Insights: Article

Internal Audit Risk Assessment Checklist

By Scott Sisel

May 29, 2017

Risk assessment can be daunting. But an effective risk assessment ultimately results in a well-defined and efficient internal audit plan. It’s well worth the time and effort, and we’re making it easier for you. Our guide below will help you complete your organization’s risk assessment so you feel confident in your audit plan.

First, know your organization’s internal and external operational, regulatory and compliance influences.

How to do it:

  • Interview key members of senior management, the board of directors, the audit committee, and other key employees about their opinion on the following topics:
    • External influences, such as economic factors, industry competition, the current legislative and regulatory environment, and other variables.
    • The current internal environment, including topics such as the current financial condition of the organization, policies and procedures, the existing internal control structure, staffing levels and tenures of employees, and the results of prior audits.
    • The goal is to build the rapport needed to develop an effective risk assessment. 
  • Observe daily activities within all significant departments of your organization.
  • Review important documentation such as board of directors’ meeting minutes, strategic reports, industry studies, or other similar industry or company information.
Based on the knowledge and insight gained, utilize a risk assessment software, matrix or checklist to ultimately assign a risk ranking to all of your organization’s auditable areas.

How to do it:

  • Determine your organization’s breakout of auditable areas, such as cash, inventory, revenue/accounts receivable, treasury, debt, capital, etc., as well as other operational or regulatory areas of risk.
  • For each auditable area, assess the individual area from the perspective of different risks, including financial, operational, liquidity, legal, compliance, human resources, reputational and fraud risk.
    • Determine whether the risk within a particular area is increasing, decreasing or stable.
    • Determine whether specific risks within a particular area deserve more weight, and consider incorporating a weighting system for risks for each area. 
  • Utilize a matrix to consider these factors as a quantified risk score for each of the auditable areas. At this point, the most difficult part of the risk assessment process is complete.
  • Now that you have overall risk scores for each area, set your numeric scale to determine the area’s risk ranking of high, moderate or low. For example, risk scores of 7 to 9 could be high-risk areas, 4 to 6 as moderate-risk areas, and 1 to 3 as low-risk areas. There is variability in how this may be determined.
  • Validate such risk rankings to ensure management and stakeholders believe the resulting assessments are reasonable.
Use the resulting risk rankings auditable areas to determine your overall internal audit plan.

How to do it:

  • Directly tie your risk rankings to the internal audit frequency of the area. For example, high-risk areas could be audited annually, moderate-risk areas on a bi-annual basis, and low-risk areas every three years.
  • Keep in mind that the scale and frequency are subjective, and should be appropriate based on past experience and organization resources within the organization.

In this time of constant change and business disruption, your internal audit department’s role is critical to managing business risk. Efficiency is no longer a goal; it is a necessity. Preparing a solid, documented risk assessment and linking your annual internal audit plan directly to that risk assessment ensures your internal audit time and resources are spent in the most economical and efficient manner.

Latest Insights

September 19, 2018
Article
The IRS has started sending out Letter 5699 asking businesses to verify if they should have filed Forms 1094/1095-C. These forms are required for all ALEs.
September 18, 2018
Article
As the largest tax reform legislation in the past 30 years becomes reality, it is important to stay up-to-date on planning opportunities and how reform may impact you and your business. Our Tax Reform: Practical Insights examples aim to break down…
September 18, 2018
Tool
Get ahead of tax season with the Eide Bailly Tax Planning Guide. A supplemental strategy guide to help guide year-end and make the tax laws work for you.
September 18, 2018
Article
The SCOTUS Wayfair decision has prompted a new focus on state and local tax compliance. The decision to register, report, and comply is important.
September 17, 2018
Article
When an IRS Letter 226J is received, it is important to respond timely and with accurate information to eliminate, abate or reduce IRS calculated penalties
September 17, 2018
Firm News
Tom Goekeler, partner at Eide Bailly LLP, has been named chief practice officer of the South Central region, which currently covers our Oklahoma and Texas offices.
September 17, 2018
Article
The recent US Supreme Court decision that overturned Quill in the South Dakota v Wayfair case has many states making or considering law changes related to sales tax compliance for out-of-state sellers.
September 12, 2018
Article
The Tax Cuts and Jobs Act, signed December 22, 2017, significantly impacted inbound tax planning. Non-U.S. taxpayers doing business in the U.S. will need to consider the new tax laws.
September 12, 2018
Article
Applications have made a huge impact on our lives, allowing us to keep track of the complexities of our day-to-day and save for our futures. But it’s important to understand where we are laying our trust.