Quality Assessments what you need to know

Similar documents
INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING

Implementation Guide 1312

Practice Advisory : Quality Assurance and Improvement Program

Report. Quality Assessment of Internal Audit at <Organisation> Draft Report / Final Report

External Quality Assessment Review of University of Florida s Office of Internal Audit

Internal Audit Quality Analysis Evaluation against the Standards International Standards for the Professional Practice of Internal Auditing (2017)

International Standards for the Professional Practice of Internal Auditing (Standards)

International Standards for the Professional Practice of Internal Auditing (Standards)

Lake County School District. Quality Assurance & Improvement Program. Internal Self-Assessment for. The Internal Audit Department

International Standards for the Professional Practice of Internal Auditing

Internal Audit Challenges & Opportunities Speaker: Laurie Shen, Director, Grant Thornton LLP

Quality Assurance in Internal Audit. Standard on Internal Audit (SIA) 7

GoldSRD Audit 101 Table of Contents & Resource Listing

Practice Advisory : Internal Audit Charter

INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING (STANDARDS)

3.6.2 Internal Audit Charter Adopted by the Board: November 12, 2013

Internal Audit Charter

Implementation Guides

Planning tool: Audit committee calendar of activities

Implementation Guide 2060

Internal Audit Services. March 2017

EY Center for Board Matters. Leading practices for audit committees

audit typology 115 audit universe 101 data and information pool 103 definition 101 structure and content 101

Implementing Analytics in Internal Audit. Jordan Lloyd Senior Manager Ravindra Singh Manager

Sarbanes-Oxley Act of 2002 Can private businesses benefit from it?

External Quality Assessment Are You Ready? Institute of Internal Auditors

Guidance Note: Corporate Governance - Audit Committee. March Ce document est aussi disponible en français.

Tools & Techniques II: Lead Auditor

Guidance Note: Corporate Governance - Audit Committee. January Ce document est aussi disponible en français.

SIAAB Guidance #02 Internal Audit Independence- Interaction with Agency Head, Senior Staff and Placement Within the Organizational Structure

Caribbean Association of Audit Committee Members Inc. Independent Quality Assurance Assessment of the Internal Audit function

BUSINESS RISK MANAGEMENT LTD. Proposal for External Quality Assessment of the Internal Audit function against world class best practice

Implementation Guide 2050

POLARIS INDUSTRIES INC. BOARD OF DIRECTORS AUDIT COMMITTEE CHARTER Revised January 26, 2017

Internal Financial Control (IFC)& Internal Financial Controls over Financial Reporting (IFCoFR)

International Finance Corporation

CABOT OIL & GAS CORPORATION AUDIT COMMITTEE CHARTER

Implementation Guide 1200

Quality Assurance and Improvement Program

The University of Texas at San Antonio 2014 External Quality Assessment of the Auditing and Consulting Services Office

Canada. Internal Audit Charter 1+1. Canadian Nuclear Safety Commission. Office of Audit and Ethics. April 18, 2011

FIRST SOLAR, INC. CORPORATE GOVERNANCE GUIDELINES. A. The Roles of the Board of Directors and Management

Practical Suggestions/Tips for an Effective BSA/AML Compliance Function

The Red (Book) Rocks The Latest and Greatest Audit Standards

9. Internal control Internal control, as defined in accounting and auditing, is a process for assuring achievement of an organization's objectives in

EFFECTIVE STRATEGIES IN PLANNING AND EXECUTING A SUCCESSFUL INTERNAL AUDIT

Lya Villasuso OECD Corporate Affairs Division Response ed to: RE: Corporate Governance and the Financial Crises

Audit committee performance evaluation

Beyond Compliance. Leveraging Internal Control to Build a Better Business: A Response to Sarbanes-Oxley Sections 302 and 404

Audit Committee Charter

Changes to The IIA Standards: What Board Members and Executive Management Need to Know

