External Quality Assessment of the Internal Audit Activity at the World Food Programme

Similar documents
UNITED ISD INTERNAL AUDIT DEPARTMENT QUALITY ASSESSMENT SELF-ASSESSMENT WITH INDEPENDENT EXTERNAL VALIDATION

External Quality Assessment of. The City Auditor s Office CITY OF CALGARY MARCH ISC: UNRESTRICTED AC Attachment

FLORIDA STATE UNIVERSITY Office of Inspector General Services Report #17-06

External Quality Assessment Review of University of Florida s Office of Internal Audit

External Quality Assessment of the Internal Audit Activity at. County of Orange. April County of Orange Final Report: June 13,

External Quality Assessment Of The University Of Florida s Office Of Audit & Compliance Review May 2012

August 14, Dear Ms. Gula:

Report. Quality Assessment of Internal Audit at <Organisation> Draft Report / Final Report

Internal Audit Quality Analysis Evaluation against the Standards International Standards for the Professional Practice of Internal Auditing (2017)

Lake County School District. Quality Assurance & Improvement Program. Internal Self-Assessment for. The Internal Audit Department

International Standards for the Professional Practice of Internal Auditing

External Quality Assessment Are You Ready? Institute of Internal Auditors

Practice Advisory : Quality Assurance and Improvement Program

Natural Resources Canada

Independent Validation of the Internal Auditing Self-Assessment

GoldSRD Audit 101 Table of Contents & Resource Listing

International Standards for the Professional Practice of Internal Auditing (Standards)

INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING (STANDARDS)

International Standards for the Professional Practice of Internal Auditing (Standards)

10/5/2016. Quality Assessment Review. Agenda. What s the purpose of a QAR? Internal Audit Manager Training October 3-4, 2016

Kentucky State University Office of Internal Audit

The Red (Book) Rocks The Latest and Greatest Audit Standards

CONNECTING THE INTERNAL AUDIT DOTS AN OVERVIEW OF INTERNAL AUDIT S ROLE, SCOPE, STANDARDS AND ENGAGEMENT APPROACH

Quality Assessment Review. Agenda. The Law Says 11/16/2015. Internal Audit Management November 19-20, 2015

Implementation Guide 1311

AUDIT COMMITTEE REPORTING: TRENDS & BEST PRACTICES Timothy Etoori Head of Internal Audit UGAFODE Microfinance

Quality Assurance and Improvement Program (QAIP)

COPYRIGHTED MATERIAL AUDIT SCHEDULING. Focus on: Conduct Engagements (25 35%) 1

INTERNAL AUDITOR S REPORT

What We Will Cover Today

Internal Quality Assurance Report. Internal Audit/Inspector General Department

Quality Assurance in Internal Audit. Standard on Internal Audit (SIA) 7

Implementation Guide 2060

BUSINESS RISK MANAGEMENT LTD. Proposal for External Quality Assessment of the Internal Audit function against world class best practice

Internal Audit Charter

SIAAB QUALITY ASSURANCE REVIEW PROGRAM

INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING

EXTERNAL QUALITY ASSESSMENT (EQA) REPORT FOR

Internal Audit Quality Policy

Audit Standards 6/23/2017. Outline. Let s Refresh. Changes to the IIA Standards

Changes To the Public Sector Internal Audit Standards April 2017

SIAAB Guidance #02 Internal Audit Independence- Interaction with Agency Head, Senior Staff and Placement Within the Organizational Structure

TEACHERS RETIREMENT BOARD. SUBJECT: Fiscal Year Audit Services External Quality Assessment Review CONSENT: ATTACHMENT(S): 1

Internal Audit Vice Presidency (IADVP) FY11 First Quarter Activity Report

City of Edmonton EXTERNAL QUALITY ASSESSMENT OF THE OFFICE OF THE CITY AUDITOR. September 11, 2015

Internal Audit Performance

OFFICE OF INTERNAL AUDITS APPALACHIAN STATE UNIVERSITY AUDIT MANUAL

Changes to The IIA Standards: What Board Members and Executive Management Need to Know

Practice Guide. Developing the Internal Audit Strategic Plan

Value-Added Internal Audit: Myth or Reality?

