About the Pulse of Internal Audit
|
|
- Barnard Anderson
- 6 years ago
- Views:
Transcription
1
2 About the Pulse of Internal Audit Number of Responses The IIA s Audit Executive Center (AEC ) has gathered insight from leaders in the CAEs 460 profession through the annual Pulse of Internal Audit survey since Each survey collects information about both established and emerging issues that are important to the Director/senior 78 profession as well as information about internal audit management (such as areas of focus, managers staff, and budget levels). Total 538 The 2017 North American Pulse of Internal Audit survey (Pulse) was conducted online from Oct. 20, 2016, to Nov. 11, 2016, with survey invitations distributed through the AEC, The IIA, and social media. The IIA collected data from 538 respondents, including 460 chief audit executives (CAEs) and 78 director/senior managers. In Pulse reports, CAEs and director/senior managers are collectively referred to as CAEs. See the Appendix for additional information on respondent demographics. The survey results are analyzed and presented in multiple reports of which this is one. Complimentary high-level reports are made available to the public through The IIA s Pulse of Internal Audit resource page (visit More indepth reports for internal audit management are available exclusively to members of the AEC. For more information about joining the AEC, visit RESPONDENT DEMOGRAPHICS Internal Audit Position Country 1 CAE 12% United States 86% Director/senior manager 8 Canada Other Organization Type * Internal Audit Function Size (FTEs) 32% 20% 28% 27% 33% 2 10% 10% 10% 6% Publicly traded Public sector Privately held Nonprofit Financial services 1 to 3 4 to 9 10 to to or more *The financial services category was created by extracting financial services respondents from the other four categories: publicly traded, public sector, privately held, and nonprofit.
3 Contents Executive Summary... 2 Summary of Findings... 2 Section 1: Staffing and Budgets... 3 Staff Sizes in Staffing: 2016 Actual and 2017 Projections... 4 Budget: 2016 Actual and 2017 Projections... 6 Perspective on Projections... 7 Section 2: Internal Audit Reporting Lines... 8 Functional Reporting Lines... 9 Administrative Reporting Lines Section 3: Audit Effort and Risk Allocation of Audit Effort Assessment of Risk Comparison of Assessed Risk and Audit Effort Comparison of Assessed Risk and Audit Effort per Risk Area Allocation of Audit Effort to Strategic Goals Section 4: Internal Audit Skills and Training Skill Importance Variances and Methods of Training Section 5: Action Items for CAEs Appendix: Methodology ABOUT THE AUDIT EXECUTIVE CENTER The IIA s Audit Executive Center (AEC ) is the essential resource to empower CAEs to be more successful. The Center s suite of information, products, and services enables CAEs to respond to the unique challenges and emerging risks of the profession. For more information on the Center, visit ABOUT THIS DOCUMENT The information included in this report is general in nature and is not intended to address any particular individual, internal audit function, or organization. The objective of this document is to share information and other internal audit practices, trends, and issues. However, no individual, internal audit function, or organization should act on the information provided in this document without appropriate consultation or examination. To download a digital version of this report, visit COPYRIGHT Copyright 2017 by The Institute of Internal Auditors (IIA) located at 1035 Greenwood Blvd., Suite 401, Lake Mary, FL 32746, U.S.A. All rights reserved. This report, including the written content, information, images, charts, as well as the pages themselves, is subject to protection under copyright laws. As copyright owners, only The IIA has the right to 1) copy any portion; 2) allow copies to be made; 3) distribute; or 4) authorize how the report is displayed, performed, or used in public. You may use this report for non commercial, review purposes. You may not make further reuse of this report. Specifically, do not incorporate the written content, information, images, charts, or other portions of the report into other mediums or you may violate The IIA s rights as copyright owner. If you want to do any of these things, you must get permission from The IIA. This report is reserved for your exclusive use as a member of the Audit Executive Center. To distribute this report or any contents, you must get permission from The IIA. 1
4 Executive Summary CAEs require high-level expertise in risk management, internal control, and governance processes to address established and emerging issues that are important to the profession. In addition, CAEs also require skills in administrative management the efficient use of resources to achieve the internal audit function s objectives. This is The IIA s first stand-alone report focusing on management of the internal audit function. There are four main topics addressed in this report, based on a broad survey of CAEs in North America. This report is intended to help CAEs benchmark against their peers, understand differences, and ensure that reasons for these differences are understood and explainable to management and the board. SUMMARY OF FINDINGS STAFFING AND BUDGETING Almost a third of respondents expect staff size to increase in 2017, nearly the same that experienced an increase in Few expect staff size to decrease. The internal audit profession has been much better at predicting when staff will increase than when staff will decrease. REPORTING LINES Overwhelmingly, CAEs functionally report to the board level. Public sector CAEs are the exception, most likely due to differences in governance structure. CAE administrative reporting lines vary considerably based on organization type. The majority of CAEs in publicly traded organizations report administratively to the chief financial officer (CFO), while administrative reporting lines in other sectors are more diverse. AUDIT FOCUS Overall, CAEs devote one-third of audit effort to risks aligned to the organization s strategy. The top five risks identified are cyber, compliance, IT, third-party, and operational risks. CAEs devote the highest level of internal audit effort to addressing operational risks. However, CAEs in publicly traded organizations devote their highest level of effort to financial reporting. Risk is a key driver for audit effort allocation. Other factors such as internal auditor competencies and past practices also appear to strongly impact the allocation of audit effort. SKILLS AND TRAINING Analytical/critical thinking and communication skills are the most important skills for internal auditors. Data analytics and cybersecurity are the two areas where internal auditors most need training. Most differences in responses are attributed to the respondent s organization type. Rarely were there notable differences based on the size of the internal audit function or the size of the organization. 2 Internal Audit Management Insights
5 Section 1: Staffing and Budgets Staff and budget are typically the most substantial resources used by internal audit to accomplish its mission. STAFF SIZES IN 2016 Internal audit functions range widely in size. Across all types of organizations, the majority (59 percent) of internal audit functions are staffed with fewer than 10 full-time equivalents (FTEs). Public-sector and privately held organizations have the biggest share of smaller internal audit functions (1 3 FTEs). Larger audit functions are most commonly seen among financial services and publicly traded organizations, where one in five audit functions have 25 or more FTEs. Smaller internal audit functions face a number of unique challenges. For example, it is more difficult to dedicate AUDIT FOCUS IIA Standard 2030: Resource Management The chief audit executive must ensure that internal audit resources are appropriate, sufficient, and effectively deployed to achieve the approved plan. resources to specific tasks, or to ensure sufficient breadth and depth of skills to cover the organization s full scope of risks. Throughout this report, it is noted where responses from CAEs managing smaller functions differ considerably from responses of those managing larger functions. However, in most cases, responses were consistent across staff size. Exhibit 1: Number of Full time Equivalent Staff by Organization Type Public sector 37% 3 22% 7% Privately held 36% 38% 1 12% Nonprofit 31% 30% 35% Financial services 27% 29% 23% 21% Publicly traded 15% 36% 28% 21% All respondents 26% 33% 25% 16% 1 to 3 4 to 9 10 to or more Note: Q35: Approximately how many full time equivalent employees make up your internal audit department? n =
6 STAFFING: 2016 ACTUAL AND 2017 PROJECTIONS 2016 ACTUAL CHANGE IN STAFF SIZE Survey respondents were asked how much staffing increased or decreased in Exhibit 2 shows the percentage of CAEs that reported an increase or decrease in the number of internal audit staff in For most organization types, more internal audit functions increased staff in 2016 than decreased staff. Organization types that are more highly regulated (such as financial services and publicly traded organizations) were more likely to increase staff size and less likely to decrease staff size in Among nonprofit organizations, the number of internal audit functions that increased staff size exceeded the number of audit functions that decreased staff size by 31 percentage points the biggest difference among all organization types. The reported nonprofit staff size increase was driven by healthcare respondents. The impact of internal audit function size was explored and size had no apparent impact on whether an internal audit function had an increase or decrease in staff size in Also, considering each organization type on its own, little difference was noted between internal audit functions of different sizes with one exception only 8 percent of smaller audit function CAEs (1 3 FTEs) in financial services reported a 2016 staff increase, compared to 32 percent among all financial services CAEs. For all organization types and internal audit function sizes, the average percentage by which staff increased (for those who reported an increase) was greater than the average percentage by which staff decreased (for those who reported a decrease). Exhibit 2: Percentage of Internal Audit Functions with Staff Increases or Decreases in % 32% 9% 8% 30% 17% 23% 15% 20% 20% 29% 1 Financial services Nonprofit Publicly traded Public sector Privately held All respondents Increased staff in 2016 Decreased staff in 2016 Note: Q36: Looking back over the past 12 months, the number of full time equivalent staff within your internal audit department has increased, decreased, remained the same, don't know, not applicable? (Choose one). n = Internal Audit Management Insights
