Risk-Based Auditing


Our Risk-Based Auditing Process

The Board of Directors is required to establish an effective risk-based audit function. To facilitate this process, NETBankAudit develops audit risk assessments tailored to the financial institution’s specific environment. The assessment includes all substantive related activities and determines the frequency and depth of coverage. Specifically, our risk-based audit assessment process includes the following steps:

  1. Identification of the institution’s data, application and operating systems, technology, facilities, and personnel including the business activities and processes within each of those categories
  2. Profiles of significant business units, departments, and product lines, or systems, and their associated business risks and control features, resulting in a document describing the structure of risk and controls throughout the institution
  3. A scoring system that ranks and evaluates business and control risks for significant business units, departments, and products
  4. Board and/or Audit Committee approval of risk assessments and annual risk-based audit plans that establish audit schedules, cycles, scope, and resource allocation
  5. Implementation of the audit plan through planning, execution, reporting, and follow-up
  6. Regular risk assessment re-evaluation and update for all significant business units, departments, and products or systems

Our assessment methodology provides the objective information necessary to properly prioritize the allocation of audit resources and comply with regulatory demands.

What are the implications of risk-based auditing?

Risk-based auditing is required by all regulatory agencies. The purpose of risk-based auditing is to effectively allocate audit resources according to associated risks. Risk-based auditing should produce better results. An added benefit to risk-based auditing is the ability to meet budgetary needs. At NETBankAudit, we are well aware of the regulatory demands and the costs associated with auditing technology, compliance, and business activities. Accordingly, our risk-based approach is tailored to each institution’s specific environment including financial limitations. Call us and let’s talk. We are confident that we can develop a specific risk-based plan for your institution that is responsible yet affordable.

← Previous