建立一个有效的内部审计部门 ESTABLISHING AN EFFEC(4)
2015-11-04 01:46
导读:The IAD then weighted and prioritized potential projects across all the business units, giving consideration to the volume of their activities and their importance to the company's overall strategic p
The IAD then weighted and prioritized potential projects across all the business units, giving consideration to the volume of their activities and their importance to the company's overall strategic plan. RISK-BASED ASSESSMENT
The risk assessment framework closely incorporated the concepts of risk and control. Schwan established business objectives at all levels of the company from corporate down through each business unit. To achieve these objectives, it put in place core business processes that were groupings of related business activities (e.g., procure materials, manufacture products, distribute products, sell products, serve customers). The core business practices were supported by processes that provided resources and services to them.
Risks threaten the achievement of business objectives at all levels, while controls are the activities put into place to manage or mitigate the risks. Controls are often built into the core business processes and support processes.
Within each process, the IAD assessed:
* Gross risk (threats or impediments to the accomplishment of corporate or process objectives),
* Strength of relevant controls and management's response to the identified risks, and
* Residual risk (a reevaluation of risk in light of controls and management's response).
The IAD rated the risks based on the magnitude of the impact of the risk as well as its probability. They conducted residual risk assessments through focused interviews with multiple levels of management, a review of business plans, analysis of financial and operational reports, and a review of miscellaneous information (e.g., industry information, process documentation). For validation, they discussed the assessment results with the appropriate levels of management.
At Schwan, food quality and safety is one area of continual vigilance. Every single batch of raw materials or product that comes into Schwan's factories is tested for contamination, and the IAD assesses a gross risk of contamination of raw materials at a certain level. As a result of Schwan's very stringent controls, residual risk has been assessed as extremely low. ASSESSING EFFECTIVENESS
(科教作文网 zw.nseac.com整理) On average, Just reviewed the status of the internal auditing plan with the auditing committee five times a year. The main criterion against which the success of the IAD was measured was whether the internal auditors were adding value. For example, were the major projects being performed? Was the IAD receiving requests from the business units for other projects?
Just budgeted approximately 80% of the internal audit staff time for projects identified through the risk assessment process, leaving 20% of their time open for emerging priorities. In its first year, the department received a large number of requests for other projects, and that was clearly viewed as a substantial measure of success.
During the meetings with the audit committee, Just also reported what percentage of the audit plan was complete, although that wasn't the primary measure of success since the IAD was created to address risk as it arises. Consequently, the annual internal audit plan could be revisited throughout the year and changed as need dictated.
