The Future of Internal Auditing:

Similar documents
5th CAE Annual Conference

Quality Assessments what you need to know

Agenda. Enterprise Risk Management Defined. The Intersection of Enterprise-wide Risk Management (ERM) and Business Continuity Management (BCM)

Caribbean Association of Audit Committee Members Inc. Independent Quality Assurance Assessment of the Internal Audit function

International Finance Corporation

Positioning Internal Audit to Deliver Value

Internal audit strategic planning Making internal audit s vision a reality during a period of rapid transformation

Rising to the challenge Delivering Internal Audit excellence

Feature. Adopting Continuous Auditing/Continuous Monitoring in Internal Audit

Internal Audit - Expect More Rising to the challenges of a dynamic risk landscape

Agenda. Agenda. Definitions and Processes. Risks. Audit & ERM. Key Strategies. Conclusions ERM and Audit 1. ERM and Audit.

PULSE OF INTERNAL AUDIT. Navigating an Increasingly Volatile Risk Environment

Leading the Global. Next Decade Doing More with Less The Lean Internal Audit Model. Larry Rieger

Advisory Services Governance, Risk & Compliance

The Value of Consulting Assuring Audit Committee & other Key Stakeholders of IA s Quality

Continuous Auditing - A Delicate Chemistry

Internal Oversight Division. Internal Audit Strategy

Internal Controls Optimization

From Dictionary.com. Risk: Exposure to the chance of injury or loss; a hazard or dangerous chance

THE CUSTOMER EXPERIENCE MANAGEMENT REPORT & RECOMMENDATIONS Customer Experience & Beyond

Managing your risk, creating value: The role of Internal Audit and emerging technologies

Managing risks and enhancing value

The eight attributes. Delivering internal audit excellence as stakeholders expect more

HCCA Audit & Compliance Committee Conference. February 29-March 1, Drivers of ERM. Enterprise Risk Management in Healthcare.

Quality Assurance in Internal Audit. Standard on Internal Audit (SIA) 7

Global Mega Trends Transforming Business

Charter for Enterprise Risk Management

Risk Advisory SERVICES. A holistic approach to implementing effective governance, managing risk and maintaining compliance

Extended Enterprise Risk Management

Finance Effectiveness Consulting The Compliance & Control Dimension. Finance Effectiveness Compliance & Control

Where did that risk come from?

Leveraging IT risk management to boost competitive advantage

What works best in the boardroom

The PwC Internal Audit. Expect More.

Are you prepared for this Challenge? The new COSO Enterprise Risk Management Framework

How Analytics Will Transform Internal Audit

EY Center for Board Matters. Leading practices for audit committees

The eight attributes. Delivering internal audit excellence as stakeholders expect more

Tools & Techniques II: Lead Auditor

Brink's Modern Internal Auditing

White Paper Describing the BI journey

Agile Risk Assessment Reinventing RCSAs

Internal Audit 2012* A study examining the future of internal auditing and the potential decline of a controls-centric approach

Adopting automation in internal audit Using robotic process automation and cognitive intelligence to fortify the third line of defense

June 2016 Issue 05/2016

Catching Fraud During a Recession Through Superior Internal Controls. FICPA s 25 th Annual Accounting Show. J. Stephen Nouss September 29, 2010

2013 New COSO 2013 Framework and Current Trends in Risk Management

Sarbanes-Oxley Act of 2002 Can private businesses benefit from it?

Rising to the challenge

Internal Audit Quality Analysis Evaluation against the Standards International Standards for the Professional Practice of Internal Auditing (2017)

Maximizing value from your lines of defense

CSR / Sustainability Governance and Management Assessment By Coro Strandberg President, Strandberg Consulting

Value-Added Internal Audit: Myth or Reality?

Mike Gowell SVP and GM Wolters Kluwer

The Red (Book) Rocks The Latest and Greatest Audit Standards

About the Pulse of Internal Audit

HCCA Compliance Institute : Intersection of Internal Audit & Compliance. April 17, Agenda. Where are we today?

