StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Comprehensive Audit Plan Issues - Essay Example

Cite this document
Summary
The essay "Comprehensive Audit Plan Issues" focuses on the critical analysis of the major issues in the audit plan regarding Known and Emerging Risks in Green Banking Group Limited (GBG). The company has demonstrated a sustained performance in the market…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER96.6% of users find it useful
Comprehensive Audit Plan Issues
Read Text Preview

Extract of sample "Comprehensive Audit Plan Issues"

Please replace the header with – your page number> COMPREHENSIVE AUDITING LLC INTERNAL MEMORANDUM 23 September 2008 Memo The Chairman, Green Banking Group Limited Memo from: Subject: Audit Planning Memorandum for Green Banking Group Limited Table of Contents: Introduction: The objective of this document is to propose an audit plan pertaining to Known and Emerging Risks in Green Banking Group Limited (GBG). Green Banking Group Limited has demonstrated a sustained performance in the market pertaining to their core area of cost effective services to small-to-medium enterprises and households. Overall, the Bank has demonstrated high quality of service commitments to their customers while successfully reducing their operating costs. In this Financial Year, the Bank has invested in technology enhancements such that the core operating system has been replaced by a new one that is expected to provide highly efficient and secured transactions from the following three points of sales of the Bank: 1. Electronic Funds Transfer at Point of Sale (EFTPOS) 2. Automatic Teller Machines (ATM) 3. Internet Banking (IB) The 500 bank tellers have been made redundant and hence shall be out of the scope of this audit. Assessment of Known and Emerging Risks in the Bank: Historically, the bank has faced the following impacts on the business: (a) Inherent Risk: The federal government withdrew funding from the sustainable living program that was launched by the bank on discounted lending rates. The impact of Bank business is not direct because the funding from government was directly to the borrowers (this is an assumption here!!). However the discounts offered by Bank now will not be adequate to reduce cost to consumers which means the applications of Home Loan will reduce once again. The withdrawal of its funding by the Government was a measure to cut expenses which was unexpected and hence the Risk is taken as Inherent. The risk, however, is proposed to be converted to an Empirical Risk and logged under the known Business Risks whereby the methodology will be addressed by the audit team. (b) Technology outage in one of the locations: This outage caused inconsistency in the bank transactions and unwarranted embarrassment to the Customers. A Technology Risk that directly impact Customers has cascaded effect on reputation loss and hence causing exposure to a business risk. The incident analysis, root cause analysis, corrective actions and preventive actions performed by the Bank pertaining to this incident is proposed to be assessed by the audit team. The Technology Risks will be assessed by the auditors to verify the proactive controls in place and the control effectiveness measurement shall be undertaken (Basel Committee on Banking Supervision, 2003). (c) Money Laundering by one of the employees and more cases of Money laundering suspected in the Bank: This event has brought to surface gaps in management of economic risks, business risks, & audit risks due to weakness in control & detection of risks due to fraudulent activities. The bank has lost money and lost reputation in market (can cause impact to business) due to weak controls of fraud detection & prevention. All the controls of Fraud detection and prevention are proposed to be analyzed along with the bank’s current internal auditing mechanisms (Basel Committee on Banking Supervision, 2003). (d) The overall Banking industry is facing a downturn due to Inflation and GBG is not an exception. Hence Non-Performing Assets (loans and credits facing re-payment defaults) are expected to expose the Bank to financial risks that can harm the Bank’s business. Given the current market dynamics, it is important for the Bank to focus on reducing the Non-Performing Assets. An analysis of Financial Risks pertaining to the NPAs is recommended to be carried out as a part of this auditing process. (How Healthy are big US banks, Business Week – 2008) (e) The Bank has deployed a new technology infrastructure that has been interfaced with the existing Point of Sales: The auditing team is proposed to assess the Tests, Change Management and Make-Live management carried out to implement the new technology in order to assess how the technology risks, data security risks and customer service risks (under operations risks) were taken care of. Also, it is proposed to assess the activity logging & internal auditing data generated by the new audit system to detect & prevent frauds proactively (Basel Committee on Banking Supervision, 2003). Special emphasis would be given to verify the compliance to the applicable regulations and legislations of the Government as applicable to the above mentioned areas. Assessment of Bank’s Risk Management and Governance procedure: Given the current challenges to sustain the reputation and current market dynamics, it is important for the Bank to have a Proactive Risk Management and Governance framework. A reactive approach in this area itself is viewed as a High Risk to the Bank. The Audit Team will comprise of a certified Assets and Information Risk Management professional. The procedure of Bank’s current Risk Management and Governance procedure shall be mapped with the ISO/IEC 27005:2008 standard (www.bsi-global.com) and the recommendations of the Risk Management Guides available on the Australian Standard 4360 Risk Management Portal (New Australian Standard for Risk Management, 1995). The Risk Management audit will be conducted to verify the Bank’s methodology to evaluate Asset Values, Threat Values, Impact Values, Probability Values, Vulnerability Values, Risk Values, application of controls and verification of effectiveness of the controls. (Gray, Stoneburner, Goguen, Alice et al, 2002) Assessment of Bank’s compliance to Payment Card Industry Data Security Standard (PCI DSS): This auditing standard is applicable to all organizations that process payments via electronically via points of sales (POS). The Bank has deployed a new technology operating system serving the point of sales. Hence, it is important to re-visit Bank’s compliance level to requirements 1 through 12 of Payment Card Industry Data