods; — conducting audit follow-up, if applicable; — reporting to the top management on the overall achievements of the audit programme; — maintaining audit programme records; — monitoring and reviewing the performance and risks, and improving the effectiveness of the audit programme.
  • 40. 40 MANAGING RISKS IN MANAGEMENT SYSTEM AUDITS Risk Management Process • Risk assessment: Identifying, analysing and evaluating relevant risks associated with achieving audit objectives. • Risk treatment options: - Changing likelihood/consequence or both - Risk avoidance - Risk removing - Risk retaining • Monitoring and reviewing
  • 41. 41 MANAGING RISKS IN MANAGEMENT SYSTEM AUDITS Risk Management Process
  • 42. 42 SUMMARY Risk is integral in management systems auditing therefore to be effective, the auditor must adopt the risk-based auditing approach, applying relevant risk management methodology throughout the audit process.
  • 43. 43 REFERENCES • AICPA GAAS section 320, 10-14 • Coleman, L.B. (2015). Advanced Quality Auditing. Mil, WI.,ASQ. • ISO. (2009). Risk management principles and guidelines. (ISO 31000:2009). Geneva, Switzerland • ISO. (2011). Guidelines for auditing management systems. (ISO 19011:2011). Geneva, Switzerland • ISO. (2015). Quality management systems –requirements. (ISO 9001:2015). Geneva, Switzerland • Madison, D. Process Mapping, Process Improvement, and Process Management (Kindle Locations 743-746). Paton Professional. Kindle Edition. • PECB Advanced Auditing Techniques Training Handbook
  • 44. THANK YOU ? 1 876 475 1963 jamclean@ktmcltd.com www.ktmcltd.com linkedin.com/in/Jacob-a-mclean twitter.com/jacobamclean