CHAPTER 25
Risk-Based Internal Audit Methodology and Procedure
25.1 RISK-BASED INTERNAL AUDIT METHODOLOGY
The risk-based internal audit methodology is broadly similar to risk-based bank supervision techniques. In both the cases, extensive on-site examination has been significantly reduced and the focus has shifted to scrutiny of more risky areas of operation and control and testing of sample transactions instead of all transactions. The introduction of risk-based bank supervision and risk-based internal audit has resulted in reduction of examination time and optimization of audit resources. The examination reports highlight the deficiencies in risk management and control procedures, and the examination findings are evaluated to make improvements in systems and procedures.
The risk-based bank supervision process commences with the risk profiling of banks and risk analysis of their operations and control. Likewise, the risk-based internal audit process begins with the risk profiling of a bank's field offices, operational departments, portfolios, and other functional units and analysis of those profiles for deciding priorities and bestowing attention. The audit resources are focused on the material areas and activities of the bank and the risk profiles are used to prioritize activities and locations for audit and formulate an audit plan. Banks have to assess the business and control risks of each branch office and map the magnitude of risks in a risk matrix to classify them into ...
