School of Management, University of Glamorgan
Research on Internal Audit Participate in Risk Management-Based on the ERM Framework of COSO
By: Weichen Zhu
Candidate no:
September 2012
Supervised by:
The dissertation is submitted as part of the requirement for the award of
Masters of Science:
Declaration
This Dissertation has been prepared on the basis of my own work and that where other published and unpublished source materials have been used, these have been acknowledged.
Word Count:
Student Name: __________________
Signature: ______________________
Date of Submission:______________
Acknowledgement
This is my first time to go aboard for studying. During different campus life in the UK, it is
…show more content…
Risk management has become a very important task of enterprise operation. In the process of the development of risk management, it needs a guide to lead enterprises grow up sustainably. Therefore, establishing risk management frame work becomes an inevitable trend. In 2004, COSO issued the enterprise risk management –integrated framework on the base of internal control- integrated framework. This framework make the enterprise risk management get on a new level.
As an independent objective assurance and consulting activity, internal auditing helps an organization accomplish its objectives by bringing a systematic and displined approach to valuate and improve the effectiveness of risk management so that it could control and governance processes. Its aim is to add value and improve an organization’s operation condition. From
A company might decide to establish an internal audit department because an effective and independent internal audit department add values and improve effectiveness of risk management, control, and governance processes. It also helps prevent and detect the frauds.
First, a clear risk hierarchy was introduced which allowing the right people to manage the right risks. Second, the Quantified Risk Analysis controlled the contingency allocation. Key risks were forecast before they occurred which allow the management team to solve the problems in advance. In addition, sufficient contingency ensured the budget maintained as appropriate. Third, a clear and open reporting system created a healthy balance of review in the whole process. Last, assurance and audit promoted an honest culture of risk
The auditor must obtain an understanding of the entity and its environment, including internal controls, so that they can identify and assess the risks of material misstatement on financial statements due to fraud or error and design and perform further audit procedures.
The external audit focuses on identifying and evaluating trends and events beyond the control of a single firm. An external audit reveals essential opportunities and threats confronting an organization so that managers can formulate strategies to take advantage of the opportunities and avoid or reduce the impact of threats.
This paper discusses how a company can successfully implement the Enterprise Risk Management based on COSO guidelines. This paper discusses a step by step process of the implementation plan at Dell Inc, the responsibilities of the workforce and management, the risk mitigation approach and how to monitor the activities successfully.
COSO is supported by the SEC and therefore provides a basic technique for assessing the internal control compliance with SOX. Moreover, it offers guidance in enhancing the internal control system respectively (Butler & Richardson, 2005). Besides the Internal Control framework, COSO has developed another technique, the Enterprise Risk Management (ERM) - Integrated Framework. This framework deepens the risk management handling by adding three additional elements to the COSO Internal Control Framework. Both COSO models are organized as a cube. The ERM framework is visualized in Figure
Internal Audit solution is design to help companies in several data and audit related programme . It give help to all kind of audit like internal audit , operational audit etc . Steps for audit programme is generally start from
The internal auditor is put in place in order to ensure that the internal controls are tested and assessed effectively. They are also out in place in order to monitor any possible fraudulent activities within an
Additionally, it makes sure to keep financial reporting reliable in order not to face unnecessary trouble, such as fraud. Not only that, ensuring that enterprises follow laws and regulations thoroughly is also an essential part of this. If this is not put in place enough, organizations are very likely to damage their reputation, which is considered to be one of potential risks for them. Hence, it is clear that internal control could act as a regulator to minimize risks, which means establishing and maintaining proper internal control could be an effective way to constantly benefit from outcomes of RM.
Audit and Internal Control is a way that is looked upon internally and externally to see if the correct functions and process are being done to make sure that informaiton that is given is unbaisis and in a correct manner. Auditors ideally need to get all
Clearly, there is a correlation between effective risk management and a well-managed business. Over time, a business that cannot manage risk effectively will not prosper and, perhaps fail. There was a period of that a lot of high-profile business scandals and failures where the company stakeholders suffered tremendous loss. This gave rise to calls for organizations to enhance their corporate governance and risk management using new laws and regulations. The need for an enterprise risk management framework, providing key principles and
According to the Institute of Internal Auditors (IIA), (2011), the internal auditing is a team of consultants, a department and a division or other practitioner which independent, have objective assurance and conduct a consulting activity which is designed to add value and improve the organization operations. The internal auditor can help an organization in achieving its objectives by bringing a discipline and systematic approach in order to improve and evaluate the effectiveness of risk management, control and governance process.
The purpose of internal auditing is to support all members of the organization within the effective discharge of responsibilities by furnishing them with appraisals, recommendations ,analysis,
The role of internal audit is to provide independent declaration that an organization’s threatadministration, governance and internal control processes are functioning effectively. Internal auditors deal with concerns that are essentially important to the existence and success of any organization. Unlike external auditors, they aspect beyond financial possibilities and statements to reflect wider problems such as the organization’s reputation, development, its power on the location and the approach it treats its organizations.In summary, internal accountantssupport organizations to thrive.
International Professional Practices Framework (IPPF) 2011 and Institute of Internal auditors (IIA), Defines, the Internal auditing as an independent, objective assurance and consulting activity intended to add value and improve an organization’s operations. It helps an organization to achieve its objectives by bringing a methodical, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes. The overall objective of internal auditing is to assist all members of management in the effective discharge of their functioning, by endorsing them with objective analysis, appraisals, recommendations and pertinent comments concerning the activities reviewed. The Institute of Internal auditors under the glossary of the Standards for the Professional Practice of Internal Auditing,(IIA 2004c:25) outlines the concept of ‘value added’ in the integrity and objectivity of internal auditing and financial report scrutiny states that:(Institute of Internal Auditors