In today's world of fast-emerging technologies, an internal audit function is not immune to dealing with the challenges of technology and tool implementation. B’Risk can assist audit directors and their teams in the evaluation and use of leading-edge audit and risk management technologies to perform their jobs better, faster and more cost-effectively.
Computer assisted audit tools and techniques (CAATTs) graduate auditors to increase their personal productivity in auditing a computerized environment. B’Risk helps in successful implementation of CAATTs after a thorough gap analysis.
Apart from successful implementation of the tool, B’Risk also provides guidance in sourcing them. Standardized Operating Procedures shall be prepared after CAATTs implementation and finally training your Internal Audit staff to enable maximum benefit derivation from CAATTs.
Out of these tools the most prominent is the generalized audit software that can manage data analysis by extracting data from complex databases.
There are many avenues of deriving value out of the tools. The investment on the tools can be justified only when there is an increase in efficiency of the auditor after the usage of the tool. This efficiency can be triggered multi folds after an organized usage of the tool. A value-deriving manual may be developed for audit tool to get the maximum benefit out of it.
Value add:
Increase audit coverage by evaluating a larger audit universe. 100% data can be analyzed.
Increase the independence of auditors from information system functions (EDP Personnel)
Data Mining and Analysis
Organizations today often experience difficulty with information, which may be dispersed throughout many (or even unknown) systems. Data is often questionable, incomplete or outdated. Inconsistent accounting processes due to a recent acquisition or merger can add to the challenge. Yet, today’s executives are demanding in-depth and timely analysis of the relevant facts and data, especially information in response to a specific perceived opportunity or risk
Our Data Analytics consultants provide the analytical models and tools necessary to conduct in-depth analyses of a wide range of strategic, financial and operational issues. We help executives obtain the information they need to make effective decisions regarding their business opportunities and risks.
The proliferation of IT has converted all the major databases into digital databases proving a manual study of transactions tedious and knowledge oriented. Further, data crunching, transaction analysis, reports generation is an integral part of Internal Audit and Finance processes. So a system is needed for enabling the auditors to analyze digital databases comprehensively.
The data properly analyzed has abundant value add information. Moreover, certain frauds committed are also very difficult to be traced unless the data is intelligently analyzed. The age old tools sometimes do not support foolproof and detailed analysis leading to an incomplete assurance / audit.
Various Computer Assisted Audit Tools (CAATs), are available for auditors viz., ACL, Idea, Data et al, today to enable the intelligent analysis. But they need a detailed implementation strategy, training, sourcing et al which sometimes is not affordable. Further more, a detailed analysis may not be assured after implementation because of having no exclusive data analysis expert in the Departments.
Adequate value derivation out of the investment may not be possible because of exclusive expert’s absence, handling the job.
Benefits of partnering with B’Risk Data Analysis Expert
No need of investing in any CAAT thus saving costs
No need of recruiting a Data analysis expert
Variety of CAATs available under one single roof with one single expert
Ability to link to any variety of database coupled with high data security and confidentiality
The expert possesses knowledge of best practices in internal audit
Listing of exceptions under each process / sub-process / activity
No need of training your internal staff on using CAATs
“Till now it was searching for a needle in a haystack, …… now we know where to look for…..” Ray Brindlay, IIA, Past President comments on the power of data analysis for the internal audit professionals. As per studies using audit tools help improve the efficiency of internal audit department by 70%.”
Internal Audit Tools and Technology
Choosing an effective audit tool to help you execute, document audit work, track findings, follow up on areas of deficiency and maintain the contents of your audits in a document repository system is an integral part of any audit function. Contact us to learn more about our services in this area.
Training Program
B’Risk has training as its core competency. It has some of the leading faculties in Internal audit, Information systems auditing and CAATTs in India and trained international delegates also. B’Risk - Assurance training division is formed with the objective of making the internal audit and IS audit departments world class.
