Thesis (MBA)- Stellenbosch University, 2004. / ENGLISH ABSTRACT: The main object of this study project is clause 14 of the circular 1/2000 "Minimum
Requirements for the Internal Audit Function of Banks" of the German Federal
Financial Supervisory Authority. It requires that banks have a risk management
system, a risk-based audit planning and a risk-based audit procedure. These have
initiated the transformation process of the internal audit functions from the traditional
audit approach, which is past and present orientated, to the risk-based audit
approach, which is future oriented. During audit planning the audit objects are
chosen due to their inherent-risk instead of choosing them due to indications of pastrelated
information or estimations. To determine the inherent-risk the audit object's
risk factors have to be determined and assessed.
The aim of the study is to set up a model, which allows the standardized
categorization of findings according to the Minimum Requirements for the Internal
Audit Function of Banks 1/2000, which requires a categorization of findings into at
least three categories: shortcoming, serious shortcoming, and particular grave
deficiency. The Minimum Requirements doesn't impose a restriction to the method of
categorization. The survey "Categorization of Findings" revealed that all banks are
categorizing the findings, but that only a few banks are using an objective method to
do so. To ensure a coherent, transparent and objective classification of the findings
the classification process has to be standardized. For a standardized classification
process the extent of the findings have to be comparable and quantitative. Therefore, techniques and methods have to be applied, which quantifies the extent of the
findings making them comparable.
In order to find the right method to assess the extent of the finding one has to look at
the components of a finding. A finding consists of risk, which is expressed by the
occurrence probability and the extent of damage. The occurrence probability and the
extent of damage are described by various risk factors, which are quantitative and
qualitative. These risk factors have to be objectively evaluated and aggregated to
determine the risk and thus, the extent of the finding.
The main problems of this assessment are the quantification of the qualitative risk
factors and the aggregation of all risk factors. For the quantification of qualitative risk
factors the methods three dimensional analysis and the Delphi-Method are most
appropriate. These two methods can be used for the evaluation of a quantitative risk
factor as well. Furthermore, the methods sensitivity analysis, Monte Carlo simulation,
and statistical methods can assist the assessment of qualitative risk factors, but
these methods alone are not appropriate for the assessment of qualitative risk
factors. When aggregating the assessments of the risk factors a combination of
successive comparison and Scoring Model are suitable.
The classification of findings for the annual audit report can be conducted by use of
the ABC-Analysis. Prior to this, the scored findings have to be weighted according to
the importance of the audit object for the company. All findings in class A represent
serious shortcomings and particular grave defiCiencies, class B represents
shortcomings, and class C negligible shortcomings. The classification process can be assisted by the use of the risk map and the risk portfolio, but the sole use of these
methods would not lead to a proper classification. / AFRIKAANSE OPSOMMING: Die hoof doelwit van hierdie studieprojek is klousule 14 van die Sirkuler 1/2000
"Minimum vereistes vir die Interne Oudit funksie van banke" van die Duitse Federale
Finansiele Toesighoudende gesag. Dit vereis dat banke 'n risikobestuur sisteem, 'n
risiko baseerde oudit plan en risiko baseerde oudit prosedures daar stel. Hierdie
verseistes het die transformasie van die interne oudit funksies inisieer, vanaf die
tradisionele benadering wat op die verlede en die huidige gefokus het, tot 'n risiko
gebaseerde benadering wat op die toekoms gerig is. Gedurende die oudit beplanning
word die oudit onderwerpe gekies vanwee hul inherente risikos eerder as vanwee die
indikasies van verlede-gebaseerde informasie of estimasies. Om die inherente
risikos te bepaal, is dit nodig om die oudit onderwerp se risiko faktore te bepaal en te
bereken.
Die doeI van die studie is die daarstelling van 'n model vir die gestandardiseerde
kategorisering van bevindinge na aanleiding van die "Minimum vereistes vir die
Interne Oudit funksie van banke" in ten minste drie kategorie: leemtes, ernstige
tekortkominge en spesifieke growwe tekorte. Die Minimum Vereistes beperk nie die
metode van kategorisering nie. Die opname "Catagorising of Findings" toon dat al
die banke wel hul bevindings kategorieseer maar dat slegs 'n paar banke 'n
objektiewe metode hierin toe pas. Om verstaanbare, deursigtige en objektiewe
klassifikasie van bevindinge te verseker is dit nodig dat die proses van klassifikasie
gestandardiseer word. Vir 'n gestandardiseerde klassifikasie proses moet die
resultate van bevindinge vergelykbaar en kwantitatief wees. Hiervoor moet tegnieke en metodes toegepas word wat die resultate van bevindinge kwantifiseer en so
vergelykbaar maak.
Om die regte metode te vind vir die analisering van die resultate van 'n bevinding,
moet daar na die komponente van die bevinding gekyk word. 'n Bevinding bestaan
uit risiko wat uitgedruk word as die gebeurlikheidswaarskynlikheid en omvang van
skade. Die gebeurlikheidswaarskynlikheid en omvang van skade word beskryf deur
'n verskeidenheid van risiko faktore wat beide kwalitatief en kwantitatief van aard is.
Hierdie risiko faktore moet objektief evalueer en saamgevat word om die risiko en so
die omvang van die bevinding te bepaal.
Die grootste probleem met die analise is die kwantifisering van die kwalitatiewe risiko
faktore en die samevatting van al die risiko faktore . Vir die kwatifisering van die
kwalitatiewe risiko faktore, is die Drie Dimensionele Analise en die Delphi metodes
die mees toepaslikes. Hulle kan ook gebruik word vir die evaluasie van 'n
kwantitatiewe risiko faktor. Verder kan die metodes van sensitiwiteitsontleding,
Monte Carlo simulasie en ander statistiese metodes ook help met die berekening van
kwantitatiewe risiko faktore. Hulle is egter nie toepaslik vir die berekening van
kwalitatiewe risiko faktore nie. Met die aggregasie van die analiese van risiko
faktore, is die kombinasie van Opeenvolgende Vergelyking en Punte Toekenning
modelle ook toepaslik.
Die klassifisering van bevindinge vir die jaarlikse oudit verslag kan gedoen word deur
die gebruik van ABC-analise. Voorheen moes daar aan die bevindinge gewigte
toegeken word in ooreenstemming met die belangrikheid van die oudit onderwerp vir die maatskappy. Alle resultate in klas A verteenwoordig ernstige tekortkominge en
besonder gewigtig gebrekkig , klas B verteenwoordig tekortkominge en klas C
geringe tekortkominge. Die klasifikasie proses kan bygestaan word deur die gebruik
van 'n risiko kaart en risiko portefeulje. Die alleen gebruik van die metodes sal egter
nie 'n ordentlike klassifikasie verseker nie.
| Identifer | oai:union.ndltd.org:netd.ac.za/oai:union.ndltd.org:sun/oai:scholar.sun.ac.za:10019.1/70206 |
| Date | 12 1900 |
| Creators | Scholz, Christian |
| Contributors | Smith, Johan, Stellenbosch University. Faculty of Economic and Management Sciences. Graduate School of Business. |
| Publisher | Stellenbosch : Stellenbosch University |
| Source Sets | South African National ETD Portal |
| Language | en_ZA |
| Detected Language | Unknown |
| Type | Thesis |
| Format | 180 p. : ill. |
| Rights | Stellenbosch University |
Page generated in 0.0023 seconds