Does Internal Audit Need a Makeover?

Transcription

1 Does Internal Audit Need a Makeover? Opportunities and Challenges Lie Ahead Jim Pelletier, CIA, CGAP Managing Director, Industry Audit Centers The Institute of Internal Auditors, Inc.

2 Agenda ACGA overview Challenges and opportunities in the year ahead Audit s leadership role in the organization Strategies for leading auditors

3 American Center for Government Auditing

4 ACGA Mission To advance the professional practice of auditing in the public sector by advocating its value through timely and relevant thought leadership, communication, collaboration, and education.

5 Influential. acga.theiia.org Impactful. Indispensable

6 Enhanced Resources News & Information for Government Auditors Professional Development Guidance, Resources & Thought Leadership Networking Opportunities Monthly Government Audit SmartBrief ACGA Webinars & Symposiums Standards (IPPF & GAGAS) Exclusive LinkedIn Group (Coming Soon) Leading Practices Regular Knowledge Briefs elearning Opportunities Stakeholder Advocacy & Education Follow us on Public Sector Blog Public Sector Training by Public Sector Experts Capability Model COSO Resource Center Attend peer-to-peer networking events

7 Training Free Training At least 10 Free CPEs for members ACGA Webinars (x2) 1CPE each ACGA Virtual Symposiums (x2) 4 CPEs each Next Virtual Symposium (May 21) Emerging Issues in the Public Sector Next Webinar (Sept 17) Big Data in the Public Sector

8 Knowledge Briefs

9 Stakeholder Education

10 ACGA Podcast: The Audit Report

11 Advocacy

12 ACGA Initiatives Robust thought leadership through expansion of Knowledge Briefs & other publications Outreach to key stakeholder groups Research & Benchmarking Comprehensive Government Audit Training Curriculum (online focus) Partnerships with other organizations to better support the profession Networking (chapter/regional roundtables) Government Conference

13 Volunteer Opportunities ACGA Advisory Committee Contributions to Knowledge Briefs Speakers for Webinars and Virtual Symposia

14 Challenges and Opportunities in the Year Ahead

15 Key Risks That Are Driving The Need For A Makeover Ability to identify emerging risks Misalignment with stakeholder expectations Inadequate or inaccurate assurance on key enterprise risks Lack of adequate resources Lack of sufficient expertise to address key risks Rising tolerance for waste The Paradox of Structural Expectations Blurring Lines of Defense

16 A Key in Risk in 2015: Ability to Identify Emerging Risks 52 percent of CAEs consider identifying emerging risks to be their biggest challenge in Source: The North American Pulse of the Profession Survey: 2013 The IIA Audit Executive Center

17 A Key in Risk in 2015: Ability to Identify Emerging Risks No surprises means NO SURPRISES We must audit at the speed of risk Continuous risk assessment Formal methods Risk assessment by walking around Set your antenna high

18 A Key in Risk in 2015: Ability to Identify Emerging Risks The degree to which internal audit utilizes these methodologies to continuously assess risk Periodically Interview Management to Identify Changes in the Organization's Risk Profile Initiate Formal Updates of the Internal Audit Risk Assessment & Audit Plan Initiate Informal or Ad Hoc Updates of the Internal Audit Risk Assessment & Audit Plan Periodically Update Risk Assessment Based on Changes to Risk Ratings Identified During Ongoing Audit Operations Extensively Utilized Periodic Manual Monitoring of KRIs 9% Using Technology to Continuously Monitor KRIs 2% 33% 29% 26% 22% Source: The Pulse of Internal Audit survey: 2015 The IIA Audit Executive Center.

19 A Key in Risk in 2015: Misalignment with Stakeholder Expectations Audit Committee: Internal Audit s role should extend beyond financial reporting and controls 62% CAEs: We provide vale-added services and proactive advice 11% Audit Committee: Internal Audit has the skills and resources for the role I envision 40% CAEs: We need to be doing this within the next five years 60% Source: 2014 Global Audit Committee Survey 2014 KPMG Based on published responses for United States and Canada. Source: PwC s 2015 State of the Internal Audit Profession Study

20 A Key in Risk in 2015: Misalignment with Stakeholder Expectations Strategies for Success: Maintain continuous dialogue Foster awareness about your capabilities Know your stakeholders and their priorities Recognize that expectations change Secure, retain, and effectively use a seat at the table

21 Audit Plan Coverage in 2015 Government Responses Only Cost Reduction, 4% Other, 3% Fraud, 5% Third-Party Relationships, 5% Operational, 26% Governance, 5% Strategic, 7% General Financial, 8% (private sector = 19%) Compliance/Regulatory, 18% Risk Management, 9% Source: The Pulse of Internal Audit survey: 2015 The IIA Audit Executive Center. Pulse survey respondents were asked to estimate the distribution of their audit plan coverage. This figure reflects a summary of the data. Total may not equal 100% due to rounding. IT, 12%

22 A Key Risk in 2015: Lack of Adequate Resources Conceptually: Risk In Practice: Resources Drive Drive Audit Coverage Audit Coverage Source: The Pulse of Internal Audit survey: 2015 The IIA Audit Executive Center. Total may not equal 100% due to rounding.