We conduct regular internal audit training programmes in internal audit and IS Audit. We also conduct training programmes in specialized internal audit areas like risk assessment, internal audit work paper management, control self-assessment, flow charting techniques etc.
Experts working with internal audit departments, consulting services etc, design the internal audit-training package. The faculty will be handpicked to suit to your industry requirements. All specific software training shall be provided on our full-fledged computer labs.
The above training programmes can be customized to your specific internal audit department and industry needs. B’Risk shall also conduct a gap analysis to identify the areas of development to make your internal audit department world class. B’Risk has very good track record of performance and has exceeded expectations of the participants.
Some Internal Audit Training Programmes:
B’Risk has designed certain innovative internal audit training programmes as given below. The following display, the capabilities of B’Risk and the programme designed to transfer the right value-adds to your internal audit department needs and help you to reach your internal audit department development objective. To reiterate, B’Risk is formed with the mission of “making the internal audit departments of corporate reach world class standards of performance”.
Apart from the training programmes mentioned, B’Risk can also design customized training programmes meeting your specific needs.
Enterprise risk management and audit plan making
Corporate Governance and modern Internal auditing practices
Audit Delivery Management
Data analysis and computer assisted audit techniques
Work paper management in internal audit function
Past training programmes feedback
Enterprise risk management and audit plan making
Topic
Training Contents
A Comprehensive Business Risk Assessment
Internal Audit and business risk assessment
Identifying the organization as business processes
Alignment of corporate, business process objectives and goals to internal audit goals and objectives
Presentation on various models of business risk assessment adopted globally
COSO, COCO, COBIT, BS7799 etc.
Importance of Control Self Assessment in business risk assessment
Practicing Business Risk Assessment
Strategic and Operational risk assessment process
Financial, process, IT Risk assessment process
Rating of risks and relating them to controls along with control objectives
Rating of controls
Making of process wise control and risk matrix
Summarising risk scores at process and sub-process level
Converting business risk assessment into an audit plan
Conversion and grouping of risks into long term audit plan
Long term audit planning and breaking it into short term audit plan
Mapping internal audit resources to internal audit plan
Manpower resource planning and knowledge mapping for delivering audit assignments
Setting key performance indicators (KPIs) for internal audit department, audit activity and audit staff
Corporate Governance and modern Internal auditing practices Model Training Programme addressing the following issues:
Topic
Training Contents
Corporate Governance Concepts
Corporate Governance and its fundamentals
Generally Global corporate governance requirements shall be discussed
Relevance to Cadbury Committee Report,
Sarbanes Oxley Act Requirements etc.
Way of working of internal audit department to meet the requirements of corporate governance regulations
Working with audit committees from audit planning, presentations, reporting to key performance evaluation
Modern Internal auditing practices
Transaction testing to risk based approach
How to convert audit department to management assurance department
Improving the audit department team attitude, psychodynamics etc.
How to market audit department
Using Computer assisted audit tools in delivering internal audit assignments
Futuristic Internal
Auditing
Control Self Assessment and how auditor turns into a facilitator
Audit Vision development and mapping it to the corporate vision and objectives
Internal Audit as a profit generating function to the organization
Audit Delivery Management
Topic
Training Contents
Audit Project Management Fundamentals
Scheduling audit jobs
Allocation of audit resources to audit projects
Phase wise management of audit projects
Managing strategic reporting and delivery process
Supervision of audit activity
Audit Project Management
Audit Planning and its sub phases
Techniques of interviewing, flowcharting and documentation of audit understanding
Tips for getting the right information from the audit jobs
Preparation of an audit programme
Audit Field Work Management
Risk Based auditing or errors approach of audit practicing
Testing of controls and documentation of results
Analyzing the information collected
Handling certain exceptional audit steps.
