Risk Management: A Necessity for Good Corporate Governance - Essay Sample

Introduction

The need to manage risks is an essential part of good corporate governance. An organization's management is under pressure to identify risks and develop strategies to manage them. A risk-based auditing process links internal auditing to an organization's risk management framework. It allows managers to communicate to stakeholders that the organization is effectively managing risks based on its affinity to risk (Johnstone, Gramling & Rittenberg, 2013). Given all organizations are different regarding their structure, processes, and attitudes towards risk, a risk-based audit adapts an audit plan to the organization's specifications.

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

Save 25%

The first step in an audit plan is determining the threats facing the organization. These threats are events that have a probability greater than zero of occurring and which could have negative implications on the firm. These threats may be as a result of human error or due to processes over which human beings have no control over (Johnstone et al., 2013). The classification of risks is essential in the later stages of the risk-based audit. An organization's system may be exposed to accidental threats or intentional threats where human agents exploit a system's weaknesses to their advantage. This stage employs research methods to gather data and process it to inform the range of threats a system faces.

The second step in the risk-based audit process is identifying control procedures. These are based on the threats identified in the first step. The control procedures are steps taken to prevent the realization of the threats. For instance, internal controls may be used to ensure employees adhere to specific standards of conduct. Control procedures are also necessary for the detection of threats. This allows the management to identify the areas of operation that are more prone to risks than others (Griffiths, 2016). This step also involves devising ways to control the threats and minimize their impact on an organization. The audit process reviews and tests these control procedures to determine their efficacy and efficiency in accomplishing their objectives (Griffiths, 2016).

The third step is the evaluation of control procedures. A review of the existing risk control policy establishes whether threat control procedures are in place. This is followed by a series of tests with the objective of determining if the existing controls work as intended. If there are no threat control procures in place, the system is severely exposed to internal and external aggression (Coetzee & Lubbe, 2014). Furthermore, if the existing control procedures are flawed or improperly configured and monitored, the system is still exposed. To ensure the control procedures work as intended, auditors identify faults in existing systems and provide recommendations for improvement of the control procedures.

The auditors' final step is evaluation of control weaknesses to determine their effectiveness. This step may include exposing the system to mock threats in a bid to evaluate how control systems respond and identify their upsides as well as their weaknesses. The auditors examine how various components of the control system interact with one another (Coetzee & Lubbe, 2014). For instance, weaknesses in one area may be acceptable if other areas compensate for those weaknesses through their robustness.

The risk-based audit process provides managers with a more candid comprehension of a company's security situation. It also identifies the risks faced by an organization as well as the extent of exposure to these risks. It also forms the basis for recommendations on areas that need improvement to reduce the organization's exposure to risk and better develop threat response mechanisms.

References

Coetzee, P., & Lubbe, D. (2014). Improving the efficiency and effectiveness of riskbased internal audit engagements. International journal of auditing, 18(2), 115-125.

Griffiths, P. (2016). Risk-based auditing. Routledge.

Johnstone, K., Gramling, A., & Rittenberg, L. E. (2013). Auditing: a risk-based approach to conducting a quality audit. Cengage learning.