Enterprise Risk Assessment Methodology for Internal Audit Plan Development Guide
This guide illustrates how an internal audit department can develop an effective and relevant audit plan by leveraging the enterprise risk assessment process. During this process, it is important to gain an overall understanding of the overall “tone at the top” and its control environment. The following items are integral to this effort: six interrelated factors facilitate linkages and drive the internal audit plan, and periodic (quarterly) recalibration of the internal audit plan to reflect change.
This sample provides guidance in the following areas: customizing a retail risk model; sources of value model; business analysis framework; process of identifying business goals and objectives; process to gain an understanding of entity level control environment; gathering risk information; levels of risk documentation; developing risk scenarios; prioritizing risk scenarios; facilitating workshops on key risk scenarios; developing audit universe; creating an internal audit plan; and continually updating an internal audit plan.