Page 111 - Rižnar, Igor, and Klemen Kavčič (ed.). 2017. Connecting Higher Education Institutions with Small and Medium-Sized Enterprises. Koper: University of Primorska Press
P. 111
Internal Audit in the Financing of Companies
should be continuously reviewed in order to ensure the effective
operation of the mechanisms.
Risk cannot be eliminated entirely because some events cannot be
predicted or anticipated. Moreover, in the operation of controls, it is
necessary to take into account the human factor (it may be a good con-
trol but we are not protected if a responsible person is not assigned)
(Toman Pfajfar 2011, 30). We emphasise that internal auditors must
have sufficient knowledge to assess the risk of fraud and the manner
of its treatment in the organisation, but they are not expected to have
the expertise of a person whose primary responsibility is detecting and
investigating fraud (‘International Standards for the Professional Prac-
tice of Internal Auditing’ 2012, Standard 1210.a 2).
Recognizing Management Responses to Commercial Risks
When the company evaluated the risks of fraud, it needs to decide on a
strategy of risk management according to its risk appetite. The strate-
gies can be divided into four groups (Committee of Sponsoring Organi-
zations of the Treadway Commission 2004, 53):
• Avoidance – the company decides to avoid the risk, to withdraw
from risky situations or not to enter into it. An example of this
would be the sale of a department or the suspension of a produc-
tion line.
• Reduction – the company reduces the likelihood of the occurrence
of risk or its effects, or both, to introduce appropriate control ac-
tion.
• Transfer – the company decides to transfer a part of risk to other
participants. Common forms of this response to a risk are trans-
fers to the insurance funds and the provision of services to others.
• Acceptance – the company does not take any action in relation to
the risk.
When determining the adoption of an appropriate strategy for re-
sponding to the risk, the management must:
• Evaluate the potential responses to risks – often companies find
that they can use a number of different responses or a combina-
tion thereof for a single risk. It is also possible that a single re-
sponse may be used for several different risks. Therefore, there is
no need for additional activities and the existing one only needs to
be improved.
109
should be continuously reviewed in order to ensure the effective
operation of the mechanisms.
Risk cannot be eliminated entirely because some events cannot be
predicted or anticipated. Moreover, in the operation of controls, it is
necessary to take into account the human factor (it may be a good con-
trol but we are not protected if a responsible person is not assigned)
(Toman Pfajfar 2011, 30). We emphasise that internal auditors must
have sufficient knowledge to assess the risk of fraud and the manner
of its treatment in the organisation, but they are not expected to have
the expertise of a person whose primary responsibility is detecting and
investigating fraud (‘International Standards for the Professional Prac-
tice of Internal Auditing’ 2012, Standard 1210.a 2).
Recognizing Management Responses to Commercial Risks
When the company evaluated the risks of fraud, it needs to decide on a
strategy of risk management according to its risk appetite. The strate-
gies can be divided into four groups (Committee of Sponsoring Organi-
zations of the Treadway Commission 2004, 53):
• Avoidance – the company decides to avoid the risk, to withdraw
from risky situations or not to enter into it. An example of this
would be the sale of a department or the suspension of a produc-
tion line.
• Reduction – the company reduces the likelihood of the occurrence
of risk or its effects, or both, to introduce appropriate control ac-
tion.
• Transfer – the company decides to transfer a part of risk to other
participants. Common forms of this response to a risk are trans-
fers to the insurance funds and the provision of services to others.
• Acceptance – the company does not take any action in relation to
the risk.
When determining the adoption of an appropriate strategy for re-
sponding to the risk, the management must:
• Evaluate the potential responses to risks – often companies find
that they can use a number of different responses or a combina-
tion thereof for a single risk. It is also possible that a single re-
sponse may be used for several different risks. Therefore, there is
no need for additional activities and the existing one only needs to
be improved.
109
