Value-Added Internal Audit: Myth or Reality?

Similar documents
BUSINESS RISK MANAGEMENT LTD. Proposal for External Quality Assessment of the Internal Audit function against world class best practice

Spreading Organizational Happiness Through Internal Auditing. Adil Buhariwalla Crowe Horwath Partner, Internal Auditing & Risk Consulting

Internal Audit Quality Analysis Evaluation against the Standards International Standards for the Professional Practice of Internal Auditing (2017)

External Quality Assessment Are You Ready? Institute of Internal Auditors

Canada. Internal Audit Charter 1+1. Canadian Nuclear Safety Commission. Office of Audit and Ethics. April 18, 2011

Lake County School District. Quality Assurance & Improvement Program. Internal Self-Assessment for. The Internal Audit Department

Quality Assurance in Internal Audit. Standard on Internal Audit (SIA) 7

Independent Validation of the Internal Auditing Self-Assessment

Report. Quality Assessment of Internal Audit at <Organisation> Draft Report / Final Report

August 14, Dear Ms. Gula:

The Red (Book) Rocks The Latest and Greatest Audit Standards

Global Mega Trends Transforming Business

ENERGY QUEENSLAND LIMITED INTERNAL AUDIT CHARTER. [April 2017]

10 Imperatives for Internal Audit

External Quality Assessment Review of University of Florida s Office of Internal Audit

Kentucky State University Office of Internal Audit

Quality Assessments what you need to know

Implementation Guide 1311

External Quality Assessment of the Internal Audit Activity at the World Food Programme

Charter for Group Internal Audit. Approved by the Chairman on behalf of the Board of Directors on 18 January 2018.

Internal Audit Charter

Practice Guide. Developing the Internal Audit Strategic Plan

International Standards for the Professional Practice of Internal Auditing (Standards)

Control Environment Toolkit: Internal Audit Function

Periodic internal quality assessment Questions for discussion

Practice Advisory : Quality Assurance and Improvement Program

Implementation Guide 1200

EXTERNAL QUALITY ASSESSMENT OF ORANGE COUNTY S INTERNAL AUDIT DEPARTMENT

Internal Audit Challenges & Opportunities Speaker: Laurie Shen, Director, Grant Thornton LLP

IIA Global Update. Director, IIA Global Board Chair, IIA Global Audit Committee

Session 6C Internal audit value Developing metrics to present IA value

CONNECTING THE INTERNAL AUDIT DOTS AN OVERVIEW OF INTERNAL AUDIT S ROLE, SCOPE, STANDARDS AND ENGAGEMENT APPROACH

S23 - Hallmarks of a Strong Audit Function Lilian Fong and Marta O'Shea

Chief Audit Executive, Global Internal Audit

(

Bank of Botswana Internal Audit Charter March 18, 2013 INTERNAL AUDIT CHARTER BANK OF BOTSWANA

Cutting-Edge Internal Auditing Processes

List of Key Performance Indicators

Financial CIA-I. Certified Internal Auditor (CIA) Download Full Version :

Implementation Guide 1312

Quality Assurance and Improvement Program (QAIP)

Bruce Turner FIPA, FAIM, FFin, PFIIA, CGAP, CRMA, CISA, CFE, MAICD

International Standards for the Professional Practice of Internal Auditing (Standards)

EMPLOYMENT OPPORTUNITY

BUILDING BLOCKS FOR AN EFFECTIVE INTERNAL AUDIT FUNCTION Presentation by:

INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING (STANDARDS)

Policy and Procedures Date: November 5, 2017

Quality Assurance and Improvement Program

Mike Gowell SVP and GM Wolters Kluwer

AUDIT COMMITTEE REPORTING: TRENDS & BEST PRACTICES Timothy Etoori Head of Internal Audit UGAFODE Microfinance

Caribbean Association of Audit Committee Members Inc. Independent Quality Assurance Assessment of the Internal Audit function

EBA GL 44. Wording Amendments / Additions suggested. Amend ment /Comm ent # page

Chief Audit Executive

How can I be a more insightful Internal Auditor? This does not happen by accident. It takes deliberate action. Insight comes with experience. Action M

The IIA s Global Internal Audit Survey. A Component of the CBOK 1 Study

Transforming an Internal Audit Department from a Policing Function to a Risk-based / Value-added Function. April 15, 2016

From Dubai to Beijing

Leadership and Rising Stakeholder Expectations

EMPLOYMENT OPPORTUNITIES

Audit Standards 6/23/2017. Outline. Let s Refresh. Changes to the IIA Standards

Audit and Risk Committee Charter

Institute of Internal Auditors 2018 IIA CHICAGO CHAPTER JOIN NTAC:4UC-11

Internal Audit Appendix: IIA Standards

What We Will Cover Today

Audit Never Sleeps. Angela Witzany, CIA, QIAL, CRMA Chairman of the Global Board The Institute of Internal Auditors

Internal Audit & the Audit Committee

Internal Audit Quality Policy

Business Case and Proposal

Internal Audit Charter

Internal Audit Vice Presidency (IADVP) FY11 First Quarter Activity Report

The Future of Internal Auditing:

International Finance Corporation

IIA South and IIA East. Assurance Mapping. 2 nd February David Alexander

#PurposeServiceImpact IIA Global Chairman s Theme

3.6.2 Internal Audit Charter Adopted by the Board: November 12, 2013

Certificate in Establishing an Internal Audit Function

Lewis Group Limited Application of King III Corporate Governance Principles March 2017

Positioning Internal Audit to Deliver Value

Dexia Group Audit Charter

Hiring and Staff: An Effective Internal Department

Benchmarking Report Share, Compare, Validate SAMPLE. Year: 2017 Your Organization Date

Senior IT Auditor. (SWAP Partners and Clients) Role Profile

The University of Texas at San Antonio 2014 External Quality Assessment of the Auditing and Consulting Services Office

Practice Advisory : Internal Audit Charter

Mario A. Nazareth Group Chief Internal Auditor Mahindra & Mahindra Limited. Bombay Chartered Accountants Society 13 th July 2018

Supervisory Committee Expectations of Internal Audit

INTERNAL AUDIT CHARTER (Revision No. 4)

KING III COMPLIANCE ANALYSIS

CORPORATE GOVERNANCE KING III COMPLIANCE REGISTER 2017

Mind the Gap Assuring Stakeholders of Internal Audit s Value. Anton van Wyk, CIA, QIAL, CRMA IIA Global Chairman 2014/2015

King lll Principle Comments on application in 2013 Reference in 2013 Integrated Report

Implementation Guides

This additional work is carried out by internal auditors, who may be company

Natural Resources Canada

Internal Audit 2017: Global Trends and Outlook. Richard F. Chambers, CIA, QIAL, CGAP, CCSA, CRMA President & CEO, The Institute of Internal Auditors

AUDIT COMMITTEE: SELF ASSESSMENT CHECKLIST 2013/14

CYPRUS INSTITUTE OF INTERNAL AUDITORS

Toyota Financial Services (South Africa) Limited: King III Principles

About the Pulse of Internal Audit

King lll Principle Comments on application in 2016 Reference Chapter 1: Ethical leadership and corporate citizenship Principle 1.

Transcription:

Value-Added Internal Audit: Myth or Reality? Istanbul 12 November 2013 Jean-Pierre Garitte, CIA, CCSA, CISA, CFE, RFA Past Chairman of the Board IIA Past President ECIIA

Polling question #1 For how long have you been an internal auditor? 1. Less than 3 years 2. More than 3 years but less than 10 years 3. More than 10 years 4. I am not an internal auditor JPG Consulting 2

Polling question #2 Have you already performed an internal quality assessment of your internal audit function? 1. Yes 2. No JPG Consulting 3

Polling question #3 Have you already performed an external quality assessment of your internal audit function? 1. Yes 2. No JPG Consulting 4

Three lines of defense model Board of Directors / Audit Committee Senior Management 1 st Line of Defense 2 nd Line of Defense 3 rd Line of Defense Management Controls Internal Control Measures Financial Control Security Risk Management Quality Inspection Internal Audit External audit / NAO Regulator Compliance JPG Consulting 5

Some critical thoughts 1. Can Senior Management and a Board of Directors or an Audit Committee perform their role without a qualified internal audit function? 2. How does Senior Management and a Board of Directors or the Audit Committee obtain assurance on the performance of the internal audit function? JPG Consulting 6

Value of Internal Audit The internal audit function should be able to tell : - when the company is being poorly managed, - where critical risks are not being identified or properly managed, - when the business objectives are not likely to be met. JPG Consulting 7