7 2017 EXPECTED CHANGE IN STAFF SIZE Looking at 2017, Exhibit 3 indicates that 30 percent of all CAEs expect their staff size to increase while only 5 percent expect a decrease. This is similar to the actual experience in 2016 when more internal audit functions increased than decreased staff size. However, considerably fewer internal audit functions expect a decrease in staff in 2017 (5 percent), than experienced a decrease in 2016 (14 percent). As with the actual experience in 2016, expectations for 2017 differ noticeably by organization type. CAEs in privately held organizations have the highest expectations, with 42 percent expecting an increase. If realized, this will be a dramatic change from 2016 when staff size for this sector was stagnant (Exhibit 2). Insights into how these additional resources will be directed are provided in Section 3: Risk and Audit Focus. Exhibit 3: Percentage of Internal Audit Functions Expecting Staff Increases or Decreases in % 33% 35% 2 26% 30% 5% 0% 7% 6% 5% Financial services Nonprofit Publicly traded Public sector Privately held All respondents Expect to increase staff Expect to decrease staff Note: Q37: Looking ahead at the next 12 months, do you expect the number of full time equivalent staff within your internal audit function to increase, remain the same, decrease, don't know, not applicable? (Choose one.) n =
8 BUDGET: 2016 ACTUAL AND 2017 PROJECTIONS 2016 ACTUAL CHANGE IN BUDGET Internal audit budgets are typically driven by staff compensation, travel, and co-source costs, with staff compensation costs likely to account for the largest share. Expectations for changes in budget largely mirrored expectations for changes in staff size, with some notable differences. Forty percent of CAEs experienced a budget increase in 2016 (Exhibit 4) compared to 30 percent who experienced a staff size increase in the same year (Exhibit 3). This suggests that budget increases were due at least in part to expenses other than staff compensation costs. The largest variances in staff size and budget increases/decreases in 2016 were reported in financial services and nonprofit organizations EXPECTED CHANGE IN BUDGET As with 2016 actual variances, the largest variances in expected staff size and budget increases/decreases in 2017 were reported by financial services and nonprofit organizations (Exhibit 5). Exhibit 4: Percentage of Internal Audit Functions with Budget Increases or Decreases in % 47% 38% 35% 40% 12% 8% 20% 25% 13% 1 1 Financial services Nonprofit Publicly traded Public sector Private All respondents Increased budget in 2016 Decreased budget in 2016 Note: Q38: Looking back over the past 12 months, the budget of your internal audit function increased, remained the same, decreased, don t know, not applicable (choose one). n = 512. Exhibit 5: Percentage of Internal Audit Functions Expecting Budget Increases or Decreases in % 41% 33% 39% 47% 41% 9% 0% 11% 7% 10% 8% Financial services Nonprofit Publicly traded Public sector Privately held All respondents Expect to increase budget Expect to decrease budget Note: Q39: Looking ahead at the next 12 months, do you expect the budget of your internal audit function to increase, remain the same, decrease, don t know, not applicable (choose one). n = Internal Audit Management Insights
9 PERSPECTIVE ON PROJECTIONS Pulse 2015 and 2016 survey results indicate the internal audit profession as a whole is much better at predicting increases in staff size than decreases. Exhibit 6 compares 2015 predictions for 2016, compared to what actually happened in In 2015, 26 percent of CAEs representing the broad internal audit profession expected staff size to increase in 2016, which aligns closely to the 29 percent of CAEs who reported an actual staff increase in However, the internal audit profession may not be as good in predicting a decrease in staff size. As shown in Exhibit 7, only 4 percent of CAEs in 2015 said they expected staff size to decrease in 2016 while 14 percent reported an actual decrease. While there are many possible reasons, a comparison of 2015 and 2016 survey results indicates internal auditors may be better at predicting good news (staff increases) than predicting bad news (staff decreases). The message for CAEs is to carefully consider the possibility of unexpected decreases in staff in the future. Exhibit 6: Staff Size Increases in 2016 Compared to Projections in % 28% 30% 26% 25% 23% 28% 20% 20% 39% 29% 26% Financial services Publicly traded Public sector Privately held Nonprofit All respondents Projected in 2015 to increase staff in 2016 Actually increased staff in 2016 Exhibit 7: Staff Size Decreases in 2016 Compared to Projections in % 9% 5% 5% 6% 15% 3% 20% 1% 8% 1 Financial services Publicly traded Public sector Privately held Nonprofit All respondents Projected in 2015 to decrease staff in 2016 Actually reduced staff in 2016 Note for Exhibits 6 and 7: CBOK 2015/Pulse 2016 survey, Q26: In the next calendar year, how do you anticipate that your permanent staff levels will change? n = 603. Compared to Pulse 2017 survey, Q36: Looking back over the past 12 months, the number of full time equivalent staff within your internal audit department has increased, decreased, remained the same, don't know, not applicable? (Choose one). n =
10 Section 2: Internal Audit Reporting Lines Internal audit s effectiveness and efficiency can be significantly impacted by reporting lines. Most CAEs have separate functional and administrative reporting lines. IIA Standard 1110: Organizational Independence requires that CAEs report to a level within the organization that allows the internal audit activity to fulfill its responsibilities, which is interpreted as a functional reporting line to the board. AUDIT FOCUS IIA Standard 1110: Organizational Independence The chief audit executive must report to a level within the organization that allows the internal audit activity to fulfill its responsibilities. The chief audit executive must confirm to the board, at least annually, the organizational independence of the internal audit activity. Interpretation Organizational independence is effectively achieved when the chief audit executive reports functionally to the board. Examples of functional reporting to the board involve the board: Approving the internal audit charter. Approving the risk-based internal audit plan. Approving the internal audit budget and resource plan. Receiving communications from the chief audit executive on the internal audit activity s performance relative to its plan and other matters. Approving decisions regarding the appointment and removal of the chief audit executive. Approving the remuneration of the chief audit executive. Making appropriate inquiries of management and the chief audit executive to determine whether there are inappropriate scope or resource limitations. 8 Internal Audit Management Insights
11 FUNCTIONAL REPORTING LINES Functional reporting refers to oversight of the responsibilities of the internal audit activity, including approval of the internal audit charter, the audit plan, evaluation of the CAE, and compensation of the CAE. Functional reporting is important to prevent the specific interests of one function within the organization inappropriately impacting the work of internal audit. For most CAEs, functional reporting is to a board-level oversight group (Exhibit 8). Among CAEs in more heavily regulated organizations such as financial services organizations and health care organizations (included in the nonprofit category), nearly all report to an audit committee, board, or equivalent. This falls to 9 out of 10 CAEs in publicly traded organizations, 8 out of 10 in privately held organizations, and 7 out of 10 in public sector organizations. The lower percentage of CAEs reporting to an audit committee, board, or equivalent in the public sector is likely due to the public sector s unique governance structure, where an audit committee or board may not exist. Survey findings from The IIA s American Center for Government Auditing indicate that when a government organization does have a board structure similar to other organizations, the CAE nearly always reports to that board or one of its committees. No differences in reporting lines were noted based on internal audit function size. Across all organization types, internal audit functions of all sizes had the same likelihood of functionally reporting to a board-level oversight group. Exhibit 8: Functional Reporting Lines for CAEs Public sector 66% 22% 8% Financial services 98% 1% 1% Nonprofit 98% 2% Privately held 8 2% 8% 6% Publicly traded 92% 1% 5% 2% All respondents 89% 5% 3% 3% Board, audit committee CEO, president, agency head CFO, vice president of finance Other chief officers Note: What is the primary functional reporting line for the chief audit executive (CAE) or head of internal audit in your organization? n =
12 ADMINISTRATIVE REPORTING LINES Administrative reporting refers to oversight of day-to-day matters including such items as expense approval, human resource administration, normal internal communications, and internal policies and procedures. CAEs most often report administratively to the CFO, followed closely by reporting to the CEO. These results are similar to results from prior years. However, there are substantive differences based on organization type (Exhibit 9). The majority of CAEs in public-sector and financial services organizations report administratively to the CEO or a board-level oversight group, while only 15 percent of CAEs in publicly traded organizations report administratively to these highest levels of the organization. More than two-thirds of CAEs in publicly traded organizations report administratively to the CFO. Administrative reporting lines were analyzed for CAEs of different sized internal audit functions. Within each organization type, there were no meaningful differences in administrative reporting lines based on internal audit function size. As shown in Exhibit 8, a notable percentage of public sector CAEs report functionally to a member of executive management. These CAEs nearly always report administratively to the same position. Exhibit 9: Administrative Reporting Lines for CAEs Public sector 51% 10% 15% 17% 7% Financial services 49% 21% 23% 3% Nonprofit 31% 31% 28% 6% Privately held 18% 58% 16% Publicly traded 11% 69% 1 2% All respondents 33% 39% 18% 6% CEO, president, agency head CFO, vice president of finance Other chief officers Board, audit committee Other Note: Q33: What is the primary administrative reporting line for the chief audit executive (CAE) or head of internal audit in your organization? n = Internal Audit Management Insights
