Insights - Articles, Blogs and on-demand webcasts

Articles & E-Books

Why the risk assessment is the lifeblood of your internal audit program

Apr 08, 2020

By: Cayci Branum

Historically, many organizations haven’t always performed a formal, comprehensive risk assessment. But in recent years, we have started to see a shift in that thinking.

A risk assessment helps you identify risks within the organization and allows management and the board of directors to develop adequate plans to mitigate those risks. A well-developed risk assessment takes an organization-wide, bottom-up and top-down approach.

While executive management should focus on key initiatives and strategic risks for the entire organization, process owners within the organization should be equally involved to give a realistic day-to-day analysis of risk within their specific business/service lines.

Risk assessments ensure your internal auditors are focused on the areas of highest risk and the areas that will provide the most value to your organization. In addition, if you are in a regulated industry and undergo regulatory examinations, at the start of that exam, you will be asked to provide the risk assessment in order to support the testing. Regulators are looking to ensure the risk assessment is adequate and appropriate for the size and risk profile of your organization, as well as how well those risks are appropriately incorporated into your internal audit plan.

How to perform a successful risk assessment

To complete a successful risk assessment, keep in mind these five objectives:

1. Document strategic goals and initiatives

Develop and document an understanding of your organization’s strategic goals and key initiatives — both short term and long term.

The broader, longer-term goals are typically developed during the board’s strategic planning meetings, while others will be developed during departmental and committee meetings. The risks associated with these goals and initiatives should be identified and analyzed to ensure they are addressed appropriately in your organization’s audit plan.

2. Document business processes

Obtain and document an understanding of the processes through which your organization conducts its business, which should include significant processes based on the overall risk to the organization.

3. Identify and evaluate key risks

Identify and evaluate the key business risks that may impact your organization and/or threaten the achievement of its strategic goals and objectives. Once identified, you should further segment the risks for each of the significant processes so that you can appropriately address them in the audit plan for current and future years.

4. Prepare a multi-year internal audit plan

Prepare and update a multi-year internal audit plan. Typically, this is completed for a three-year period and updated on an annual basis for changes within the organization.

5. Perform testing

Ensure your internal audit plan adequately tests identified risks. An internal audit coordinator is usually responsible for ensuring these risks have been appropriately identified and properly tested by the internal audit team.

Remember, the risk assessment is the roadmap for your internal audit. If you fail to address items properly in your risk assessment, you may run into other unwelcome issues down the road.

Internal audit risk assessment: Do you have everything you need?

Even if other organizations discount the importance of a risk assessment, make sure you don’t! Your risk assessment will be the driving force and the lifeblood of your organization’s risk management function.

The risk assessment should be detailed, supported and continually evolving as your organization grows and changes. It’s important to stress the last point — continually evolving — as the risk assessment is a living, breathing document and should be updated and revisited periodically, or annually at the very least.

If you have questions, or need assistance completing your risk assessment or internal audit, contact Wipfli. Our risk and audit professionals specialize in internal audit and assess your true risks to help you develop a strong, tailored internal audit plan. Contact us to learn more, or continue reading on:

3 steps to building an internal audit process

What is continuous auditing and how can you leverage it?

Internal audit: The impact artificial intelligence could have on data analytics

Author(s)

Cayci Branum, CIA, CRCM
Senior Manager
View Profile

Video: Benefits of Co-Sourcing Your Internal Audit Plan

You don’t have to stress about making sure your internal audit plan is completed on time. Together, we work with you to identify risks, update processes and finalize your plan. Reinforce your team with the support you need to complete your annual internal audit plan with confidence.

View the Wipfli Video

EVENTS

6/1/2023 5:30:00 PM

Wipfli’s banking and fintech networking event

6/15/2023 9:00:00 AM

Dashboard in a day workshop: Discover Power BI’s benefits and capabilities

View All Wipfli Events

News

3/24/2023

Wipfli among the top 20 firms in Accounting Today’s rankings

2/6/2023

For the 11th year, Wipfli honored on Bob Scott’s VAR Stars list

1/19/2023

Volz named litigation support consulting leader

Read All Wipfli News

© 2022 Wipfli LLP. "Wipfli" refers to Wipfli LLP, a Wisconsin limited liability partnership, and its subsidiaries. Assurance, tax and consulting services are offered through Wipfli LLP. Investment banking and related services are offered through Wipfli Corporate Finance LLC. Wipfli LLP is a member of Allinial Global, an association of legally independent firms. ”Wipfli CPA” is the DBA name of Wipfli LLP in New York state, and refers to Wipfli LLP.