BIO-RAD LABORATORIES, INC. (the Company ) Audit Committee Charter

Proposed Attestation Requirements for FR Y-14A/Q/M reports. Overview and Implications for Banking Institutions

A-9: Audit Committee Effectiveness

Quality Assurance and Improvement Program (QAIP)

Audit quality Independent Audit

Table of Contents. 2 Introduction: Planning an Audit? Start Here. 4 Starting From Scratch. 6 COSO s 2013 Internal Control Integrated Framework

Implementation Guide 1300

Internal Audit Charter

The Future of Internal Auditing:

S23 - Hallmarks of a Strong Audit Function Lilian Fong and Marta O'Shea

BIOSCRIP, INC. CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS

AUDIT COMMITTEE CHARTER

Guidance Note: Corporate Governance - Board of Directors. January Ce document est aussi disponible en français.

Appointing, Assessing, and Compensating the Independent Auditor The Role of the Audit Committee

CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS OF ISRAMCO, INC.

The NYSE Internal Audit Requirement

THE BACKGROUND OF AUDIT QUALITY ASSURANCE (AQA) Presentation by: CPA Anne Muraya Audit & Assurance Leader, Deloitte East Africa Tuesday, 1 August

NEWMARK GROUP, INC. AUDIT COMMITTEE CHARTER. (as of December 2017)

COSO Updates and Expectations. IIA San Diego Chapter January 8, 2014

SUNEDISON, INC. AUDIT COMMITTEE CHARTER (Adopted October 29, 2008)

Procure to Pay (P2P) Risk Analytics. Risk Advisory

CORPORATE GOVERNANCE GUIDELINES OF LIQUIDMETAL TECHNOLOGIES, INC.

STARWOOD HOTELS & RESORTS WORLDWIDE, INC. CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS

BIG LOTS, INC. AMENDED AND RESTATED AUDIT COMMITTEE CHARTER

AUDIT COMMITTEE CHARTER

CATERPILLAR INC. CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS (adopted by the Board of Directors on February 11, 2015)

AUDIT COMMITTEE CHARTER. Specifically, the Audit Committee is responsible for overseeing that:

City of Edmonton EXTERNAL QUALITY ASSESSMENT OF THE OFFICE OF THE CITY AUDITOR. September 11, 2015

AUDIT COMMITTEE CHARTER

EXTERNAL QUALITY ASSESSMENT OF ORANGE COUNTY S INTERNAL AUDIT DEPARTMENT

Deloitte Governance Framework and Maturity Model

See your auditor clearly. Transparency report: How we perform quality audit engagements

BioAmber Inc. Audit Committee Charter

Value-Added Internal Audit: Myth or Reality?

Creating Effective Public Sector Audit Committees

August 14, Dear Ms. Gula:

Audit committee performance evaluation

Audit Standards 6/23/2017. Outline. Let s Refresh. Changes to the IIA Standards

GROUP 1 AUTOMOTIVE, INC. AUDIT COMMITTEE CHARTER

GTT COMMUNICATIONS, INC. AUDIT COMMITTEE CHARTER

Strathclyde Partnership for Transport

FARMER BROS. CO. CORPORATE GOVERNANCE GUIDELINES (Adopted February 1, 2017)

UNIVERSAL BUSINESS PAYMENT SOLUTIONS ACQUISITION CORPORATION CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS

AUDIT COMMITTEE CHARTER AS AMENDED AS OF MAY 6, 2015

CDK GLOBAL, INC. AUDIT COMMITTEE CHARTER Effective January 20, 2016

Kentucky State University Office of Internal Audit

AUDIT COMMITTEE CHARTER

INTERNAL AUDIT POLICIES AND PROCEDURES OPERATING MANUAL

Sample audit committee charter

Transcription:

Quality Assessments what you need to know Patty Miller, Partner Deloitte & Touche LLP Cavell Alexander, VP-Internal Audit Intermountain Healthcare

