The Internal Audit is a critical tool to review key processes in an organization; identifying gaps in internal controls and potential risks in order to effectively mitigate them.
At Chaikin Cohen Rubin & Co., we believe the foundations of internal audit are laid by working together with the client to match expectations and emphasize needs. In our experience, the adoption of this practice leads to major improvements across all business activities.
Each Internal Audit team is formed according to the specific characteristics of the project. Typically, a team includes accountants, certified internal auditors, engineers and other technical professionals, and any other relevant stakeholders.
To carry out the reviews, we use ERM (Enterprise Risk Management) designated IDEA audit and audit tools and techniques as used by leading accounting firms across the world.
We provide internal audit services to a range of clients operating in various sectors with diverse characteristics; public companies listed on NASDAQ or Tel Aviv Stock Exchange (TASE), non-profit organizations, social enterprises, financial institutions and companies in the fields of high-tech, retail, traditional industry and more.
In a dynamic business environment, senior executives now recognize the internal audit as being an essential building block for running a successful operation.
Methodology: Mapping and Analysis
Setting a multi-year audit plan is only possible after conducting a comprehensive review of the risks of key processes, using a weighted score to index exposure in each activity. This evaluation is coordinated with the client’s executive management:
- Mapping talks with the management of organizational units
- Reviewing financial statements, budgets, protocols, procedure files, major contract agreements and previous audit reports
- Identification of the key processes and sub-processes in the organization and attribution of responsible for each process
- Analyzing risk exposure and determining weighted scores for:
- Likelihood of occurrence of any substantial deficiency
- Impact of risk on business
- A factored score based on probability and level of potential damage
- Understanding workflow processes with key insights from stakeholders
- Identifying areas of potential weaknesses and asking "what can go wrong” (WCGW)
- Assessment of existing controls of WCGW at any point, assessment of compliance to laws, regulations and other relevant professional standards
- Stress testing the effectiveness of existing controls
- Recommendations for improving existing controls and the addition of new controls
- Discussion of findings in relation to implementation, allocation of responsibility and delivery timetable
- Follow-up on long-term deliverables and implementation
Risk Management (ERM)
Risk management is an integral part of the functional map of every responsible organization.
It is a management tool that directly helps increase operational efficiency, builds stability across the organization, and the long term – helps realize the vision and specific goals of the body.
Goal: mapping, assessment and raising awareness.
A risk survey serves as the basis for risk management and understanding the risk profile through the individual risk weighting and preparation of the infrastructure needed to deal with systemic risks.
The Risk Survey includes:
Mapping the core operations of the organization with exposure to risk: regulatory, operational, information systems, financial, human (E&F) and any industry specific risks.
After this process, the residual risk levels can be mapped.
Building awareness is created through the presentation and explanation of the findings to decision-makers, so as to help management reduce their impact and work towards their permanent removal.
As part this process, we recognize the risk to core business activities. In partnership with the management, we work to reduce risk exposure and build the strategies to deal with them in the event the risk materializes.
The ability for the management team to effectively handle uncertainty, i.e. balance risk and opportunity in order to reach an optimal equilibrium between growth risks, effectiveness and efficiency in deploying resources to meet organizational goals.
A prudent combination of controls and foresight will achieve a significant reduction in risk. As such, an increasing number of business executives understand the importance of a risk management policy as an essential tool for the success.