Home > Risk > Auditors and risk models

Auditors and risk models

I am pleased that Matthew Leitch has reached out to me to start a dialogue on the skills internal auditors need to assess risk models – in particular those with any level of math.

I recommend his post on the subject.

I am not persuaded that auditors, even after absorbing Matthew’s teachings, will have sufficient insights and understanding to actually assess risk models of any complexity. However, they may have sufficient knowledge to start asking the right questions.

What do you think? What level of expertise is required to assess whether a risk model is appropriate, the assumptions and variables correct, and the logic sound?

  1. May 28, 2010 at 12:47 AM

    Complex models, directly audited by internal auditors will generally be a bad idea. That’s one of the points in my post. What is reasonable, with complex models, is for internal audit to have a look at what technically well qualified reviewers have done. There are also many opportunities to audit less complex models and a wide range of risk assessments where the numbers and risk descriptions used are far less meaningful than they should be.

    Like any audit, we have to be careful about the scope of what we do and have to work around the fact that the people we audit are often much more expert at their jobs than we are. Looking at risk management is no different.

    I wrote my book, “A pocket guide to risk mathematics: key concepts every auditor should know”, because I think that, for a lot of people, mathematics is a slightly intimidating area and we back off from it more than we need to. Auditors generally are brave people to tackle all the topics they do, but somehow when calculus and algebra get involved our self confidence wobbles.

    The book provides a lot of knowledge in a relatively digestible form that will allow great reviews of many risk analyses that have been quantified in some way and others that should have been. It will give people the ability to do limited but still valuable reviews of low to medium complexity models, and it will give the ability to look more searchingly at what mathematically qualified reviewers have done.

    The faults it allows you to identify include those that contributed to the Credit Crunch of 2007-2009.

    Perhaps most importantly it is designed to provide the self confidence to actually have go. The obvious strategy is to start with just doing existing reviews more rigorously, picking up the various faults that have not been identified before, then gradually move to more ambitious reviews.

    One thing it is very difficult for me to put into words is how different this situation looks once you have the knowledge. If auditors progress gradually they don’t have to take my word for it!

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: