INTERNAL AUDIT AND RISK MANAGEMENT ePublication Pdf... · 2018. 1. 9. · CHIEF AUDIT EXECUTIVE ,...
Transcript of INTERNAL AUDIT AND RISK MANAGEMENT ePublication Pdf... · 2018. 1. 9. · CHIEF AUDIT EXECUTIVE ,...
INTERNAL AUDIT AND RISK MANAGEMENT
KAREM OBEID
CHIEF AUDIT EXECUTIVE , TAWAZUN ECONOMIC COUNCIL
EXECUTIVE BOARD MEMBER , VICE CHAIRMAN – GLOBAL SERVICES, INSTITUTE OF INTERNAL AUDITORS (IIA) - GLOBAL
Changing Environment
Geopolitical, Environmental, Technological, Economic andSocietal risks dominate the World Economic Forum Global Risks2017 report.
The Global Risks Landscape 2017
THE GLOBAL RISKS INTERCONNECTIONS
(Source: WE The Global Risks Report
2017)
Emerging Technologies
Travel and Tourism Ecosystem
THREE LINES OF DEFENSE
THREE LINES OF DEFENSE MODEL
1st Line of Defense - Management
• Functions that own and manage risks.
• Functions that oversee risks.
• Functions that provide independent assurance.
2nd Line of Defense – Risk Management and Compliance Functions
• A risk management function (and/or committee)
that facilitates and monitors the implementation of
effective risk management and assists risk owners in
defining the target risk exposure and reporting
adequate risk-related information throughout the
organization.
• A compliance function to monitor various specific
risks such as noncompliance with applicable laws
and regulations.
• A controllership function that monitors financial
risks and financial reporting issues.
THREE LINES OF DEFENSE MODEL
10%
18% 18%
37%
50%
45%
26%24% 24%24%
8%
13%
0%
10%
20%
30%
40%
50%
60%
GLOBAL GCC UAE
Risk Management Practices in Place
No,risk management processes are in place.
Risk management processess are informal or just developing.
Formal risk management processess and procedurs are in place.
The organization has a formal ERM process with CRO or equivalent
Source: Internal Auditing in GCC Region, IIA UAE and KSA
Demographics: By country – Bahrain (1%), Kuwait(4%), Oman(5%), Qatar(7%), UAE(39%) and KSA(44%).
By Staff Level: CAE (22.81%), Director or Senior manager(15,79%), Manager(23.48%) and Staff(37.92%).
3rd Line of Defense – Internal Audit
Internal audit provides assurance on the effectiveness
of governance, risk management, and internal
controls, including the manner in which the first and
second lines of defense achieve risk management and
control objectives.
THREE LINES OF DEFENSE MODEL
Mission: To enhance and protect organizational value
by providing risk-based and objective assurance,
advice, and insight.
THREE LINES OF DEFENSE
The Line is getting
thinner
RISK ASSESSMENT CRITERIA
VELOCITY ( speed of onset)
LIKELIHOOD
IMPACT
VULNERABILITY
Auditing at the Speed
of Risk
Improve the agility of Internal Audit
= Improve agility of the whole
business/organization
• Get involved early
• Understand stakeholder’s expectations
• Re-evaluate company’s Risk posture
and Internal Audit Plan
• Develop and operate a risk driven
Integrated Assurance Plan
• Evaluate the skills, knowledge and
competence of the audit team
• Keep a close eye on business as usual
activities
• Integrated Thinking and Enterprise Risk Management.
• Supportive relationships with Risk Managers, Chief
Information Security Officers and Chief Information
Offices and Chief HSSE Officers.
Source: Forecasting Risks: Internal Auditors and Approaching Storms, Richard
Chambers Blog June 2017
Foresight
Data Analytics / Big Data
Integrating Thinking
Collaboration Between
Lines of Defense
Management
Risk Management, HSSE,
Compliance and other Second
Line of Defense Providers