The Insight Driven Organization

9/17/2017. An Overview of COSO s New Framework and Implementation Guidance SPEAKER. Laura Harden, CPA History

TECHNOLOGY AND AUDIT: A MUTUAL FUTURE THERESA GRAFENSTINE CHAIR, ISACA BOARD OF DIRECTORS 2/15/2018

Finance disrupted. Future of finance in healthcare: As the industry adjusts to continuous disruption, the finance function has an opportunity to lead

Report. Quality Assessment of Internal Audit at <Organisation> Draft Report / Final Report

Continuous Auditing / Continuous Monitoring to Manage Risk and Performance

ERM Retooled: Driving Performance by Revising and Enhancing Risk Management Governance Wipfli LLP

Use of data and technology in the audit

Evolving Core Tasks for Improved Internal Audit Performance. Copyright 2018 AuditBoard Inc. 1

A Discussion About Internal Controls February 2016

Miles CPA Review: BEC Q Updates for 2017 Edition

External Quality Assessment Are You Ready? Institute of Internal Auditors

Executive Summary. Exhibit 1- Streamlined communication to the Board of Directors

Changes to The IIA Standards: What Board Members and Executive Management Need to Know

Enterprise Risk Management Aligning Risk With Strategy and Performance

Internal Auditors and Enterprise Risk Management (ERM) ICPAK Presentation

2017 Internal Controls Survey

Internal Auditing 2011: It s Time to Fill the Glass

Considerations for Developing a Health Data Analytics Strategy

PCF Analytics Workshop

What you gain The PwC Internal Audit Contacts David Toh Francis Wan

Global Business Services. Succeeding in the digital era: How to drive productivity while increasing employee engagement

Information Management Strategy

The Strategic Potential of Internal Audit

Enterprise Risk Management (ERM) - Impact of 2017 COSO ERM Model

Firm Profile TURNING RISKS INTO OPPORTUNITIES

5 Core Must-Haves for Improved Internal Audit Performance. Copyright 2018 AuditBoard Inc. 1

2018 North American Pulse of Internal Audit. Public Sector Focus. The Internal Audit Transformation Imperative

CITIBANK N.A JORDAN. Governance and Management of Information and Related Technologies Guide

Intelligent automation and internal audit

IIA ERM Summit. August 22, 2010

Risk Management With an Enterprise (Wide) Focus

IIA ERM Summit. Jim DeLoach and Steve Jameson August 22, 2010

UK Corporate Governance Code: Raising the bar on risk management Why this is not business as usual and what you need to do to comply

Future of finance: Finance disrupted. How should the CFO respond to a business environment in turmoil? kpmg.com/us/futurefinance

AUDITING. Auditing PAGE 1

Institute of Internal Auditors 2018 IIA CHICAGO CHAPTER JOIN NTAC:4UC-11

Next-generation enterprise risk management

Aligning and Integrating ERM and Business Process. Federal ERM Summit September 9, :00-12:00

Role of Board of Directors in Risk Management. CPA Erick Audi Thursday, 15 th November 2018

Generating value within the Risk Ecosystem Risk powers performance

Enterprise Risk Management Aligning Risk with Strategy and Performance COSO ERM Framework Update

Deloitte Governance Framework and Maturity Model

Transcription:

Internal Audit The Future of Internal Auditing: Changing Internal Audit s Value Proposition October 12, 2010 Istanbul, Turkey Presented by: Naman Parekh Partner,

Agenda Background of the 2012 Study Key Trends Changing the Internal Audit Value Proposition Questions

Background of the 2012 Study In 2007, research objective was to identify forces and trends that will reshape Internal Audit over the next 5 years Areas of focus Impact of business trends on Internal Audit Composition and expectations of Stakeholders Internal Audit roles and responsibilities Internal Audit organization and structure Human resources practices Working practices Communications and reporting Internal Audit use and leverage of technology IT audit strategy 3

Background of the 2012 Study Methodology Methodology Survey of all Fortune 250 Chief Audit Executives Twenty-five additional surveys of other selected thought leaders, academics and stakeholders Direct interviews of 19 individuals representing a cross section of the survey population Respondents 72 survey responses from CAEs representing F250 companies (29%) 19 one-on-one interviews 4

Background of the 2012 Study Two emerging views Stay the Course Many respondents felt the fundamental mission and role of Internal Audit would remain largely unchanged over the next five years. Dynamic Change Other respondents, particularly those we interviewed, saw fundamental changes in the mission and role of internal audit by 2012. We refer to this as the Controlscentric view. Background of the 2012 Study We refer to this as the Risk-centric view. Certain macro trends were recognized by both groups as having significant impact on Internal Audit by 2012. 5

Background of the 2012 Study The Dynamic Change notion was advocated by one of the leaders of the Corporate Governance movement In the next five years your profession will be revolutionized... a compliance based approach (to internal audit) is something of the past. Mervyn King July 9, 2007 IIA International Conference Amsterdam, NL 6