Internal Audit Charter

Implementation Guide 1300

Implementation Guides

CONTENTS. Acknowledgments... iv. 1: Introduction : Why have organizations chosen to seek compliance with the Standards?...2

Implementation Guide 1200

Internal Audit Policy and Procedures Internal Audit Charter

Canada. Internal Audit Charter 1+1. Canadian Nuclear Safety Commission. Office of Audit and Ethics. April 18, 2011

Tailoring IPPF Implementation

Internal Audit Charter

INTERNAL AUDIT CHARTER (Revision No. 4)

CGIAR System Management Board Audit and Risk Committee Terms of Reference

INTERNAL AUDIT CHARTER

The University of Texas at San Antonio 2014 External Quality Assessment of the Auditing and Consulting Services Office

Internal Audit Charter

How can I be a more insightful Internal Auditor? This does not happen by accident. It takes deliberate action. Insight comes with experience. Action M

ENERGY QUEENSLAND LIMITED INTERNAL AUDIT CHARTER. [April 2017]

I. Mission. II. Scope of the Work

OFFICE OF INTERNAL AUDITS APPALACHIAN STATE UNIVERSITY AUDIT MANUAL

Internal Audit Annual Assertion on Internal Auditing. for Financial Year

Practice Advisory : Internal Audit Charter

Internal Audit Standards Board Disposition on the 2010 Standards Exposure Results/Comments. Introduction

INTERNAL AUDIT POLICIES AND PROCEDURES OPERATING MANUAL

Fiscal Year 2018 Internal Audit Annual Report

United Nations Development Programme Office of Audit and Investigations CHARTER OF THE OFFICE OF AUDIT AND INVESTIGATIONS.

Caribbean Association of Audit Committee Members Inc. Independent Quality Assurance Assessment of the Internal Audit function

SERBA DINAMIK GROUP BERHAD INTERNAL AUDIT CHARTER

Texas Facilities Commission (TFC) Office of Internal Audit (OIA)

The NYSE Internal Audit Requirement

Quality Assessments what you need to know

Government Auditing Standards

INTERNATIONAL ORGANIZATION FOR MIGRATION. Keywords: internal audit, evaluation, investigation, inspection, monitoring, internal oversight

How to Pass an ALGA Yellow Book Peer Review Training by the Association of Local Government Auditors (ALGA) Tampa, Florida September 20, 2013

3/4/2019 INTRO TO HIGHER EDUCATION AUDITING PRACTICALLY PERFECT PLANNING

The University of Texas at San Antonio. Internal Audit Annual Report For Fiscal Year As required by the Texas Internal Auditing Act

This Internal Audit Charter is intended to define the role, responsibility and accountability of the Society s Internal Audit function.

Standards for the Professional Practice of Environmental, Health and Safety Auditing

STANDARD ON INTERNAL AUDIT (SIA) 7 QUALITY ASSURANCE IN INTERNAL AUDIT *

Control Environment Toolkit: Internal Audit Function

Internal Audit and SOX Best Practices

Quality Assurance and Improvement Program

EXTERNAL QUALITY ASSESSMENT OF ORANGE COUNTY S INTERNAL AUDIT DEPARTMENT

2012 IIA Standards Update

Implementation Guide 2000

INTERNAL AUDIT CHARTER SECURE TRUST BANK PLC

Periodic internal quality assessment Questions for discussion

Report on Inspection of K. R. Margetson Ltd. (Headquartered in Vancouver, Canada) Public Company Accounting Oversight Board

Audit of Weighing Services. Audit and Evaluation Services Final Report Canadian Grain Commission

Internal Audit Charter

Policies, Procedures and Guidelines

Transcription:

External Quality Assessment of the Internal Audit Activity at the World Food Programme November 2016

Table of Contents Executive Summary... 3 Opinion as to conformance to the Standards... 3 Scope and methodology... 4 Observations and positive attributes... 4 Recommendations... 5 Attachment A Standards conformance evaluation summary... 6 Attachment B Comments... 9 2

