March 17, 2023 - 6:32am
#1
We report and track the status of all audit and examination findings to our board of directors via a log on monthly basis. We are in the process of making some enhancements to the log, including adding the following fields:
- Risk Rating
- Subjective evaluation of the risk posed by an audit finding and the potential impact on operations.
- Resolution Level
- Subjective evaluation of the estimated level of difficulty to resolve a concern (audit or exam finding) based on management's judgement and/or potential cost.
We plan to use three levels to measure the risk or resolution level (i.e., low, moderate, and high).
Has anyone developed risk levels, including a description or guidelines for assessing an audit finding’s risk or the resolution level? If so, can you please share?
Thanks,
Dan Elston
Internal Audit Manager
BayPort Credit Union
