Going beyond residual risk – what’s your tolerance?
This presentation ties in with the topic chosen as it provides a methodical solution to assessing the risk tolerance of management and helping them establish the depth of their action plans resulting from audit recommendations. The presentation will walk through the mechanics of the tool and then provide actual examples of how it has been used within the CRA for the risk-based audit plan, the Agency’s IT Security Plan and the determination of the risk tolerance of senior management in a decision to address a given audit recommendation. As well, the limitations of the tool, along with the need for professional judgement in its application, will be discussed. Not only is this tool applicable to tax administrations and government entities but can also be applied by internal audit shops within the private sector. Furthermore, the tool offers insight into improving efficiencies during the clearance and reporting phase of an internal audit.