PAG Internal Audit Methodology Universe of Risks & Rewards
Our methodology revolves around the assessment of current & potential risks your company face today. We belive in supporting you in the application of best mitigation tactics that would promote the risk containment and rewards thereafter.
The Basic Evaluation : The initial evaluation includes obtaining an understanding of the overall internal audit focus, the importance and reliance on IT and process capabilities by the business, the internal audit budgeting and project scoping processes and the integration of IT audit into the overall Risk Assessment of the company.
This review can help management prioritize audit projects and assess the current resource and skill levels necessary to perform the total audit function.
Analyze Audit Universe : Our analysis include all aspects of the organizational audit structure, including IT capabilities, management objectives, Internal Audit prerogatives and compliance expectations.
IT Audit Universe Risk Assessment : The PAG IT risk assessment methodology contains proprietary Risk Control Matrices and Internal Control Benchmarks that employs a scoring methodology to each component of the IT universe and prioritizes high risk IT areas.
Assessment and Plan Development : Our internal audit methodology is used to benchmark the existing process and IT internal audit plan and provide a gap analysis and action plan for improvement.
Resource and skill assessment : Our methodology is used to determine the overall audit skills required versus the current audit skills available within the business or within the current sourcing arrangements entered into by the business.
Benefits that you can expect
Efficiencies within the internal audit function, lowering costs
Benchmark the current audit function against best practices and with clear recommendations for improvement
Meaningful assurance to the external parties
Achieve alignment between the process and IT audit function and the company’s business and IT strategies
Obtain completely independent third party assessment of the process and IT audit function