Overview of requirements Scope of assessment Approaches to achieving compliance Getting started and being prepared Benefits Challenges Examples Agenda www.ahia.org 2

Institute of Internal Auditors (IIA) Quality Standards (1300 Series) Quality Assurance and Improvement Program The chief audit executive (CAE) must develop and maintain a quality assurance and improvement program that covers all aspects of the internal audit (IA) activity. 1310 Requirements of the Quality Assurance and Improvement Program 1311 Internal Assessments 1312 External Assessments 1320 Reporting on the Quality Assurance and Improvement Program 1321 Use of Conforms with the International Standards for the Professional Practice of Internal Auditing 1322 Disclosure of Nonconformance Overview of requirements www.ahia.org 3

Standard 1312 External Assessments External assessments must be conducted at least once every five years by qualified, independent reviewer or review team from outside. CAE must discuss with the board: need for more frequent external assessments; and qualifications and independence of external reviewer, including potential conflict of interest. Interpretation Qualified reviewer or team demonstrates competence in two areas: professional practice of internal auditing and external assessment process. Competence can be demonstrated through mixture of experience and theoretical learning. Experience gained in organizations of similar size, complexity, sector or industry, and technical issues more valuable than less relevant experience. Not all members of team need to have all competencies; it is the team as a whole that is qualified. Independent reviewer or review team means not having either real or apparent conflict of interest and not being a part of, or under control of, the organization to which the internal audit activity belongs. Overview of requirements www.ahia.org 4

Standard 1320 Reporting on the Quality Assurance and Improvement Program The chief audit executive must communicate the results of quality assurance and improvement program to senior management and the board. Interpretation The form, content, and frequency of communicating the results of quality assurance and improvement program is established through discussions with senior management and board and considers responsibilities of the internal audit activity and chief audit executive as contained in the internal audit charter. To demonstrate conformance with the Definition of Internal Auditing, the Code of Ethics, and the Standards, the results of external and periodic internal assessments are communicated upon completion of such assessments and results of ongoing monitoring are communicated at least annually. The results include reviewer s or review team s assessment with respect to degree of conformance. Overview of requirements www.ahia.org 5

Standard 1321 Use of Conforms with the International Standards for the Professional Practice of Internal Auditing The chief audit executive may state that internal audit activity conforms with International Standards for the Professional Practice of Internal Auditing only if results of quality assurance and improvement program support this statement. Interpretation The internal audit activity conforms with the Standards when it achieves the outcomes described in the Definition of Internal Auditing, Code of Ethics, and Standards. The results of the quality assurance and improvement program include the results of both internal and external assessments. All internal audit activities will have the results of internal assessments. Internal audit activities in existence for at least five years will also have the results of external assessments. Standard 1322 Disclosure of Nonconformance When nonconformance with the Definition of Internal Auditing, Code of Ethics, or Standards impacts the overall scope or operation of internal audit activity, the chief audit executive must disclose the nonconformance and the impact to senior management and the board. Overview of requirements www.ahia.org 6

International Standards for the Professional Practice of Internal Auditing Attribute Standards Purpose, Authority, and Responsibility Independence and Objectivity Proficiency and Due Professional Care Quality Assurance and Compliance Performance Standards Manage the IA Activity Nature of Work Engagement Planning Perform Engagement Communicate Results Monitor Progress Report Conclusion as to whether the activity: Generally conforms Partially conforms Does not conform Scope of assessment www.ahia.org 7

Key Inputs Interviews, Org. Structure, Charter Enterprise Objectives for Audit and Risks Leading Practices State of the Art International Standards Interviews and survey Process Review of process, reports, risk assessment Conduct Interviews Independence Professional Proficiency Complete Surveys Document Examination Perform Analysis Scope of Work Performance Management Review of Work Papers and Technology Plan Review Reports Objectivity Status Available Resources Structure Budgets Skills Specialists Depth Training Supervision Risk Focus Financial Operational Compliance Response To Change Tools Techniques Reports Work Papers Technology Contribution Productivity Charter Plans Policies Personnel Administration Interfaces Quality Assurance Reporting/Communications Document observations and analysis Conclusion as to compliance to IIA standards Deliver observations External assessment approach www.ahia.org 8

