Enhancing Governance Through Internal Audit Activities

Similar documents
Value-Added Internal Audit: Myth or Reality?

REPORT 2016/033 INTERNAL AUDIT DIVISION

Guidance Note: Corporate Governance - Audit Committee. March Ce document est aussi disponible en français.

Sarbanes-Oxley Act of 2002 Can private businesses benefit from it?

The Red (Book) Rocks The Latest and Greatest Audit Standards

Terms of Reference (TOR) Provision of consultancy services for payroll verification exercise

Audit and Advisory Services Integrity, Innovation and Quality. Audit of Internal Controls over Financial Reporting

Internal Audit Policy and Procedures Internal Audit Charter

Audit Report. Audit of Contracting and Procurement Activities

Requirements Analysis and Design Definition. Chapter Study Group Learning Materials

2012 IIA Standards Update

Internal Audit Procurement Policies and Controls

The Road to Continuous Assurance. Jason A. Gross, CPA, CIA, CFE, CISA, ACDA Vice President, Controls Management Siemens Financial Services, Inc.

4. Organic documents. Please provide an English translation of the company s charter, by-laws and other organic documents.

On the Revision of the Standards and Practice Standards for. Management Assessment and Audit concerning Internal Control

Quality Assessments what you need to know

Prince William County Public Schools Annual Audit Plan

IIA 2015 Worldwide survey of 15,000 internal auditors

Benchmarking Report Share, Compare, Validate SAMPLE. Year: 2017 Your Organization Date

Caribbean Association of Audit Committee Members Inc. Independent Quality Assurance Assessment of the Internal Audit function

Sheena Tran, CPA May 19, 2014

Adding Value: Real Audits.Real Benefits!

GAP INC. AUDIT AND FINANCE COMMITTEE CHARTER February 23, 2016

Practice Guide. Developing the Internal Audit Strategic Plan

The City of Oregon City Oregon City Tourism Strategic Plan - Scope of Work. May 30, 2017 Submitted by Coraggio Group coraggiogroup.

Evaluating Internal Controls

Leading KPIs of Positive Financial Performance. Presented by: Hugh Shaw, Ventera Corporation Bill Riviere, Unanet

August 14, Dear Ms. Gula:

Assessment of the Design Effectiveness of Entity Level Controls. Office of the Chief Audit Executive

Service Business Plan

Siuslaw valley Fire Rescue & Western Lane Ambulance. SHARED ADMINISTRATIVE SERVICES Proposed Implementation Plan

Internal controls over Financial Reporting Key concepts. Presentation by Jayesh Gandhi at WIRC

Agenda. Enterprise Risk Management Defined. The Intersection of Enterprise-wide Risk Management (ERM) and Business Continuity Management (BCM)

Tactical Implementation of Enterprise Risk Management

The Internal Auditor s Duties Outside of Auditing

Business Planning and Governance for Corporate Training

PPG INDUSTRIES, INC. AUDIT COMMITTEE CHARTER

2014 Global Council. Dubai, UAE 6-9 March 2014 DAY 2. globaliia.org

Continuous Monitoring: Getting Results Today!

REPORT 2014/014. Audit of the implementation of the Murex system in the Investment Management Division of the United Nations Joint Staff Pension Fund

DeVry Approach to ERM

Extended Enterprise Risk Management

The Enterprise Project

Audit and Advisory Services Integrity, Innovation and Quality

Self Assessment Workbook

Five Tips: How to measure the value of your internal audit department

About the Pulse of Internal Audit

AUDIT COMMITTEE CHARTER

Internal Audit. Audit of Procurement and Contracting

AUDIT OF EARNINGS LOSS

Auditor General s Office REVIEW OF THE CITY SAP COMPETENCY CENTRE APPENDIX 1. June 1, 2010

Audit Committee Reporting: Trends and Best Practices. Claudio de los Rios CPA, CA, Wolters Kluwer November 1, 2016

Audit Committee Performance Evaluation

Independent Validation of the Internal Auditing Self-Assessment

INTERNAL AUDIT OF PROCUREMENT AND CONTRACTING

CONTENTS. Acknowledgments... iv. 1: Introduction : Why have organizations chosen to seek compliance with the Standards?...2

External Quality Assurance Review of the Office of the Auditor General Proposed Statement of Work for the Audit Sub- Committee.

