Reviewing an Internal Audit's Risks

Overview

Once a member of the Internal Audit Leads/Managers user group has moved the audit project into the Fieldwork state, staff members can review the risks attached to the project. It is recommended that a risk is reviewed after all of its attached controls have been reviewed.


Navigation

  1. From the Home screen, click the Home dropdown and select the Internal Audit Management link.

Home Dropdown

  1. From the Risk Assessment screen, click on the Fieldwork tab.

Fieldwork Tab

  1. From the Fieldwork screen, click on the Internal Audit report name that contains the risk you want to review from the Audits in Progress section.

Internal Audit Report

  1. From the Audit Project Overview screen, click on the Expand icon on the Navigation Tree to expand the nodes until you find the risk.
  2. Click the risk to open the Process Details tab. The risk is indicated with an R icon next to the risk name on the node.

Process Node

  1. Click the Collapse Icon to collapse the Navigation Tree.

Collapse Icon

Reviewing an Internal Audit's Risks

  1. The Risk Details tab will appear.
  2. (Optional) Enter a new Risk Name. The risk name will represent the risk throughout the system.

Risk Name Field

  1. (Optional) Enter a new risk description in the Description field.

Description Field

  1. Enter a user or user group name in the Risk Owner field and select a user or user group from the dropdown menu.

Risk Owner Dropdown Menu

  1. From the Risk Assessment section, users can perform an independent risk assessment for the internal audit project.

Risk Assessment Section

  1. Select an inherent impact score from the Inherent Impact dropdown menu. The inherent impact score is weighted and will affect the Inherent Impact Score card. The inherent impact score represents the severity of the risk before implementing a control.

Inherent Impact Dropdown Menu

  1.  Select an inherent likelihood score from the Inherent Likelihood dropdown menu. The inherent impact score is weighted and will affect the Inherent Impact Score card. The inherent likelihood score represents the chance of the risk reoccurring if no controls are put in place.

Inherent Likelihood Dropdown Menu

  1. The Inherent Risk Score card will appear to the right of the Inherent Impact and Inherent Likelihood fields. The Inherent Risk Score card will reflect the choices made in the Inherent Impact and Inherent Likelihood fields.

Inherent Risk Score Card

  1. Select a control effectiveness score from the Control Effectiveness dropdown menu. The control effectiveness score is weighted and will affect the Control Effectiveness Score card. The control effective score represents how effective the control is at preventing the risk from reoccurring.

Control Effectiveness Dropdown Menu

  1. The Control Effectiveness Score card will appear to the right of the Control Effectiveness field. 

Control Effectiveness Score Card

  1. Select a residual impact score from the Residual Impact dropdown menu. The residual impact score is weighted and will affect the Residual Impact Score card. The residual impact score represents the impact of the risk when controls are in place.

Residual Impact Dropdown Menu

  1. Select a residual likelihood score from the Residual Likelihood dropdown menu. The residual likelihood score is weighted and will affect the Residual Risk Score card. The residual Likelihood score represents the probability of the risk reoccurring when a control is implemented.

Residual Likelihood Dropdown Menu

  1. The Residual Risk Score card will appear to the right of the Residual Impact and Residual Likelihood fields. The Residual Risk Score card will reflect the choices made in the Residual Impact and Residual Likelihood fields.

Residual Risk Score Card

  1. (Optional) Click the Related Controls and Objectives tab to view related controls and objectives.

Related Controls and Objectives Tab

  1. Click on a Control from the Control table to view further details.

Control

  1. Click the Add Existing Controls link to add an existing control to the risk.
  2. Click the + Create New link to create a new control to add to the risk.

Adding Control Links

  1. Click on an Objective from the Objective table to view further details. 

Objective

  1. Click the Add Existing Objective link to add an existing objective to the risk.

Add Existing Objective Link

  1. Click the X icon next to a control or an object to delete a control or an object from the risk.

X Icon