13 Section 3: Audit Effort and Risk ALLOCATION OF AUDIT EFFORT Internal audit is committed to bringing value to its organization. As such, the focus of internal audit functions is usually on areas that present the highest risk to the organization. Internal audit focuses on what is most important. Internal audit effort (i.e., resources) is allocated to various areas of the organization based on an assessment of risk, the ease or difficulty in performing audit work in different areas, and consideration of assurance provided by other parties. Overall, internal audit resources are primarily allocated to operational, financial reporting, and compliance risks (Exhibit 10). AUDIT FOCUS IIA Standard 2010: Planning The chief audit executive must establish a risk-based plan to determine the priorities of the internal audit activity, consistent with the organization s goals. Different organization types allocate effort differently. The following section discusses the allocation of audit effort for the five different organization types. For each organization type, the top five risk areas are highlighted in light blue (Exhibits 11 15). Exhibit 10: Percentage of Audit Plan Allocated per Risk Area Operational (not included elsewhere) 19% Financial reporting (including Sarbanes Oxley testing) 1 Compliance/regulatory (not related to financial reporting) 13% IT (not covered in other choices) 9% Financial areas other than financial reporting 9% Cyber (prevention and/or recovery) 6% Fraud identification and investigation (not covered in other audits) 6% Support for external audit 6% Enterprise risk management programs and related processes 5% Cost/expense reduction or containment Governance and culture Management of third party relationships 3% Sustainability or other nonfinancial reporting 1% Other 1% Total 100% Note: Q43: Looking ahead over the next 12 months, please indicate what percentage of your audit plan you anticipate will be allocated to each of the risk categories listed. n =
14 ALLOCATION OF AUDIT EFFORT WITHIN PUBLICLY TRADED ORGANIZATIONS CAEs in publicly traded organizations generally allocate CAE reports administratively to the CFO, the data more effort to financial reporting risks (including indicates that being a publicly traded organization is the compliance with Section 404 requirements of the U.S. key attribute. Within publicly traded organizations as a Sarbanes-Oxley Act of 2002) than any other area in the group, administrative reporting line had no relationship organization nearly 30 percent of all audit effort. to the extent of focus on financial reporting. That is, for publicly traded organizations, whether the CAE reported An analysis of effort devoted to financial reporting to the CEO or the CFO had no association with the considered whether there was a relationship with percent of effort devoted to financial reporting. It could be administrative reporting line. The extent of focus on inferred that the reason so many CAEs in publicly traded financial reporting was analyzed by industry type and organizations report to the CFO is the organization s then by administrative reporting line. While a focus on strong focus on financial reporting not the reverse. financial reporting is common in situations where the Exhibit 11: Percentage of Audit Plan Allocated per Risk Area (Publicly Traded Organizations) Operational (not included elsewhere) 13% Financial reporting (including Sarbanes Oxley testing) 29% Compliance/regulatory (not related to financial reporting) IT (not covered in other choices) Financial areas other than financial reporting 8% 9% 10% Cyber (prevention and/or recovery) Fraud identification and investigation (not covered in other audits) Support for external audit Enterprise risk management programs and related processes Cost/expense reduction or containment 6% 6% 6% Governance and culture Management of third party relationships 2% 2% Sustainability or other nonfinancial reporting Other 0% 1% Note: Q43: Looking ahead over the next 12 months, please indicate what percentage of your audit plan you anticipate will be allocated to each of the risk categories listed. (Publicly traded organizations only. The top five risk areas chosen are highlighted.) n = Internal Audit Management Insights
15 ALLOCATION OF AUDIT EFFORT WITHIN FINANCIAL SERVICES AND PRIVATELY HELD ORGANIZATIONS CAEs in financial services and privately held organizations allocate more effort to operational risks than any other area in these organizations. Organizations of both types devote more effort to financial reporting risks and other finance area risks than public sector or nonprofit organizations (Exhibits 12 15). Exhibit 12: Percentage of Audit Plan Allocated per Risk Area (Financial Services Organizations) Operational (not included elsewhere) 22% Financial reporting (including Sarbanes Oxley testing) 11% Compliance/regulatory (not related to financial reporting) 1 IT (not covered in other choices) 11% Financial areas other than financial reporting Cyber (prevention and/or recovery) Fraud identification and investigation (not covered in other audits) Support for external audit Enterprise risk management programs and related processes Cost/expense reduction or containment Governance and culture Management of third party relationships 7% 7% 6% 5% 3% Sustainability or other nonfinancial reporting Other 1% 1% Note: Q43: Looking ahead over the next 12 months, please indicate what percentage of your audit plan you anticipate will be allocated to each of the risk categories listed. (Financial services organizations only. The top five risk areas chosen are highlighted.) n =
16 Exhibit 13: Percentage of Audit Plan Allocated per Risk Area (Privately Held Organizations) Operational (not included elsewhere) 19% Financial reporting (including Sarbanes Oxley testing) 13% Compliance/regulatory (not related to financial reporting) 11% IT (not covered in other choices) 9% Financial areas other than financial reporting 12% Cyber (prevention and/or recovery) Fraud identification and investigation (not covered in other audits) Support for external audit Enterprise risk management programs and related processes Cost/expense reduction or containment Governance and culture Management of third party relationships 3% 3% 3% 6% 5% 7% 7% Sustainability or other nonfinancial reporting Other 1% 1% Note: Q43: Looking ahead over the next 12 months, please indicate what percentage of your audit plan you anticipate will be allocated to each of the risk categories listed. (Privately held organizations only. The top five risk areas chosen are highlighted.) n = Internal Audit Management Insights
17 ALLOCATION OF AUDIT EFFORT WITHIN PUBLIC SECTOR AND NONPROFIT ORGANIZATIONS Public-sector and nonprofit internal audit functions are CAEs working in public-sector organizations (e.g., serving similar in that operational risks are allocated the greatest the public interest). This likely is a key reason for similar resources. CAEs in public-sector and nonprofit allocations of audit effort. organizations also allocate noticeably less effort on Public-sector CAEs also pay a somewhat higher level of financial reporting compared to publicly held, financial attention to fraud, consistent with a common focus of services, or privately held organizations. Nonprofit fraud by government auditors (Exhibits 14 15). respondents work primarily in healthcare and educational services organizations, and may have similar interests to Exhibit 14: Percentage of Audit Plan Allocated per Risk Area (Public Sector Organizations) Operational (not included elsewhere) 2 Financial reporting (including Sarbanes Oxley testing) 2% Compliance/regulatory (not related to financial reporting) 16% IT (not covered in other choices) 8% Financial areas other than financial reporting Cyber (prevention and/or recovery) Fraud identification and investigation (not covered in other audits) Support for external audit Enterprise risk management programs and related processes Cost/expense reduction or containment Governance and culture Management of third party relationships 5% 5% 5% 6% 3% 9% 10% Sustainability or other nonfinancial reporting Other 1% 2% Note: Q43: Looking ahead over the next 12 months, please indicate what percentage of your audit plan you anticipate will be allocated to each of the risk categories listed. (Public sector organizations only. The top five risk areas chosen are highlighted.) n =
18 Exhibit 15: Percentage of Audit Plan Allocated per Risk Area (Nonprofit Organizations) Operational (not included elsewhere) 17% Financial reporting (including Sarbanes Oxley testing) 5% Compliance/regulatory (not related to financial reporting) 16% IT (not covered in other choices) 9% Financial areas other than financial reporting 13% Cyber (prevention and/or recovery) Fraud identification and investigation (not covered in other audits) Support for external audit Enterprise risk management programs and related processes Cost/expense reduction or containment Governance and culture Management of third party relationships 3% 7% 7% 9% Sustainability or other nonfinancial reporting Other 1% 1% Note: Q43: Looking ahead over the next 12 months, please indicate what percentage of your audit plan you anticipate will be allocated to each of the risk categories listed. (Nonprofit organizations only. The top five risk areas chosen are highlighted.) n = Internal Audit Management Insights
19 ASSESSMENT OF RISK Identifying, analyzing, and assessing risk requires substantial effort and professional judgment, but this helps to ensure that CAEs focus internal audit s effort on areas of greatest importance to the organization. Topping the list of CAEs assessment of higher organizational risks are, in order: cyber, compliance/regulatory, IT, thirdparty, and operational risks. AUDIT FOCUS IIA Standard 2010: Planning The chief audit executive must establish a risk-based plan to determine the priorities of the internal audit activity, consistent with the organization s goals A1: The internal audit activity s plan of engagements must be based on a documented risk assessment, undertaken at least annually. The input of senior management and the board must be considered in this process. Exhibit 16: Risk Assessment per Risk Area Cyber (prevention and/or recovery) 59% 30% 10% 1% Compliance/regulatory (not related to financial reporting) 40% 40% 18% 2% IT (not covered in other choices) 38% 45% 1 3% Management of third party relationships 3 39% 2 3% Operational (not included elsewhere) 31% 52% 15% 2% Fraud identification and investigation (not covered in other audits) 18% 46% 3 2% Enterprise risk management programs and related processes 18% 4 33% 5% Governance and culture 15% 41% 41% 3% Financial reporting (including Sarbanes Oxley testing) 13% 30% 4 13% Cost/expense reduction or containment 12% 39% 45% Financial areas other than financial reporting 12% 43% 42% 3% Support for external audit 3% 10% 80% 7% Sustainability or other nonfinancial reporting2% 16% 62% 20% High or very high Medium Low or very low Not applicable Note: Q45: How would you describe the level of risk in your organization in the following areas? n =
