For example, at The Schwan Food Com

For example, at The Schwan Food Company food quality and food safety are two areas of continual vigilance. The internal audit personnel will assess a gross risk of raw materials contamination at a certain level, but to control this very serious risk, every single batch of raw materials of product that comes into The Schwan Food Company’s factories is tested for contamination. As a result of these very stringent controls that are in place, the residual risk is assessed as extremely low. For additional examples of residual risk ratings, see Exhibit 9.
Those business functions or processes with residual risk above a certain level are considered candidates for potential internal audit projects. The first question, however, is what expertise or resources are needed to best address the residual risk. Can management address the risk directly process can be directly addressed by management. In other cases, either the legal department, the compliance department, or the external auditors, may be the most appropriate resource. Those functions or processes most appropriately addressed by the IAD are entered into the internal audit plan. That plan is reviewed with senior and business unit management and must be approved by the audit committee