Security Standard version 1-1. The audit team shall comprise of a certified and experienced PCI auditor who shall use the recommended checklist by the PCI Council. The compliance to the standard shall be verified pertaining to all Points of Sales offered by the Bank viz., EFTPOS, ATM and IB. The version 1-1 of the standard is enclosed along with this Audit Proposal. (PCI Security Standards Council, 2008; Mastercard International, 2005) Assessment of Bank’s Fraud and Money Laundering detection & prevention: The audit team shall have an anti-Fraud expert who has dealt with Money Laundering cases in the past. With the help of this expert, the policies and procedures implemented in the Anti-Fraud and Anti-Money laundering department will be analyzed thoroughly and global best practices in these areas shall be recommended. The practices in these departments would be linked back to the Internal Auditing Framework (on-line activity logging & monitoring), Risk Management and Governance system to verify the proactive controls implemented by this department. Assessment of Bank’s existing Non-Performing Assets: Given the current market dynamics, the audit team shall verify the Non-Performing Assets (Loans in which the repayments have stopped coming from the borrower) very closely and map with the existing Finance Risk Appetite of the Bank. A specialist in this area is proposed to be included in the Audit Team. The Audit Controller has already been provided details of the transactions and Customer accounts which are required to be verified thoroughly to estimate the current Risk Appetite of the Bank. Based on the analysis, the Bank will be advised to reduce the NPAs if required. Proposed Audit Plan: The Audit shall be managed by a designated Audit Controller who shall lead a team of subject matter experts pertaining to Risk Management, PCI DSS, Fraud & Money Laundering prevention and NPA analysis. The Audit plan is proposed as under: Audit Area Auditees Required Audit Records Proposed time to Audit Risk Management and Governance Risk and Compliance Manager, Internal Audit Team, randomly selected Risk Management team members. Risk management Governance, Risk Review by Management, Risk Approval process, Risk Mitigation Process, Control Effectiveness Measurement process, Internal Audit process, Corrective Action process, and Preventive Actions process. 6 Man-Days Technology Risks, Business Risks, Finance Risks, Economic Risks, Audit Risks, Customer Service Risks (under Operations Risks) and Business Risks Risk and Compliance Manager, Internal Audit Team, randomly selected Risk Management team members. Risk assessment & management procedure in all these areas, Risk Analysis sheets, Approved Risk Acceptance documents, Risk Mitigation Plan, Control Effectiveness Measurement sheets, Internal Audit reports, Corrective Actions taken, Preventive Actions Taken. 6 Man Days Compliance to PCI DSS Chief Technology Officer, All Technology Heads, randomly selected IT team members. IT Policy Document, Design documents, Standard Operating Procedures, Process Maps, Logsheets, Internal Audit reports, Corrective Actions taken, Preventive Actions Taken. 10 Man-Days Fraud and Money Laundering detection and prevention Fraud Control Manager, Money Laundering Control Management, randomly selected team members Standard Operating Procedures, Process Maps, Logsheets, Checkpoints, Incident Management system, Internal Audit reports, Corrective Actions taken, Preventive Actions Taken. 6 Man-Days Non-Performing Assets Chief Financial Officer, randomly selected Financial Controllers. NPA reports being submitted to government, existing P&L, Future Hypothecations based on trend analysis and current scenarios, Internal Audit reports, Corrective Actions taken, Preventive Actions Taken. 4 Man-Days Total proposed time to Audit 32 Man-Days The Audit methodology would involve on-site sampling, physical visits, verification of papers and interviewing. If the internal Risk Management has detected more serious risks, they would be included in the scope and request for increase of Man-days shall be put forward. The final report would be submitted within 15 working days from the last day of the audit. Conclusion: Given the changing economic & political scenarios and known & emerging risks to the Bank due to external as well as internal factors, the audit team hereby presents a detailed assessment of Bank’s internal governance model, auditing system, the risks proposed in the scope such that the Bank can be appropriately advised on the mitigations, corrective actions & preventive actions. Compliance to PCI DSS and ISO 27005 standards would be assessed to ensure that the risk governance framework is covered end to end in line with the Global Standards and best practices. The Audit team shall comprise of industry experts in these areas thus ensuring very high quality of results as an outcome of this auditing process. Sincerely The Audit Controller and the Audit Team References: Harvard – A Guide to referencing, Victoria University 2002, A new school of thought, Australia New Australian Standard for Risk Management. 15 September 2008. < http://www.riskmanagement.com.au/News/NewAustralianStandardforRiskManagement/tabid/152/Default.aspx> 1995. Risk Management and Governance, ISO/IEC 27005:2008, released in year 2008. < http://www.bsiglobal.com> Payment Card Industry (PCI) Data Security Standard (DSS). PCI Security Standards Council, 2008. Payment Card Industry (PCI) Data Security Standard (DSS). MasterCard International, 2005. Risk Management Principles of Electronic banking. Basel Committee on Banking Supervision. Bank for International settlements. 2003. Gray, Stoneburner, Goguen, Alice et al. Risk Management Guide for Information Technology Systems. Recommendations of National Institute of Standards and Technology. US Department of Commerce. 2002. How Healthy and Big US Banks, Business Week, McGraw-Hill Company, 2008 In addition to the cited references, I would like to extend my special thanks to all those who extended to me knowledge and information that helped me to put together this paper. On their request, their names have not been published herewith. End of Document Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(“Audit-Risks Essay Example | Topics and Well Written Essays - 1000 words”, n.d.)
Retrieved from https://studentshare.org/miscellaneous/1548159-audit-risks
(Audit-Risks Essay Example | Topics and Well Written Essays - 1000 Words)
https://studentshare.org/miscellaneous/1548159-audit-risks.
“Audit-Risks Essay Example | Topics and Well Written Essays - 1000 Words”, n.d. https://studentshare.org/miscellaneous/1548159-audit-risks.
  • Cited: 0 times

