Auditing Model Risk Management

Practice Guide (Recommended Guidance)

Managing the Impact of Models

The IIA’s Practice Guide: Auditing Model Risk Management helps ensure that these models are working as effectively as possible for an organization.

This practice guide provides an overview of key areas related to model risk management including business significance, regulatory requirements and expectations, and model components.

It is designed to help chief audit executives and their audit teams understand their roles in assessing model risk management and empower them to implement an audit plan coverage approach and program tailored to the size, scale, and risks facing their organization.

Webinar: Auditing Model Risk Management Practice Guide: Stacey Schabel, VP & Chief Audit Executive, Jackson, discusses the goals of the Financial Services Guidance Committee and gives an overview of the Auditing Model Risk Management Practice Guide.

Auditing Third-party Risk Management

Practice Guide (Recommended Guidance

Further exploration into risks resulting from the types of services being provided and the sensitivity of data being shared is covered. Sample audit guidance is offered, making this a robust resource with tangible tools.

Topics include:

  • Outlining key roles, responsibilities, and risks in managing third-party providers.
  • Defining a third-party risk audit coverage approach.
  • Developing a structure for scoping, planning, and executing third-party risk audits.
  • Appropriately engaging and assessing third-party risk management activities across the business, oversight, and control functions.
  • Determining whether the organization has a third-party risk management structure that results in a “patchwork” approach, and, if so, how to bring it together into an enterprisewide framework.

Listen to the webinar: Auditing Third Party Risk Management: Learn the roles, responsibilities, and risks involved in third-party risk management and how you can add value in auditing those relationships.

Webinar: Third Party Risk ‒ A Smarter Approach: Learn how innovative organizations work smarter, not harder, by driving business value through their third party risk management program.

Auditing Culture

A hard look at the soft stuff

Reminiscent of major business scandals at the turn of the century, culture is front and center again with calls for organizations to fix weak cultures that contribute to corporate misconduct. This area is not new to the internal audit profession. We have audited soft controls and tone at the top, but it is time to step up to the plate and take responsibility for auditing culture. It must be understood that internal audit must continuously monitor organizational culture at all levels, it is not a standard engagement.

Quality Assessment Manual for the Internal audit Activity, 8th Edition

Revised by leading quality assessment experts and reviewed by an international team of practitioners, this Quality Assessment Manual offers a new methodology and broadens the focus to include all components of a Quality Assurance and Improvement Program (QAIP):

  • internal assessments (ongoing and periodic)
  • metrics
  • continuous improvement
  • reporting
  • as well as preparing for an external assessments

Performance Auditing

Developed for the practitioner and trainer, Performance Auditing: Measuring Inputs, Outputs, and Outcomes, Third Edition, emphasizes the use of measurement and comparison in performance assessment. Gleaning from leading standards from the U.S. Government Accountability Office (GAO), the International Organization of Supreme Audit Institutions (INTOSAI), and The IIA, this valuable resource provides concepts and best practices to execute a performance assessment.

Consistent with its emphasis on performance, this book addresses the measurement of performance and the value of a measurement-based auditing approach, which is integral to performance auditing. There are numerous aspects of performance auditing, and auditors need to know what those aspects are and be able to construct or validate appropriate measurements for them.

This unique publication offers guidance that applies to practitioners at every level and is perfect for use as a guide in planning performance audit assignments, doing fieldwork, and writing reports. The easy-to-follow structure of the chapters makes this book ready for use in a training course or as reference material.

About the Authors:

Ronell B. Raaum, CGAP, CGFM, developed training course material on performance auditing at the Government Audit Training Institute, Graduate School, in Washington, DC, for 19 years. He spent 31 years as an auditor at the U.S. Government Accountability Office (GAO).

Stephen L. Morgan, CIA, CGAP, CGFM, CFE, is currently the president of Excellence in Government Accountability and Performance Practices, a company that specializes in training government auditors and managers. For more than 25 years, he has provided training course design and delivery in performance measurement, management, and auditing.

Colleen G. Waring, CIA, CGAP, CGFM, trains government managers and auditors worldwide. She spent 23 years conducting state and local government performance audits in the United States. More recently, she taught a graduate class on nonprofit program evaluation at The University of Texas LBJ School of Public Affairs.

Leading the Internal Audit Function

In Leading the Internal Audit Function, author Lynn Fountain presents lessons learned from her extensive experience as an internal auditor, internal audit manager, and CAE to help internal auditors understand the challenges, issues, and potential alternative solutions when executing the role. The book identifies more than 50 challenges for auditors and discusses potential alternative actions auditors can take when they experience a similar challenge. The book explains how to:

  • Build a value-oriented function that abides by the standardsand supports the objectives and goals of the organization.
  • Execute the many aspects of the internal audit, including assurance and consulting work.
  • Build a risk-based audit process.
  • Develop and sustain the internal audit team.
  • Develop and manage relationships with management and the audit committee.
  • Manage internal audit’s role in corporate governance, compliance, and fraud.

