Audit Methodology

What is Risk Management?

Internal Audit has learnt through much experience that an audit approach must be flexible. The methodology used should take into consideration the needs of the individual client and the University environment and culture. Within this context Internal Audit expanded its risk management approach to auditing.

Risk management allows a consultative approach that can focus on the higher risk areas thus giving maximum value.

What is Risk?

Risk arises out of uncertainty, from either internal or external sources. As a result of pursuing or not pursuing a particular course of action, there is the possibility of economic/financial loss or gain, physical damage, injury or delay.

"Risk" is defined as the chance of something happening that will have an adverse impact upon the achievement of objectives. There will always be some risk involved in anything we chose to do. The choice is between the actions we dare to take, given the level of risk we will accept and the level we will attempt to treat.

Risk has two key elements:

  1. the likelihood of something happening; and
  2. the consequences if it happens.

The level of risk is the relationship between the likelihood of something happening and the consequences if it does. Action taken to address the level of risk must address the likelihood of the event occurring, or the consequences if it does occur, or both.

Main Elements of Risk Management

1. Establish the Context

2. Risk Identification

What are the risks associated with:

3. Risk Analysis/Assessment

4. Risk Treatment

Where identified high risks are not mitigated by good internal controls and systems these areas will be the major focus of the audit review and subsequent recommendations.

5. Monitoring and Review

All audit recommendations are monitored and are subject to follow up audits. Progress reports must be submitted to audit as recommendations are implemented.

Risk Management at the University of Melbourne

Go to the University's Strategic Risk Management Website