RBIA is a methodology that provides assurance that risks are being managed to the org’s risk appetite.
It is impossible to eliminate all the risks completely but we reduce it to a level that the board considers acceptable , the risk appetite of the org. Thus RBIA provides assurance to an org that risks, both Inherent and Control risks can be well managed by implementing a sound risk management framework.
Why RBIA?
- Provides information to the directors of the org , how effective the internal audit resources are checking various risk responses and highlights risks that pose a serious threat to the organization.
- Highlights risks that are over-controlled therefore consuming more resources.
Scope
- Assess the risk maturity of the organisation.
- Assign the risks to an audit that will examine the management.
- Set up the Risk and Audit Universe (RAU) and draw up the plan for carrying out the audits.
- Carry out individual risk based audits using ACL analytics & other tools and provide feedback of the audit results into the RAU.