Leading the Internal Audit Function includes real-life examples, scenarios, and lessons learned from internal auditors and CAEs to emphasize the importance of carefully managing all aspects of the internal audit. The author summarizes her many lessons learned into 10 «commandments» for both CAEs and internal auditors. By following the guidelines in this book, you should be well-equipped to gain management support, perform effective and ethical audits, and uphold IIA Standards.

About the Author:

Lynn Fountain, CRMA, CGMA, is a highly recruited professional trainer, speaker, and author on topics that include internal controls, internal audit, financial accounting, enterprise risk management (ERM), governance, and fraud. She served as chief audit executive at two international companies and has advised boards, audit committees, and compliance councils.

Managing Risk in Uncertain Times

Successful organizations figure out ways to effectively manage their risks to thrive in an uncertain and rapidly changing world. Some rely on the experience and business savvy of their leaders; many others leverage a more disciplined approach, commonly referred to as enterprise risk management (ERM).

In 2014, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) announced commencement of an update to its 2004 ERM framework Enterprise Risk Management – Integrated Framework. The new framework, published in September 2017, is titled Enterprise Risk Management – Integrating with Strategy and Performance. Designed to help organizations better pursue opportunities and manage threats, the update:

  • Recognizes the importance of strategy and entity performance as the central consideration for risk management.
  • Better distinguishes between internal controls and ERM.
  • Positions ERM as an integral part of decision making.

Throughout this book, author Paul Sobel provides implications for internal auditors or risk managers, and sometimes both. These implications will help them understand the new framework and provide examples of how they can be an integral part of helping their organizations successfully manage risk in uncertain times.

About the Author:

Paul J. Sobel, CIA, QIAL, CRMA, is vice president/chief audit executive for Georgia-Pacific, LLC, a privately owned forest and consumer products company based in Atlanta, GA. Recently named chairman of COSO, he is recognized as a leading expert on governance, ERM, compliance, and internal control. He was selected as chairman because of his extensive background along with his experience in corporate environments and professional service firms.

Successful organizations figure out ways to effectively manage their risks to thrive in an uncertain and rapidly changing world. This book is designed to help organizations better pursue opportunities and manage threats.

Raise the Red Flag

In Raise the Red Flag, you’ll learn from a highly recruited professional trainer, speaker, and Author, Lynn Fountain

Drawing from insights gleaned from a distinguished career, Fountain combines principles and theories of fraud prevention and detection with real-world scenarios and hands-on procedures.

A valued resource for all internal auditors, Raise the Red Flag will provide techniques and approaches that can be put into practice immediately, helping you to:

  • Determine if your internal audit department is prepared to support your organization’s anti-fraud efforts.
  • Investigate actual allegations of fraud.

This book is one you will return to again and again throughout your internal audit career.

Delivering Audit Reports that matters

Sally Cutler has done it again. Her report-design and report-writing techniques will help you to construct clear and persuasive audit reports that address current and emerging demands. These strategies work whether your organization is small or large, your internal audit activity is long-standing or newly established, or you are a for-profit, not-for-profit, or government organization.

Leverage Cutler’s expertise. Take advantage of the realistic examples and practical checklists that bring the concepts alive and will help your team produce timely, clear audit reports with impact. Sally Cutler walks you through key strategies for:

  • Evaluating readers and their needs
  • Developing Messages
  • Rating audit observations, reports, and the overall status of internal Controls
  • Aligning the report design with the organization
  • Structuring and formatting reports for today’s Readers
  • Writing clearly and concisely
  • Managing tone
  • Streamlining the writing and review process

Sally Cutler is an acknowledged expert on audit reporting writing. Her expertise in document design, reporting processes, and writing quality has benefited the host of internal audit, controls, and compliance groups where she has consulted and provided training throughout her career.

Take advantage of the realistic examples and practical checklists that bring the concepts alive and will help your team produce timely, clear audit reports with impact. Sally Cutler walks you through key strategies for:

  • Evaluating readers and their needs
  • Developing Messages
  • Rating audit observations, reports, and the overall status of internal Controls
  • Aligning the report design with the organization
  • Structuring and formatting reports for today’s Readers
  • Writing clearly and concisely
  • Managing tone
  • Streamlining the writing and review process

Vi bruker informasjonskapsler for å forbedre din opplevelse på nettstedet vårt. For mer informasjon om hvordan vi håndterer dataene dine, vennligst se vår personvernerklæring.