Background of the 2012 Study Since the Internal Audit 2012 Study, we have published other Internal Audit whitepapers. An opportunity for transformation How Internal Audit helps contribute to shareholder value State of the Internal Audit profession studies 2008 Targeting key threats and changing expectations to deliver value 2009 Business upheaval: Internal Audit weighs its role amid the recession and evolving enterprise risks 2010 A future rich in opportunities Internal Audit must seize opportunities to enhance its relevancy 7

Key Trends Areas of greatest projected increases in internal audit s responsibility include: 1. Continuous auditing or monitoring 95% 2. Auditing the ERM process 77% 3. Auditing outsourced or off-shored operations 75% 4. Fraud detection 66% 5. Fraud risk assessments 66% 6. Auditing executive comp and disclosures 65% 7. Auditing operational efficiency/effectiveness 64% 8

Key Trends Key trends believes will reshape Internal Audit by 2012 Changes in risk management Globalization Technology will result in Changes in Internal Audit roles Organizational and talent management trends Through analysis of both survey and interview data, believes these broad trends will drive change in Internal Auditing by 2012 and beyond. 9

Key Trends Risk management, technology and globalization trends are changing internal audit s environment Internal audit must focus on adding true value to the business instead of just ensuring compliance with laws and regulations. Internal Audit must ask the questions What is the company trying to achieve? and What audits can help the company reach its goals? Chief Audit Executive, Information Services Industry Many Internal Audit functions have lost touch with what is most important to the business. Too many internal audit functions are following what the industry is doing, worrying they will be left behind. Chief Audit Executive, Aerospace and Defense Industry IA value propositions must evolve to keep pace with business needs 10

Changes in risk management

Changes in Risk Management Companies are beginning to look at more comprehensive and formal approaches to risk management More than half of internal audit respondents believe an annual planning process focused on risk assessment will be more important in 2012 Over 70 percent expect that either they or their company will conduct continuous or ongoing risk assessments 60 percent believe that continuous risk assessments will be leveraged in audit planning Interviews revealed a strong consensus that fraud risks will be more critical going forward 12

Changes in Risk Management Several forces are driving the adoption of Enterprise Risk Management Rating Agencies (S&P, Moody s) are evaluating risk management practices and capabilities NYSE listing requirements require the audit committee of the BOD to discuss guidelines and policies with respect to risk assessment and risk management SEC rules emphasize focus on risk management, including SOX 404 Federal Sentencing Guidelines now include formal compliance risk assessment Internal audit standards (IIA) require IA to evaluate risk management capabilities Pressure growing to disclose ERM information in MD&A COSO Enterprise Risk Management Framework 13

Changes in Risk Management Focus of ERM implementation depends on the company s objectives and sophistication Exploit Build Protect Shareholder value based focus Control Company Orientation Operational Strategic Basic Level of sophistication Highly sophisticated 14

Changes in Risk Management The orientation toward ERM is generally based on industry/ company attributes and objectives Orientation Governance & Control: Defensive approach focused on increasing the knowledge of, accountability for and communicating the company s key risks to minimize bad things happening to the company. Operational Improvement: Approach focused on improving the company s ability to manage risks at a lower cost, to take more risk at the same cost, to alter the company s risk profile or to align individual risk appetites. Strategic: Forward-looking approach focused on supporting performance management by incorporating ERM principles into processes that create the company s risk profile and drive organizational behavior Industry / Company Attributes Board-driven or defensive in nature Significant external shocks (e.g., environmental disaster, significant fraud, financial restatement) Heavily regulated industries (e.g., pharmaceuticals) Opportunistic in nature, seeking measurable benefits Challenging industry environments (e.g., automotive, commodity processors) Changing risk profile Seeking to optimize risk, return and growth Industries with more easily measurable risks (e.g., financial services, energy) Highly capital intensive Considering significant portfolio changes 15

Emerging information technology needs

Emerging Information Technology Needs IIA UK survey identified the following top technology risks Data quality risk Business systems risk (e.g. poor change control over an ERP system) Data security and privacy IT governance risk (e.g. lack of alignment between IT and the IT resilience & continuity IT project risk (e.g. failure to deliver benefits or within budget) 49% 59% 60% 63% 69% 79% 0% 20% 40% 60% 80% 100% 17

Emerging Information Technology Needs 2012 survey participants anticipate major changes in what they audit, how they audit, and the skills that will be needed 100% expect use of technology to increase IT capabilities expected to grow the most in importance: Privacy-related risks 60% Off-shored technology operations 60% Automated controls 60% ERP systems 53% Network security 51% Data warehouses 50% 18

