Chief Audit Executives need to retain and share a huge amount of information.
The Institute offers a useful tool that can be used digitally or physically.
The Watchlist that we’ve provided below is a simple way to capture risk and assurance information. Ideal for sharing with a team, keeping in a notebook, a jacket pocket or accessed digitally.
*Click thumbnail to enlarge
- Typically, information starts in the bottom right corner. Change is a key source of risk.
- Risks begin to emerge as knowledge improves.
- Risks may increase in severity and, depending on their speed, may move into being monitored or added immediately to the audit plan.
- Monitoring might be ad-hoc or continuous – either manual or automated.
- Risk monitoring might involve internal audit, with individuals responsible for reporting back at team meetings.
- Monitored risks move to the audit plan when assurance is required.
- Monitored risks will drop off the list if they are no longer considered material or if there is confidence in the business response to manage them.
- Reprioritisation of the audit plan will downgrade some risks into monitoring.