Assessing Risk Management Output for an Internal Audit Project

Last Modified on 11/15/2024 1:32 pm EST

Overview

To check which risks should be included in the internal audit plan, click the desired organization in the Risk Management Output for Internal Audit section. Doing so will display a heat map that measures a risk's inherent risk score against its control effectiveness, as well as two data tables.

User Account Requirements

The user account used to log into Resolver must be added to the Internal Audit Staff user group.

Related Information/Setup

Please see the following articles for further information regarding the Toolbar section:

Navigation

  1. From the Resolver Home screen, click the Home dropdown and select the Internal Audit Management link.

Home Dropdown

  1. From the Risk Assessment screen, select an Entity from the Risk Results for Audit Planning section.

Audit Universe Heat Map Section

Risk Management Output for Internal Audit Report

  1. The Risk Management Output for Internal Audit Report screen will appear, displaying the Risk's Inherent Risk Score against the Control's Effectiveness.
    • Inherent Risk Score: The Inherent Risk Score is a baseline, indicating the severity of the Risk. The Inherent Risk Score is calculated using Likelihood x Impact = Inherent Risk Score.
    • Control's Effectiveness: Control Effectiveness is the total effectiveness of a Control or group of Controls in alleviating a Risk.
  1. The Risk Management Output for Internal Audit Report screen plots Risks on the grid represented by a point. Each point is coded with a number representing the Risk's Unique ID number.

Risk Management Output for Internal Audit Report Screen

  1. Hover your cursor over a Risk to see a Risk summary.

Risk Summary Pop-up

  1. Click a Risk on the Heat Map to open the Risk pop-up for further details (e.g., Risk Owner, Risk Ratings, etc.).

Risk Pop-up

  1. Below the Heat Map are two Risk tables.
    • The first Risk table displays detailed information on Risks in the Red tiles in the upper right on the Heat Map (Critical - Medium, Critical - Strong, Critical - Excellent, Significant - Strong, and Significant - Excellent areas). These Risks are considered high-risk, and it may be more impactful to concentrate on them when developing Internal Audit Plans to validate that controls are operating effectively in potentially high-risk areas.
    • The second Risk table displays detailed information on all Risks.

Note:
Risks in the top left on the Heat Map in the Critical - N/A or Critical Non-Existent areas indicate that the Risk requires process improvements to implement Controls before they can be audited. 

Risk Table

  1. The following fields appear on the Risk table:
  • Risk Unique ID: The Risk's unique ID represents the Risk throughout the system.
  • Risk Name: The Risk Name is the Name of the Risk. 
  • Risk Description: The Risk Description is a brief description of the Risk.
  • Risk Owner: The Owner of the Risk.
  • Inherent Risk Score: The Inherent Risk Score is a baseline indicating the severity of the Risk. The Inherent Risk Score is calculated using Likelihood x Impact = Inherent Risk Score.
  • Control Effectiveness: Control Effectiveness indicates the overall effectiveness of Controls in alleviating a Risk.
  • Risk State: The Risk State indicates the level of Risk severity. 
Copyright © 2022 – 2023 Your Company, LLC. All rights reserved.