Value of Internal Audit In addition, internal audit: acts as a training ground for future line managers, by exposing fast track members of the department to a variety of situations, activities and functions within the organization; provides a one stop shop for best practice advice; provides an independent, objective opinion as to the quality of the business controls; stimulates risk awareness throughout the organization; JPG Consulting 8

Value of Internal Audit In addition, internal audit (continued): is a source of qualified, experienced talent that can aid management in business improvement programs; provides specialist professional independent opinions on a variety of situations, such as due diligence exercises; reports on fraudulent activity within the organisation, with a view to understanding how it happened and how to prevent it occurring again; ensures that the company-wide initiatives, such as a code of conduct, are being adhered to; makes Senior Management and the Board sleep well at night. JPG Consulting 9

Quality Assessment Review IIA Standards Scorecard Example Rating IIA Attribute Standards 1000 - Purpose, Authority, and Responsibility 1100 Independence and Objectivity 1200 Proficiency and Due Professional Care 1300 Quality Assurance and Improvement Program Rating IIA Performance Standards 2000 Managing the Internal Audit Activity 2100 Nature of Work 2200 Engagement Planning 2300 Performing the Engagement 2400 Communicating Results 2500 Monitoring Progress 2600 Resolution of Management s Acceptance of Risks Generally conforms to the relevant structures, policies, and procedures of the activity, as well as the processes by which they are applied, complies with the requirements of the individual Standard. Partially conforms to the activity and is making good-faith efforts to comply with the requirements of the individual Standard. Does not conform to the activity and is not aware of, is not making good-faith efforts to comply with, or failing to achieve many/all of the objectives of the individual Standard. JPG Consulting 10

Different layers of assessment Strategy: Structure: Mission and charter Strategic objective setting Strategic organizational model Performance evaluation Strategy Structure Alignment with corporate strategy Alignment with people strategy Departmental structure Credibility within the company Technology: Data analytics and tools Knowledge management Technology efficiencies Automated audit software Technology Process People People: Career Development Roles Skills Staffing Process Methodology Risk assessment Audit plan Engagement planning Execution Reporting Communication Issue tracking and follow-up Internal and external Assessment JPG Consulting 11

The Structural elements of an Internal Audit Function Supporting Processes Production Processes Activity organization and management Human Resources Information Technology Planning Performance Communication and reports Vision, values, & strategic objectives Constitution of a team of experts Electronic management system of work files Mapping of company risks Information on objectives and expectations for each mission Communication / Reporting to audited entities Structure and organisation (Processes / Methods) Recruitment Specific applications and technologies Knowledge of internal audit clients expectations Collaboration with the audited entity Communication / Reporting to management Resource management Training and personal development Database of best practices Internal audit plan Needs for expertise evaluation and responses to main issues Communication / Reporting to audit committee Coordination with Activity measurement Internal communication external auditors and Work Program other control entities Communication with external auditors and other control entities Individual evaluations Resources assignment Tests and analysis Internal audit clients satisfaction measurement Remuneration Work documentation Room for Satisfying Perfectible Need for improvement improvement Not applicable Out of scope Engagement supervision The structural elements in a shaded color frame appear in the IIA (Institute of Internal Auditors) professional standards Follow up JPG Consulting 12

Key Performance Indicators (1/2) Example of KPIs Dimension KPI Audit Committee and Executive Management AC/EM survey rating Materiality level of audit findings Percentage of unsatisfactory ratings Number of frauds per annum and value of frauds Number of complaints from regulatory bodies Number of auditors per 1000 employees Percentage of audit universe covered per year Audit Clients Satisfaction survey rating Percentage of subject matters in the audit plan identified by the business lines Percentage of unsatisfactory rating/compliance Percentage of issues open/closed/past due per business line Number of best practices identified in the business line Percentage of recommendations accepted/refused Number of repeat findings Number of requests by local management for audit support Average response time to management requests for support Audit Processes Percentage of audits performed versus plan Percentage of time spent on automated/manual controls Average number of SAP standard queries used per audit Mean time from closing meeting to report issuance Percentage of annual audit costs versus annual budget JPG Consulting 13

Key Performance Indicators (2/2) Example of KPIs Dimension KPI Innovation and Capabilities Percentage of auditors with university degrees Percentage of auditors with economic/engineering/mathematics/etc. education Number of years of relevant business experience Number of years of audit experience Percentage of certified auditors Percentage of planned/unplanned staff turnover per year Percentage of planned leavers being promoted in the organization Audit group rating by staff members Number of training hours per auditor and year Percentage of auditors rated per year Percentage of auditors with rating above/below expectations Average peer review rating (quality rating given by peer reviewer to a specific file) Internal Stakeholders Number of ERM steering committee and work group meetings Number of significant initiatives developed/implemented Number of audit subjects within the internal audit plan coming from the external auditors Number of external audit hours saved and effectiveness enhanced as a result of internal audit initiatives Number of audit subjects within the external audit plan coming from IA JPG Consulting 14

Polling question #4 Have you developed meaningful metrics for your internal audit function? 1. Yes 2. No JPG Consulting 15

Internal audit in practice(1) Internal audit does not always provide assurance. Internal audit does not always provide valueadded consulting services. Internal audit does not often evaluate the governance processes. Internal audit does not often evaluate the risk management processes. JPG Consulting 16

Polling question #5 Do you audit the governance processes within your organization? 1. Yes 2. No JPG Consulting 17

Polling question #6 Do you audit the risk management processes within your organization? 1. Yes 2. No JPG Consulting 18

Internal audit in practice (2) Internal audit operates as a second line of defense. Internal audit acts and is perceived as a compliance function. Internal audit inspects branches, stores. JPG Consulting 19

Three lines of defense model Board of Directors / Audit Committee Senior Management 1 st Line of Defense 2 nd Line of Defense Management Controls Internal Control Measures Financial Control Security Risk Management Quality Inspection External audit / NAO Regulator Compliance Internal Audit JPG Consulting 20

Polling question #7 Is more than 50% of your audit plan focused on compliance risks? 1. Yes 2. No JPG Consulting 21

Perception by stakeholders No added value. No business partner. No alignment with company strategy. Fear factor: from errors to punishment. No managerial talent. No meaningful KPIs. Not focused on the proper risks. JPG Consulting 22

Polling question #8 Do you consider internal audit to be a business partner to your organization? 1. Yes 2. No JPG Consulting 23

Polling question #9 Do the CEO / President and senior management of your organization consider you to be a business partner? 1. Yes 2. No JPG Consulting 24

Conditions of audit committees No proper monitoring of risk management, internal control and internal audit. Not always properly staffed. Not well prepared. No support when needed. No voice at the Board. JPG Consulting 25

Polling question #10 Do you feel internal audit to be supported by the Audit Committee / Board of Directors in your organization? 1. Yes 2. No JPG Consulting 26

Conditions of companies No risk and control culture. No risk ownership. No accountability. Control is not my business. Cost cutting affects control tasks. JPG Consulting 27

Value-Added Internal Audit : Myth or Reality? 28

Value-Added Internal Audit : Myth or Reality? M Y T H 29

What to do to change myth into reality? At macro-level: the Institute of Internal Auditors (TIDE) At micro-level: every Chief Audit Executive JPG Consulting 30

Efforts by the CAE (1) Internal audit should be an agent for change: Change the risk and control culture of your organization. Coordinate risk management activities. Develop an assurance map for your organization. JPG Consulting 31

Polling question #11 Do you contribute to the development of an assurance map in your organization? 1. Yes 2. No JPG Consulting 32

Efforts by the CAE (2) Focus on the areas that need to be audited, not what is easy to audit. Provide assurance on major risks. Audit the second lines of defense and, if OK, rely on the results of their work. Do not duplicate second line of defense activities. JPG Consulting 33

Efforts by the CAE (3) Develop a comprehensive audit universe. Assess the risks on a periodical basis. Do not adhere to your audit plan in a rigid way. Develop metrics that are relevant for your stakeholders. JPG Consulting 34

Efforts by the CAE (4) Write reports with impact. Do not focus on problems, but offer solutions. Solutions should not be academic but rather pragmatic. Listen to your stakeholders. JPG Consulting 35

Polling question #12 How would you assess the overall value of the internal audit function in your organization? 1. It is a state-of-the-art practice. 2. Some minor improvements are needed. 3. Some major improvements are needed. 4. There is a lot of work to do. JPG Consulting 36

Value-Added Internal Audit: Myth or Reality? Istanbul 12 November 2013 Jean-Pierre Garitte, CIA, CCSA, CISA, CFE, RFA Past Chairman of the Board IIA Past President ECIIA

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback