Report
dit
Se
Client:
File:
rvi
Audit Manager:
Phone:
Email:
ce
s
Table of Contents
Executive Summary......................................................................................................3
Introduction...............................................................................................................3
Objective...................................................................................................................3
Conclusion................................................................................................................4
Management Action Plan..............................................................................................6
Summary of Recommendations...............................................................................6
Appendix A Audit Overview........................................................................................7
Introduction...............................................................................................................7
Background, Scope & Objective...............................................................................7
Methodology..............................................................................................................7
Risks..........................................................................................................................7
Reporting...................................................................................................................7
Appendix B Glossary of Terms..................................................................................8
Appendix C Risk Scoring Process...........................................................................10
Appendix D Classification of Recommendations....................................................13
2
Executive Summary
Introduction
The Audit Services operational plan includes audit review of in .
Scope:
This draft report presents the findings of the audit review and the
recommendations made. It is intended for discussion purposes, after
which a final report incorporating management's comments will be issued.
Objective
The purpose of this review was to identify and discuss with management
the risks to the objectives of , and to assess how those risks are being
controlled.
The Background, Scope, Objective, and Methodology are included in the
Audit Overview given in Appendix A.
Summary of
Recommendations
High 0
Medium 0
Low 0
Total 0
Introduction
The Audit Services Annual Workplan is based on an assessment of risk,
where the areas with greater potential risk are given higher priority. The
Workplan and the risk scores were discussed with the Executive Audit
Committee for the current fiscal year.
Methodology
Audit Description
Risks
The risks for this audit are set out in the table in the Executive Summary
above. The risks are given a rating based on an assessment of their
inherent likelihood and impact (without any controls to mitigate them),
using the standard risk scoring matrix referenced in Appendix C. They
have been discussed with the client.
Appendices B and C give explanations of scoring and terminology.
Reporting
A draft report will be issued for discussion purposes, after which a final
report incorporating managements responses will be issued.
Table 1
Term Definition Example
Process An activity undertaken
Crossing a busy road
Objective The purpose of the activity To get to the other side
Risk Events that could prevent Getting run over
achievement of the objective
Inherent An assessment of the intrinsic Crossing the road
score riskiness of the activity (i.e. if without due care is very
there were no procedures in risky (and would have a
place to control the effects or high score)
occurrence of the risk)
Measured using factors of
consequence and likelihood
See Table 2 below and
Appendix B.
Residual As assessment of the Crossing the road only
score riskiness of the activity with after checking for traffic,
controls present or using a bridge,
Measured using factors of pedestrian crossing or
consequence and likelihood subway is less risky (and
would have a lower
See Table 2 below and
score)
Appendix B.
Implication The potential consequences There is potential for
of the controls (or lack of you to get run over
controls) in place to manage
the risk
Recommenda Where the inherent risk is not Look both ways before
tion adequately managed, and the crossing and follow
residual risk is still too high, pedestrian traffic rules.
management action is
recommended to improve
controls.
Recommendations are graded
by significance - see
Appendix D.
Impact The expected level of impact Catastrophic (death or
of an event (risk) on injury!)
achievement of objectives
Table 2
Risk level * Inherent score Residual score
High Risk The risk fundamentally Management controls are
threatens the insufficient to give
achievement of the assurance that the risk is
service objective. properly managed.
Primary Issue Though not fundamental, Though not fundamentally
there is a significant risk weak, management of the
to the service objective. risk could be enhanced.
Secondary The risk is generally well The risk is sufficiently well
Issue managed, but a minor managed but processes
risk is present. could still be improved.
Acceptable A minor risk, which does The risk is considered to
not significantly threaten be sufficiently well
the service objectives. managed.
* See Appendix C for risk scoring matrix
Impact
Likelihood
Tertiary
Acceptable Acceptable Acceptable Issue
Very unlikely (1) Unlikely (2) Likely (3) Very likely (4)
Likelihood of Risk
Likelihood of Risk
See Appendix B for definitions of terminology
Recommendatio
n Significance Definition