CHECK THESE SAMPLES OF Comprehensive Audit Plan Issues

Environmental Audit

In the paper 'Environmental audit' the author analyzes environmental evaluation intended to identify various environmental problems and management system.... Generally there are two types of environmental audit such as compliance audit and management system audit.... The author states that environmental audit can be defined as 'An environmental audit is concerned with checking conformity with legislative requirements and environmental standards, as well as with company policy....
8 Pages (2000 words) Term Paper

Environmental Audit

Thereby, it is becoming increasingly imperative for companies to carry out feasibility studies and environmental audits to assess the nature of the new market and plan the strategies accordingly.... Running Head: ABBREVIATED TITLE OF YOUR CHOICE (all caps) Environmental audit With the passage of time and the advent of globalization, the phenomenon of global village is now more pertinent than ever before.... This paper is focused upon environmental audit and how important it is for an organization....
3 Pages (750 words) Essay

Environmental Issues in Business Transactions

?? The agreement further states that if Shan require a more comprehensive assessment and compliance audits Shan Industry has to rely on the auditors hired by Tyco International only.... I hereby certify on my honour that all work on this examination is entirely my own.... I have neither given help to nor received help from anyone else in connection with preparing or writing my responses to the questions on this examination....
4 Pages (1000 words) Essay

Strategic Marketing - How Does the Audit Process Fit into Marketing Management

The first point of comparison between the two is that marketing audit is a comprehensive, systematic, and periodic examination of a firm's environment, objectives, strategies, and activities to find problem areas and opportunities to recommend a plan of action to improve the performance of marketing strategies of the firm.... This paper "Strategic Marketing - How Does the audit Process Fit into Marketing Management?... The market audit is the base from which one will develop a tactic to get these returns....
8 Pages (2000 words) Assignment

Environmental Auditing and Management Systems

The "Environmental Auditing and Management Systems" paper examines methods applied in a site environmental audit to identify key issues and gather audit evidence, environmental auditing and its link with ISO 14001, and phases of audit and aspects of company operations to be audited.... An environmental audit, especially for a manufacturing site is a conscious process that requires careful assessment and review of the procedures, activities, and policies of the corporate in question before a final report is presented (Barton and Bruder, 2008)....
16 Pages (4000 words) Coursework

Extent to Which Firms Communicate Their Business Strategy with the Internal Audit Department

Internal auditors assess and report various issues such as compliance, risk management, and internal control deficiencies directly to the audit committee which has been appointed from the board of directors.... In other words, various researchers support that a successful internal audit process must be clearly aligned to the strategic plan of organizations.... As a result, internal audit systems should follow business evolution by remaining.... The paper 'Extent to Which Firms Communicate Their Business Strategy with the Internal audit Department' is an excellent example of a finance & accounting research paper....
36 Pages (9000 words) Research Paper

The Methods and Procedures to Pollution Prevention Actions

The checklist often includes major audit issues, objectives, and conclusions.... The methods used in a site environmental audit process to identify key issues and gather audit evidence.... (55) state that the environmental audit process often involves the collection, assembling, analysis, interpretation as well as presentation of data which is used in assessing and measuring the performance of the company against a set of targets, an environmental management system rules, and specific issues....
20 Pages (5000 words) Literature review

Clinical Coding and Casemix Audit

In this report, the documentation of the audit plan and procedures, and the benefits of Clinical Coding and Casemix Audit will be highlighted.... The paper "Clinical Coding and Casemix audit" is a great example of a report on finance and accounting.... The quality and accuracy of audit information in any healthcare medical center is a key element in the quality and safety of the healthcare provided.... The paper "Clinical Coding and Casemix audit" is a great example of a report on finance and accounting....
8 Pages (2000 words) Term Paper
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us