Chief Audit Executives need to retain and share a huge amount of information.
The Chartered IIA offers a useful tool that can be used digitally or physically.
The CAE Watchlist is a simple way to capture risk and assurance information. Ideal for sharing with a team, keeping in a notebook, a jacket pocket or accessed digitally. Think of it as moving sticky notes from one section to another. Lots of digital tools do this.
*Click thumbnail to enlarge
- Typically, information starts in the bottom right corner. Change is a key source of risk.
- Risks begin to emerge as knowledge improves.
- Risks may increase in severity and, depending on their speed, may move into being monitored or added immediately to the audit plan.
- Monitoring might be ad-hoc or continuous – either manual or automated.
- Risk monitoring might involve internal audit, with individuals responsible for reporting back at team meetings.
- Monitored risks move to the audit plan when assurance is required.
- Monitored risks will drop off the list if they are no longer considered material or if there is confidence in the business response to manage them.
- Reprioritisation of the audit plan will downgrade some risks into monitoring.
…