Page 104 - Rižnar, Igor, and Klemen Kavčič (ed.). 2017. Connecting Higher Education Institutions with Small and Medium-Sized Enterprises. Koper: University of Primorska Press
P. 104
Tatjana Horvat and Franko Milost

• a risk model,
• a risk matrix and
• using co s o 2 methodology.

Risks in the risk matrix are assessed in terms of likelihood and im-
pact, whereby the assessment of the likelihood (probability) of a partic-
ular event is low, medium or high. While the assessment of the impact
(consequences) of the individual risk/event is expressed as low, moder-
ate or significant.

When assessing the risks and the impacts (consequences) of risks in
finance process, the internal auditor has the following options:

1. the probability of the risk:

• a high probability means a probability that the event occurs
more than once a year;

• a medium probability means a probability that the event occurs
once in a period of 1 to 5 years;

• a low probability means a probability that the event occurs once
in a period of over 5 years;

2. a value assessment of the impact (consequences) of individual
risks measured in terms of the amount of damage:

• a significant consequence to the legality of the financing activ-
ities of the company is damage worth over 160,000 euros;

• a moderate consequence to the legality of the financing activ-
ities of the company is damage with a value of € 7,500 to €
160,000;

• a low impact on the legality of the financing activities of the
company is damage worth up to € 7,500.

When determining the amount of damage, we started with the total
revenue of the company, which for the year 201x amounted to 3,244,736
e u r. This means that 160,000 euros of damage is 5 of the revenue,
while 7,500 eu r represents 0.25 of the revenue.

Implementation of the Internal Audit Assignment
The internal auditor shall perform the internal audit on the basis of or-
ders resulting from internal audit planning, as shown in table 6.1.

Planning is followed by the implementation of the internal audit en-
gagement. Internal auditors should identify, examine, evaluate and doc-
ument enough information to achieve the scope and objectives of busi-

102
   99   100   101   102   103   104   105   106   107   108   109