Aviation Risk Based Internal Audit Methodology Compared to Traditional Audit Approaches

Sofema Online (SOL) www.sofemaonline.com considers the value of developing a “Risk-Based” audit approach

Introduction

Risk-based audits allow businesses to adapt more easily to changing conditions by providing a consistent and comprehensive approach to risk management.

The risk-based audit methodology enables organisations to consider emerging risks that can be built into the framework of the organisations' risk appetite.

Apart from the obvious need to ensure that we manage safety risks across the business there is an underlying pressure on all organisations to seek economies throughout the organisation, in fact, it is a critical aspect of disciplined corporate governance.

If we can develop controls that directly connect to the degree of risk which is understood to exist then we can both leverage opportunities, improve efficiency, and potentially prevent undesirable outcomes.

Ultimately it is the responsibility of the leadership team to manage risks and initiate or authorize risk mitigation. However, the internal auditing process can play a significant role with the introduction of Risk-Based Auditing essentially providing confidence in the decisions which have been made by the Management Team.

Moving To a Risk-Based Audit Program

With traditional internal auditing, the audits are typically carried out within a specific time frame and would generally cover higher risk areas to the same depth as any other audit area.

Conversely, risk-based internal auditing is usually driven by the most recent risk assessments, with the top “threats” being covered far more frequently.

This means that from a control perspective, the audit focus shifts from deficiencies in all internal controls and non-compliances, to a more efficient way in which higher risks receive more attention.

Risk-based internal audits enable the allocation of resources in a more targeted way which ultimately is determined by the severity and volume of risks and the high-risk areas are where the audit team will focus their efforts.

The choice of a Risk-Based Audit Program typically means either a reduction in the overall time to audit, the ability to audit more in some areas, or a combination of the 2 aspects.

Any re-focusing of the audit program needs to be carried out within the context of a robust risk management framework.  Risk-based auditing puts the organisations risk appetite at the center of the auditing strategy to both ensure regulatory compliance and also address management’s highest priority risks.

Once in place and throughout the audit lifecycle, the risks continue to be assessed and addressed accordingly.

All findings are reported in the normal way but also serve as data to support further understanding by the management team so that they can either ratify or modify the decisions thus far made and to make well-informed decisions in the future.

Consider the benefits of risk-based internal auditing

Enhanced understanding of risk levels

>> Improved ability to identify and prioritize risks based on indicators such as risk likelihood and severity.
>> Supports the understanding of the consequences of actions in relation to each risk.
>> Helps to identify opportunities for additional associated mitigations related to any future risks.
>> Provides for improved resilience.

Next Steps

Sofema offers EASA Compliant Organizational Development through Risk-Based Auditing & Measurement of Effectiveness as a 2 Days training program available as a classroom, either in-company or open or as a web-based instructor-led training course - Check it out here

If you want to learn more about our services, please see www.sofemaonline.com or email us at team@sassofia.com