Insights from Audit Committee Chairs Research conducted by Protiviti & IIA-Australia. Webinar presentation May 2014

Transcription

1 Insights from Audit Committee Chairs Research conducted by Protiviti & IIA-Australia Webinar presentation May 2014

2 A Reminder Following the webinar, all attendees will receive a link to a copy of the presentation and recording. During the webcast you can ask questions by entering your questions in the Q&A widget on your screen. There will be a Q&A session at the end of the call.

3 Today s Presenters Chris Grant is a Managing Director in Protiviti s Sydney office. He leads the Australian IT Audit practice for Protiviti. He has over 20 years experience working with companies across multiple industries in the areas of IT Auditing, Computer Aided Auditing Techniques, IT governance, IT risk assessment, Project Assurance and Internal Audit. He has held leadership positions in the IIA and ISACA and was previously a partner in one of the big 4 accounting firms. chris.grant@protiviti.com.au Todd Davies has been a tireless advocate on behalf of the internal audit profession for more than 10 years particularly through his work with the IIA. He is a member of a number of Audit and Risk Committees in Melbourne, Sydney and Wollongong. Todd Davies and Associates works with organisations to get the best out of their risk and assurance functions. If that s of interest to you, you can find more information on that at todddavies.com.au. todd@todddavies.com.au

4 Background Sixth year of research Insights from Audit Committee Chairs The roundtables were held in Sydney and Melbourne in February

5 Key areas covered in the survey 1. Reliance on internal audit 2. Authority and independence 3. Trends and value 4. Internal audit reporting 5. Capability of the internal audit function 6. Enhancing the profession 4

6 1. Reliance on Internal audit 5

7 Reliance on Internal Audit Still the eyes and ears But not for everything Emerging role of the Chief Risk Officer Strategic risk Dynamic audit plans Peak assurance provider? No monopoly 6

8 2. Authority and independence 7

9 Authority and independence Reporting lines Mechanics budget, hiring & firing etc EQA - will this ever be demand-led? 8

10 Mission accomplished Excessive management influence is unacceptable CAEs have a role to play Culture is critical Direct functional reporting line to the Audit Committee Private versus public sector 9

11 Internal audit has risen up the value chain substantially in the last few years. It has a seat at the table for the full meeting. But this can t be taken for granted. It will always come down to the calibre of the CAE. 10

12 3. Trends and value 11

13 Internal Audit Priorities 12

14 Trends and value Priorities varied enormously by organisation and industry Forward looking Balance Commercial, commercial, commercial Providing assurance where it mattered Help the committee to understand the risk environment Improve risk management and control (not just band-aids) Easier / better user experience 13

15 4. Reporting 14

16 Reporting On par with other board reports? Areas of focus Themes Trends Points of view Dashboards Page at a glance summaries Unnecessary details Overall opinions Risk-based vs key controls 15

17 Reporting I love traffic lights, charts and graphs anything that allows me to quickly prioritise or understand a trend Audit Committees have to give the board a view on the overall control health of the organisation. We expect the CEO, CFO and CRO to do the same, so why not internal audit? It s a cop-out for internal audit not to express a view. 16

18 5. Capability of the profession 17

19 Capabilities required The usual suspects communication, strategic thinking, influencing, negotiating, commercial acumen, leadership Also the areas with greatest perceived gaps Qualifications 18

20 Capabilities Internal audit should drive the debate on the organisation s total assurance program IA s progress on data analytics has been remarkably slow. Today, this is the only way to get across the volume and speed of transactions... The technology is now good enough, and previous obstacles removed. It s up to internal auditors to push into this space. If IA doesn t lead this, someone else will. 19

21 6. Enhancing the profession 20

22 Enhancing the profession Stronger risk focus Integrated comprehensive assurance framework Concise insightful reporting Commerciality Relationships 21

23 Audit Committee chairs top tips Align work with emerging risks Be valuable through commercial acumen More timely and comprehensive insights through data Provide a comprehensive picture through assurance mapping 22

24 Questions