Home

Menu
About us Mission & Strategic Plan Internal Audit Charter Contact Us Audit Staff Protocol for Implemetation of Agreed Actions to Internal Audit Findings Audit Services Divisional Audit Financial Audit Information Technology (IT) Other Audits Audit Process Why and when will I be audited — Audit Resource Management System (ARMS) Audit Methodology Reporting Procedures Benchmarking Exercise Advice to University Staff What is Fraud? Creating a low fraud environment Faculty Advice Who does Internal Audit report to? Senior Vice Principal Audit and Risk Committee (including Terms of Reference) External Audit Useful Links

Audit Methodology - What is Risk Management?

Methodology

Internal Audit has learnt through much experience that an audit approach must be flexible. The methodology used should take into consideration the needs of the individual client and the University environment and culture. Within this context Internal Audit expanded its risk management approach to auditing.

Risk management allows a consultative approach that can focus on the higher risk areas thus giving maximum value.

What is Risk?

Risk arises out of uncertainty, from either internal or external sources. As a result of pursuing or not pursuing a particular course of action, there is the possibility of economic/financial loss or gain, physical damage, injury or delay.

"Risk" is defined as the chance of something happening that will have an adverse impact upon the achievement of objectives. There will always be some risk involved in anything we chose to do. The choice is between the actions we dare to take, given the level of risk we will accept and the level we will attempt to treat.

Risk has two key elements:

the likelihood of something happening; and
the consequences if it happens.

The level of risk is the relationship between the likelihood of something happening and the consequences if it does. Action taken to address the level of risk must address the likelihood of the event occurring, or the consequences if it does occur, or both.

Main Elements of Risk Management

1. Establish the Context

2. Risk Identification

What are the risks associated with:

key services?
Impact of legislation?
critical success factors?

3. Risk Analysis/Assessment

Is the combination of likelihood and consequences (will range from minor to major)
What are the existing controls? Are they adequate?
Likelihood and consequences with existing controls in place. (Level of risk is mitigated by internal controls and systems).
Use experience, judgement and intuition for the qualitative review

4. Risk Treatment

Where identified high risks are not mitigated by good internal controls and systems these areas will be the major focus of the audit review and subsequent recommendations.

5. Monitoring and Review

All audit recommendations are monitored and are subject to follow up audits. Progress reports must be submitted to audit as recommendations are implemented.

Senior Vice-Principal's Management Group Internal Audit

Menu