Conseil des écoles publiques de l Est de l Ontario

The Road to Continuous Assurance. Jason A. Gross, CPA, CIA, CFE, CISA, ACDA Vice President, Controls Management Siemens Financial Services, Inc.

The Episcopal Diocese of Kentucky

Terms of Reference Audit Consultant UN Women Audit Unit Office of Audit and Investigations

Implementation Guides

Catching Fraud During a Recession Through Superior Internal Controls. FICPA s 25 th Annual Accounting Show. J. Stephen Nouss September 29, 2010

CERTIFICATIONS IN HUMAN RESOURCES. SPHRi TM Senior Professional in Human Resources - International TM SPHRi. Exam Content Outline

Governance Process ENDS. Board- President Relationship. Executive Limitations

FY17-FY18 Audit Plan. Office of Internal Auditing

S12 - Guidelines for Planning an IS Audit Christopher Chung

Internal Oversight Division. Internal Audit Strategy


The FMA Institute Courses & Resources

VENDOR RISK MANAGEMENT FCC SERVICES

UNIVERSITY OF COLORADO DEPARTMENT OF INTERNAL AUDIT 2018 AUDIT PLAN As of June 1, 2017

2013 COSO Internal Control Framework Update. September 5, 2013

Best Practices for Establishing a Cost-Effective Internal Audit Function. Article by Heidi Wier June 2016

S r. M a n a g e r R i s k A d v i s o r y. D a n S m i t h. D e c e m b e r S e r v i c e s. Operational Auditing & Operations Management

Internal Audit Challenges & Opportunities Speaker: Laurie Shen, Director, Grant Thornton LLP

Advanced External Auditing [AU2] Examination Blueprint

H U M A N R E S O U R C E S M A N A G E R

QUICK START GUIDE. for FSSC Implementation. Copyright 2016 Vinca, LLC.

Procurement Transformation on the Fast Track: Doing More with Less

Audit Committee Member Roles and Responsibilities

AXT, INC. CORPORATE GOVERNANCE GUIDELINES

Reliable Financial Reporting. Evaluating Deficiencies in Internal Control Over Financial Reporting

Dynamic Reallocation of Portfolio Funds

CREATING A FRAUD RISK ASSESSMENT AND IMPLEMENTING A CONTINUOUS MONITORING PROGRAM

HFTP Hospitality Financial and Technology Professionals

Self-Assessment for the CoSN Certified Education Technology Leader (CETL ) Certification Exam

Quality Assurance and Improvement Program

External Quality Assessment Are You Ready? Institute of Internal Auditors

NOT PROTECTIVELY MARKED. This paper is presented in line with the internal audit contract with Scottish Police Authority

Career opportunity: Executive Vice President and General Manager, Worldwide - Wolters Kluwer Finance, Risk and Regulatory Reporting (FRR) - London

Fiscal Oversight Fundamentals

Audit of Human Resources Planning

2014 BOARD OF DIRECTORS SELF-ASSESSMENT MIDCONTINENT INDEPENDENT SYSTEM OPERATOR, INC.

Optimizing the close cycle using nextgeneration account reconciliation best practices and tools

The University of Texas at San Antonio 2014 External Quality Assessment of the Auditing and Consulting Services Office

Corporate Risk Management Audit

See your auditor clearly. Transparency report: How we perform quality audit engagements

Financial Transfer Guide DBA Software Inc.

Southern Oregon University Internal Audit Plan Fiscal Year 2017

Transcription:

Enhancing Governance Through Internal Audit Activities Kaveh Rikhtegar, CPA, CA, CISA, CIA Director of Internal Audit Canadian Commercial Corporation

Key Points Understanding your audience and the Governance framework, Building an effective and value added internal audit organizational structure and processes, Using a risk based approach linked to the ERM, to complete the annual audit plan, and Creating an effective reporting mechanism to the Audit Committee.

Canadian Commercial Corporation (CCC) CCC was created by an act of Parliament in 1946. CCC is a wholly owned Government corporation reporting to the Minister of International Trade CCC is mandated to facilitate Government to Government trade between Canadian exporters and international buyers.

Internal Audit Pendulum No Assurance Negative Assurance Positive Assurance

Governance Model Board Members Set and maintain polices and key priorities Measure, Monitor Measure, Monitor Management Operation Develop and implement practices and procedures in order to role out the policies & accomplish key priorities Perform the day to day activities based on established practices and procedures

Understating our Role Changes in Our Focus & Approach Historically, IA has been known to be Police and Watchdog, Internal and external environments are continually changing, As a result, IA need to provide a more strategic role over Governance, Risk and Compliance: Gain consensus on audit objectives and Develop relationships, Stay informed with the plan, decisions and activities, Be transparent.

Understand your Audience Board Members Strategic, NO Surprises Assurance and Compliance focus Managing Risk Short span of attention Special education Diplomatic Therefore you must stay informed of business plans, events, developments and new initiatives

Understand your Audience Executive Management, Non Technical and Strategic Operation Management, Technical and Tactical Expectation Assurance and Compliance focus Ask them Value added audit shop, consulting activities Appreciate complexity of competing agendas - Prioritize Co-operative independent partner having a seat at the table. Ensure your charter reflects this understanding and provides the right authority.

Building an effective and value added internal audit organizational structure

Communication Effective communication is the KEY determinant of a successful IA function. Formal vs. Informal Communication Identify, capture and communicate pertinent information in a form and timeframe that is appropriate to the recipient, Communicate regularly, at multiple levels and multiple ways, Determine each executives communication preference and style, Create clear, concise presentation templates - Avoid information overload.

Audit Report TABLE OF CONTENT EXECUTIVE SUMMARY... 3 BACKGROUND... 3 AUDIT OBJECTIVES AND SCOPE... 3 APPROACH AND METHODOLOGY... 3 STRENGTHS... 3 OBSERVATIONS AND RECOMMENDATIONS... 4 KEY OBSERVATIONS... 4 SUMMARY AND CONCLUSION... 5

Rating of Audit Finding High: a key control does not exist, is poorly designed or is not operating as intended and the financial and/or reputation risk is more than inconsequential. Corrective action is needed to ensure process objectives are achieved. Medium: a key control does not exist, is poorly designed or is not operating as intended and the financial and/or reputation risk to the process is more than inconsequential. However, a compensating control exists. Corrective action is needed to avoid sole reliance on compensating controls. Low: a minor weakness in the design and/or operation of a key control. Ability to achieve process objectives is unlikely to be impacted. Corrective action is suggested to strengthen controls.

Rating of Audit Opinion Effective: Key controls are effectively designed and operating as intended. Needs Improvement: One or more key controls do not exist, are not designed properly or are not operating as intended. The impact to the audited process is more than inconsequential. Timely action is required. Unsatisfactory: Multiple key controls do not exist, are not designed properly or are not operating as intended. The impact to the audited process is material. Immediate action is required.

Executive Summary to the Audit Committee - Objective of the audit as approved by the Audit Committee. - Scope of activities performed in order to achieve the objectives. - Summary of Procedures Performed in order to complete the audit. - -

Summary Observations to the Audit Committee HIGH Detailed Finding a- Rating Accountable Timing Business Impact b b- LOW a Low Business Impact, Easy to Implement High Business Impact, Easy to Implement HIGH LOW Ease of Implementation High Business Impact, Difficult to Implement Low Business Impact, Difficult to Implement

Internal Audit Status Summary to the Audit Committee Audit Activities Annual Planning Activity 1 Activity 2 Activity 3 Activity 4 Activity 5 Activity 6 Internal Audit Follow Up Consulting and Advisory Q1 2013-14 Q2 Q3 Q4 Color Legend Complete In Progress Not Started

Status Update to the Audit Committee Period Ending (Date) Current Forecast Overall On Target Scope On Target Schedule On Target Resourcin g On Target Key Accomplishments this Quarter - - - - Key Upcoming Activities - - - -

Integrated Activities Auditing Identify groups within/outside the organization such as ERM, Quality Control, External Auditors to ensure a more effective risk assessment: Maximizing Scarce Resources Complete a coordinated annual planning process Look for opportunities to share and receive information Resulting in a more integrated audit activities

Training It should be linked to the annual audit plan, as well as current and future talent needs Auditors vs. Employees, Technical vs. Non Technical training, Must include key soft skills such as Problem Solving and Critical Thinking, Business Acumen Must be flexible, Must be recurring and not just a one time event.

Talent Retention Significant risk if a member leave the group 1. Establish a knowledge base within the team: Have a proper repository on tracking so that information is easily available, 2. Attention to Retention: Ensure the compensation is competitive and the department is viewed as a great place to work. Ensure the employees understand their roles and the available opportunities for advancement.

Standardization of Method, Approaches & Techniques Internal Audit Charter, Annual Planning process, Follow up tracking and reporting, Internal Audit Manual, Other templates, tools and guidelines, Customer Satisfaction Surveys

Establishing the Annual Budgets Head Count Budget Consulting Budget Training Budget ALL the above must be in line with the Annual Corporate Plan

Managing the Budget and Deliverables Internal Audit Time line 2013-2014 April May June July August September October Total Audit project Sub activity Hours Auditor 1 Annual planning 90 30 20 30 10 Audit Activity 1 Planning 50 20 30 Execution 90 30 30 30 Reporting 60 30 30 Audit Activity 2 Planning 0 Execution 0 Reporting 0 Audit Activity 3 Planning 0 Execution 0 Reporting 0 Audit Activity 4 Planning 0 Execution 0 Reporting 0 Audit Activity 5 Planning 0 Execution 0 Reporting 0 Audit Committee Support 0 MLP follow up 0 Vacation 0 Stat Holiday 0 Year end audit coordination with External Auditors 0 Training 0 Advisory and Consulting activities 0 TOTAL 290 30 20 30 10 20 30 30 30 30 30 30 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1-Apr 8-Apr 15-Apr 22-Apr 29-Apr 6-May 13-May 20-May 27-May 3-Jun 10-Jun 17-Jun 24-Jun 1-Jul 8-Jul 15-Jul 22-Jul 29-Jul 5-Aug 12-Aug 19-Aug 26-Aug 2-Sep 9-Sep 16-Sep 23-Sep 30-Sep 7-Oct 14-Oct 21-Oct

Customer Satisfaction Surveys Summary of Audit Surveys # Survey Question Audit 1 Audit 2 Audit 3 Audit 4 Overall Average 1The audit scope and objectives were relevant and clearly conveyed. 3 3 4 4 3.50 2The audit report is objective, accurate, succinct and clearly written. 3 3 3 4 3.25 3The audit recommendations are constructive and actionable. 3 3 3 4 3.25 4Communication lines were open and positive. 4 3 4 4 3.75 5The audit staff were objective, qualified and professional. 4 3 4 4 3.75 6The audit was well managed and performed in a timely and efficient manner. 4 3 4 4 3.75 7The audit provided value to my organization. 3 3 4 4 3.50 Legend Very Unsatisfied Unsatisfied Satisfied Very Satisfied 1 2 3 4

Executive Participation Presidents Executive Meetings, Key Management Committees, Quarterly One on One with Executives, Strategic Planning Sessions. Must have a Voice, Participate and Contribute

Networking and Continuous Development Active at international and local chapters, Participate or create internal audit round table discussion groups, Participate at the CAE discussion group - get another perspective, Webinars, Conferences.

