MaGC was appointed to prepare a Risk-Based Internal Audit Manual (RBIAM) for a Telecom Company in Bhutan. The Audit Committee intended for their IA function to transition to risk-based approach and methods that can add value to the organization and improve its risk management. The mandate required MaGC to train the key stakeholders on the RBIAM.
MaGC conducted preliminary discussions and held a sensitization session with the Top Management to agree on the contents of the RBIAM and how it needs to align with the organizational policies and Risk Management system. MaGC conducted detailed discussions with key business functionaries; and collected information on the existing policies, processes, and internal control activities. Specifically, the functioning of the IA Section was examined in detail. A participatory approach was followed, and the IA section was involved in the various stages for inputs and validation.
The final output was the Risk-based Internal Audit Manual. MaGC team conducted a five-day training for the IA section to familiarize the team with the contents of the RBIAM. One day of training was dedicated to focus on Enterprise Risk Management (ERM) in which the Top Management participated. This helped them to fully understand and appreciate the context and role of Risk Based Audit.