23 A Key Risk in 2015: Lack of Adequate Resources Staffing and resources should be driven by enterprise risks not the other way around Develop an audit plan based on the real risks Identify areas where resources and expertise gaps exist Have candid conversations with management and the audit committee regarding: Resource shortfalls Expertise gaps Risks that may fall victim A plan of action Develop a long-term strategy for addressing gaps 70% of CAE s viewed cyberattacks as a high or critical priority Source: The Pulse of Internal Audit survey: 2015 The IIA Audit Executive Center. Yet! Only 53% say auditing cybersecurity risk is part of this year s plan Source: Protiviti 2015 IA Capabilities and Needs Survey Report

24 A Key Risk in 2015: Lack of Sufficient Expertise Auditing specialized risks requires expertise No internal audit function can address every risk with equal acumen Understand and address capabilities: Identify existing competency gaps Frame a knowledge management strategy to address major gaps in expertise Develop an appropriate sourcing strategy Cybersecurity & Privacy Data Mining & Analytics

25 Career Planning Moving Ahead Conduct Self-Assessment Explore Options Resources Consult Mentor Take Action - Development Review Results - Opportunities Self Assessment Tool Start Here

26 A Key Risk in 2015: Inadequate/Inaccurate Assurance Success originates with the risk assessment: Comprehensive Collaborative Dynamic And, continues at the engagement level Assess risks in engagement planning Deploy the right expertise on engagements Communicate/coordinate carefully with clients Risks can be mitigated with an effective quality assurance and improvement program

27 A Key Risk in 2015: Rising Tolerance for Waste Call out stakeholders as they attempt to rationalize certain actions Communicate clearly and comprehensively to reduce desensitization

28 A Key Risk in 2015: The Paradox of Structural Expectations Stakeholders often expect base level of coverage: Financial risks Regulatory risks Compliance risks Once base is addressed: Operating risks IT risks Only then, is there interest in strategic and business risks Source: The Pulse of Internal Audit survey: 2015 The IIA Audit Executive Center. Total may not equal 100% due to rounding. The paradox: Base level coverage often provides the lowest perceived value

29 A Key Risk in 2015: Blurring Lines of Defense 73% 66% Assume a Leadership Role in Coordinating/Facilitating the 2 nd and 3 rd Lines of Defense

30 Hot topics on the 2015 Risk Radar

31 Risks to Watch in 2015 Cybersecurity not if, when Crisis response planning Interruption of services Talent management Compliance with new legislation and regulations

32 Strategies for Leading Auditors

33 Seven Strategies for Audit Leaders 1. Mind your self importance 4. Be a lifelong learner 2. Big picture thinking 5, Build strong professional relationships 3. Grow yourself, then grow others 6. Leverage Feedback Loops 7. Never stop innovating

34 Mind Your Self Importance Every act of conscious learning requires the willingness to suffer an injury to one s self esteem. That is why young children, before they are aware of their self importance, learn so quickly. Thomas Szasz

35 Big Picture Thinking Generate ideas See significance of work Effectively convey significance of work to others Connect the dots Audit 1 Audit 2 Organizational Objectives

36 Grow Yourself, Then Grow Others Make mistakes and learn from them You might be wrong The 3 Stages of Auditor Self Awareness IA No! Motivate people Seek out the right mentor & be a mentor Be self-aware You might be wrong IA IA Maybe I might be wrong

37 Be a Lifelong Learner Get or stay connected with others, grow your network Stay open to new ideas Build your mental desktop

38 Build Strong Professional Relationships Based on Integrity and Trust Do what you know is right even in difficult times Involve others in your business Understand others business Trustworthy = Honesty + Competence + Reliability Don t hide behind independence Source: Lessons Learned on the Audit Trail by Richard Chambers, IIA President and CEO

39 Leverage Feedback Loops Evidence measure, capture, and store information Action a moment when behavior can be recalibrated Relevance relay the information in a way that emotionally resonates Consequence informs of choices ahead Action, information, reaction

40 Never Stop Innovating Creatively and proactively adapt to change Take risks Look for ideas everywhere See things differently

41 Questions American Center for Government Auditing Jim Pelletier, CIA, CGAP Managing Director, Industry Audit Centers