Sheet 1: Title



Sheet 2: Introduction

	
	
	
	
	
	

		
Risk Based Internal Auditing - An introduction
		


		


		


		


	
	

		
Introduction
		


		


		


		


	
	

		


		
© D M Griffiths
		


		


		


	
	

		


		
www.internalaudit.biz
		

 
		
		
	

		


		
This group of worksheets are intended for use with Book 1 'Risk based internal auditing - an introduction' which can be downloaded from www.internalaudit.biz. The letters refer to appendices in this book. 
		
	

		


		


		
	

		


		
The worksheets in this file illustrate how risk-based methods are used to build up audit plans and then detailed audit programs. They are only simplified examples. In practice the charity would have many more risks and processes than I have included. It is your responsibility to determine these for your organization.
		
	

		


		


		
	

		


		
The tabs for the worksheets are shown at the bottom of the page. The letters at the start of the title are those for the appendices used in www.internalaudit.biz
		


		


		


	
	

		


		
The numbered tabs refer to the figures used in Book 1.
		


		


		


	
	

		


		


		


		


		


	
	

		


		
The worksheets are:
		


		


		


	
	

		


		
D Objectives and risks: Shows an example hierarchy of a sample of objectives and their related risks
		


		


		


	
	

		


		
Mind map: This can be the starting document to map out objectives, risks, controls and tests. It is only an example and lacks many of the objectives, risks and controls which would be found in a charity.
		


		


		


	
	

		


		
Functions: Some typical functions which might be in a charity. Risks are linked to these.
		


		


		


	
	

		


		
Processes: Some typical processes which might be in a charity. Risks are linked to these, which helps group risks together which can be checked by the same audit.
		


		


		


	
	

		


		
E Objectives, Risks and Controls Register: The foundation of risk based internal auditing. Audit planning is based around this.
		


		


		


	
	

		


		
F Risk Maturity: Checklist which assists in determining the risk maturity of the organization.
		


		


		


	
	

		


		
G: The risk and audit universe (RAU) - This is the ORCR with the risks linked to audits and the results of previous audits added in order to calculate an adjusted inherent risk score.
		


		


		


	
	

		


		
H Audit plan 20X1: Appendix G with full details of the last and planned audits added, to provide an audit plan for 20X1. This is the working risk and audit universe which is regularly updated. (When sorting this database use row 6 for the column titles.)
		


		


		


	
	

		


		
Column key: provides a description about the contents of each column
		


		


		


	
	

		


		
I The quarterly plan for the internal audit activity. In practice the Quarterly plan would be a rolling 13 week plan, not a fixed quarter as shown
		


		


		


	
	

		


		
J The database for an individual audit, in order of the processes included.
		


		


		


	
	

		


		


		


		


		


	
	

		


		
This is an example database only. It took me only a few hours to compile! In practice it would take several months of interviews and meetings to compile, and score, a database of this sort. In addition it would have to be updated at least once a quarter.
		


		


		


	
	

		


		


		


		


		


	
	

		


		
Note that the risk database (appendix J) has not been updated as a result of the "Transport of food to camps" audit (146). See the manual for details.
		


		


		


	
	

		


		


		


		


		


	
	

		


		
See www.internalaudit.biz for other resources
		


		


		


	



Sheet 3: D objectives and risks

	
	

		
Risk Based Internal Auditing - An introduction
		


		


		


		


		


		


		


		


		


		


		


	
	

		
Objectives and risks
		


		


		


		


		


		


		


		


		


		


		


	
	

		
(Appendix D in Book 1)