20 COMPARISON OF ASSESSED RISK AND AUDIT EFFORT A number of factors influence the amount of audit effort allocated to specific areas of an organization. The internal auditor s assessment of risk determines, in part, priorities of the risk-based audit plan, but it is not the only factor that can influence the allocation of audit effort. In addition, externally imposed compliance requirements, preferences of key stakeholders (e.g., board members), scope of internal audit work as defined in its charter, and even internal audit capabilities can affect how much effort is devoted to specific areas. Three metrics help illustrate the relationship between assessed risk levels, existing percentage of audit plan allocated to addressing the risk area, and anticipated percentage of the audit plan allocated to addressing the risk area (Exhibits 17 and 10). Comparing these three different, but related, metrics can help explain how CAEs are planning to allocate audit effort in In general, there is strong positive relationship between areas considered high or very high risk and plans to allocate more of the audit plan to that risk area. However, this is not always the case. For example, CAEs who already devote adequate attention to a high or very high risk area may not need to allocate more of the audit plan to that risk. There is not a strong positive relationship between areas considered high or very high risk and the percentage of the audit plan that is allocated to that risk. This is evidence that a multitude of factors, in addition to risk, impact the overall allocation of audit effort. Exhibit 17: Comparison of Assessed Risk, Audit Plan Allocation, and Plans to Increase Audit Effort Allocation per Risk Area Risk Areas Percentage Who Assess Risk Area as High or Very High (Q45) Percentage of Audit Plan Allocated per Risk Area (Q43) Net Percentage Who Expect to Increase Audit Effort per Risk Area in 2017 a (Q44) Cyber (prevention and/or recovery) 59% 6% 4 Compliance/regulatory (not related to financial reporting) 40% 13% 26% IT (not covered in other choices) 38% 9% 27% Management of third party relationships 3 3% 2 Operational (not included elsewhere) 31% 19% 20% Fraud identification and investigation (not covered in other audits) 18% 6% 20% Enterprise risk management programs and related processes 18% 5% 25% Governance and culture 16% 22% Financial reporting (including Sarbanes Oxley testing) 13% 1 10% Financial areas others than financial reporting 12% 9% 16% Cost/expense reduction or containment 12% 19% Support for external audit 3% 6% 13% Sustainability or other nonfinancial reporting 2% 1% Other 1% Note: Q45: How would you describe the level of risk in your organization in the following areas? Very high, high, medium, low, very low. n = 538. Q43: Looking ahead over the next 12 months, please indicate what percentage of your audit plan you anticipate will be allocated to each of the risk categories listed. n = 535. Q44: Projected change [in audit plan] from the last 12 months to the next 12 months. Increase, decrease, no change, not applicable. n = 535. a Percentage who expect to allocate more of the 2017 audit plan to addressing the risk area minus the percentage who expect to allocate less of the 2017 audit plan to addressing the risk area. 18 Internal Audit Management Insights
21 COMPARISON OF ASSESSED RISK AND AUDIT EFFORT PER RISK AREA Audit effort for specific risk areas is explored in more detail in Exhibits Throughout these exhibits, it is apparent that CAEs who describe an area as higher risk in their organization planned to devote more audit effort to that area in 2017, and were more likely to be increasing that effort compared to the previous year. Analysis indicates this pattern was consistent across all organization types, for all risk areas presented in these exhibits. CYBER Cyber is the area considered higher risk by more CAEs than any other area. While it is the area where most CAEs are likely to be increasing audit effort compared to other areas, cyber is expected to receive only a small allocation of audit effort in There are a number of possible reasons for the low level of audit effort planned to be devoted to cyber. CAEs may be deciding to limit audit effort if the maturity of the organization s response to cyber risk is low and multiple other parties are working on improvements (e.g., IT security, external consultants). It may be premature to devote high levels of audit effort if the conclusion is obvious. Alternatively, internal audit s lack of specialty Exhibit 18: Cyber Risk Assessment Compared to Audit Effort 59% assess risk as high or very high (Q45) AUDIT FOCUS IIA Standard 1210: Proficiency Internal auditors must possess the knowledge, skills, and other competencies needed to perform their individual responsibilities. The internal audit activity collectively must possess or obtain the knowledge, skills, and other competencies needed to perform its responsibilities. skills might preclude it from performing more extensive audit work. Whether one of these reasons, or some other reason, applies to a specific internal audit function, cyber is the area where more internal auditors are increasing effort in 2017 than any other. COMPLIANCE/REGULATORY The compliance/regulatory area was assessed as higher risk by many organizations, but there were notable differences based on organization type. Approximately half of CAEs in financial services and nonprofit organizations assessed this risk as higher, while only one-third of those in the other organization types did the same. Similarly, the decision Exhibit 19: Compliance/Regulatory Risk Assessment Compared to Audit Effort 40% assess risk as high or very high (Q45) Percentage of audit plan allocated to risk area (Q43) 7% 5% Percentage of audit plan allocated to risk area (Q43) 11% 17% Net percentage who expect to increase audit effort in 2017 (Q44) 29% 41% Net percentage who expect to increase audit effort in 2017 (Q44) 1 20% Assessed risk as high or very high Assessed risk as medium, low, or very low Assessed risk as high or very high Assessed risk as medium, low, or very low 19
22 whether to increase audit effort in 2017 was closely related to the risk assessment approximately 30 percent of CAEs in financial services and nonprofit organizations plan to increase audit effort, compared to only 10 percent to 20 percent of CAEs in public sector, privately held, or publicly traded organizations. As health care related organizations make up a substantial portion of the nonprofit sector, it is not unexpected that nonprofit CAEs would need to devote resources to compliance risks. Both financial services and health care organizations are faced with a wide variety of compliance requirements. Even if compliance/regulatory is not considered a higher risk, external requirements may leave these organizations with little choice but to have internal audit devote substantial effort to compliance. INFORMATION TECHNOLOGY Information technology was considered a higher risk by the third highest percentage of CAEs, and a strong percentage of CAEs plan to increase audit effort in this area. However, CAEs break a common pattern seen in other areas. When analyzed by industry group, there is little relationship between assessment of higher risk and plans to increase audit effort or the amount of effort currently allocated to the area. Those increasing audit effort are likely responding to organization-specific Exhibit 20: Information Technology Risk (Risk Assessment Compared to Audit Effort) 38% assess risk as high or very high (Q45) factors, not a general low level of attention in past years or a low assessment of risk. As noted earlier, risk is not the only factor that drives decisions regarding allocation of audit effort. MANAGEMENT OF THIRD PARTIES CAEs allocate one of their lowest levels of audit effort to third-party risks, but a higher-than-average percentage of CAEs considered it an area of higher risk. Use of third parties by organizations has risen notably over the years, but the extent of this use can vary substantially between organizations. The large difference in how many organizations are expecting to increase audit effort in 2017 (ranging from 42 percent of CAEs who consider this a higher risk area to 9 percent of CAEs who do not consider this a higher risk area) illustrates the nature of risk assessment and resource allocation the response of CAEs to risk varies substantially due to many factors. The data also indicates certain generalizations based on organization type. Nonprofit organizations have both the greatest percentage of CAEs describing this area as higher risk and the greatest percentage of CAEs planning to increase audit effort. CAEs in public-sector and publicly traded organizations are least concerned with the thirdparty risks. Exhibit 21: Management of Third party Relationships Risk (Risk Assessment Compared to Audit Effort) 3 assess risk as high or very high (Q45) Percentage of audit plan allocated to risk area (Q43) 8% 12% Percentage of audit plan allocated to risk area (Q43) 5% 3% Net percentage who expect to increase audit effort in 2017 (Q44) 16% 32% Net percentage who expect to increase audit effort in 2017 (Q44) 9% 42% Assessed risk as high or very high Assessed risk as medium, low, or very low Assessed risk as high or very high Assessed risk as medium, low, or very low 20 Internal Audit Management Insights
23 OPERATIONAL CAEs allocate the greatest level of planned audit effort to operational audits in Since CAEs rank operational audits fifth in the list of areas considered higher risk, there are clearly factors involved other than risk assessment that drive a higher level of audit effort. Public-sector CAEs plan to devote the most effort to this area in 2017, followed closely by financial services CAEs. CAEs in publicly traded organizations plan to devote the least amount of effort to this area. CAEs in publicly traded organizations are also the least likely to rate operational risks as a higher risk, but findings did not show any other apparent relationship between assessment of risk as higher and the allocation of audit effort for other organization types. For example, CAEs in privately held and publicly traded organizations are the most likely to increase audit effort in the operational risk area. However, CAEs in privately held organizations are the most likely to consider this a higher risk area, while, in contrast, CAEs in publicly traded organziations are the least likely to consider this a higher risk area. Operational audits are commonly considered part of the bread and butter of internal audit. Internal audit has been devoting significant resources to operational audits for decades and some of what is seen in this data may be a reflection of prior pattens being continued, even though other newer areas have higher risks. In addition, most internal audit functions have strong competencies in operations and can effectively perform operational audits without needing new skills or tools. FRAUD IDENTIFICATION/INVESTIGATION Fraud can take a number of different forms in an organization, ranging from theft to false reporting to bribery and more. Those who consider fraud a higher risk area in their organizations are planning to increase attention to it in The public sector has the highest percentage of CAEs who consider fraud a higher risk area and these CAEs correspondingly give this area more attention than CAEs in any other type of organization. Exhibit 22: Operational Risk (Risk Assessment Compared to Audit Effort) 31% assess risk as high or very high (Q45) Exhibit 23: Fraud Risk (Risk Assessment Compared to Audit Effort) 18% assess risk as high or very high (Q45) Percentage of audit plan allocated to risk area (Q43) 17% 22% Percentage of audit plan allocated to risk area (Q43) 5% 10% Net percentage who expect to increase audit effort in 2017 (Q44) 19% Net percentage who expect to increase audit effort in 2017 (Q44) 13% 32% Assessed risk as high or very high Assessed risk as medium, low, or very low Assessed risk as high or very high Assessed risk as medium, low, or very low 21