Emerging Information Technology Needs Survey results: Skill sets that will be more important by 2012 1. Data mining & analysis 89% 2. Risk assessment 76% 3. Information technology 72% 4. Risk management 70% 5. Fraud detection 69% The ability to conduct data analysis is essential. Chief Audit Executive, Healthcare Industry Integrating technology and the finance skill set is becoming more and more important. Chief Audit Executive, Technology Industry Survey respondents indicating the skill set will be far more important or somewhat more important than today. Sarbanes-Oxley has developed an Internal Audit culture of staff believing they could stop thinking. Internal Audit needs to get back to having business conversations, be better prepared, and have an understanding of what is going on in the business. Chief Audit Executive, Consumer Products Industry 19

Emerging Information Technology Needs Participants anticipated deployment of IT audit strategies Increase IT skill level of general internal audit staff 76% Acquire more sophisticated IT tools to address IT risks 68% Increase use of third-party experts 60% More integration of IT audit resources into non-it teams 57% Deploy more higher level IT auditors 54% 20

Globalization requirements

Globalization Requirements Globalization Interviewees believe globalization will have a significant impact on internal audit over the next five years As more companies expand operations outside of their home country borders, internal auditors will face a myriad of challenges: Assessing risks in remote geographic locations Understanding control or cultural environments in remote or developing markets Obtaining staffing or resources to provide coverage When asked to describe Internal Audit organizational structure for global companies in 2012 Central function in home country 37% Core function in home country with satellite operations 54% Small operation in home country predominant outside 8% 22

Globalization Requirements Global Political Risk Key driver for global investments Key component of enterprise-wide risk assessments In its risk assessment, internal audit should evaluate political risk and its impact on: Corporate governance Regulatory compliance Operating performance Financial results 23

Globalization Requirements Global Political Risk - continued Internal Audit considerations: Monitor rapid economic growth Instability or deterioration Increasing levels of foreign investment Significant changes in governmental leadership Changes in regulations or trade agreements Social unrest, security issues A more mature technique is Political Risk Analysis (PRA) process firmly embedded in management s activities. 24

Changing the Internal Audit Value Proposition

Changing the Internal Audit Value Proposition As companies move toward entrprise risk management, Internal Audit must also evolve or risk a diminished value proposition 20 th Century Internal Audit Model Controls assurance based on cyclical or routine audit plans The Common Internal Audit Model in 2007 Controls assurance based on a risk-based internal audit plan The Risk-Centric Internal Audit Model Risk and control assurance based on the effectiveness of risk and control processes implemented by management If the view (among stakeholders) grows that all Internal Audit does is test controls, then resource levels will have to come down. Chief Audit Executive, Financial Services Industry Traditional internal auditing will probably diminish in value if the organization moves towards formal risk management. Senior Executive, Rating Agency 26

Changing Transforming the Internal internal Audit auditing Value Proposition While the case for change is compelling because the needs of organizations have changed dramatically Strategic risk is a key concern for Boards Globalization and the extended corporation are driving interdependence risk to higher levels Few robust techniques for overseeing risk Risks around financial controls and basic compliance are managed more effectively Significant variation in risk information provided to Boards Other stakeholders are also focused on strategic, organizational, and business risks Increasing pressures to reduce the cost of compliance Risk & Complexity Controls centric assurance Risk centric assurance Performance management centric assurance believes even a risk centric approach is not sufficient for today s environment Time 27

Changing Transforming the Internal internal Audit auditing Value Proposition Inefficient processes are also driving the need for transformational change Infrastructure Planning Fieldwork Reporting Quality Internal Audit Process Overview Stakeholder - Value Drivers 8 1 9 IA Charter and Mission Training Co-sourcing Methodology Procedures & Protocols Annual Risk Assessment Detailed Planning 5 Audit Reporting Client Satisfaction Annual Audit Plan 2 10 Individual Project Plan Audit Issue Tracking Periodic Assessments Strategic Plan & Reporting Structure Technology Special Projects Management / Executive Reporting IA Budget Administration & Travel 4 7 Detailed Controls Documentation Risk Assessment Updates Detailed Testing 6 7 Audit Committee Reporting Recruiting, Hir ing, Comp & Benefits Areas with significant opportunity for time and/or cost savings Areas with moderate opportunity for time and/or cost savings Areas with limited opportunity for time and/or cost savings 3 Audit Wrap-up Top 10 gaps common to many internal audit functions 1 2 3 4 5 6 7 8 Risk assessment typically not aligned with drivers of shareholder value Internal audit activities focus on low value activities and controls or replicates external audit procedures Financial and human resource limitations and constraints Use of technology tools is limited and they are not integrated Audits are planned with overly broad objectives and scope Routine audits do not fully leverage available data analytical tools Assignment process and travel requirements create significant process inefficiencies Communications (reports, etc) and ratings consume significant resources 9 Recommendations are not impactful 10 Process is weighted toward repetition vs. relevance 28