Practical Information systems auditing handling
Preparation of Draft Audit Report
Exit Meeting of the audit projects
Handling the process owners during the meeting process
RAMA Concept of buy-in of audit process managers
Collection of management responses and concerns
Final Reporting and follow up management
Some IIA concepts in release of audit report
Drafting of audit report and techniques
Presentation techniques and use of structured formats
Graphs, annexure presentation and use of MS Office in handling of audit project
Report follow up management
Presentation to the audit committee and executives board
Data analysis and computer assisted audit techniques
Topic
Training Contents
Data Analysis and its fundamentals
Study of data elements
Errors approach of auditing and linking them to data elements
Computer assisted audit tools and techniques definition
Using Computer assisted audit tools in audit deliveries
Using Audit Command Language (ACL) in handling data analysis (hands-on on computers)
Using stratify, classify commands for data analysis
Using graphing techniques during data analysis
Sampling and practice
Using Computer assisted audit tools in audit deliveries
Joining of files and analyzing for fraud activities
Using Benford’s Law for fraud investigation
Analysing gaps, duplicates and out of sequence transactions
Writing certain high end applications for data analysis jobs
Embedded audit systems
Automated audit management
Work paper management in internal audit function
Topic
Training Contents
Work Paper management fundamentals
Importance of having an audit manual
Contents of audit manual
Compliance reviews of audit manual
ISO For internal auditing
Importance of having ISO for internal audit department
Practicing quality systems
Presentation of ISO capabilities to the process owners and top management
Important work paper standards
Documenting audit universe identification
Documenting audit process
Documenting audit planning interviews etc.
Documenting audit findings and collection of audit evidences
Reporting standards
Documenting following and implementation
Audit Committee Presentations
IIA professional practices framework study
Computerising audit function
Workpaper management tools and their usage
Audit management using audit tools
Audit delivery management using audit tools
Audit Scheduling and time mapping using audit tools
Integrating the audit activity
Past training programmes feedback
“You all have been very helpful, patient with us and job well done, please keep it up” ………Mala Goonati Lake,
Asst Vice President(Internal Audit)
DFCC Bank, Colombo.
“Very good content and presentation, Impressive style of conducting the workshop and very relevant case studies. Keep up the good work” ……….R.Ravindran,
GM – Internal Audit
Lucas TVS
“To mitigate risk, be with B'Risk.” ………Sivagurunathan
Head – Management Assurance Group
South India Corp. (A) Ltd.
“Impressed by the approach and methodology adopted and the in-depth knowledge in the subject.” ………T. Jagannathan,
Dy. Manager, Management Audit Division
EID Parry (India) Ltd
“Excellent Programme. Very Useful. New Concept that will transform the IA function into value-addition function.” ………N.Srikanth,
Manager, Management Assurance Group
SPIC
“The style of presentation was excellent. Clarifications to queries were really good. Very Responsive.” ………Vijayalakshmi
Deputy Manager – IC
Visteon
“Impressed by the topic, content, interactive presentation. Lot of thought has gone in to even naming B'Risk.” ………S. Gowri Shankar,
Asst. Manager, Corporate Audit Assurance,
M/s Godrej Industries Ltd
“Excellent Content and presentation. Very impressed by the style of conducting the workshop.” ………Sumitra Joshi
Audit - Manager
Sri & Sri Associates
“A good maiden attempt made and thanks to the faculty for the efforts taken to making us richer in terms of knowledge” ………R Gowrirajan,
Officer, Inspection and Audit Dept,
Bharat Overseas Bank
“ Very well presented, not a minute of staleness.” ………K.R.Ratnam
Chartered Accountant
M.Bhaskara Rao & Co
QAR of Internal Audit Department
B’Risk Internal Audit Quality Assurance professionals help organizations evaluate conformance with The International Standards for the Professional Practice of Internal Auditing (Standards) and identify opportunities to improve internal audit performance and services.
The IIA Standards require an external review of the internal audit activity every five years. These reviews are designed to assess the activity’s conformance with the Standards and its effectiveness in providing assurance/consulting services to the organization’s board of directors, senior executives and other interested parties.
An external Quality Assessment Review can facilitate the transformation of an internal audit department into a more strategic business partner and value-added activity. The process can identify improvement opportunities and provide counsel to the chief audit executive and staff for improving their performance and services, as well as promoting the image and credibility of the internal audit activity.
At the conclusion of our review, we will provide a report that states our opinion on your department’s conformance to the IIA Standards, identifies issues and observations, and incorporates your action plan. The report will also identify areas for further improvement and the implementation of best practices.
Sarbanes Oxley Reviews
Sarbanes Oxley Act is the most recent Act of United States of America that governs the transparency and governance framework of the companies quoted in the American Stock Exchanges.
The organizations that are subsidiary of the organizations quoted in the American Stock Exchanges are also to mandatorily comply with these requirements. These requirements are basically framed after series of while collar and management frauds in some big corporate houses like Enron and World Com.
The ultimate objective of SOX is to safeguard the investor and has prescribed through its various guidelines the importance of having adequate controls in the financial reporting system and the internal control system. SOX has put additional responsibility on the top management to have a risk management framework that governs the building the control architecture for the financial reporting system.
Section 404 has imposed more responsibility on the internal auditor to review these risk systems for their adequacy and regular working. The top management at this level needs a right partner to provide guidance on building the risk systems in the organization.
B’Risk SOX Compliance professionals help organizations achieve effective ongoing compliance with SOX. We assist organizations with implementing a sustainable process to manage compliance costs while working to continuously improve internal control over financial reporting. Our SOX Compliance consultants improve the speed, efficiency and quality of financial reporting to establish effective global corporate governance.
Our specific services include:
SOX compliance project planning and management
Documentation, evaluation, testing and remediation of risks and controls
Improvement of internal controls and the quality of key upstream business processes affecting financial reporting
IFRS Compliance Advisory
UNDER CONSTRUCTION
Reconciliation & Resolution services
Our intensive knowledge in data analytics and business process management and our professionals with resolution experience and technology tools expertise can help you resolve financial, ledger, customer, stock, debtor, vendor discrepancies and also revenue assurancein a cost effective manner.
B’Risk has experience delivering rapid, cost-effective reconciliation services. We bring resources to two key areas – research and overall project facilitation – which can help you significantly improve your reconciliation efforts.
Our approach to discrepancy resolution is through understanding the business processes and systems of the company and identifying the root cause for the problem. We identify the problems at transaction & technology level and indicate the controls sufficiency of the current system.
Our blended team approach involves in making research teams consisting B’Risk professionals and your employees. This team approach is more productive and cost-effective as members contribute complementary skills and experiences: B’Risk supplies knowledge and data analysis tools with time tested methodologies Client team members assist in bringing internal process knowledge and relation issues.
Project facilitation is also essential in a resolution project. B’Risk uses project management to monitor progress, communicate status and facilitate communication across research teams and operations.
The reconciliation work tools developed by B’Risk are based on engagement experience and include the
following:
Customized Reconciliation Forms are designed to identify items to be reconciled, inputs required for reconciliation and provide detailed information about reason for discrepancy.
Data analysis tools to manage large amounts of data that includes intensive data comparison and analysis. (we use the world famous data analytical technology tools – ACL & IDEA - 7)
Research Protocols help teams identify common root causes for items under reconciliation.
B’Risk’s services range in scope from problem diagnostic, to resolution of part of the discrepancies to more comprehensive projects with blended teams. Additional resolution services include: Root cause analysis - identifying the reasons for discrepancies. Process Review - A detailed process review by identifying the risks and relevant controls to mitigate the risks.
Benefits can include:
Improved productivity and cost-effectiveness with B’Risk professionals involvement.
B’Risk’s detailed deliverable identifying the transaction-wise discrepancy root cause and resolution.
Identifying the areas of improvement in the business processes & system.
Compliance with various legal requirements where applicable.