EECUTIVE SUMMARY As requested by the chief audit executive (CAE), Deloitte conducted an external quality assessment (QA) of the Internal Audit (IA) activity at the World Food Programme of the United Nations (WFP). Internal Audit activity is carried out by the Office of Internal Audit (OIGA), which is part of the WFP Office of Inspector General (OIG). The principal objectives of the QA were to assess the internal audit (IA) activity s conformance to The IIA s International Standards for the Professional Practice of Internal Auditing (Standards), evaluate the IA activity s effectiveness in carrying out its mission (as set forth in its charter and expressed in the expectations of WFP s management), and identify opportunities to enhance its management and work processes, as well as its value to the World Food Programme. OPINION AS TO CONFORMANCE TO THE STANDARDS It is our overall opinion that the IA activity Generally Conforms (GC) to the Standards and Definition of Internal Audit. For a detailed list of conformance to individual Standards, please see Attachment A. The IIA s Quality Assessment Manual suggests a scale of three ratings, generally conforms, partially conforms, and does not conform. Generally Conforms is the top rating and means that an IA activity has a charter, policies, and processes that are judged to be in conformance with the Standards. Partially Conforms means deficiencies in practice are noted and are judged to deviate from the Standards, but these deficiencies did not preclude the IA activity from performing its responsibilities in an acceptable manner. Does Not Conform means deficiencies in practice are judged to be so significant as to seriously impair or preclude the internal audit activity from performing adequately in all or in significant areas of its responsibilities. SCOPE AND METHODOLOGY As part of the preparation for the QA, the IA activity prepared an advanced preparation document with detailed information and sent out surveys to IA staff and a representative sample of Audit Clients. A summary of the survey results (without identifying the individual survey respondents) has been presented to the IA activity. Before commencement of the onsite work by the QA team on October 10, 2016, the QA team conducted preliminary activities and meetings with the Inspector General, the Director of Internal Audit and selected OIGA staff to gather additional background information, select senior management for interviews during the onsite fieldwork, and finalize planning and administrative arrangements for the QA. As part 3

of the review, extensive interviews were held with the President of the Executive Board (Governing Body), Audit Committee representatives, WFP Executive Director (ED), other Senior Executives, external auditor and several IA activity staff. A review was also performed on the IA activity s risk assessment and audit planning processes, audit tools and methodologies, engagement and staff management processes, as well as, a representative sample of the IA activity s work papers and reports. OBSERVATIONS AND POSITIVE ATTRIBUTES The IA activity environment where we performed our review is well-structured and progressive, where IIA Standards are understood and management is endeavoring to provide valuable and useful audit tools and implement appropriate practices. There is strong commitment from WFP Management and a recognition that OIGA is a trusted and valuable partner. In addition to the conformance to the IIA standards, the WFP Internal Audit Activity demonstrates a high level of effectiveness and maturity. The IA activity has significantly evolved in the years in scope for this engagement, in defining, implementing, measuring and improving its processes and practices. The IA activity effectively integrates information from across the organization, and is currently engaged in learning from inside and outside of the organization for continuous improvement. Some successful practices observed were: Ongoing and recognized efforts by OIGA to provide added value to the Organization through the structured and transformative improvement of the Internal Audit Activity; Recognition and consideration by WFP Senior Management of the role of IA activity as a trusted and solid business partner; Identification of WFP Internal Audit 3 year Strategy to enhance the IA activity alignment and engagement with the Organisation to add value; Increase in provision of structured advisory services by the IA activity to the Organization, as well as, an augmented demand for advisory services by management; Articulated Risk Assessment process performed with constant involvement of management and fine-tuned on a year by year basis; Fostering a collaborative environment, knowledge sharing and consolidation of best practices with audit staff through brainstorming and peer review meetings on the results of audit engagements,; Effective development of IA staff, internal and external to OIGA, by structured efforts in addressing learning and development. 4

RECOMMENDATIONS None. Thank you for the opportunity to be of service to the World Food Programme. We will be pleased to respond to further questions concerning this report and furnish any desired information. Lorenzo Fersurella, Certified Auditor Partner and Team Leader, Deloitte Risk Advisory Team Members: Silvia Quartullo, CIA, CCSA William Hay, CPA 5

ATTACHMENT A STANDARDS CONFORMANCE EVALUATION SUMMARY WORLD FOOD PROGRAMME OVERALL EVALUATION ATTRIBUTE STANDARDS 1000 Purpose, Authority, and Responsibility 1010 Recognition of the Definition of Internal Auditing 1100 Independence and Objectivity 1110 Organizational Independence 1111 Direct Interaction with the Board 1120 Individual Objectivity 1130 Impairments to Independence or Objectivity 1200 Proficiency and Due Professional Care 1210 Proficiency 1220 Due Professional Care 1230 Continuing Professional Development 1300 1310 Quality Assurance and Improvement Program Requirements of the Quality Assurance and Improvement Program 1311 Internal Assessments 1312 External Assessments 1320 Reporting on the Quality Assurance and Improvement Program GC PC DNC 1321 Use of Conforms with the International Standards for the Professional Practice of Internal Auditing 1322 Disclosure of Noncompliance PERFORMANCE STANDARDS 2000 Managing the Internal Audit Activity 2010 Planning 2020 Communication and Approval 6

