Risk Management and Risk Assessment

About the Author

David McNamee


David McNamee is President of MC2 Management Consulting, a successful consulting firm he founded in 1991 to specialize in improving corporate governance through consulting services in business risk and management control. MC2 Management Consulting serves a worldwide client list from all segments of public and private enterprise.

MC2 Management Consulting helps clients become better managers by providing business risk analysis tools and fraud training.  Each client faces a unique set of fraud challenges and risks. MC2 Management Consulting designs specific programs for organizations based on their particular needs.  Our goal is to ensure that clients are prepared to deal with whatever fraud risks stand in the way of their established objectives.

Prior to forming his own practice in 1991, David was Director - Internal Auditing at Pacific Bell.  He has twenty years' experience in investigating and auditing major frauds, including experience in both public and private sector organizations.  He has served numerous times as an expert witness and a resource for attorneys in litigation matters.

David holds a Master of Business Administration as well as a Master of Science in Telecommunications Management.  In addition, he holds a Certificate in Advanced Purchasing & Materials Management.  He is a Certified Internal Auditor, Certified Information Systems Auditor, a Certified Fraud Examiner, and a Certified Government Financial Manager.  David is a Life Member of the Association of Certified Fraud Examiners and a Life Member of the Institute of Internal Auditors.

He is a recognized international authority on fraud, risk management, and internal auditing practice.  He is the author of over 50 articles and books, as well as a "Best Practices" video for internal auditors.  His professional articles on fraud, risk, and internal auditing have been published in the USA, Europe, and the South Pacific.  He is a frequently invited speaker at major internal audit conferences on six continents, and he has given seminars on fraud in more than ten countries.

His publications include “Auditing Fraud” and “Control Self Assessment” electronic publications available on CD at both http://www.pleier.com/pubs.htm and http://www.theiia.org.

David Mcnamee shares his vast experince through the use of 120-pages of workbook, 80 PowerPoint slides, and 40 pages of documentation.  As a bonus he also provides a 125 page "Simple Samples for Auditors" workbook - a course in itself.

Note: “Achieving Auditor Excellence”, “Control Self Assessment”, and “Risk Management and Risk Assessment” are also excellent additional references for those using the "McKeever CRMA Study System" and "McKeever CCSA Study System"to pass the IIA CRMA and CCSA exams.

Understanding Risk Better


"Audit Risk Assessment"

This 120-page workbook is designed specifically for Internal Auditor Professionals to help them better understand the impact and role of Risk in any organization and its impact on effective Auditing.

This well-illustrated workbook contains both some new ways of thinking about risk and standard ways in practical and easily understood terms including:

What is Risk?

A New “Thinking” Model for Addressing Business Risks and Opportunities

Strategic Risk/Opportunity Curve

How Risk Assessment is used in the Audit Process

Risk Identification and Treatment

A Variety of Risk Measurement Methods

COSO, CoCo, and Cadbury

Risk Prioritization

Risk-Based Auditing

Using Risk in Building the Audit Universe and Annual Audit Plan

Numerous In-Depth Exercises to Further Understanding of the Material

Numerous Well-documented Examples to Help Further Understand the Material

"The Nature of Change"

This is an important document for understanding the role of internal auditing and risk management in a modern organization.

This publication presents practical information including:

Necessity of Understanding Change

Constantly Changing Organization Environment

Impact of Technology

Examining and Interpreting the Patterns of Change

Three Distinct Phases of Change

Risk of an Organization Losing Touch with its Environment

"Changing the Risk Paradigm"

Recognizing David McNamee’s status as a world-class expert on the subject of Risk he was invited to deliver a special invited presentation at the IIA 50th International Conference.

This PowerPoint, the handout from that presentation, offers the “state-of-the-art” practical information including:

Internal Audit Paradigms

Risk, Uncertainty, and the Environment

Assets at Risk

Risk and Internal Auditing

The Key to Audit Effectiveness

Risk-Based Auditing

The Emerging New Paradigm

Risk Management: A New Paradigm for the Millennium

Impacts on Internal Audit

A New Relationship with Management

The Opportunity to Build Value

"The Corporate Governance Loop: A Model of Stakeholder Interest"

This document helps better understand the meaning of the term “Governance” – a term widely used but difficult to explain.

Specifically this document clarifies in practical terms various concepts and terms including:

The Complexity of Governance

The Key Elements of Governance

The Governance Model

The Basic Wealth Model

The Enhanced Wealth Model

The Governance Loop

Risk Relations


"Risk Management and Fraud”

It is the responsibility of managers to find fraud, but it is hard sometimes to locate the vital clues about where to look for it.

This concise document helps us better locate the vital clues including:

Use of Risk Assessment as a Tool

Three Elements of Risk Assessment

Three Elements of Fraud

Using a Model of Fraud Risk

Recognizing the Characteristics of Fraud Opportunities

Using a Method of Measuring the Risk of Fraud

"CSA & Risk"

The Internal Audit Professional today has a very powerful tool in CSA.  To realize the full value of CSA requires recognizing the relationship that exists between CSA and Risk.

This PowerPoint discusses that relationship with practical information including:

CSA – An Approach, Not a Method

Why Use CSA

COSO, CoCo, Cadbury

Management Controls Implementation

Legislative and Financial Scandals

Self-Review Practices (such as New Zealand)

CSA and Risk Assessment

The Importance of Risk

The Nature of Risk

Risk and the Six Methods of Control Self-Assessment

Internal Audit Paradigms

"SAS No. 82: Determining the Risk of Fraud in Financial Statements"


SAS 82, Consideration of Fraud in a Financial Statement Audit creates a framework for examining the risk of material misstatements due to 1) fraudulent financial reporting and 2) misappropriation of assets.


This document provides an analysis and framework using the AICPA SAS No. 82 Standard including:

Comparison of SAS No. 82 and SAS No. 53

A Listing of the Red Flags of Financial Fraud

Risk Factors involving A Listing of Management’s Characteristics and Influences Over the Control Environment

Risk Factors created by Industry Conditions

"Fraud Risk Management"


Always an innovator David McNamee introduces new concepts of treating fraud within the risk management and internal auditing frameworks.

This PowerPoint presentation outlines those concepts with practical implementation strategies including the following topics:

Finding Fraud



A Prescription for Finding Fraud

Contrasting Views on Fraud – Risk Managers and Internal Auditors


The Nature of Fraud



The Old Triangle of Fraud

The New Triangle of Fraud

Dealing with Fraud Risk

Fraud Risk Management

Fraud Auditing Practice



"Project Risk Management: Self-Assessment Questionnaire"

This document contains information for internal auditors and project managers to use as an aid to assessing and managing risk.

This document consists of a checklist for Risk Identification, Risk, and Control Description or Action Plan items including:

Risk Identification

Risk Measurement / Risk Prioritization

Risk Response / Risk Management

Risk Response Control

Public Sector Risk


"Risk Management in the Public Sector”


By looking at how other have implemented risk management, Internal Audit Professional may be better prepared to participate in their own risk management projects.


This information and approach described should prove useful to all organizations especially those in public sector organizations. 


This 140-page workbook was designed specifically for implementing ANZS 4360 Risk Management Standards. 


This helps implement the framework in the article on "Managing Public Sector Risk Down Under". 

This well-illustrated workbook contains both some new ways of thinking about risk and standard ways in practical and easily understood terms including:

The Risk Management Challenge

What is Risk?

How to Do Risk Identification

How to Do Risk Measurement and Prioritization

How to Do Risk Management

Glossary of Terms

Numerous In-Depth Exercises to Further Understanding of the Material

Numerous Well-documented Examples to Help Further Understanding of the Material

"Managing Public Sector Risk Down Under"

Until 1995 few organizations except for internal auditing were familiar with the concept of managing with general business risks.


Both Australia and New Zealand have been leaders in devolving public sector services to other forms of organization.  These changes created a very challenging environment for governance.


In 1995 these countries developed the world’s first standard for risk management AS/NZS 4360 that defined Risk and Risk Management as used in the public sector.

This article describes that implementation so that other can learn about it including:

Implementing the AS/NZS 4360 Standard

New Zealand Requirements for a comprehensive Risk Management System.

The Role of Internal Auditing

Case Studies


"Case Studies in Risk-Based Auditing"

This document describes three case studies useful for profit making or governmental organizations to develop the pattern of thought necessary to be successful in risk-based internal auditing and project management.

This document provides the background, instruction, and worksheets formats for the following cases:

Performance Based Budgeting

Health Plan Contract Audit

IT Upgrade Project

"Simple Samples for Auditors"


About The Author:


                                             Fran McNamee, CSP


Fran McNamee is Principal Consultant with Management Control Concepts and a frequent coauthor with David McNamee on the series of annual research reports issued by the firm.  She is a professional statistician with a long number of years assisting auditors in sample design and evaluation.


Fran holds a Master of Science in Cybernetic Systems and a Bachelor of Science in Mathematics.  In addition, she is a Certified Systems Professional.  She takes an active role in the consulting, publishing and training at Management Control Concepts; however, this book is her first as lead project manager and author.  Her goal was to write a book of valuable job aids for auditors wanting to use statistical sampling to improve their efficiency and effectiveness.


About The Workbook:


Internal Auditors diligently study sampling to pass the CIA and CISA examinations but quickly forget about this powerful tool when performing a real audit.  Perhaps auditors think that proper statistical sampling techniques are too difficult to learn.


The workbook covers the samples that an auditor can take without consulting a statistician. Material is presented using case studies and problems of real internal audits to reinforce the fundamental principles.


Internal auditors deal mostly with simple samples using data for which there is usually supporting documentation about the items in the universe.  Auditors also deal a lot with attributes with few exceptions (errors for example). This makes developing the sample plans easier.  Since this is the case we hope this workbook and supporting material prompt you to use proper statistical sampling techniques in your audits.


This 127-page workbook with supporting files is specifically designed with internal auditors in mind.  It introduces efficient internal auditing using "Stop-and-Go" techniques and efficient sample sizes as part of an overall risk-based internal audit approach.


As you read this workbook refer to the “The Bead Factory with Specifications and Instructor’s Guide” - Beadspecs Book and the supporting spreadsheet - Support Excel Worksheet.

This workbook includes explanatory text, examples from real audits, problems and exercises, and job aids to add lasting value.

Simple Samples

Defining the Outcome

Basic Sampling for attributes

How Close?

How Many?

Stratify, Cluster or What?

Dollar Unit Sampling and Other Not-So-Simple Forms

Judgmental Samples and Consensus

Glossary of Qualitative and Statistical Terms

Checklist, Tables, and Job Aids

Other Resources

If you like the quality of this product please check http://www.pleier.com for additional resources.

Order Online

Please tell other Audit Professionals during your sharing about these resources.

Thank you,

Pleier Corporation