Risk Management and Risk Assessment
About the Author
CIA, CISA,
CFE, CGFM
David McNamee is President of MC2 Management Consulting, a successful consulting firm he founded in 1991 to specialize in improving corporate governance through consulting services in business risk and management control. MC2 Management Consulting serves a worldwide client list from all segments of public and private enterprise.
MC2 Management Consulting helps clients become better managers by providing business risk analysis tools and fraud training. Each client faces a unique set of fraud challenges and risks. MC2 Management Consulting designs specific programs for organizations based on their particular needs. Our goal is to ensure that clients are prepared to deal with whatever fraud risks stand in the way of their established objectives.
Prior to forming his own practice in 1991, David was Director - Internal Auditing at Pacific Bell. He has twenty years' experience in investigating and auditing major frauds, including experience in both public and private sector organizations. He has served numerous times as an expert witness and a resource for attorneys in litigation matters.
David holds a Master of Business Administration as well as a Master of Science in Telecommunications Management. In addition, he holds a Certificate in Advanced Purchasing & Materials Management. He is a Certified Internal Auditor, Certified Information Systems Auditor, a Certified Fraud Examiner, and a Certified Government Financial Manager. David is a Life Member of the Association of Certified Fraud Examiners and a Life Member of the Institute of Internal Auditors.
He is a recognized international authority on fraud, risk management, and internal auditing practice. He is the author of over 50 articles and books, as well as a "Best Practices" video for internal auditors. His professional articles on fraud, risk, and internal auditing have been published in the USA, Europe, and the South Pacific. He is a frequently invited speaker at major internal audit conferences on six continents, and he has given seminars on fraud in more than ten countries.
His publications include
“Auditing Fraud” and “Control Self
Assessment”
electronic publications available on CD at both http://www.pleier.com/pubs.htm
and http://www.theiia.org.
David Mcnamee shares his
vast experince through the use of 120-pages
of
workbook, 80 PowerPoint slides, and 40 pages of
documentation. As
a bonus he also provides a 125 page "Simple Samples for
Auditors"
workbook - a course in itself.
Note: “Achieving
Auditor Excellence”, “Control Self Assessment”, and “Risk Management and Risk
Assessment” are also excellent additional
references for those using the "McKeever CRMA
Study System" and "McKeever CCSA
Study System"to pass the IIA CRMA and CCSA
exams.
Understanding Risk Better
This 120-page workbook is designed specifically for Internal Auditor Professionals to help them better understand the impact and role of Risk in any organization and its impact on effective Auditing.
This well-illustrated workbook contains both some new ways of thinking about risk and standard ways in practical and easily understood terms including:
What is Risk?
A New “Thinking” Model for Addressing Business Risks and Opportunities
Strategic Risk/Opportunity Curve
How Risk Assessment is used in the Audit Process
Risk Identification and Treatment
A Variety of Risk Measurement Methods
COSO, CoCo, and Cadbury
Risk Prioritization
Risk-Based Auditing
Using Risk in Building the Audit Universe and Annual Audit Plan
Numerous In-Depth Exercises to Further Understanding of the Material
Numerous Well-documented Examples to Help Further Understand the Material
"The Nature of Change"
This is an important document for understanding the role of internal auditing and risk management in a modern organization.
This publication presents practical information including:
Necessity of Understanding Change
Constantly Changing Organization Environment
Impact of Technology
Examining and Interpreting the Patterns of Change
Three Distinct Phases of Change
Risk of an Organization Losing Touch with its Environment
"Changing the Risk Paradigm"
Recognizing David McNamee’s status as a world-class expert on the subject of Risk he was invited to deliver a special invited presentation at the IIA 50th International Conference.
This PowerPoint, the handout from that presentation, offers the “state-of-the-art” practical information including:
Internal Audit Paradigms
Risk, Uncertainty, and the Environment
Assets at Risk
Risk and Internal Auditing
The Key to Audit Effectiveness
Risk-Based Auditing
The Emerging New Paradigm
Risk Management: A New Paradigm for the Millennium
Impacts on Internal Audit
A New Relationship with Management
The Opportunity to Build Value
"The Corporate Governance Loop: A Model of Stakeholder Interest"
This document helps better understand the meaning of the term “Governance” – a term widely used but difficult to explain.
Specifically this document clarifies in practical terms various concepts and terms including:
The Complexity of Governance
The Key Elements of Governance
The Governance Model
The Basic Wealth Model
The Enhanced Wealth Model
The Governance Loop
Risk Relations
It is the responsibility of managers to find fraud, but it is hard sometimes to locate the vital clues about where to look for it.
This concise document helps us better locate the vital clues including:
Use of Risk Assessment as a Tool
Three Elements of Risk Assessment
Three Elements of Fraud
Using a Model of Fraud Risk
Recognizing the Characteristics of Fraud Opportunities
Using a Method of Measuring the Risk of Fraud
The Internal Audit Professional today has a very powerful tool in CSA. To realize the full value of CSA requires recognizing the relationship that exists between CSA and Risk.
This PowerPoint discusses that relationship with practical information including:
CSA – An Approach, Not a Method
Why Use CSA
COSO, CoCo, Cadbury
Management Controls Implementation
Legislative and Financial Scandals
Self-Review Practices (such as New Zealand)
CSA and Risk Assessment
The Importance of Risk
The Nature of Risk
Risk and the Six Methods of Control Self-Assessment
Internal
Audit
Paradigms
"SAS No. 82: Determining the Risk of Fraud in Financial Statements"
SAS 82, Consideration of Fraud in a Financial Statement Audit creates a framework for examining the risk of material misstatements due to 1) fraudulent financial reporting and 2) misappropriation of assets.
