*** P1 June 2014 Exam was.. Instant Poll and comments ***

P1 was good! Q1 was not so easy but was fair enough! Anyways, it is a pass, I believe! 🙂

EXAM ARE DONE! YAAY!

Q1d) – internal risk audit vs external risk audit

I didn’t know whether to read this as internal audit vs external audit or internal risk vs external risk (I did the latter). Did anyone else think this or am I the only one?

@Beaus @groovykikko
The question on external and internal risk audit was taken from this technical article:
https://www.accaglobal.com/zw/en/student/acca-qual-student-journey/qual-resource/acca-qualification/p1/technical-articles/risk-and-environmental-auditing.html

“INTERNAL AND EXTERNAL RISK AUDIT
Risk audit and assessment is a systematic way of understanding the risks that an organisation faces. Because the range and types of risks are many and varied, risk assessment and audit can be a complicated and involved process. Some organisations, such as large financial services providers, employ teams of people whose job it is to continually monitor and internally report on the organisation’s risks. For others, the activity is only undertaken occasionally, perhaps as a part of the annual cycle of internal control management. Unlike financial auditing, risk audit is not a mandatory requirement for all organisations but, importantly, in some highly regulated industries (such as banking and financial services), a form of ongoing risk assessment and audit is compulsory in most jurisdictions. Some organisations employ internal risk specialists to carry out risk auditing ‘in house’, but in other cases, the role is undertaken by external consultants. There are pros and cons of both approaches.

Risk audit as an internal function has the advantage that those conducting the audit are likely to be highly familiar with the organisation, its systems, procedures, regulatory environment, and culture. By understanding how things ‘work’ (who does what, what regulations apply and where), and also understanding relevant technical matters, legal frameworks and control systems, an internal auditor should be able to carry out a highly context-specific risk audit. The audit is likely to contain assessments that are written and structured according to the expectations and norms of the organisation, perhaps using appropriate technical language and in a form specifically intended for that particular organisation’s management.

The disadvantages are the threats of impaired independence and overfamiliarity that are present in many internal audit situations. It is to avoid these that many organisations prefer to have risk audit and assessment carried out by external parties.

Having an external risk audit brings a number of advantages. First, it reduces or avoids the independence and familiarity threats. It is likely that external auditors will have no link to anybody inside the organisation being audited and so there will be fewer prior friendships and personal relationships to consider.

Second, the fact that these threats are avoided or reduced will create a higher degree of confidence for investors and, where applicable, regulators.

Third, any external auditor brings a fresh pair of eyes to the task, identifying issues that internal auditors may have overlooked because of familiarity. When internal employees audit a system or department, they may be so familiar with the organisation’s routines, procedures, culture, and norms that a key risk might be overlooked or wrongly assessed.

Fourth, best practice and current developments can be introduced if external consultants are aware of these. Given that consultants typically promote themselves on the currency of their skills, it is often more likely that their knowledge will be more up to date than that of internal staff, whose skills may be geared specifically to their organisation’s needs and expectations.”

Thank for posting the article Byron. I mentioned independence and expertise as advantages to having external risk auditors, so that looks promising. Did the article continue to describe the stages of the risk audit?

@neilsolaris
Yes, the paragraph following the excerpt I posted went on to describe the four stages of risk audit: Identify, Assess (i.e. likelihood/impact), Review and Report

Hope you got them right as well! 🙂

@umerkhayam
You’re welcome….my only issue with this question is that the link I made with the scenario was not strong enough to get me full marks…and I need to get marks from here because it was a relatively straightforward one, given the material was available on that technical article. Having said that, I tried to relate to the scenario.

@byron Well i tried as well like identifying risks such as parents not reading instructions and death of infants so in stage 2 i said that they will need to carry out seminars to create awareness and include instructions in their marketing and advertising campaign.

I do not think you lose marks – it was to do with ethics (corporate) and ethical behaviour so you should get some marks….

As for me, i don’t think AAA or Tucker 5 ? should be used any where in the entire ?.

I advised to carry out seminars create awareness and market product with clear instructions and include it in advertisements.

Does anyone remember what the first part of Q3(b) was about? Environmental reporting or environmental audit?

Oh, I mentiibed identify, assess and monitor, also I drew the matrix likelyhood/impact. I hope monitor will go for review and I didn’t manage to remember the fourth stage, though I knew there were four of those.