Académique Documents
Professionnel Documents
Culture Documents
INTERNAL
AUDITING (RBIA)
CA. Sunil Pokhrel
Deputy Chief
Internal Audit Department, RBBL
INTRODUCTION TO AUDITING
of Management.
Risk Management Framework
Identification of Risk
Measurement of Risk
Mitigation of Risk
Revaluation/Reassessment.
(Areas: Credit Risk, Operational Risk Including
IT Risk, Liquidity Risk, Interest Rate Risk, Legal
Risk etc.)
Identification of Risk :
Knowledge of the Business/System
Process.
Threat Identification
Vulnerability Identification
Measurement of Risk :
Likelihood Determination
Impact Analysis
Risk Determination
IT Risk ...how to know ???..
Part of Operational Risk Management
Major Asset of Bank : Data & Information
1. Loss of Integrity
2. Loss of Availability
3. Loss of Confidentiality
Response to Risk :
Tolerate : Do Nothing but need for
contingency plan.
Transfer : Pass Risk to another
party. Eg- Insurance.
Terminate : Remove/Reject the
circumstances.
Treat : Implement a system of Internal
Control & Risk Mitigation factor.
Revaluation & Reassessment
WHY RBIA ?
Stakeholders including investors and other
interested bodies now expect that this Risk
Management Framework is operating effectively.
Just as External Auditor provide confirmation
concerning true & fair view of Financial Statement,
so Internal Auditors provide confirmation on Risk
Management.
Approach to RBIA
BUT ……………………….have
turned into Problem
Banks………….and even went into
Liquidation.
….Why ??????????......
…..Most Recent Issues:
Failure in Corporate
Governance
Governance Based Internal Auditing
2. System Based 20 % 40 % 20 %
3. Risk Based 9% 25 % 50 %
4. Governance 1% 5% 25 %
Based
Total 100 % 100 % 100 %
Evolution in Internal Auditing :