|Risk Based Internal Auditing|
Audit and accountancy institutes
Institute of Internal Auditors (U.S.)
This site () has a wealth of information – though it’s not always easy to find (click “Guidance” on the top menu).
Institute of Internal Auditors (U.K.)
This site () has a useful “Knowledge Centre” plus links to U.K. documents.
The Institute of Chartered Accountants in England and Wales (ICAEW)
The institute (www.icaew.co.uk) has several useful documents. From the home page, select “Policy” on the left index and then “Risk management and reporting”.
Official standard setting organisations (US)
Public Company Accounts Oversight BoardTheir standards for the audit of internal control over financial reporting are here. Auditing standard No.2 is probably most relevant to internal auditors.
This organisation published a framework for internal control which is not available on the web and a publication on ERM. They have recently published an exposure draft on 'Guidance for Smaller Public Companies Reporting on Internal Control over Financial Reporting'.
Official standard setting organisations (UK)
LSE Combined Code
The London Stock Exchange Combined Code, which includes the Turnbull and Smith guidance notes can be downloaded from the Financial Reporting Council website.
The Treasury website has issued:
The Association of Insurance and Risk Managers (AIRMIC)
This site has a free newsletter.
The Institute of Risk Management
Australia and New Zealand standards
They published one of the first reports on risk management which has now been updated (AS/NZS 4360:2004). It’s not available on the net, but can be purchased. Search for 'Risk Management'.
This is a good site (www.risk-doctor.com) for links and information on risk management. Check out the "publications" section.
Risk Management information
Matthew Leitch has written three interesting sites around internal control and risk:
Managed Luck – which provides practical methods for managing uncertainty at work
Internal Controls Design – which provides new ideas for internal control and risk management
Dynamic management for an uncertain world – a discussion and ideas site
Working Council for Chief Financial Officers
This site has articles on internal audit. You will need to register, but it is free.
US Corporate Governance
The Conference Board Commission on Public Trust and Private Enterprise was formed in the U.S. to address widespread abuses which led to corporate scandals and declining public trust in companies, their leaders and America's capital markets. It has published a report on, “Corporate governance, accounting and auditing”.
Sites with internal audit links
An extensive site with many resources for internal auditors
® An extensive site with many resources for internal auditors
Internal Audit Scotland Check out the briefing notes and extensive links
Will Yancies' site has good links
Sites offering software and/or consultancy
The following sites offer software, and consultancy, for implementing risk-based auditing. (No endorsement is implied).
Software and consultancy:
My excel database is very rudimentary. If you require a more sophisticated product for managing risks and controls, take a look at the following plus other, similar, software on the market.
There are many software solutions, some based on Lotus Notes or Microsoft Access databases. My experience is to look at the reports they can produce and make sure you are happy with them, or can amend them easily.
This is the site of David McNamee, one of the pioneers of risk-based auditing. In 1997, he published a book, “Risk-based auditing”, most of which is still relevant. Part of the structure of my audit database is the same as a table that he suggested for audit testing, so I must have got something right! David has written books and articles, which are also available on CD. Details are on his site, which also has useful articles. (website may be off-line)
MindGrove – specialists in risk, audit, information technology security and control
Risk based auditing, Phil Griffiths (no relation), link
The non-designers design book (2nd edition), Robin Williams, Peachpit Press, ISBN 0321193857. Not an internal audit book but one which is very important when much of our final product is “written” – even if this is a “Word” document, “PowerPoint” presentation, or web page. Do the reports from your department look boring? Then get reading.
You want to manage information?
You might like to look at my other site, which considers the management of information (www.managing-information.org.uk)
|©David M Griffiths||
02 June 2007