Auditor's Risk Management Guide: Integrating Auditing and ERM with CD (2015) is a comprehensive how-to book that guides the reader on performing risk management-based audits. The book covers the Enterprise Risk Management Integrated Framework issued by the Committee of Sponsoring Organizations (COSO).
Following the passage of Sarbanes-Oxley and its strict corporate governance and accountability provisions, developing better risk management techniques is becoming more important in meeting higher audit committee expectations. Written by an audit practitioner, that's where this practical guide comes in.
The first part of the Auditor's Risk Management Guide provides a broad understanding of corporate governance, ERM principles, and different auditing approaches. It also provides step-by-step instructions on how to execute the risk management-based audit, including frequently asked questions.
The second part of the book is devoted to detailed case studies that illustrate the risk management-based audit methodology and tools in different scenarios, beginning with a business risk assessment and working through common audit areas such as closing the books, accounts payable, and accounts receivable.
Practice Pointers and Observations throughout provide additional commentary to assist the reader in understanding the methodology.
A free CD-ROM is included with the book provides electronic versions of the various work programs, checklists, and other tools in the book. The programs and checklists are presented in a format that helps the auditor understand what questions need to be asked and answered as he or she executes the methodology.
This 2015 edition of Auditor's Risk Management Guide contains the following:
- Discussion of COSO’s updated internal control framework, often referred to as COSO 2013. The 17 principles of internal control are covered (Chapter 7), along with other updates related to COSO 2013 (Chapters 7, 11, and 15).
- Increased focus and discussion about the importance of considering “upside” risks as well as downside risks (i.e., recognizing when more risk must be taken on to pursue strategies, vs. mitigating or avoiding risks) (Chapters 1, 13, and 16).
- Introduces integrated reporting () and explains how links with risk management-based auditing (Chapter 15).
- Provides additional Frequently Asked Questions relating to new and emerging concepts, such as the board’s role in ERM, the risk appetite framework, and audit’s role related to strategic planning and auditing strategic risks (Chapter 16).
- Updates other content for emerging concepts and relevant papers that have been issued. Also notes where appropriate that an update for COSO ERM has been announced, which may have notable impact on various parts of this book.