This document provides an analysis and framework using the AICPA SAS No. 82 Standard including:
Comparison of SAS No. 82 and SAS No. 53
A Listing of the Red Flags of Financial Fraud
Risk Factors involving A Listing of Management’s Characteristics and Influences Over the Control Environment
Risk
Factors created
by Industry Conditions
Always an innovator David McNamee introduces new concepts of treating fraud within the risk management and internal auditing frameworks.
This PowerPoint presentation outlines those concepts with practical implementation strategies including the following topics:
Finding Fraud
A
Prescription for
Finding Fraud
Contrasting Views on Fraud – Risk Managers and Internal
Auditors
The Nature of Fraud
The
Old Triangle of
Fraud
The New Triangle of Fraud
Dealing with Fraud Risk
Fraud Risk Management
Fraud Auditing Practice
"Project Risk Management: Self-Assessment Questionnaire"
This document contains information for internal auditors and project managers to use as an aid to assessing and managing risk.
This document consists of a checklist for Risk Identification, Risk, and Control Description or Action Plan items including:
Risk Identification
Risk Measurement / Risk Prioritization
Risk Response / Risk Management
Risk
Response Control
Public Sector Risk
"Risk Management in the Public Sector”
By looking at how other have implemented risk management, Internal Audit Professional may be better prepared to participate in their own risk management projects.
This information and approach described should prove useful to all organizations especially those in public sector organizations.
This 140-page workbook was designed specifically for implementing ANZS 4360 Risk Management Standards.
This helps implement the framework in the article on "Managing Public Sector Risk Down Under".
This well-illustrated workbook contains both some new ways of thinking about risk and standard ways in practical and easily understood terms including:
The Risk Management Challenge
What is Risk?
How to Do Risk Identification
How to Do Risk Measurement and Prioritization
How to Do Risk Management
Glossary of Terms
Numerous In-Depth Exercises to Further Understanding of the Material
Numerous
Well-documented Examples to
Help Further
Understanding of the Material
"Managing
Public Sector Risk Down
Under"
Until 1995 few organizations except for internal auditing were familiar with the concept of managing with general business risks.
Both Australia and New Zealand have been leaders in devolving public sector services to other forms of organization. These changes created a very challenging environment for governance.
In 1995 these countries developed the world’s first standard for risk management AS/NZS 4360 that defined Risk and Risk Management as used in the public sector.
This article describes that implementation so that other can learn about it including:
Implementing the AS/NZS 4360 Standard
New Zealand Requirements for a comprehensive Risk Management System.
The Role of
Internal
Auditing
Case Studies
"Case
Studies in Risk-Based Auditing"
This document describes three case studies useful for profit making or governmental organizations to develop the pattern of thought necessary to be successful in risk-based internal auditing and project management.
This document provides the
background,
instruction, and worksheets formats for the following cases:
Performance Based Budgeting
Health Plan Contract Audit
IT Upgrade Project
About The Author:
Fran McNamee, CSP
Fran McNamee is Principal Consultant with Management Control Concepts and a frequent coauthor with David McNamee on the series of annual research reports issued by the firm. She is a professional statistician with a long number of years assisting auditors in sample design and evaluation.
Fran holds a Master of Science in Cybernetic Systems and a Bachelor of Science in Mathematics. In addition, she is a Certified Systems Professional. She takes an active role in the consulting, publishing and training at Management Control Concepts; however, this book is her first as lead project manager and author. Her goal was to write a book of valuable job aids for auditors wanting to use statistical sampling to improve their efficiency and effectiveness.
About The Workbook:
Internal Auditors diligently study sampling to pass the CIA and CISA examinations but quickly forget about this powerful tool when performing a real audit. Perhaps auditors think that proper statistical sampling techniques are too difficult to learn.
The workbook covers the samples that an auditor can take without consulting a statistician. Material is presented using case studies and problems of real internal audits to reinforce the fundamental principles.
Internal auditors deal mostly with simple samples using data for which there is usually supporting documentation about the items in the universe. Auditors also deal a lot with attributes with few exceptions (errors for example). This makes developing the sample plans easier. Since this is the case we hope this workbook and supporting material prompt you to use proper statistical sampling techniques in your audits.
This 127-page workbook with supporting files is specifically designed with internal auditors in mind. It introduces efficient internal auditing using "Stop-and-Go" techniques and efficient sample sizes as part of an overall risk-based internal audit approach.
As you read this workbook refer to the “The Bead Factory with Specifications and Instructor’s Guide” - Beadspecs Book and the supporting spreadsheet - Support Excel Worksheet.
This workbook includes explanatory text, examples from real audits, problems and exercises, and job aids to add lasting value.
Simple Samples
Defining the Outcome
Basic Sampling for attributes
How Close?
How Many?
Stratify, Cluster or What?
Dollar Unit Sampling and Other Not-So-Simple Forms
Judgmental Samples and Consensus
Glossary of Qualitative and Statistical Terms
Checklist,
Tables, and Job Aids
Other Resources
If you like the quality of this product please check http://www.pleier.com for additional resources.
Please tell other Audit Professionals during your sharing about these resources.
Thank you,
President
Pleier Corporation