2030 Resource Management 2040 Policies and Procedures 2050 Coordination 2060 Reporting to Senior Management and the Board 2100 Nature of Work 2110 Governance 2120 Risk Management 2130 Control 2200 Engagement Planning 2201 Planning Considerations 2210 Engagement Objectives 2220 Engagement Scope 2230 Engagement Resource Allocation 2240 Engagement Work Program 2300 Performing the Engagement 2310 Identifying Information 2320 Analysis and Evaluation 2330 Documenting Information 2340 Engagement Supervision 2400 Communicating Results 2410 Criteria for Communicating 2420 Quality of Communications 2421 Errors and Omissions 2430 Use of Conducted in conformance with the 2431 Engagement Disclosure of Nonconformance 2440 Disseminating Results 2500 Monitoring Progress 2600 Management s Acceptance of Risks IIA Code of Ethics 7

GC Generally Conforms means the assessor has concluded that the relevant structures, policies, and procedures of the activity, as well as the processes by which they are applied, comply with the requirements of the individual Standard or element of the Code of Ethics in all material respects. For the sections and major categories, this means that there is general conformity to a majority of the individual Standards or elements of the Code of Ethics, and at least partial conformity to the others, within the section/category. There may be significant opportunities for improvement, but these should not represent situations where the activity has not implemented the Standards or the Code of Ethics, has not applied them effectively, or has not achieved their stated objectives. As indicated above, general conformance does not require complete/perfect conformance, the ideal situation, successful practice, etc. PC Partially Conforms means the evaluator has concluded that the activity is making good-faith efforts to comply with the requirements of the individual Standard or element of the Code of Ethics, section, or major category, but falls short of achieving some major objectives. These will usually represent significant opportunities for improvement in effectively applying the Standards or Code of Ethics and/or achieving their objectives. Some deficiencies may be beyond the control of the activity and may result in recommendations to senior management or the board of the organization. DNC Does Not Conform means the evaluator has concluded that the activity is not aware of, is not making good-faith efforts to comply with, or is failing to achieve many/all of the objectives of the individual Standard or element of the Code of Ethics, section, or major category. These deficiencies will usually have a significant negative impact on the activity s effectiveness and its potential to add value to the organization. These may also represent significant opportunities for improvement, including actions by senior management or the board. 8

ATTACHMENT B COMMENTS Please note that the comments below are proposed solely as improvement suggestions for OIGA and shall not be considered as a deviation from the IIA standards. Timeliness of audit reports has represented an area of considerable improvement since the past QA, with the implementation of recommendations and efforts by management to discipline the process in an appropriate manner, including the preparation of a specific manual on reporting of audit engagements. Notwithstanding the above, and being mindful of the thorough consultation required for reports which will be publicly disclosed, timeliness of audit reports may constitute an area for further development, achieving early issuance and effective management of engagement reporting throughout the year, avoiding effort concentration near year-end. Audit Planning, including risk assessment, has witnessed noteworthy enhancements in the most recent years, with the roll out of an articulated and structured process in line with updated best practices concerning its development and reporting. All the same, it could be possible to envisage an opportunity to refine the standard resources/time approach to audit planning by fine-tuning it based on more comprehensive estimates of effort and resource allocation; OIGA s objectivity and independence is clearly recognized across the Organisation. The functional reporting relationship to the Executive Board, through its Bureau, the Audit Committee and within the Organisation would benefit from further clarity and formalization to solidify this independence; Resources for the IA activity have been stable in the last years. In the context of the Organization s dynamic business model, field based operations and risk environment, leading to an overall increase in risks, resources need to be reagularly reassessed and discussed with the Executive Director and the Audit Committee to ensure satisfactory coverage of the risk universe, while maintaining the independence of IA; Prompt work paper uploading and archiving, if effectively accomplished, especially when working with co-sourced auditors, may allow an improved tracking of engagement progress and status, consolidating best practices internally in the OIGA. 9

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback