Académique Documents
Professionnel Documents
Culture Documents
AGENDA
Latar Belakang Audit Berpeduli Resiko
Proses & Tahapan Audit Berpeduli Resiko
Opsi Penerapan Audit Berpeduli Resiko
Continous Audit Cycle
Contoh Perencanaan Audit Berpeduli
Resiko
Pengertian RBIA
Risk based internal auditing (RBIA) is
the methodology which provides
assurance that risks are being
managed to within the organisations
risk appetite.
In other words: the processes that
manage risks to a level considered
acceptable by the board are working
effectively and efficiently.
The Logic
Jika tujuan auditor intern adalah untuk mendukung
pencapaian tujuan yang ditetapkan perusahaan,
maka auditor intern dalam penugasan auditnya
juga harus memperhatikan seluruh risiko yang
mungkin dihadapi oleh organisasi dalam rangka
mencapai tujuannya. Dengan mengenali risiko
inilah auditor intern akan mampu memberikan
masukan kepada auditi sehingga auditi dapat
meminimalisasi dampak risiko
The Logic
Compliance Audits
Audits of
Financial Risk
Fraud
Investigations
Evaluations of
Internal Controls
Achtung !!
Within the context of RBIA, internal audit
can only provide assurance where a risk
management framework is in place: all
other work is consultancy.
PROSES ABR
3 Stages of an audit
Categorise risks
Audit Universe
Link risks to audits
Alllocate resources to
audits
Audit plan
Agreed scope
Audit database
RBIA documentation
risk and audit
universe
objectives
audit databases
objectives
risks
risks
scores
scores
controls
controls
last audits
tests
Audit
Committee
report
audit
reports
Prioritisation of
audit areas
Magnitude of
the loss,
likelihood of
occurrence
Regulatory and
management
concerns and
Controls in
place Should be
Allocation of
resources
Audit resources are
to be allocated on the
basis of Overall
Risk. Where
necessary, training
should be imparted to
the officers and other
staff of internal audit
function.
considered.
26
Tahapan RBIA
1. Assess the risk maturity of the organisation
Key Charateristics
Risk Naive
Risk Aware
Risk Define
Risk Managed
Risk Enabled
Risk Naive
Risk
Aware
Risk
Define
Risk
Managed
Risk
Enabled
NO Formal
RMP
Poor RMP
RMP
Deficiencies
RMP Managed
Organisations
RMP enabled
organisation
Consulting
objectives in risk
management (RM)
To promote,
guide, facilitate
RM (PGF)
To promote,
guide,
facilitate RM
(PGF)
To embed RM
To improve RM
Need based
improvement
Traditional
audit plan
(TAP)
Traditional
audit plan
(TAP)
Management
view on risk
(RBIA) and
supplement
with TAP
Management
view on risk
drive audit plan
(RBIA)
Management
view on risk
drive audit
plan (RBIA)
Assurance on
Control
Process
Control
Process
RMP and
control
process
RMP
RMP
SIKLUS AUDIT
BERKELANJUTAN
Audit Process
9
Pl
a
nn
in
g
Seleksi
auditan
2
Persiapan
penugasan
Evaluasi
Fo
llo
w
-u
p
Risk Assessment
PROSES
AUDIT
Pelaporan
hasil audit
4
Deskripsi
& evaluasi
Dokumen
7
Pengembangan
temuan
Pengujian
lapangan
or
k
dw
g
rt i n
po
Re
Survei
Pendahuluan
Fi
el
Monitoring
tindak
lanjut
On-going
January June
April
Responsive to changing
risk environment
6-month project planning
cycle allows for more
flexibility
18-month view
December
May
On-going
June
Jul-Dec
September
Audit Plan
4. Develop Risk-based
Audit Strategy
Rating Scale
Scale
HIGH
MEDIUM
LOW
Impact
Likelihood
An incident of noncompliance
and/or the loss of confidentiality,
integrity, or availability could be
expected to have a severe or
catastrophic adverse effect on
operations, assets, or people.
An incident of noncompliance
and/or the loss of confidentiality,
integrity, or availability could be
expected to have a serious
adverse effect on operations,
assets, or people.
An incident of noncompliance
and/or the loss of confidentiality,
integrity, or availability could be
expected to have a limited
adverse effect on operations,
assets, or people.
Impact
15
25
Significant
(3)
15
Negligible
(1)
Probable
(3)
Almost
Definite
(5)
Remote
(1)
Likelihood
15
20
25
Unacceptable
Unacceptable
Unacceptable
4
Acceptable
12
Issue
16
20
Unacceptable
Unacceptable
3
Acceptable
9
Issue
12
Issue
15
2
Acceptable
4
Acceptable
Supplementary Issue
Supplementary Issue
10
Issue
1
Acceptable
2
Acceptable
3
Acceptable
4
Acceptable
Insignificant (1)
Minor (2)
5
Supplementary Issue
Supplementary Issue
Supplementary Issue
Moderate (3)
Major (4)
Unacceptable
5
Supplementary Issue
Catastrophic (5)
High Risk
Impact
Medium Risk
MITIGATE &
CONTROL
SHARE RISK
Low Risk
Medium Risk
ACCEPT RISK
CONTROL RISK
Likelihood
Risk Categories
Residual Risk
CONTOH PERENCANAAN
AUDIT BERPEDULI RESIKO
Table of Contents
50
I.
S
I
G
N
I
F
I
C
A
N
C
E
Logical Security/Security
Admin.
Commercial Lending
Central Services
Commercial Business Lending
IT Telecommunications
Finance
Software Licensing
Internet Conn./Firewall
Operations Support
SBA Center
ITI Applications
II
Human Resources/Payroll
IV
Facilities
III
LIKELIHOOD
Risk
Assessment
Budgeted Hours
High
High
High
High
High
High
High
Medium
Medium
Medium
Medium
Medium
Medium
Medium
Medium
Medium
Low
Low
N/A
N/A
N/A
300
250
450
250
250
160
80
450
100
80
100
60
50
250
200
150
450
150
400
260
80
4,520
Hours
DESCRIPTION
Branch Network
Branch 1
Branch 2
Branch 3
Branch 4
Branch 5
Branch 6
Branch 7
Branch 8
Business Processes/Operations
Treasury/Investments/ALM
Real Estate Lending
Central Services
Commercial Business Lending
SBA Center
Human Resources/Payroll
Centralized Documentation Unit
Finance/Accounting/Accounts Payable
Operations Support
Community Reinvestment Act
New Product Development
Follow-up on Significant Issues
Discretionary
= Planned
Feb
Mar
2ND QUARTER
April
May
June
3RD QUARTER
July
Aug
Sept
4TH QUARTER
Oct
To be determined
= In
Process
=
Completed
Nov
Dec
Jan
Feb
Mar
2ND QUARTER
April
May
June
3RD QUARTER
July
Aug
Sept
Information Technology
GENERAL
Logical Security & Security Admin.
Local AreaNetworks
Internet Connectivity/Firewall
Disaster Recovery Planning
SoftwareLiscencing
IT Telecommunications
OTHER
Special Management Projects
To be determined
= In
Process
=
Completed
4TH QUARTER
Oct
Nov
Dec
DESCRIPTION
Reg Reg Reg Reg Reg Reg Reg CRA OFAC HMDA BSA
B CC D DD E
X
Z
Branch Network
Business Processes/Operations
Real EstateLending
SBA Center
Internal Audit will coordinate with ABC Banks Compliance Officer when determining
the scope and degree of work to be performed for compliance related issues.
Questions?