Assessing Effectiveness of IA Function Develop Performance Measure Scorecard, Complete Benchmarking to compare your operation and effectiveness with those of other organization Perform Internal Evolution, Perform External Quality Assessment

Internal Audit Performance Scorecard

Benchmarking - Years Covered by Audit Plan

Benchmarking Allocation of Audit Plan

Benchmarking Audit Life Cycle

External Quality Assessment Identify budget - done once every five years Provide information in advance so that AC and Executives can mark calendar Key factors to Identify qualified individuals to perform in accordance with the IIA performance and attribute standards, Team and Individual Experience with business sector, industry and your IA size in performing EQA Expected deliverables, timeline and cost Prepare and provide documents, schedule and manage interviews, Realize that one size does not fit all in meeting the IIA standards Embrace and accept change, it will make your team more effective & efficient. Remain open-minded about suggestions

Building an effective and value added internal audit processes

Audit Planning Objective Link the plan to the corporate objectives; Provide assurance on the areas considered to be of highest risk and significance; Focus audit resources primarily on the provision of assurance services while providing consulting services to further enhance our processes; Provide a schedule of audits to be undertaken with the resources available during the period covered by the plan; and Allow flexibility to accommodate special tasks and projects if requested by the Audit Committee or President of CCC.

Planning Process Input Review of various internal/external documents Validate Prioritize Review BOD Approval Discussion with Other Corporations Discuss with Senior Mgt Self assessment Discuss with External Auditors Prioritize Audit Areas & Draft Plan President & CFO CCC Internal Audit Plan Corporate ERM Discuss with Subject Matter Experts Internal Audit Risk assessment including FS decomposition

Financial Statement De- Composition Start with the approved Financial Statements, Use chart of accounts to map the financial statement line items to the final year end General Ledger (GL) accounts, linked the grouping of the GL accounts to the generic listing of financial processes. Contract M gt and Financial Administration Assets Financial Close HR and Payrol Other Admin PO T & H GL Account # GL Account Name GL Account $ 2013 Work order / Operational Purchase Order Cuba Processing Goods Receipt and Payment Processingn Account Receivable and Cash Receipt China Offices Acquire assets Depericiate assets Period End Close Tax Accounting Cash Management Appropriations Hire and Terminate Calculate Payrol and Disbursment Triggers TimeSheet Transactions Approval, Goods Receipt and Payment Processing Approval and Payment Processing 10010 Bank - CAD Account X X X X X X X X X 10011 Bank - USD Account X X X X X Bank - USD Account 10012 Quito X X X X 10013 Bank - AUD Account X X X X 10014 Bank - GBP Account X X X X

Internal Audit Risk Assessment Internal Audit Risk assessment RISK RATING CRITERIA (H-High, M-Medium, L-Low) ERM Assessment Other factors Auditable unit Business Environment Organizational Mandate Reputational Financial Policies and Process People Information Management Information System Business continuity Planning Foreign Environment Export Foreign Exchange Corporate Social Responsibility Fraud Supplier performance Contract Materiality Process Volatility Volume of transaction Relevance Susceptibility to error Susceptibility to fraud Last Audited Prior Audit Issues Auditors Overall Rating (Judgmental) Audit Comments Quarterly Financial Close Process L L L L M H M H H M L L L H Travel and Hospitality L L L M M M L M L L L M

