Professional Documents
Culture Documents
Mini How To
Twinning Contract MT 2003 / IB / AG/ 01/TL
3 August 2004
STE Benini
Process Mapping Risk Mapping Risk Evaluation Definition of PA`s Risk Portfolio
Audit planning
IAM`s Mandate
The ability of the IAM is to find a common area between three different needings (see below)
CRSA structure:
Familiarization
Go and find manuals, procedures, integrative papers Conduct pre-mapping interviews Find and study every relevant rule which governs the process Get the organigrams Try to figure some workflows out Cross verify two or more manuals, procedures and integrative papers Make preparatory summaries of you findings Design a Processes Map After you have done it all, look for confirmation of your doubts by competent people into the auditated structure
Management of Guarantees, Debtors and Sanctions (some parts) Management of Guarantees, Debtors and Sanctions (other parts)
Delegated body
Support Processes
What is a risk?
Risk is everything can prevent you from doing something you have to do Risk can be actions, not actions, actions performed not so well, action based on misunderstanding Risk can be an unwanted heritage of your predecessors in this office Risk can be a consequency of somebody`s action outside an office (external risk) If you have a risk you have to put a control on it IAS has to map processes, then to map risks on processes, then to assess if the process owner known his risks and how he deals with them
What is a control?
Something that can prevent a risk to do its job on your work Something that you can afford to put in place Something effective and efficient Something that should be multipurpose (if one control covers more than one risks it`s a better thing) Something that isn`t redundant Something of reliable Something that can be: preventive, successive, on course
25 20 15 10 5 0 1st 2nd levele level risks risks 3rd level risks Process 1 Process 2 Process 3
RISK WEIGHT=
RISK MEASUREMENT MATRIX
PROBABILITY+IMPACT
m(2)
PROBABILITY OF RISKS
h(3)
h(3)
l(1)
m(2)
h(3)
l(1)
l(1)
IMPACT OF RISK
m(2)
P 1 1 2 2 3 1 2 3 3
I 1 2 2 1 1 3 3 2 3
W 1 1 2 1 2 2 3 3 3