Show TOC

Procedure documentationPerforming an Audit Risk Rating Locate this document in the navigation structure

 

You use this procedure to create an audit risk rating (ARR).

Prerequisites

You have completed the following:

  • You have verified that your audit universe has been defined.

    See Audit Universe and Creating an Auditable Entity for more information.

  • You have confirmed your role authorization for performing an ARR.

    See Internal Audit Management Roles for more information.

  • You have defined and evaluated a set of risk factors and risk scores to factor from Customizing activities in Risk Management under Maintain Risk and Opportunity Analysis.

Procedure

Note Note

After you have created at least one ARR, select Copy to copy all the data except audit proposal and audit plan proposal information.

End of the note.

To create an ARR:

  1. Navigate to   Internal Audit Management   Audit Risk Rating   Audit Risk Rating  .

  2. Select Create.

    On the General tab, complete the following entries for your ARR:

    • Name

      The name of the ARR you are creating.

    • Description

      A description of the ARR you are creating.

    • Valid from

      The starting valid date for the ARR.

    • Valid to

      The date when the ARR expires.

      The Valid to date must be greater than or equal to the Valid from date.

    • Responsible Person

      The person with the authority to change or edit the ARR.

    • Status

      The current status of the ARR. Status can be In Process, Released, or Completed.

  3. On the Auditable Entities tab, select Add to choose from a list of auditable entities.

  4. On the Risk Factors tab, select your ARR risk factors.

    Select Add to add the risk factors.

    After you have entered your risk factors select OK.

  5. On the Risk Scores tab, select the auditable entity and input the risk score on the Risk Factors table.

    • Select the Calculate button to obtain a display of the average score.

    • Select the Risk Level column and enter your risk level definitions or values.

    • Select the Risk Priority column and enter your risk priority definitions or values.

    • (optional) Add any comments in either the Auditable Entities or Risk Factors table.

  6. Select the Audit Plan Proposal tab to confirm that you want to generate an audit plan proposal with associated audit proposals.

    The auditable entity and the ARR are linked.

    For more information, see Generating an Audit Proposal and Audit Plan Proposal.

  7. Select the Attachments and Links tab to upload a file or create a link relevant to your ARR.

  8. Select Export to create an Excel spreadsheet that displays the following information in table form for your ARR:

    • Auditable Entity

      The name of the auditable entity.

    • Risk Factor(s)

      The risk factors you defined for the auditable entity.

    • Risk Score

      The calculated risk score for the auditable entity.

    • Risk Rating

      The rating for the auditable entity.

    • Risk Priority

      The level of importance you place on the auditable entity.

      This value is supplied by Customizing activities in Risk Management under Maintain Risk and Opportunity Analysis.

    • Comments

      Descriptive or other helpful information for the auditable entity.

  9. Select Save.