Internal Audit Risk Assessment Qualitative Factors RISK Factor Definition LOW MEDIUM HIGH ERM score Risks identified through the ERM process. See ERM Low and Low/Medium See ERM - Medium See ERM Medium/High, High and Damage Control Materiality Dollar impact of the transition/process on the financial statements. Less than 10% of the External Auditors Materiality. More than 10% but less than 25% of the External Auditors Materiality. More than 25% of the External Auditors Materiality. Process Volatility Risk of error increases with amount of change. No significant change. Process subject to limited change (people, technology and processes). Process subject to significant change (people, technology and processes). Volume and size of transactions processed Size and volume of individual transactions. Small balance, few transactions (i.e. yearend bookings). Small balance, few transactions (weekly or monthly transactions). Large balance, many transactions daily. Relevance The degree that the processes directly impact the corporate objectives. Low likelihood and impact on corporate plan or objectives. Medium likelihood and impact on corporate plan or objectives. High likelihood and impact on corporate plan or objectives. Susceptibility to error Susceptibility of loss due to error. Processing of transactions are not subject to error or misinterpretation. Processing of transactions are subject to limited error or misinterpretation. Processing of transactions are subject to error or misinterpretation. Susceptibility to fraud Susceptibility of loss due to fraud. Assets not easily moved or converted to cash, low potential for fraud. Assets not easily moved or converted to cash, medium potential for fraud. Assets highly mobile or convertible to cash, higher potential for fraud. Last Audited Internal and External Audit Management Letter Points Date the process was last audited. Previously identified issues. Within one year. Less than two years. More than two years. No significant previously identified issues. Medium rated previously identified issues. Significant previously identified issues.

IT Risk assessment COBIT COBIT Domain Ref COBIT Process Description Comments Audit 1 Audit 2 Audit 3 Audit 4 Audit 5 Audit 6 Audit 7 Audit 8 Audit 9 Audit 10 Plan and Organize Plan and Organize PO1 PO2 Define a strategic IT Plan Define the Information Architecture To strike an optimum balance of information technology opportunities and IT business requirements as well as to ensure that further accomplishments are undertaken through the strategic planning process. In turn the long-term plans should periodically be translated into operational plans setting clear and concrete short-term goals. The IT strategic plan is included in the business units plan which is approved by its VP and which in turn feeds into the 5 year corporate plan which is approved by the BOD. x Optimizing the organizations information systems by creating and maintaining a business information model and ensuring that appropriate systems are defined to optimize the use of this information. x x x Plan and Organize Plan and Organize PO3 PO4 Take advantage of available and emerging technology in order to executive the business strategy by creating and maintaining a technological infrastructure plan that sets and Determine manages clear and realistic expectations of what Technological technology can offer in terms of products, Direction services and delivery mechanisms. x x x x Define the IT organization and relationship To deliver the right IT services suitable in numbers and skills with roles and responsibilities defined and communicated, aligned with the business and that facilitates the strategy and provides for effective direction and adequate control. x x x x

IA Risk Assessment Summary Report to the Audit Committee Significance (to strategy, reputation, etc.) High Low 2 1 7 4 12 14 6 8 9 13 5 25 11 24 10 3 21 20 22 15 19 16 17 18 23 Low High Likelihood (considering controls and inherent risks) This matrix summarizes the results of the risk assessment process. Each audit unit was evaluated based on the importance to Corporate strategy and the likelihood of control / process issues. High Medium Low

Benefits Creates a common language and agreement to share ownership in order to manage risks, Improves identification and prioritization of key risks, Engages upfront input and agreement from stakeholders, Assurance vs. Consultation.

Continuous Assessment Quarterly Reporting of Key Controls Annual Scoping of Significant Processes Q1 -Authorization -Training -Security of Asset -Segregation of Duties -Policies & Procedures -IT Controls -Management Reviews Transactional Processes - Automated and Manual Quarterly Testing of Key Control Documentation of Key Controls

