Site icon Risk and Control: Ideas for a better tomorrow

Exception Handling Process and Internal Audit

Recently IIA has re-named the Three Lines of Defence Model as Three Lines Model. This is done to recognise that ‘defence’ indicating value protection, which does not justify the value enhancement role played by Internal Audit.

 As an Internal Auditors we frown upon the exceptions, whereas exceptions are the risk that any process carry.

Do you think that a process which has the “exception handling process” which enhance the internal control environment?

 This question got multiple answers:

 Conclusion:

  1. Exception handling process is a good control as it considers the possibilities of events when things are not following set pattern.
  2. If there is a need, management can define manner in which exception can be handled or exception to process need to be handled.
  3. It will also be in line with ISO 9001:2015 for clause 6 planning where manner of handling nonconformity is pre decided as well as clause 9: Performance evaluation and clause 10: improvement.
  4. Most important: It gives clarity to everyone involved on how to handle exceptions leading to planned execution of process instead of reacting to the emergency.
  5. At the same time root cause analysis of exceptions is important.

Call for action:

Inputs/ comments/ suggestion: I welcome inputs/ comments / suggestions from readers on how to approach this issue. Feel free to correct me, educate me.

Share the Article: If you like it, share it. If you share it with others, and they comment, we all will get more learned.

(Disclaimer: The views expressed constitute the opinion of the author and the author alone; they do not represent the views and opinions of the author ’s employers, supervisors, nor do they represent the view of organizations, businesses or institutions the author is, or has been a part of.)

Exit mobile version