RBIA is based on mgm't asesment of risk - audit MUST ensure do not take owenrsihp of risk by implementing RBIA before org reaches sufficient risk maturity If audit on basis of own view of risk instead of mgmt's detriments to goal to improve org risk maturity as reinforces misconception IA RESPONSBILE FOR RISK MANAGEMENT
Ensure audit resource directd on mgmt mos significant risk and thus increased mgmt buy in. MANAGEMENT AWARE AUDIT FOCUS ON PRIME CONCERNS
CHALLENGING FOR AUDIT dynamic process- thus difficult to monitor progress against annual plan!! RBIA justifies no. of auditors required. Audit plan incl resources drive by proportion of processes and risks the AC required obj assurance. This differs from currently resources determine no of audits.
IMPLEMENTING RBIA MAY REQUIRE DIFFERENT SKILL SET from present strategy - need for more people and business skills e.g. facilitation and interviewing. Expansion of audit universer may require new specialist knowledge - involving specialist training or recruit new staff on perm or temp bais
Comments
No comments have yet been made