24 ENTERPRISE RISK MANAGEMENT (ERM) The increase in the amount of attention given to ERM over the last years is expected to continue with an updated COSO ERM Framework Enterprise Risk Management Aligning Risk with Strategy and Performance, and ISO 31000: Risk Management Principles and Guidelines expected in Whether due to these anticipated updates or other reasons, enterprise risk management is among the top 5 risk areas for which CAEs plan to increase audit effort in 2017, even though it is not assessed as an area of particularly high risk. GOVERNANCE AND CULTURE Governance and culture has been getting increasing attention with a number of issues that surfaced in the last year (e.g., VW, Toshiba, Wells Fargo). However, little audit effort has been devoted to this area and it is considered a higher risk by only a modest percentage of CAEs. Interestingly, CAEs in publicly traded organizations where governance and culture risk exposure may be greatest, are least likely to consider governance and culture a higher risk or plan to increase audit effort in While 1 in 8 CAEs indicate increasing attention to governance and culture in 2017, more may move in this direction as they become more cognizant of the risks and more adept in learning how to audit them. Exhibit 24: Enterprise Risk Management Risk (Risk Assessment Compared to Audit Effort) 18% assess risk as high or very high (Q45) Exhibit 25: Governance and Culture Risk (Risk Assessment Compared to Audit Effort) 16% assess risk as high or very high (Q45) Percentage of audit plan allocated to risk area (Q43) 7% 5% Percentage of audit plan allocated to risk area (Q43) 5% 3% Net percentage who expect to increase audit effort in 2017 (Q44) 18% 45% Net percentage who expect to increase audit effort in 2017 (Q44) 16% 3 Assessed risk as high or very high Assessed risk as medium, low, or very low Assessed risk as high or very high Assessed risk as medium, low, or very low 22 Internal Audit Management Insights
25 FINANCIAL REPORTING (INCLUDING SARBANES OXLEY TESTING) Financial reporting has been a traditional internal audit focus area and became a primary focal point for publicly traded companies with the passage of Sarbanes-Oxley, especially considering the requirements of Section 404 Management of Assessment of Internal Controls. Since 2002, however, audit effort devoted to financial reporting has declined and Pulse results suggest that will continue. Financial reporting is the only area surveyed where, on average, more CAEs plan to decrease audit effort than increase. Exhibit 26: Financial Reporting Risk (Including Sarbanes Oxley Testing) (Risk Assessment Compared to Audit Effort) 13% assess risk as high or very high (Q45) Percentage of audit plan allocated to risk area (Q43) Net percentage who expect to increase audit effort in 2017 (Q44) 6% 1 13% Assessed risk as high or very high 29% Assessed risk as medium, low, or very low CAEs in publicly traded organizations devote more attention to financial reporting than CAEs in all other types of organizations (averaging approximately 29 percent of total audit effort in 2017). However, CAEs in publicly traded organizations also are most likely to decrease audit effort in the area in Thirty-three percent of these CAEs plan to reduce effort compared to only 23 percent who plan to increase it (creating a 10 percent difference). 23
26 ALLOCATION OF AUDIT EFFORT TO STRATEGIC GOALS Stakeholders have expressed a desire for internal audit to devote more attention to strategic risks, as discussed in Voice of the Customer: Stakeholders Messages for Internal Audit (published by the Internal Audit Foundation). CAEs allocate equal amounts of effort on the organizations strategic goals and routine operations (Exhibit 27). While there are minor differences based on organizational type, no substantive differences are noted based on the size of the internal audit function. However, findings do suggest rotational CAEs spend more time on strategic-aligned activities and less time on compliance activities (Exhibit 28). A rotational CAE s heightened focus on strategic activities could be due to several factors, such as a rotational CAE having a higher level of business acumen or greater alignment with management. Exhibit 27: Allocation of Audit Effort to Strategic Goals Publicly traded 36% 36% 19% 8% 1% Financial services 30% 37% 21% 9% 3% Public sector 38% 38% 11% 10% 3% Privately held 35% 35% 15% 13% 2% Nonprofit 45% 33% 12% 9% 1% All respondents 36% 36% 17% 9% 2% Strategic goals Routine operations Regulatory compliance Lower importance Other Note: Q47: What percentage of your total audit effort addresses your organization's activities grouped into the following categories? n = 518. Exhibit 28: Audit Effort Among Rotational CAEs Compared to Non Rotational CAEs 45% 35% 35% 36% 18% 10% 9% 9% 2% 2% Strategic goals Routine operations Regulatory compliance Lower importance Other Rotational CAE Non rotational CAE Note: Q47: What percentage of your total audit effort addresses your organization's activities grouped into the following categories? n = 42 for rotational CAEs. n = 482 for non rotational CAEs. 24 Internal Audit Management Insights
27 Section 4: Internal Audit Skills and Training Internal audit needs qualified staff to accomplish its mission and objectives. These personnel must possess a wide variety of skills, which may vary in importance by organization. Survey respondents were asked to rate the importance of various skills that enable the audit function to perform its responsibilities. Exhibit 29 shows the percentage of CAEs that rated a skill as extremely or very important compared with the percentage who stated internal audit staff need more training in the area. CAEs indicate the most essential internal auditing skills are analytical/critical thinking, communication skills, persuasion and collaboration, and understanding professional ethics. This is consistent with the previous year s ratings, and no discernable differences were noted in responses based on audit function size or organization type. Survey results show little association between the importance of a skill and the need for training. Training needs can be very dissimilar across internal audit functions based on existing skill levels. Similarly, there are no apparent differences in training needs based on organization type. However, respondents from different organization types rated the importance of skills differently. Exhibit 29: Skill Importance Compared to Need for Training Skill Agree That Skill Is Extremely or Very Essential Need More Training Analytical/critical thinking 96% 49% Communication skills 95% 45% Understanding of professional ethics 79% Persuasion and collaboration 79% 33% Understanding the audit process 76% 9% Business acumen 76% 3 Understanding of governance, risk, and control 62% 23% Understanding of the International Professional Practices Framework (IPPF) 51% 1 Industry specific knowledge 46% 36% Process improvement and innovation 48% 33% Risk management assurance 46% 18% Accounting and finance 45% 11% Basic IT knowledge 43% 2 Data mining and analytics 35% 67% Cybersecurity and privacy 33% 52% Fraud auditing 20% 23% Note: Q49: For each of the skills listed, please indicate to what degree it is essential to your audit function's ability to perform its responsibilities. Q50: In which of the following areas do you feel your staff members need more training? (Select all that apply.) n =
28 SKILL IMPORTANCE VARIANCES AND METHODS OF TRAINING There are key differences in the assessment of skill importance between organization types, including: AUDIT FOCUS Business acumen was considered more important by CAEs in publicly traded organizations and less important by public-sector CAEs. Industry specific knowledge was considered more important by financial services CAEs and less important by CAEs in publicly traded organizations. Understanding of governance, risk, and control was considered more important by financial services CAEs than by CAEs in any other type of organization. Accounting and finance was considered more important by CAEs in publicly traded organizations and less important by public-sector CAEs. This is consistent with the high level of effort put into financial reporting by publicly traded organizations and the low level of effort by public-sector organizations. IIA Standard 1230: Continuing Professional Development Internal auditors must enhance their knowledge, skills, and other competencies through continuous professional development. Knowledge of fraud was considered more important by public-sector CAEs than CAEs in any other type of organization. Exhibit 30 shows the methods of training used for the three basic levels of internal audit staff. Methods of training did not vary substantially by organization type. Similarly, the size of the internal audit function had little impact on training methods, except that the largest organizations are more likely to rely on in-house training programs. Exhibit 30: Methods of External Training by Staff Level Webinars 93% 93% 90% Conferences % Seminars 69% 71% 71% In house training On demand courses 52% 53% 51% 47% 65% 61% Other 7% 6% 5% Staff Manager Director Note: Q42: What methods of external training do you plan to use for each level of internal audit staff? (Select all that apply.) n = Internal Audit Management Insights
29 Section 5: Action Items for CAEs This report provides a wealth of information that CAEs can use to compare their functions with those of their peers. The data indicates the primary differences are either due to the type of organization or factors specific to an organization. Except for a select few instances, the size of the internal audit function did not have an apparent impact on most of the responses included in this survey. In analyzing this information, an approach CAEs should consider is: Understand the similarities and differences between their functions and the findings included in this report. Consider whether these differences are explained by unique organizational factors or different evaluations and decisions made by other CAEs. Where peers have made different decisions, consider whether changes might improve internal audit s effectiveness. Don t assume past practice is most appropriate when evidence exists that peer organizations are notably different. Explore potential changes, perform additional benchmarking and inquiry, and critically evaluate what is in the best interest of the organization. Decide on specific action steps to implement needed changes. Of special note should be the discussion regarding assessment of risk and decisions to allocate audit effort. Internal auditors are partially, but not wholly, driven by risk in making decisions allocating audit effort. While survey responses indicate the presence of factors other than risk impacting decisions to allocate audit effort, each CAE should be very careful that old habits, limitations of current skills, inattention, or other factors don t preclude allocating sufficient audit effort to any higher risk area. The information and data presented in this report is necessarily at a high level. Much more in-depth analysis of these topics, as well as many other additional topics, is possible through The IIA by using the benchmarking capabilities of The IIA Audit Intelligence Suite. 27
30 Appendix: Methodology Internal audit management metrics are provided for five organization types: publicly traded, privately held, public sector, nonprofit, and financial services. The financial services organization type was created by extracting financial services respondents from the other four organization types. The top industries represented within each organization type are shown below. PUBLICLY TRADED Manufacturing (33%) Utilities (10%) Mining, quarrying, and oil and gas extraction (10%) Retail trade (9%) Other services (7%) PUBLIC SECTOR Public administration (48%) Educational services (30%) Health care and social assistance (7%) PRIVATELY HELD Manufacturing (28%) Retail trade (1) Other services (8%) Health care and social assistance (8%) Arts, entertainment, and recreation (8%) NONPROFIT Health care and social assistance (51%) Educational services (25%) Other services (12%) FINANCIAL SERVICES Finance and insurance (includes financial institutions, insurance asset management, and broker dealer) (100%) 28 Internal Audit Management Insights
31 The CAE's Strategic Advantage With more than 700 members, the Audit Executive Center is a comprehensive program for chief audit executives (CAEs) from organizations of any size, and in any industry. Three levels of membership are offered and benefits can include: A robust, content-focused website containing timely, relevant thought leadership, blogs, white papers, CAE bulletins, and stakeholder resources. The Small Audit Function and Audit Committee Resource Exchanges tailored to the needs of these stakeholders and groups. Exclusive networking and knowledge sharing opportunities with fellow CAEs via forums, roundtables, and the Peer Request Program. The Audit Intelligence Suite providing organization-specific benchmarking reports, to gauge your audit function performance, skills assessments to evaluate team members' proficiency, and stakeholder surveys. Center members receive exclusive Pulse of Internal Audit reports throughout the year, including Internal Audit Management Metrics, and the Pulse Solutions Series. Learn more about how the Center can support your needs. Please visit
32
2018 North American Pulse of Internal Audit. Public Sector Focus. The Internal Audit Transformation Imperative
2018 North American Pulse of Internal Audit Public Sector Focus The Internal Audit Transformation Imperative Overview About Pulse Topics Agility: Embrace to Confront Disruption Innovation: Pursue Quantum
More informationInstitute of Internal Auditors 2018 IIA CHICAGO CHAPTER JOIN NTAC:4UC-11
2018 NORTH AMERICAN PULSE OF INTERNAL AUDIT THE INTERNAL AUDIT TRANSFORMATION IMPERATIVE JOHN WSZELAKI, CIA, CRMA, CFE DIRECTOR, AMERICAN CENTER FOR GOVERNMENT AUDITING THE INSTITUTE OF INTERNAL AUDITORS
More information2017 North American Pulse of Internal Audit. Public Sector Focus. Courageous Leadership: Instilling Confidence from Within
2017 North American Pulse of Internal Audit Public Sector Focus Courageous Leadership: Instilling Confidence from Within Agenda Pulse Overview Topics Communications Not Traditionally Subject to Assurance
More informationInternal Audit 2017: Global Trends and Outlook. Richard F. Chambers, CIA, QIAL, CGAP, CCSA, CRMA President & CEO, The Institute of Internal Auditors
Internal Audit 2017: Global Trends and Outlook Richard F. Chambers, CIA, QIAL, CGAP, CCSA, CRMA President & CEO, The Institute of Internal Auditors Global Trends and Outlook: Overview The Global IIA The
More informationImplementation Guides
Implementation Guides Implementation Guides assist internal auditors in applying the Definition of Internal Auditing, the Code of Ethics, and the Standards and promoting good practices. Implementation
More informationFEDERAL HOME LOAN BANK OF INDIANAPOLIS CHARTER FOR THE AUDIT COMMITTEE
BOARD APPROVAL: JULY 16, 2015 FEDERAL HOME LOAN BANK OF INDIANAPOLIS Mission The mission of the Audit Committee ( Committee ) is to assist the Board of Directors ( Board ) in fulfilling its fiduciary responsibilities
More informationReview of Duke Energy Florida, LLC Internal Audit Function
Review of Duke Energy Florida, LLC Internal Audit Function MAY 2017 B Y A U T H O R I T Y O F The Florida Public Service Commission Office of Auditing and Performance Analysis Review of Duke Energy Florida,
More informationWho Owns Risk? CBOK. Paul J. Sobel. A Look at Internal Audit s Changing Role CIA, QIAL, CRMA. The Global Internal Audit Common Body of Knowledge RISK
Who Owns Risk? A Look at Internal Audit s Changing Role RISK Core Report Paul J. Sobel CIA, QIAL, CRMA CBOK The Global Internal Audit Common Body of Knowledge About CBOK SURVEY FACTS Respondents 14,518*
More informationThe Accenture 2011 High Performance Finance Study. Redefining High Performance in the Insurance Finance Function
The Accenture 2011 High Performance Finance Study Redefining High Performance in the Insurance Finance Function Contents Introduction Introduction 03 Delivering greater value to the enterprise 09 Dealing
More informationImplementation Guide 2000
Implementation Guide 2000 Standard 2000 Managing the Internal Audit Activity The chief audit executive must effectively manage the internal audit activity to ensure it adds value to the organization. Interpretation:
More informationPULSE OF INTERNAL AUDIT. Navigating an Increasingly Volatile Risk Environment
PULSE OF INTERNAL AUDIT Navigating an Increasingly Volatile Risk Environment Survey Demographics Survey Conducted Oct. 2014 8th consecutive year 370 responses 63% Public/Private companies 84% CAEs and
More informationAudit Never Sleeps. Angela Witzany, CIA, QIAL, CRMA Chairman of the Global Board The Institute of Internal Auditors
Audit Never Sleeps Angela Witzany, CIA, QIAL, CRMA Chairman of the Global Board The Institute of Internal Auditors Today s Agenda Audit Never Sleeps Organizations Face Complex Risks We Have an Opportunity
More informationRole of Internal Audit
Final Report: 2012 Executive Study on the Strategic Role of Internal Audit Vonya Global: Executive Study on the Strategic Role of Internal Audit Final Report December 2012 Table of Contents Executive Summary...
More informationMoving Internal Audit Back into Balance
Moving Internal Audit Back into Balance A Post-Sarbanes-Oxley Survey Fourth Edition Table of Contents Introduction... 1 Executive Summary... 2 Overview of Rebalancing Initiatives... 4 Current Status of
More informationTable of Contents. 2 Introduction: Planning an Audit? Start Here. 4 Starting From Scratch. 6 COSO s 2013 Internal Control Integrated Framework
Table of Contents 2 Introduction: Planning an Audit? Start Here 4 Starting From Scratch 6 COSO s 2013 Internal Control Integrated Framework 8 Preparing for a Planning Meeting 10 Preparing the Audit Program
More informationJune 2016 Issue 05/2016
CBOK 2015: THE TOP 7 SKILLS CAEs WANT Building the right mix of talent for your organisation This report is part of the 2015 Global Internal Audit Common Body of Knowledge (CBOK) Practitioner Study series.
More informationBrink's Modern Internal Auditing
Brink's Modern Internal Auditing A Common Body of Knowledge Seventh Edition ROBERT R. MOELLER WILEY John Wiley & Sons, Inc. Preface About the Author xix XXV PART ONE CHAPTER 1 FOUNDATIONS OF MODERN INTERNAL
More informationCONTENTS. Acknowledgments... iv. 1: Introduction : Why have organizations chosen to seek compliance with the Standards?...2
IIA STANDARD 1312 - EXTERNAL QUALITY ASSESSMENTS: RESULTS, TOOLS, TECHNIQUES AND LESSONS LEARNED THE IIA RESEARCH FOUNDATION JULY 2007 Disclosure Copyright 2007 by The Institute of Internal Auditors Research
More informationENTERPRISE RISK MANAGEMENT SURVEY RIMS Enterprise Risk Management (ERM) Survey SPONSORED BY:
t RIMS2013 ENTERPRISE RISK MANAGEMENT SURVEY 2013 RIMS Enterprise Risk Management (ERM) Survey SPONSORED BY: Administered by: Advisen Ltd. Zurich Authored by: RIMS and Advisen Ltd. Publishers: Mary Roth,
More informationPULSE OF INTERNAL AUDIT Navigating an Increasingly Volatile Risk Environment.
PULSE OF INTERNAL AUDIT Navigating an Increasingly Volatile Risk Environment www.theiia.org/cae Overview Pulse of Internal Auditing: Assessing Emerging and Evolving Risks is a Key Priority Linking Risks
More informationInternal Audit & the Audit Committee
HCCA Audit & Compliance Committee Conference February 2008 Internal Audit & the Audit Committee Glen C. Mueller, CPA, CIA, CISA, CISM Scripps Health, San Diego, CA VP-Chief Audit & Compliance Executive
More informationInternational Standards for the Professional Practice of Internal Auditing (Standards)
INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING (STANDARDS) Attribute Standards 1000 Purpose, Authority, and Responsibility The purpose, authority, and responsibility of the
More information10 Imperatives for Internal Audit
The Auditing Roundtable's International Workshop 2015 The Future For Auditing Brussels, Belgium October 14-15, 2015 Driving Success in a Changing World: 10 Imperatives for Internal Audit Günther Meggeneder,
More informationMeeting Challenges and Exceeding Expectation in Mutual Corporate Governance. NAMIC CORPORATE GOVERNANCE WHITE PAPER EXCERPT
Meeting Challenges and Exceeding Expectation in Mutual Corporate Governance. NAMIC CORPORATE GOVERNANCE WHITE PAPER EXCERPT Board Committees Companies of all sizes utilize a board committee structure to
More informationPractice Guide ASSESSING ORGANIZATIONAL GOVERNANCE IN THE PUBLIC SECTOR
Practice Guide ASSESSING ORGANIZATIONAL GOVERNANCE IN THE PUBLIC SECTOR OCTOBER 2014 Table of Contents Executive Summary... 1 Introduction... 1 Public Sector Characteristics... 4 Public Sector Structure...
More informationJoining The IIA is an investment in your career and the profession.