Changing Transforming the Internal internal Audit auditing Value Proposition s vision is a comprehensive approach to dramatically improve the value-to-cost ratio Value Toolkit Audit Lens Significantly more value Incorporating accepted models of value creation and performance as a reference point for identifying risk Evaluating risk based on its impact to promote or reduce shareholder value Identifying emerging risk through an industry sector lens and the associated risk and audit impact Creating an audit plan prioritized based on results of a value-oriented risk assessment 20% Less Cost Process Improvement & Technology Focusing audit services on significant risks and controls, and leveraging self assessment Reassessing the HR model to aligning skill sets with future audit focus and leveraging - off-shoring - outsourcing / co-sourcing to obtain needed skillsets Streamlining reporting processes; automating reporting and tracking Utilizing a range of technologies in the audit process for - data analysis and storage - risk assessment and monitoring - collaboration 29

Changing Transforming the Internal internal Audit auditing Value Proposition to a more value focused approach that still accommodates controls assurance requirements Value Toolkit Value creating processes & initiatives Resource allocation Enterprise risk assessment Value linkage Coverage driven by issues that directly impact shareholder value, with clear and explicit linkage to strategic issues of the organization Audit plan Follow up tracking Value based audits Cost effective controls assurance 30

Changing Transforming the Internal internal Audit auditing Value Proposition that can be targeted at value and / or cost improvements Value alignment Process & technology Strategic Initiatives Risk Management Performance Management Reporting Reporting Controls & Compliance Strategic Initiatives Risk Management Fieldwork Fieldwork Controls & Compliance Planning Planning Infrastructure Infrastructure "As Is" "To Be" "As Is" "To Be" 31

Changing Transforming the Internal internal Audit auditing Value Proposition Strategy maps are used to identify processes and initiatives that are critical to driving value in annual planning Maps can be constructed at the enterprise, business unit or functional levels 32

Changing Transforming the Internal internal Audit auditing Value Proposition Similarly, the balanced scorecard approach can be used to align audit project scope with process or functional strategies Illustration of alignment between shareholder value, strategies and audit focus at the audit scoping phase Strategy Execution Audit Resulting in a transformed audit that provides a basis for assessing the: Alignment of strategy, related objectives, and metrics and KPIs Achievement of targets Quality and integrity of critical data and reports Identification and management of significant risks Adequacy of processes and controls 33

Changing Transforming the Internal internal Audit auditing Value Proposition Resulting in a radically different end state Strategy Internal audit vision, goals and roadmap aligned with corporate strategy Metrics measure the success of the internal audit transformation People & Organization Deeper business acumen, client relationship, and data analysis skills Core staff transformed from financial auditors to business & controls analysts Offshore capabilities leveraged to reduce labor costs Innovation Blueprint Process Resources allocated based on risk to value Mix of continuous controls assurance and value based audits Streamlined reporting and communications Formalized relationship management activities Technology CAATs utilized for financial, controls and operational data and metrics Integrated audit platform and workflows Risk and controls dashboards with drilldown capabilities 34

Changing the Internal Audit Value Proposition Closing Comments Eight Key Attributes of an IA Function 1 2 3 4 5 Start with a plan Rethink risk assessment practices Fill the skills and capabilities gap Align with other assurance functions Focus on obtaining ROI from technology 35

Questions Contact Information E-mail: naman.parekh@us.pwc.com Phone: 206 398 3979 This publication has been prepared for general guidance on matters of interest only, and does not constitute professional advice. You should not act upon the information contained in this publication without obtaining specific professional advice. No representation or warranty (express or implied) is given as to the accuracy or completeness of the information contained in this publication, and, to the extent permitted by law, [insert legal name of the firm], its members, employees and agents do not accept or assume any liability, responsibility or duty of care for any consequences of you or anyone else acting, or refraining to act, in reliance on the information contained in this publication or for any decision based on it. 2010 PricewaterhouseCoopers LLP. All rights reserved. In this document, refers to [insert legal name of the firm] which is a member firm of PricewaterhouseCoopers International Limited, each member firm of which is a separate legal entity.

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback