ResearchBib IF-2023: 11.01, ISSN: 3030-3753, Valume 1 Issue 7
ISSN: 3030-3753. VOLUME 1, ISSUE 2
200
DEVELOPMENT OF RISK-BASED PLAN OF INTERNAL AUDIT SERVICE OF
COMMERCIAL BANKS
Gayibnazarova Maftuna Maqsud qizi
Bank finance academy listener.
https://doi.org/10.5281/zenodo.13830322
Abstract. This article describes the development of a risk-oriented plan for the internal
audit service of commercial banks. It talks about increasing the competitiveness of commercial
banks in the national economy, further strengthening their positions in international integration
and economic processes, as well as internal control, i.e. the audit service, when checking and
assessing the compliance of banks is supported by global requirements and standards. The article
examines the above issues, provides suggestions and recommendations for improving the internal
audit service.
Keywords:
internal audit plan; internal audit program; audit risks; residual risks;
internal control system.
РАЗРАБОТКА РИСК-ОРИЕНТИРОВАННОГО ПЛАНА СЛУЖБЫ ВНУТРЕННЕГО
АУДИТА КОММЕРЧЕСКИХ БАНКОВ
Аннотация. В данной статье описано разработка риск-ориентированного плана
службы внутреннего аудита коммерческих банков. При этом говорится о повышении
конкурентоспособности коммерческих банков в национальной экономике, дальнейшем
укреплении их позиций в международной интеграции и экономических процессах, а также
о внутреннем контроле, т.е. аудиторской службе, при проверке и оценке соответствия
банков поддерживается глобальными требованиями и стандартами. В статье
рассмотрены вышеуказанные вопросы, даны предложения и рекомендации по
совершенствованию службы внутреннего аудита.
Ключевые слова: план внутреннего аудита; программа внутреннего аудита;
аудиторские риски; остаточные риски; система внутреннего контроля.
A comprehensive strategic and annual plan of internal audit activities plays a very
important role for the successful operation of internal audit. The next step in the scope of an audit
is to identify and assess risks and develop plans to eliminate problems in critical areas. Planning
provides a systematic approach to internal audit activities and requires knowledge and competence
in various areas of internal control and risk assessment.
Strategic plan.
ResearchBib IF-2023: 11.01, ISSN: 3030-3753, Valume 1 Issue 7
ISSN: 3030-3753. VOLUME 1, ISSUE 2
201
The purpose of the strategic plan is to document the opinions about the "audit need", in
particular, the internal audit opinion about the types of systems, activities and programs that are
audited, which provide management with logical assurances about the effectiveness of internal
audit and risk. The plan should include:
−
within the next 2-4 years, clearly defined tasks and performance indicators, which internal
audit will achieve, are interconnected with the situation and the bank's strategy;
−
information on the methodology used to prepare the strategy, as well as how the internal
audit performs the risk assessment that affects the bank's goals and objectives;
−
information on how internal audit will work in important areas during the coming period.
It is usually necessary to determine the period of examination of various elements of the
scope of the audit. Perhaps some systems and processes should be reviewed annually. Others may
need to be checked every 3 or 5 years.
−
necessary and available resources necessary to meet these needs, as well as limited
resources affecting the level of ideal audit coverage;
−
assessment by internal audit of the risk of events affecting the activities aimed at achieving
the goals envisaged in the audit strategy and reducing such risks. (For example, deficiencies in
staffing, lack of specialists, training and other types of activities necessary to eliminate these risks);
−
a plan to coordinate work with another reliable source of information (for example, an
external audit);
−
approaches for developing further recommendations;
−
high and long-term goals that cannot be achieved in the short term, achieving the goals that
the internal audit task seeks;
A strategic plan is an internal audit platform. You need to know how to use it skillfully.
Strategy is an opportunity to show management all the work internal audit departments can
do to help the bank achieve its goals. A strategic plan can be a useful tool for securing
management's support in advance.
Annual audit plan.
The annual plan of the audit is a strategic plan in which the tasks for conducting the audit
in the current year have been reformulated. It should specify the purpose (name) of the task of
conducting the audit, its deadline, the employees who will perform this task, and other resources.
The plan should represent the basis for agreeing the tasks and their deadlines with the
relevant management. As this depends on available resources, it is preferable that the audit plan
also reflects the budget period.
ResearchBib IF-2023: 11.01, ISSN: 3030-3753, Valume 1 Issue 7
ISSN: 3030-3753. VOLUME 1, ISSUE 2
202
In order for the work plan for the entire bank to be true and useful, the head of internal
audit should consider the following issues when developing the annual plan:
−
it is necessary to analyze and determine the significance of the omitted deficiencies
provided for in the strategic plan of the audit, in the area obtained as a result of the audit;
−
the last annual work plan, taking into account the main conclusions of the previous audit,
which indicate a change in the level of risk;
−
organizational and temporal restrictions (for example, a department in a bank, an office
located in an inaccessible place in winter, vacations and holidays, periods of introduction of a new
IT system, periods of high load);
−
necessary reserved resources for unplanned work in order to avoid quick changes in the
annual work plan;
−
alternative audit program in case of issues left for the next periods or the volume of work
is less than expected;
The plan should be prepared before the beginning of the year. Not all audits will be
completed during the current year, so the plan for the next year should also include work that was
not completed in the previous year.
The plan should take into account the resources that are actually available. Although the
vacancies may be filled during the year, it is recommended to consider the actual available
resources rather than the available resources in the plan.
Sufficient time should be allocated to planning and compiling the audit report.
No one goes according to plan. The plan should allow sufficient time for management to
respond to the recommendations.
Constant updating of the plan - regular monitoring of risks.
Risk does not have a permanent content. It varies from time to time. In addition, events that
happen anyway (for example, severe budget cuts) create new risks for the bank.
For this reason, auditors should be aware of important events that occur during the year
(for example, by observing new official documents, external reports, media coverage and changes
in the legislative framework) and their impact on the audit plan (for example, the appointment of
a new minister who has a different opinion about which projects are priorities for the budget)
monitor.
Annual review of the strategic plan.
Planning is a dynamic process. A new system, modern information and other factors
affecting the bank may require reconsideration of the need for an audit. Therefore, the strategic
ResearchBib IF-2023: 11.01, ISSN: 3030-3753, Valume 1 Issue 7
ISSN: 3030-3753. VOLUME 1, ISSUE 2
203
plan should be clarified annually by the audit as a document on risk assessment. At the end of the
period, the plan can be completely revised.
When revising the audit strategic plan, the head of internal audit should analyze the
following situations:
−
bank, its activity, purpose or changes occurring in conditions of activity. This may affect
the risks faced by the bank in achieving its objectives and, accordingly, all the relative risks in the
audited system;
−
the results of audits of previous years may lead to changes in initial risk assessment and
revision of priority tasks. They may indicate important areas of audit focus, such as re-auditing a
particular system or auditing a related system;
−
is the budget sufficient for internal audit to function effectively?
Annual update of risk assessment
It is usually necessary to update the risk assessment annually. For this, it is necessary to
analyze according to the risk factor and check whether the priority of the audit objects has not
changed.
Analysis of important events that occur during the year.
If significant events occur during the year that significantly affect the level of risk (e.g.,
significant budget cuts), an immediate review of the risk and criteria assessment may be required
to decide whether changes to the annual work plan are required.
Application for conducting an additional audit during the year.
No plan is perfect. Changes are inevitable and can occur for various reasons:
−
the bank can be reorganized;
−
the new senior management may face different views on the priority of certain types of
activities;
−
the fact of serious fraud can be detected, which indicates the existence of a much higher
risk in this area;
−
The Minister may require some sector audits earlier than envisaged in the strategic plan.
However, the head of internal audit must manage a balance between meeting such
requirements and ensuring the level of work with key identified risks included in the overall work
program. It is necessary to hold a discussion with the top management regarding the
implementation of each special work regarding the expediency of these requirements and how
much they will affect the implementation of the annual work plan. The results of the discussion
should be formalized in the form of a document.
ResearchBib IF-2023: 11.01, ISSN: 3030-3753, Valume 1 Issue 7
ISSN: 3030-3753. VOLUME 1, ISSUE 2
204
If the head of internal audit agrees to perform tasks that are not included in the annual work
plan, the work schedule should be revised and presented to management. As a rule, the annual
work plan should not be changed more than once a quarter.
Many internal audit departments allocate a portion of their resources to unscheduled work.
Internal audit leaders need to consider issues based on accumulated experience in
determining the scope of such unplanned work.
Management should be informed of the impact of performing additional audit work during
the year. If a new task is obtained, it should be clearly explained what other tasks it will not be
able to perform.
REFERENCES
1.
Кеворкова Ж.А. (2014) Внутренний аудит, Москва: Юнити-Дана, 90- 7.
2.
Каримов Н.Ф. (2006) Тижорат банкларида ички аудит, Тошкент: Фан, 167.
3.
Мелиев И. (2017) “Аудитни режалаштириш: муаммо ва ечимлар” Бизнес-эксперт,
№6(114)-2017.
4.
Basel Committee on Banking Supervision (2012) “The internal audit function in banks”,
Bank for International Settlements.
5.
Mgr. Ion-Bogdan Dumitrescu (2004) “Internal audit in banking organisations” BIATEC.