Joining The IIA is an investment in your career and the profession. Connected. Knowledgeable. Confident. The IIA is the internal audit profession s global voice, recognized authority, acknowledged leader,
More informationLake County School District. Quality Assurance & Improvement Program. Internal Self-Assessment for. The Internal Audit Department
Lake County School District Quality Assurance & Improvement Program Internal Self-Assessment for The Internal Audit Department Fiscal Year 2017 2018 Completed By: Thomas A. Mock, CIA Date: January 31,
More informationEmerging Technology and Security Update
Emerging Technology and Security Update February 13, 2015 Jordan Reed Managing Director Agenda 2015 Internal Audit Capabilities and Needs Survey 2014 IT Priorities Survey Results 2014 IT Security and Privacy
More information2014 Global Council. Dubai, UAE 6-9 March 2014 DAY 2. globaliia.org
2014 Global Council Dubai, UAE 6-9 March 2014 DAY 2 Opening Remarks Paul J. Sobel, Chairman of the Board Agenda - Tuesday Opening Remarks P. Sobel Expanding the Umbrella of the IIA D. Beran Tuesday Discussion
More informationInternational Standards for the Professional Practice of Internal Auditing (Standards)
Attribute Standards 1000 Purpose, Authority, and Responsibility The purpose, authority, and responsibility of the internal audit activity must be formally defined in an internal audit charter, consistent
More information2010 Healthcare Internal Auditing Survey
Feature 2010 Healthcare Internal Auditing Survey Conducted by the Association of Healthcare Internal Auditors, Inc. and the Louisiana State University Center for Internal Auditing By Glenn E. Sumners,
More informationTRENDS
TRENDS WWW.THEIIA.ORG/CAE Internal Audit Budget & Staffing Projections Budget Staffing Remain the Same 55% 71% Increase 35% 25% Decrease 8% 3% Unsure 2% 1% Moving Out of the Comfort Zone 58% 52% 71%
More informationPERFORMANCE AUDITING: KEY STEPS FOR MEASUREMENT
KNOWLEDGE BRIEF PERFORMANCE AUDITING: KEY STEPS FOR MEASUREMENT BY RONELL B. RAAUM, STEPHEN L. MORGAN, AND COLLEEN G. WARING As the information age accelerates into the innovation age, the role of performance
More informationResearch Project Request for Proposal. Defining and Measuring the Value of Internal Audit
Research Project Request for Proposal Defining and Measuring the Value of Internal Audit 1 Purpose: The Internal Audit Foundation (IAF) and Committee of Research and Education Advisors (CREA) request interested
More informationWhat We Will Cover Today
Standards for the Professional Practice of Internal Auditing The IIA Red Book The Basics of Internal Auditing September 8, 2014 Sam McCall, PhD, CPA, CGFM, CIA, CGAP, CIG Chief Audit Officer Florida State
More informationThe NYSE Internal Audit Requirement
The NYSE Internal Audit Requirement 70. What companies are impacted by the SEC s approval of the NYSE rules? Only NYSE-listed firms are affected. While the SEC also approved new listing standards for the
More informationThe eight attributes. Delivering internal audit excellence as stakeholders expect more
The eight attributes Delivering internal audit excellence as stakeholders expect more Stakeholder expectations of Internal Audit are rising at the same time Internal Audit s mandate is becoming more complex.
More informationFrom Dubai to Beijing
From Dubai to Beijing (How we use your GC input) Anton van Wyk, Chairman of the Board What Happens After GC? Global Council plays a key role in the governance process of The IIA. Discussion results are
More informationThe Future of Internal Auditing:
Internal Audit The Future of Internal Auditing: Changing Internal Audit s Value Proposition October 12, 2010 Istanbul, Turkey Presented by: Naman Parekh Partner, Agenda Background of the 2012 Study Key
More informationThe Current State of Risk Management Maturity for Belgian Organizations kpmg.com/be
Enterprise Risk Management The Current State of Risk Management Maturity for Belgian Organizations kpmg.com/be 2 Enterprise Risk Management Table of content 1. Introduction...05 2. Takeaways...07 3. Key
More information2012 IIA Standards Update
2012 IIA Standards Update International Internal Audit Standards Board (IIASB) October 2012 1 Session Overview Why the Standards matter Standards-setting due process The key changes in 2012 Best practices
More informationThe Social Marketer vs. the Social Enterprise Social media in financial institutions is in transition.
DECEMBER 2014 THE STATE OF Social Media in Financial Services The Social Marketer vs. the Social Enterprise Social media in financial institutions is in transition. Although social media is largely perceived
More informationThis charter defines the purpose, authority and responsibility of News Corporation s (the Company ) Corporate Audit Department.
CORPORATE AUDIT DEPARTMENT CHARTER PURPOSE This charter defines the purpose, authority and responsibility of News Corporation s (the Company ) Corporate Audit Department. The Institute of Internal Auditors
More informationINTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING (STANDARDS)
INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING (STANDARDS) ATTRIBUTE STANDARDS 1000 Purpose, Authority and Responsibility The purpose, authority, and responsibility of the internal
More informationReport. Quality Assessment of Internal Audit at <Organisation> Draft Report / Final Report
Report Quality Assessment of Internal Audit at Draft Report / Final Report Quality Self-Assessment by Independent Validation by Table of Contents 1.
More informationNANTKWEST, INC. CORPORATE GOVERNANCE GUIDELINES
NANTKWEST, INC. CORPORATE GOVERNANCE GUIDELINES Adopted and approved May 26, 2015 and effective as of the Company s initial public offering. Updated March 2017 These guidelines have been adopted by the
More informationThe eight attributes. Delivering internal audit excellence as stakeholders expect more
The eight attributes Delivering internal audit excellence as stakeholders expect more 58% 54% Stakeholder expectations ofinternalaudit are rising at the same time Internal Audit s mandate is becoming more
More informationCREATING A FRAUD RISK ASSESSMENT AND IMPLEMENTING A CONTINUOUS MONITORING PROGRAM
CREATING A FRAUD RISK ASSESSMENT AND IMPLEMENTING A CONTINUOUS MONITORING PROGRAM Compliance professionals around the world are struggling with how to do more with less. In order to provide effective assurance
More informationThe Strategic Potential of Internal Audit
June 2017 The Strategic Potential of Internal Audit Deliver Greater Value to Senior Management and Boards A white paper by William C. Watts, CIA Audit / Tax / Advisory / Risk / Performance Smart decisions.
More informationOrganizational Governance: Guidance for Internal Auditors. - July
Position Paper Organizational Governance: Guidance for Internal Auditors - July 2006 - The Institute of Internal Auditors, 247 Maitland Avenue, Altamonte Springs, Florida 32701-4102, USA http://www.theiia.org
More informationChanges to The IIA Standards: What Board Members and Executive Management Need to Know
Changes to The IIA Standards: What Board Members and Executive Management Need to Know Introduction The Institute of Internal Auditors (IIA) is the leading standard- and guidance-setting body for the global
More informationIIA Atlanta Chapter CAE Appreciation Day
IIA Atlanta Chapter CAE Appreciation Day Insights & Updates from The IIA 15 April 2016 Bill Michalisin EVP & COO, North America Overview Trends & Insights 2016 Priorities & Investments Questions TRENDS
More informationWhat Great Internal Audit Departments Do Well:
What Great Internal Audit Departments Do Well: And what the rest of us should focus on in 2018 and beyond Richard F. Chambers CIA, QIAL, CGAP, CCSA, CRMA President and CEO The Institute of Internal Auditors
More informationTab No. F-2 TERMS OF REFERENCE FOR THE AUDIT COMMITTEE
Tab No. F-2 TERMS OF REFERENCE FOR THE AUDIT COMMITTEE August 9, 2012 1.0 INTRODUCTION... 1 2.0 PURPOSE... 1 3.0 COMMITTEE MEMBERSHIP... 2 4.0 COMMITTEE MEETINGS... 2 4.1 Frequency... 2 4.2 Calling...
More informationEvolving Core Tasks for Improved Internal Audit Performance. Copyright 2018 AuditBoard Inc. 1
Evolving Core Tasks for Improved Internal Audit Performance Copyright 2018 AuditBoard Inc. 1 Introductions Built by experienced auditors, AuditBoard allows enterprises to collaborate, manage, analyze and
More informationThe IIA s Global Internal Audit Survey. A Component of the CBOK 1 Study
The IIA s Global Internal Audit Survey A Component of the CBOK 1 Study Introduction The Institute of Internal Auditors Research Foundation (IIARF), under the auspices of the William G. Bishop III, CIA,
More informationFeature. Adopting Continuous Auditing/Continuous Monitoring in Internal Audit
Feature Miklos A. Vasarhelyi, Ph.D., is the KPMG professor of accounting information systems and director of the Continuous Auditing and Reporting Laboratory (CARLAB) at Rutgers University, New Jersey,
More informationValue-Added Internal Audit: Myth or Reality?
Value-Added Internal Audit: Myth or Reality? Istanbul 12 November 2013 Jean-Pierre Garitte, CIA, CCSA, CISA, CFE, RFA Past Chairman of the Board IIA Past President ECIIA Polling question #1 For how long
More informationPMO In A Box. Prepared for UBS
PMO In A Box Prepared for UBS Roadmap Why PMO In A Box? Establish PMO Governance Standardize Methodology Create a Stakeholder Partnership Plan 2 PMOs Are In Transition 3 CEB PMO Executive Council pmo in
More informationGLOBAL ADVOCACY PLATFORM
GLOBAL ADVOCACY PLATFORM 2 INTRODUCTION The Global Advocacy Platform has been developed to support the advocacy efforts of IIA institutes, chapters, volunteers, members, and other practitioners and stakeholders
More informationQuality Assurance in Internal Audit. Standard on Internal Audit (SIA) 7
Quality Assurance in Internal Audit Standard on Internal Audit (SIA) 7 1 Agenda Introduction Expectations from Internal Audit Quality Assurance Framework Internal Quality Review External Quality Review
More informationMembers by Region The Global IIA in 2017 International Affiliates: 39 Members: 47,410 YOY Change: +1% 190,000+ MEMBERS COUNTRIES & TERRITORIE
Internal Audit 2017: Global Trends and Outlook Richard F. Chambers, CIA, QIAL, CGAP, CCSA, CRMA President & CEO, The Institute of Internal Auditors Global Trends and Outlook: Overview The Global IIA The
More informationLeading the Global. Next Decade Doing More with Less The Lean Internal Audit Model. Larry Rieger
Leading the Global Profession into the Next Decade Doing More with Less The Lean Internal Audit Model Larry Rieger 1 Agenda How chief audit executives and internal audit functions remain relevant Market
More informationDoes Internal Audit Need a Makeover?