Continuous Assessment Report Process # of Manual Controls # of Automated Controls Overall Results EXAMPLE ONLY Q1 Q2 Q3 Q4 Key controls that impact MANY PROCESSES Policy Instrument Review 1 0 ERM Assessment 1 0 Annual Training Plan 1 0 Annual Disaster Recovery Exercise 1 0 Annual Access Review 1 0 Key controls that impact a SINGLE PROCESS 1 1 1 1 1 1 1 1 1 1 Structuring & Approving Contracts 5 5 9 1 10 Approving Purchase Order 0 4 Processing Supplier Invoice 4 4 Processing Loans 2 1 Processing Supplier Payment 5 7 Processing Customer Invoice 0 11 4 8 3 12 11 4 8 3 12 11 Performing Finance Close 6 4 10 10 Total 27 36 62 1 62 1 Effective Key control is effectively designed and operating as intended. Needs Key control does not exist, is not designed properly or is not operating as intended and the risk is more than inconsequential. However, a compensating Improvement control exists. Corrective action is needed to avoid sole reliance on compensating controls. Unsatisfactory Key control does not exist, is poorly designed or is not operating as intended and the risk is more than inconsequential. Corrective action is needed to ensure process objectives are achieved.

Performing the Assurance Activities Planning Evaluate Design Execute Test Reporting Complete Plan Memo Review Documentations Select Sample Size Assess Magnitude Perform a Walkthrough Perform Testing Recommend Corrective Action Recommend Corrective Action Document Results Report and Follow up

Planning memo Table of contents BACKGROUND... History and Current Operation... Audit contact... Planning Meeting with the Management... External Assistance... RISK INDICATORS... Regulatory compliance... Extent of changes... Prior audits... Linked to the Enterprise Risk Management (ERM)... Consider the impact of other factors... Overall risk assessment... OVERVIEW OF AUDIT ENGAGEMENT... Objective... Scope... Methodology... Audit program... Resourcing... Audit time table... REPORTING REQUIREMENTS...

Reporting Write the report as audit progresses, Use Data to drive critical message, Do not strive for perfection for either the Report or the Management Action Plan, Reach consensus with management before distribution, Do not be an alarmist, Recommend a remediation plan that is possible, practical, supportable and forward thinning, and Include Value added comments in your report.

Mgt Action Plan (MAP) Primary Business Unit Accountable. Detail Description of the Management Action Plan (MAP), including funding and resourcing if required. Person accountable for completing the MAP. Date MAP will be completed. Describe the activities in order to prepare users to accept the changes (Change Management Plan)

File Closure Check List Activity Date Auditor Sign off Reviewer Sign off Planning section Planning memo approved Execution section All working papers signed off All review notes actioned Reporting section Opinion criteria completed MAPs have been received Report finalized and distributed File closure section Survey completed and summarized Electronic files finalized Physical working papers have been filed Observation included in the follow up binder Budget Analysis Actual Budget Variance Planning Start Date Audit Report Date Audit Report Issuance Date Total time in hours

Follow Up Informal vs. formal follow up. Follow-up activity responsibilities defined Provide management with the timeline of the follow up activates.

Follow up reporting Audit Audit Date Total Observations Status of Management Action Plan Unit 1 Oct 2012 1 1 Q1-2013/1 4 Unit 2 Feb 2013 4 1 3 Q2-2013/1 4 OVERALL 5 1 3 1 Completed On target Revise target date Target date at risk

Summary Things NOT to do Over Committing, Surprise your audience, Not being verse in ERM, Having a non value added audit plan, Continue with status quo, Being reactive and not proactive, Not knowing your audience, Presenting data with our interpretation Not connecting the dots, Not continually educating, Not being technically current.

Summary Things You Should Do Know your audience and build relationship Have a set at the table.be a collaborator, not a policeman, Clarify expectations, If possible, audit before the project, not after, Meet, ask question and get their perspective on audit plan, objectives and timing, Avoid surprises, make sure they know before the CEO, Be fully verse in Enterprise Risk Management, and Listen, learn and improve

Thank You Kaveh Rikhtegar, CISA, CPA, CA, CIA Director of Internal Audit Canadian Commercial Corporation krikhtegar@ccc.ca

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback