Trident – Navision & Microsoft Dynamics AX Partner in India
 
Email    Call us at   
India- Info@tridentinfo.com    or    +91 11 6940 0449
India- hrdesk@tridentinfo.com    or    +91 11 6940 0450
Home » Governance, Risk & Control

Overview

Governance, Risk & Control

Governance

Governance is the combination of processes and structures implemented by the board to inform, direct, manage, and monitor the activities of the organization toward the
achievement of its objectives.


Guidance on Governance

The audit activity must assess and make appropriate recommendations for improving the governance process in its accomplishment of the following objectives:


  • Promoting appropriate ethics and values within the organization.
  • Ensuring effective organizational performance management and accountability.
  • Communicating risk and control information to appropriate areas of the organization.
  • Coordinating the activities of and communicating information among the board, auditors,   and management.
  • The audit activity must evaluate the design, implementation, and effectiveness of the       organization's ethics-related objectives, programs, and activities.
  • The audit activity must assess whether the information technology governance of the       organization supports the organization's strategies and objectives.

Risk

Risk is the possibility of an event occurring that will have an impact on the achievement of objectives. Risk is measured in terms of impact and likelihood.


Guidance on Risk

The internal audit activity must evaluate the effectiveness and contribute to the improvement of risk management processes.


Interpretation

Determining whether risk management processes are effective is a judgment resulting from the internal auditor's assessment that:

  • Organizational objectives support and align with the organization's mission.
  • Significant risks are identified and assessed.
  • Appropriate risk responses are selected that align risks with the organization's risk      appetite.
  • Relevant risk information is captured and communicated in a timely manner across the   organization,enabling staff,management,and the board to carry out their responsibilities.

The activity may gather the information to support this assessment during multiple engagements. The results of these engagements, when viewed together, provide an understanding of the organization’s risk management processes and their effectiveness.


Risk management processes are monitored through ongoing management activities, separate evaluations, or both.


The audit activity must evaluate risk exposures relating to the organization's governance, operations, and information systems regarding the:

  • Reliability and integrity of financial and operational information.
  • Effectiveness and efficiency of operations and programs.
  • Safeguarding of assets.
  • Compliance with laws, regulations, policies, procedures, and contracts.
  • The audit activity must evaluate the potential for the occurrence of fraud and how the         organization manages fraud risk.
  • During consulting engagements, auditors must address risk consistent with the               engagement's objectives and be alert to the existence of other significant risks.
  • Auditors must incorporate knowledge of risks gained from consulting engagements into     their evaluation of the organization's risk management processes.
  • When assisting management in establishing or improving risk management processes,     internal auditors must refrain from assuming any management responsibility by actually     managing risks.

Control

Control is any action taken by management, the board, and other parties to manage risk and increase the likelihood that established objectives and goals will be achieved. Management plans, organizes, and directs the performance of sufficient actions to provide reasonable assurance that objectives and goals will be achieved.


Guidance on Control

The audit activity must assist the organization in maintaining effective controls by evaluating their effectiveness and efficiency and by promoting continuous improvement.


The audit activity must evaluate the adequacy and effectiveness of controls in responding to risks within the organization's governance, operations, and information systems regarding the:


  • Achievement of the organization's strategic objectives.
  • Reliability and integrity of financial and operational information.
  • Effectiveness and efficiency of operations and programs.
  • Safeguarding of assets.
  • Compliance with laws, regulations, policies, procedures, and contracts.
  • Auditors must incorporate knowledge of controls gained from consulting engagements     into evaluation of the organization's control processes.


Any Queries please call on +91 11 6940 0449 or write to us at info@tridentinfo.com