Scribd Logo
Upload

Welcome to Scribd!

  • Risk Assessment Audit Work Program

    Uploaded by

    Ash
    195 views3 pages
    Audit

    Original Title

    Risk Assessment Audit Work Program (1)

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Audit

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    195 views3 pages

    Risk Assessment Audit Work Program

    Uploaded by

    Ash
    Audit

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 3

    Risk Assessment

    Audit Work Program


    Project Team (list members):

    Project Timing:

    Date

    Comments

    Planning
    Fieldwork
    Report Issuance (Local)
    Report Issuance (Worldwide)

    Audit Objectives
    The purpose of this audit work program is to assess, at a high level, and validate key controls in place for
    the risk assessment component of the COSO framework. Inadequate or ineffective controls in this area
    may give rise to financial and operational risks.
    Risks addressed in this audit work program include:
    Management does not have a business planning process in place that examines existing objectives
    and establishes new objectives when necessary.
    Management has not established business plans and budgets with realistic goals, and incentives
    for achievement of plans are not balanced.
    Objectives are not communicated at the appropriate levels and are not understood and adopted by
    the responsible parties.
    Management has not established a process to periodically review and update entity-wide strategic
    plans and objectives.
    Activity-level objectives are not linked with entity-wide objectives and strategic plans.
    Activity-level objectives are not consistent with each other (e.g., objectives for the sales
    organization are not consistent with the manufacturing organization).
    Management does not identify risks related to each of the established objectives.
    Management does not have mechanisms in place to identify business risks resulting from entering
    new markets or lines of business or from offering new products and services.
    Management does not identify financial reporting risks that result from operations or compliance
    with laws and regulations.
    Management does not identify fraud risk factors, including management override of controls.
    Management does not estimate the significance of the risks identified, assess the likelihood of the
    risks occurring, and determine the need for action.
    Risks are not evaluated as part of the business planning process.
    Senior management does not develop plans to mitigate significant identified risks.
    The responsibilities and expectations for the entity's business activities and the entity's philosophy
    about identification and acceptance of business risk are not clearly communicated to the executives
    in charge of separate functions.
    Risks are not reviewed periodically with the appropriate corporate governance functions (e.g.,
    executive management, disclosure committee, audit committee and legal).
    The business planning process does not include a broad spectrum of personnel with collective
    knowledge of all areas of the entity.
    The business planning process does not include consideration of changes in the business
    environment, including the industry, competitors, the regulatory environment, and customers.
    Changes in risks are not identified in a timely manner.
    Changes are not appropriately communicated to the proper level of management (depending on the
    significance).
    Management has not identified the resources needed to achieve the objectives and does not have
    plans to acquire the necessary resources.
    Source: www.knowledgeleader.com

    Page 1

    Budgets and forecasts are not updated throughout the year to reflect changing conditions.

    Time

    Project Work Step

    Initial

    Index

    I. Audit Procedures
    A. Strategic Plan
    1. Obtain a copy of the five-year rolling strategic plan for (insert year)
    and (insert year).
    2. Through inspection, verify that the strategic plan was updated for
    (insert year).
    B. Individual Bonuses
    1. Inquire with the VP-HR as to the process for determining bonus
    payouts.
    2. Obtain documentation (policies, guidelines) related to the Incentive
    Compensation Plan that is in place.
    C. Employee Goals
    1. Inquire with VP of HR concerning the process for employees to
    follow for determining Critical Success Factors.
    2. Obtain documentation (i.e. policies, guidelines, or communications
    from HR) regarding the CSF process.
    D. Strategy
    1. Obtain agendas, meeting minutes, documentation and plans
    resulting from the (insert year) offsite strategy meeting.
    2. Verify that the attendees of the meeting included the top X
    individuals of the company.
    3. Through inspection, verify that the company's performance in
    relation to the strategic plan as well as strategic developments and
    their related benefits and risks were discussed.
    D. Budget and Forecast
    1. Generate a random sample of two months from the period selected
    for testing, (insert date) to (insert date).
    2. Obtain copies of the X Report verifying it was completed for the
    months selected for testing.
    3. Inquire with Finance personnel to verify that senior and executive
    management review the monthly X Report.
    E. Scope
    1. Obtain documentation related to the financial statement risk
    analysis.
    F. Fraud Risk Assessment
    1. Through inquiry, determine how the fraud risk assessment is
    performed.
    2. Obtain a copy of the fraud risk assessment meeting minutes and
    supporting documentation.
    3. Verify potential fraud scenarios and mitigating controls were
    discussed.

    Source: www.knowledgeleader.com

    Page 2

    Time

    Project Work Step

    Initial

    Index

    G. Mitigation of Financial Reporting Risk


    1. Obtain copies of the company's SOX documentation.
    2. Through inspection, verify that plans to mitigate risks in Financial
    Reporting are included in the SOX documentation.
    H. Disclosure
    1. Generate a random sample of two quarters from the period
    selected for testing.
    2. Obtain a copy of the Disclosure Committee members certification
    of the Quarterly Report.
    3. Through inspection, verify that the Disclosure Committee
    performed a review of controls and information to determine
    disclosure requirements as evidenced via signed certification.
    I. Organizational Structure
    1. Obtain the Company's documentation concerning the X System.
    2. Obtain evidence that the roles within the company have been
    assigned complexity levels in order to determine the appropriate
    organizational structure.
    J. Five Year Plan
    1. Obtain a copy of the five-year rolling strategic plan for (insert year)
    and (insert year).
    2. Through inspection, verify that the strategic plan was updated for
    (insert year).
    II. Reporting Procedures
    A. Compile results from this process review into a report for
    management to review.
    B. Schedule a meeting with management and appropriate process
    owners to discuss results.
    C. Receive sign-off from management on the report results and
    document action steps to address process deficiencies.

    Source: www.knowledgeleader.com

    Page 3

    You might also like