Does Internal Audit Need a Makeover? Opportunities and Challenges Lie Ahead Jim Pelletier, CIA, CGAP Managing Director, Industry Audit Centers The Institute of Internal Auditors, Inc. Agenda ACGA overview
More informationCanadian business perspectives on the governance of enterprise IT (GEIT)
www.pwc.com/ca/technology-consulting A PwC White Paper Canadian business perspectives on the governance of enterprise IT (GEIT) 2 Canadian business perspectives on the governance of enterprise IT (GEIT)
More informationA-9: Audit Committee Effectiveness
A-9: Audit Committee Effectiveness Renée W. Jaenicke, CPA, CIA Renown Health 2011 AHIA Annual Conference www.ahia.org Renown Health and Internal Audit Our Journey Sources and Presentations Please ask questions
More informationImplementation Guide 1312
Implementation Guide 1312 Standard 1312 External Assessments External assessments must be conducted at least once every five years by a qualified, independent assessor or assessment team from outside the
More informationJAPAN BANKING & CAPITAL MARKETS
JAPAN BANKING & CAPITAL MARKETS Risk Potential Exposed Accenture 2017 Global Risk Management Study: Japan Banking & Capital Markets Supplement INTRODUCTION This presentation is a supplement to the Global
More informationKentucky State University Office of Internal Audit
Draft for Discussion Only P&P Manual Section - Policy# I. Function and Responsibilities MISSION Mission Statement Definition of Internal Auditing PURPOSE, AUTHORITY, RESPONSIBILITY Audit Charter STANDARDS
More informationBaptist Health South Florida
Baptist Health South Florida IIA Miami Top Challenges Facing Internal Audit Departments 2016 Agenda 1. Cybersecurity 2. Culture 3. Timely Identification of Risk 4. Data Analysis Cybersecurity Cybersecurity
More informationSIAAB Guidance #02 Internal Audit Independence- Interaction with Agency Head, Senior Staff and Placement Within the Organizational Structure
SIAAB Guidance #02 Internal Audit Independence- Interaction with Agency Head, Senior Staff and Placement Within the Organizational Structure SIAAB Interpretation Adopted July 9, 2013 Revised In Accordance
More informationGood Practices of the Audit Committee
Good Practices of the Audit Committee Richard F. Chambers, CIA, QIAL, CGAP, CCSA, CRMA President and Chief Executive Officer The Institute of Internal Auditors Overview Audit Committee s Core responsibilities
More informationAUDIT EXECUTIVE CENTER KNOWLEDGE BRIEF INNOVATION IN INTERNAL AUDITING. Taking personal growth, leadership, and communication to the next level
AUDIT EXECUTIVE CENTER KNOWLEDGE BRIEF INNOVATION IN INTERNAL AUDITING Taking personal growth, leadership, and communication to the next level Table of Contents Introduction... 1 Our product is insight...
More informationEnterprise Risk Management at
Enterprise Risk Management at John R.S. Fraser Vice President, Internal Audit & Chief Risk Officer, Hydro One Inc. February 15, 2006 for PRMIA Toronto Chapter - The Fields Institute Summary 1. Background
More informationFinancial CIA-I. Certified Internal Auditor (CIA) Download Full Version :
Financial CIA-I Certified Internal Auditor (CIA) Download Full Version : http://killexams.com/pass4sure/exam-detail/cia-i QUESTION: 225 To identify those components of a telecommunications system that
More informationImplementation Guide 1200
Implementation Guide 1200 Standard 1200 Proficiency and Due Professional Care Engagements must be performed with proficiency and due professional care. Revised Standards Effective 1 January 2017 Getting
More informationImplementation Guide 2050
Implementation Guide 2050 Standard 2050 Coordination and Reliance The chief audit executive should share information, coordinate activities, and consider relying upon the work of other internal and external
More informationContinuous Auditing - A Delicate Chemistry
Continuous Auditing - A Delicate Chemistry Continuous Auditing - A Delicate Chemistry - WeiserMazars LLP s Governance, Risk and Compliance (GRC) Group WeiserMazars LLP is an independent member firm of
More informationSession 7: Corporate Governance
Session 7: Corporate Governance New York Bankers Association-Community Bank Auditors Group 2016 Internal Audit Training-June 6-8, 2016 MEMBER OF ALLINIAL GLOBAL, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS
More informationCurrent State of Enterprise Risk Oversight:
Current State of Enterprise Risk Oversight: Progress is Occurring but Opportunities for Improvement Remain July 2012 Mark Beasley Bruce Branson Bonnie Hancock Deloitte Professor of ERM Associate Director,
More information1. A series of business and related auditing failures led to the passage of the Sarbanes-Oxley Act (2002).
Chapter 02 The Financial Statement Auditing Environment True / False Questions 1. A series of business and related auditing failures led to the passage of the Sarbanes-Oxley Act (2002). True False 2. The
More informationSarbanes-Oxley Act of 2002 Can private businesses benefit from it?
Sarbanes-Oxley Act of 2002 Can private businesses benefit from it? As used in this document, Deloitte means Deloitte Tax LLP, which provides tax services; Deloitte & Touche LLP, which provides assurance
More informationCorporate Governance Principles 2015
Corporate s 2015 corporate principles 1 corporate principles 1. Ethical leadership and corporate citizenship Responsible leadership 1.1 The board should provide effective leadership based on an ethical
More informationCreating Effective Public Sector Audit Committees
Creating Effective Public Sector Audit Committees Jack Armitage University of Nebraska, Omaha Even though not required by law, many governments have created audit committees. Compared to the private sector
More informationAudit Never Sleeps. Angela Witzany, CIA, QIAL, CRMA Chairman of the Global Board The Institute of Internal Auditors
Audit Never Sleeps Angela Witzany, CIA, QIAL, CRMA Chairman of the Global Board The Institute of Internal Auditors Today s Agenda Audit Never Sleeps Organizations Face Complex Risks We Have an Opportunity
More informationSample Corporate Risk Management Policy
Sample Corporate Risk Management Policy This document provides a sample Risk Management policy which includes an overview of the key roles and responsibilities of the various stakeholders. Risk Oversight
More informationResponding to Fraud Risk
Responding to Fraud Risk RISK Closer Look Exploring Where Internal Auditing Stands Farah G. Araj CIA, CPA, CFE, QIAL CBOK The Global Internal Audit Common Body of Knowledge Sponsored by About CBOK SURVEY
More informationHiring and Staff: An Effective Internal Department
2017 ACUIA Region 6 Conference Hiring and Staff: An Effective Internal Department Presented by: Lori Carmichael, CPA Rafael Guijarro, CPA Financial Institutions Group Michigan Texas Florida Insight. Oversight.
More informationBenchmarking Report Share, Compare, Validate SAMPLE. Year: 2017 Your Organization Date
Benchmarking Report Share, Compare, Validate Year: 2017 Your Organization Date Benchmarking Tier 1: Your Organization Benchmarking Tier 2: Services Benchmarking Tier 3: Services $1B to $5B Benchmarking
More information5 Core Must-Haves for Improved Internal Audit Performance. Copyright 2018 AuditBoard Inc. 1
5 Core Must-Haves for Improved Internal Audit Performance Copyright 2018 AuditBoard Inc. 1 Introductions Built by experienced auditors, AuditBoard allows enterprises to collaborate, manage, analyze and
More informationDAVITA INC. AUDIT COMMITTEE CHARTER
DAVITA INC. AUDIT COMMITTEE CHARTER I. Audit Committee Purpose The Audit Committee (the Committee ) is appointed by the Board of Directors (the Board ) of (the Company ) to assist the Board in fulfilling
More informationImplementation Guide 2340
Implementation Guide 2340 Standard 2340 Engagement Supervision Engagements must be properly supervised to ensure objectives are achieved, quality is assured, and staff is developed. Interpretation: The
More informationULTA BEAUTY, INC. Corporate Governance Guidelines
ULTA BEAUTY, INC. Corporate Governance Guidelines The Board of Directors (the Board ) of Ulta Beauty, Inc. (the Company ) has adopted the following Corporate Governance Guidelines (the Guidelines ) to
More informationREGISTER NOW TO SAVE $200!
1035 Greenwood Blvd., Ste. 401 Lake Mary, FL 32746 USA www.theiia.org/gam NONPROFIT ORG. U.S. POSTAGE PAID THE INSTITUTE OF INTERNAL AUDITORS general audit management conference MARCH 11 13, 2019 / DALLAS-FT.
More informationSarbanes-Oxley and the New Internal Auditing Rules
Sarbanes-Oxley and the New Internal Auditing Rules ROBERT R. MOELLER John Wiley & Sons, Inc. Sarbanes-Oxley and the New Internal Auditing Rules Sarbanes-Oxley and the New Internal Auditing Rules ROBERT
More informationQuality Assessments what you need to know
Quality Assessments what you need to know Patty Miller, Partner Deloitte & Touche LLP Cavell Alexander, VP-Internal Audit Intermountain Healthcare Overview of requirements Scope of assessment Approaches
More informationQuality Assurance and Improvement Program (QAIP)
Quality Assurance and Improvement Program (QAIP) Presenters: Lori Carmichael, CPA Rafael Guijarro, CPA Florida Michigan North Carolina Texas Insight. Oversight. Foresight. Class Overview Overview- QAIP
More informationAudit Committee Performance Evaluation Form
Audit Committee Performance Evaluation Form This page has been intentionally left blank. The following questionnaire is based on emerging and leading practices to assist in the self-assessment of an audit
More informationImplementation Guide 2201
Implementation Guide 2201 Standard 2201 Planning Considerations In planning the engagement, internal auditors must consider: The strategies and objectives of the activity being reviewed and the means by
More information