Key Focus Areas Organization & People Processes / Methodologies Stakeholder Perceptions Performance Organization size and structure Reporting relationships Strategies and scope of work (IA Charter) Leadership and staff competency and qualifications Diversity of skills Organization funding and cost management Human resource strategies Risk assessment methodology Audit planning process Audit execution methodologies Communication and reporting strategies Coordination with Sarbanes-Oxley activities Coordination and synergy with external auditors and other risk management functions Quality of service Business perspective Focused on right areas Competency of people Adding value and providing insight Use of technology Coverage of risks and control environment Adequacy of performance metrics Stakeholder feedback process Compliance with professional standards External assessment approach www.ahia.org 9

Illustrative Project phases Planning Interviews/ Surveys Field work Report preparation Primary tasks Identify interview and survey participants and schedule Conduct project kick-off and entrance conference Modify and finalize draft workplan Create survey template Conduct internal audit interviews and surveys Conduct interviews and surveys with audit committee, external auditors, senior management, and business unit management Review charter, mission statements, organizational structure, span of controls, personnel credentials and education levels, training policies, performance appraisal process, and recruiting policies Comparisons/benchmarking with other companies and leading practices Analyze risk assessment, quality control, self auditing, and follow-up activities Review management and coverage of internal audit, policies, and compliance Review reporting and communication protocols, format, frequency, and tracking procedures Review use, effectiveness, and efficiency of technology used in performing audit work Identify successful practices Assess compliance to IIA standards Develop executive summary and report of observations, recommendations, identify areas of superior performance, and areas for improvement, if any Prepare draft report Participate in meetings, exit conference, and presentations as necessary Final report preparation and delivery Project week 1 2 3 4 5 6 External assessment approach www.ahia.org 10

Do you agree with the quality Standards and the requirement for an external assessment? Are your audit committee and senior management aware of the requirement? What are their views? Discussion point www.ahia.org 11

External assessment IIA Service providers Self assessment with independent validation IIA Service providers Peer review At least three organizations Approaches www.ahia.org 12

Approach Less Expense Less Time Commitment More Insight External Assessment P P Self Assessment with Independent Validation P P Peer Review P P Best option varies based on objectives and priorities to achieve compliance at lowest cost, with least time required, or to obtain more suggestions and leading practices Approaches www.ahia.org 13

Most organizations use an external assessor or team. Has anyone here considered or used the other two approaches? What do you see as the relative benefits? Discussion point www.ahia.org 14

Choosing an approach Key objective of assessment Developing a request for proposal Competence/knowledge Independence/objectivity Experience/ability to provide insights Desired focus areas Cost Selecting a provider Decision criteria Selection committee; role of board and senior executives Getting started www.ahia.org 15

Performing self assessment Identifying key contact for coordination Collecting and organizing documentation Company s organization chart Organization chart of the Internal Audit department and geographic coverage Audit Committee charter and Internal Audit charter List of departmental professional personnel Number of professionals Current number and level distribution Skill complement List of Audit Committee members Copy of risk assessment and audit plan for the current period and prior period Being prepared www.ahia.org 16

IIA Standards require external quality assessment every five years, effective since January 2002 Increased attention to controls Increased responsibility of, and focus on, Audit Committees Audit Committee / CxOs increasing their reliance on IA for regulatory requirements, risk management, and Sarbanes-Oxley program administration Increased focus on corporate governance and fraud prevention Attest auditors reliance on IA work Internal Audit increasingly called upon by executive management to be value-adding in meeting challenges of operating in today s complex business environment Changes in leadership: Audit Committee, CAE Desire to role model continuous improvement Why consider a quality assessment? www.ahia.org 17

Affirmation of quality focus External validation of quality for key stakeholders Receipt of objective feedback from key stakeholders and customers New ideas to enhance value delivery External support, if needed, for CAEs pushing the envelope Realignment of mission and objectives Respect of key stakeholders and customers Benefits www.ahia.org 18

Having support of audit committee and senior management Being audited! Time commitment Disruption to work activities Setting expectations Challenges and lessons learned www.ahia.org 19

What benefits do you see? What challenges have you experienced and how did you overcome them? If your senior leadership was not supportive of getting an external assessment, what would you suggest to convince them it was worthwhile? Discussion point www.ahia.org 20

Limited strategic/operational scope due to focus on financial/compliance objectives Limited technology focus or integrated audit approaches due to lack of IT specialist skillsets Misalignment of objectives between audit committee, senior management and CAE Limited use of tools/technology to enhance effectiveness and efficiency of audit process and to facilitate insight delivery Limited career advancement/development for internal auditors Lack of awareness of ongoing changes in Standards Focus on reporting test results vs. business issues, root cause, and collaborative solutions Missed opportunity to collaborate with other risk management functions and develop holistic risk assessment process Lack of explicit audit committee involvement in selection, evaluation and compensation of CAE Typical observations www.ahia.org 21

Engagement Scope and Objectives Company A requested Deloitte & Touche LLP ( Deloitte & Touche ) to perform a Quality Assessment of the Internal Audit (IA) Department at Company A. The key objectives of the Assessment were to: Assess Internal Audit's compliance with the Institute of Internal Audit (IIA) International Standards for the Professional Practice of Internal Auditing ( Standards ). Determine whether the Internal Audit Department is effective in carrying out its mission, as set forth in the Internal Audit Charter, and whether it is meeting expectations of the Audit Committee and management. Compare to leading practices in the profession and in the industry to identify opportunities to enhance Internal Audit's work processes and products, as well as its value to the Company. The Assessment focused on evaluating Internal Audit's risk assessment and audit planning processes, audit tools and methodologies, audit and staff management processes, and on reviewing a sample of working papers and reports. Interviews were conducted with the Chair of the Audit Committee, members of the senior management team, the Internal Audit Manager (the Chief Audit Executive (CAE)), and members of the Internal Audit team. 1 This report is intended solely for the information and internal use of Company A, and should not be used or relied upon by any other person or entity. Report examples www.ahia.org 22

Standards Compliance - Overview Standards Groupings Results Attribute Standards 1000 Purpose, Authority & Responsibility 1100 Objectivity and Independence 1200 Proficiency and Due Professional Care 1300 Quality Assurance and Improvement Program Performance Standards 2000 Managing the Internal Audit Activity 2100 Nature of Work 2200 Engagement Planning Attribute Standards Standards Summary Comments on Compliance and Recommendations 2300 Performing the Engagement 2400 Communicating Results 2500 Monitoring Progress 2600 Resolution of Senior Management s Acceptance of Risks 13 This report is intended solely for the information and internal use of Company A, and should not be used or relied upon by any other person or entity. 1200 Proficiency and due professional care Internal auditors must possess the knowledge, skills and other competencies needed to perform their individual responsibilities, and the IA activity must collectively possess or obtain the knowledge, skills and other competencies to perform its responsibilities. The CAE must obtain competent advice and assistance if the auditors lack the knowledge, skills or other competencies needed. Auditors must have sufficient knowledge to evaluate the risk of fraud, but are not expected to have the expertise of a person whose primary responsibility is detecting and investigating fraud. Auditors must have sufficient knowledge of key information technology risks and controls. Auditors must apply the care and skill expected of a reasonably prudent and competent auditor; due professional care does not imply infallibility. Auditors must enhance their knowledge, skills and competencies through continuing professional development. The IA group collectively maintains skills and competencies to implement the SOX program, and supplements its IT knowledge via a cosourcing arrangement. For the current scope of work, the IA Department seems to have the requisite knowledge and skills and performs its activities with due care. The IA group has installed the Approva tool which is used for testing of the segregation of duties, access rights and monitoring for compliance with approval procedures in selected areas (e.g., Journal Entry posting). Recommendations As the IA Department broadens its responsibilities beyond SOX, the CAE should assess the knowledge, skills and other new competencies required and develop a plan to obtain those skills such as through selective hiring, cosourcing or the use of guest auditors. The CAE should consider enhancing the current department policies to 1) specify the amount and nature of training, with a priority on training to support IA responsibilities in areas such as fraud and information technology controls; and 2) to specify the expectations for certification of staff. Many IA departments require a professional certification to be promoted into a senior or leadership role in the department. The IA department should consider expanding the use of technology-based data analysis and audit techniques beyond the current use of Approva noted above. The use of transactional data analysis tools can enhance the coverage of the audit population and provide for more targeted sample selection. For example, an analysis of the entire population of Accounts Payable transactions for a selected period against employee records and the vendor master file can assist in identifying potential fictitious vendors, duplicate vendors, unauthorized or duplicate payments, and other discrepancies which might not have been detected otherwise. The use of these tools is highly recommended to improve the effectiveness as well as efficiency of the IA team. 15 This report is intended solely for the information and internal use of Company A, and should not be used or relied upon by any other person or entity. Report examples www.ahia.org 23

Benchmark Data: Selected Metrics Benchmark Data: Company A vs. Industry & Total Universe Similar size Benchmark Description Company A Industry Universe (IA function) Revenue per Auditor (000s) $120 M $264 M $356 M $329 M Employees per Auditor 254 850 491 850 IT Audit Staff (cosourced) (% of Total Staff) 16.5% 15% 16% 17% Training Costs per Auditor $2,500 $2,608 $2,732 $2,464 Total Costs per Auditor (w/benefits) $250,000 $162,209 $160,478 $159,546 Total Costs per Auditor (w/o benefits) $143,000 $130,000 $130,500 $129,546 Percentage Staff with Professional Designations 50% 75% 74% 68% Staff Turnover 25% 22% 14% 20% Average Training Hours per Auditor 40 50 74 57 Internal Audit SOX Role - Utilities Responsible for the testing of controls only 54% Responsibility over all aspects of SOX 8% Audit SOX process only 23% Acts in a consultative manner assisting management only 15% Internal Audit SOX Role - All Industries Responsibility over all aspects of SOX 23% Responsible for the testing of controls only 37% Audit SOX process only 27% Acts in a consultative manner assisting management only 13% Benchmarking indicates that the size of the IA function appears relatively larger than average based on Revenues and Number of Employees per Auditor. However, as noted below, the majority of benchmarked functions do not have full responsibility for the SOX program, suggesting there are relatively more resources in the benchmarked organizations applied to non-sox activities. Although management is responsible for executing the controls and maintaining the documentation, Company A s internal audit department is involved in all aspects of SOX and has taken a leadership role in designing the program, testing controls and assessing results. This broad responsibility for the SOX program is unusual, as compared to the industry, as well as against general practice across all industries. The Cost/Auditor is higher than industry benchmarks. This is attributable to higher wages in California and above average benefits at Company A Company A s certifications rate is lower than industry, which might be partially due to the small size of the department. 23 This report is intended solely for the information and internal use of Company A, and should not be used or relied upon by any other person or entity. Company A Internal Audit Report examples www.ahia.org 24

Process/Methodologies Reporting IA should consider modifying its reporting process to report on all significant issues identified and associated management action plans. A risk reporting matrix could be used for consistent categorization, prioritization and reporting of all types of issues and risks under evaluation. Such a matrix is often used to provide the Audit Committee with a broader understanding of corporate governance and risk management activities related to financial, operational and compliance objectives. IA should consider an executive summary presentation, to aid the reader in focusing on the more significant areas. Such summaries often use color coding or key phrases to quickly communicate the significance of the issues, and would require IA to exercise judgment in prioritizing and summarizing issues. A leading practice of IA departments is to enhance the visual impact of internal audit reports by the thoughtful use of formats, charts, graphs, colors, etc. IA should consider increasing the visual formatting with charts, graphs and colors to more quickly attract the reader to the report, while helping him focus on key areas and discern important information quickly. PowerPoint presentations can effectively serve as a final report format, as well as support meeting presentations. This is typically a less formal approach, but is often a more economical approach, while still providing an effective reporting format. To reinforce the use and value of the COSO framework, a leading practice is to incorporate it into the Illustrative Roadmap standard report format. An example is provided to the right. Timing Action Step Key Activities IA should also consider including more prominent positive comments regarding operating strengths identified, to provide a balanced assessment with the issues identified presented in a clear context. 30 This report is intended solely for the information and internal use of Company A, and should not be used or relied upon by any other person or entity. 1Q CY11 1Q 2Q CY11 Evaluate and Prioritize Activities for Standards Compliance Conduct Comprehensive Enterprise Risk Assessment and Discuss Potential Audit Topics with Audit Committee and Management Consider compliance recommendations and prioritize action steps Develop plan to update current IA policies and procedures as compliance activities impact current department processes Review ERM assessment and consider risk factors; select risk factors (impact and vulnerability factors) and criteria to use in IA risk assessment Consider risks within business processes via interviews, document reviews, and knowledge of business Prioritize the identified risks for discussion with Audit Committee and management 2Q CY11 Define Overall Audit Scope and Audit Plan Develop a proposed internal audit plan that addresses the higher relative (unmitigated) risk areas, using either a consultative or assurance approach based on degree of vulnerability and existing mitigation Summarize proposed audits and develop audit budgets 2Q CY11 3Q CY11 4Q CY11 1Q CY12 2Q 4Q CY12 Assess Organizational Structure, Resources, Skills, Competency Requirements and Sourcing Options Present Recommended Plan, Structure/Staffing, and Charter to Audit Committee and Management for Approval Develop/Enhance Audit Execution and Reporting Processes and Associated Policies Execute New Plan and Report Progress and Results Develop Action Plans to Address Other Improvement Opportunities Identify skills required to complete proposed plan and assess requirements against department resources; identify skill gaps Consider alternative resource sourcing (in house guest auditor or cosourced) Consider longer term organizational structure and sourcing approaches to achieve risk-based audit coverage Communicate proposed IA Plan, budget, and updated IA Charter, as required Communicate higher relative risk projects that will not be addressed by Plan and budget Obtain respective approvals from Audit Committee and management Design a new IA reporting approach to communicate the results and insights from broader risk-based reviews; consider the use of ratings to prioritize findings Consider other leading practice recommendations and prioritize action plan Develop plan to update IA policies and procedures as changes in activities impact department processes Develop a risk based audit program for each project in scope Coordinate the project schedule with the auditees Design a formal approach to monitor the resolution of the action plans based on significance of finding 9 This report is intended solely for the information and internal use of Company A, and should not be used or relied upon by any other person or entity. Report examples www.ahia.org 25

Open discussion Discussion point www.ahia.org 26

We appreciate your participation Thank you! www.ahia.org 27

This presentation contains general information only and Deloitte is not, by means of this presentation, rendering accounting, business, financial, investment, legal, tax, or other professional advice or services. This presentation is not a substitute for such professional advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified professional advisor. Deloitte, its affiliates, and related entities shall not be responsible for any loss sustained by any person who relies on this presentation. Deloitte Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee, and its network of member firms, each of which is a legally separate and independent entity. Please see www.deloitte.com/about for a detailed description of the legal structure of Deloitte Touche Tohmatsu Limited and its member firms. Certain services may not be available to attest clients under the rules and regulations of public accounting. www.ahia.org 28

Save the Date: August 26-29, 2012 31 st Annual Conference in Philadelphia Pennsylvania www.ahia.org 29

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback