Internal audit. Does your charity need it and how can you achieve the most from it? What is internal audit? External vs.

Similar documents
Internal Audit Charter

Developing an Integrated Anti-Fraud, Compliance, and Ethics Program

CORPORATE GOVERNANCE KING III COMPLIANCE REGISTER 2017

King lll Principle Comments on application in 2016 Reference Chapter 1: Ethical leadership and corporate citizenship Principle 1.

Employee engagement. Chartered Institute of Internal Auditors

CORPORATE GOVERNANCE POLICY

for larger charities Charity Governance Code Steering Group

Level 3 Diploma in Management. Qualification Specification

KING III COMPLIANCE ANALYSIS

Rolls-Royce s Board Governance

Network Rail Limited (the Company ) Terms of Reference. for. The Audit and Risk Committee of the Board

Service User Involvement Policy

Audit Committee Member Roles and Responsibilities

King lll Principle Comments on application in 2013 Reference in 2013 Integrated Report

Qualification Specification 601/3688/1 icq Level 3 Diploma in Management (RQF)

STAKEHOLDER Responsibilities ACCOUNTABLE TO...

Regulatory Compliance and Quality Review Programme

LearningZone Mapping Against ILM Level 7 NVQ Diploma in Strategic Management and Leadership

IoD Code of Practice for Directors

GOVERNANCE STRATEGY October 2013

Whistle Blowing Policy

Audit Committee Charter for XL Group Ltd

Alfa Financial Software Holdings PLC Terms of Reference of The Audit and Risk Committee of The Board of Directors of The Company

Establishing a Multi-Stakeholder Group and National Secretariat

CEO RECRUITMENT PACK WE KINDLY REQUEST NO CONTACT FROM RECRUITMENT AGENCIES PLEASE

For personal use only

WELLS FARGO & COMPANY AUDIT AND EXAMINATION COMMITTEE CHARTER

Internal Audit Quality Analysis Evaluation against the Standards International Standards for the Professional Practice of Internal Auditing (2017)

University of Birmingham. Protocol for the Governance of University Wholly Owned Subsidiary Companies and Companies

CORPORATE GOVERNANCE KING III COMPLIANCE

Management and Leadership. QCF units of assessment Level 3 25 March Skills CFA Page 1

Draft Internal Audit Plan 2012/13 Audit Committee (September 2012) Airedale NHS Foundation Trust

CORPORATE GOVERNANCE King III - Compliance with Principles Assessment Year ending 31 December 2015

METRO Birmingham YOT Pre 16 Mentoring Support Officer x 2. Job Pack

Code of Corporate Governance

MISSISSIPPI STATE UNIVERSITY INTERNAL AUDIT CHARTER

Internal audit effectiveness reviews. Working in partnership to help you enhance the quality and effectiveness of your internal audit function

Audit Committee effectiveness

Moorfields Eye Charity

Non- Profit Sample Best Practices Evaluation

MKO Partners, Chartered Accountants Audit Transparency Report 2016

Internal Oversight Division. Internal Audit Strategy

Management and Leadership. Level 3 QCF units Skills CFA Page 1

Bank of Botswana Internal Audit Charter March 18, 2013 INTERNAL AUDIT CHARTER BANK OF BOTSWANA

Risk reduction? Value creation?

Whistle Blowing (Draft)

Simple Strategies, Big Results: Driving Internal Audit Value. October 28 th, 2016

Audit Committee Charter

AUDIT AND RISK COMMITTEE For Office of the Police Ombudsman for Northern Ireland. Terms of Reference. September 2016

KING REPORT ON GOVERNANCE FOR SOUTH AFRICA 2009 (KING III)

Rolls-Royce s Board Governance

JB+A Board Evaluation Tool

HSBC HOLDINGS PLC GROUP AUDIT COMMITTEE. Terms of Reference

Level 7 NVQ Diploma in Strategic Management and Leadership. Qualification Specification

JOB DESCRIPTION FOR THE POSITION OF FINANCE MANAGER

MIND IN TAUNTON AND WEST SOMERSET STRATEGIC PLAN AND OPERATIONAL PLAN 2016/17 AND BEYOND

EAST AFRICAN BREWERIES LIMITED BOARD CHARTER

TOYOTA FINANCIAL SERVICES (SOUTH AFRICA) LIMITED

GROUP AUDIT COMMITTEE TERMS OF REFERENCE

Assessment of the effectiveness of the audit process

CRESCENT CAPITAL BDC, INC. AUDIT COMMITTEE CHARTER

Request for Proposal (RFP)

KAP Industrial Holdings Limited KING IV APPLICATION REGISTER Page 0

MKO Partners, Chartered Accountants Audit Transparency Report 2015

Self Assessment Workbook

Level 5 NVQ Diploma in Management and Leadership Complete

Audit Committee Charter

3. STRUCTURING ASSURANCE ENGAGEMENTS

External Quality Assurance Review of the Office of the Auditor General Proposed Statement of Work for the Audit Sub- Committee.

BOM/BSD 2/November 1994 BANK OF MAURITIUS. Guideline on Maintenance of Accounting and other Records and Internal Control Systems

Tai Calon Board - Development and Training Programme Timetable

The Higher Education Code of Governance

Highways England People Strategy

We are at our best when we work in collaboration with our schools jointly developing solutions which benefit the whole Trust.

NOT PROTECTIVELY MARKED. This paper is presented in line with the internal audit contract with Scottish Police Authority

Implementing and maintaining ISAE 3402

S r. M a n a g e r R i s k A d v i s o r y. D a n S m i t h. D e c e m b e r S e r v i c e s. Operational Auditing & Operations Management

Job Description. Context. Scope. Overall purpose of the post. Job Title. Senior Trusts/Statutory Fundraiser. Job Band SAME Ref UKO44938/UKO48894

CORPORATE GOVERNANCE King III - Compliance with Principles Assessment Year ending 31 December 2016

This Internal Audit Charter is intended to define the role, responsibility and accountability of the Society s Internal Audit function.

Technical specifications for City & Guilds Level 7 NVQ Diploma in Strategic Management and Leadership (8624)

Identification and Prioritisation of NHS England Policy Research Needs

LEGAL AND COMPLIANCE OFFICER

The Relationship between Audit Committee and Council (Local Government)

Roles and Responsibilities Matrix

Audit Committee Charter ISSUE DATE: 22 JUNE 2017 AUDIT COMMITTEE CHARTER. ISSUE DATE: 22 JUNE 2017 PAGE 01 OF 07

GOVERNANCE HANDBOOK COMMUNITY REHABILITATION COMPANIES PUBLIC SECTOR OWNERSHIP MAY May

Position Description

STATUTORY POWERS, DUTIES, ROLES AND RESPONSIBILITIES OF GOVERNORS

2012 IIA Standards Update

RIAS 2015 Positioning of Internal Audit. EIB Perspective

(Appointment of Directors is reserved to the Members)

Senior Academy Business Manager

POSITION DESCRIPTION-SCHEDULE A

Scope. Executive Director of HR and OD. Appointment Brief. attentive trusted authentic

Henkel s Compliance Management System (CMS)

Whistleblowing Policy & Procedures

CLP HOLDINGS LIMITED

4. Organic documents. Please provide an English translation of the company s charter, by-laws and other organic documents.

Dexia Group Audit Charter

Transcription:

Internal audit: Does your charity need it and how can you achieve the most from it? Sally Knight Partner MHA MacIntyre Hudson 13 May 2015 What is internal audit? The role of internal audit is to provide independent assurance that an organisation's risk management, governance and internal control processes are operating effectively. Chartered Institute of Internal Auditors Our definition includes being a critical friend. External vs. Internal audit Requirement / duty: Objective: External audit Depends on size of charity (charity audit thresholds), requirements of governing document, requirements of funders True and fair opinion on the statutory financial statements Internal audit No statutory requirement for charities to have IA although there is a duty for Trustees to manage risk and maintain adequate and appropriate internal control systems Opinion on the effectiveness of governance, risk management and internal control processes more discretion on how this is expressed Reports to: Will depend on statute and constitution usually Trustees / Co Act Directors / members Trustees and / or Directors usually via an Audit or similar Committee Coverage: Focus on reviewing and testing financial information and controls for purposes of giving an opinion on the year end accounts; concept of materiality More than financial! All aspects of the charity s operations, including strategic, risk management and governance processes Responsibility to report improvements: No - although there is a duty to report (material) issues / weaknesses, and this would normally include recommendations. Usually done via the management letter Yes this is fundamental to the purpose of internal auditing - through advising and facilitating so as not to undermine the responsibilities of management in respect of internal controls

How do you gain assurance? Board Assurance Framework Legislative & regulatory framework; charity s constitution Vision, mission, values, tone from the top Governance framework, processes & Trustees responsibilities Board Committees: ToR, delegation, reporting Strategic planning & SWOT analysis Operating policies & principles Schemes of delegation, Standing Orders Risk management policy, strategy, risk register Governing Body Executive Team Internal control framework Implementation of policies & procedures Segregation of duties KPIs review & reporting Self assessments & evaluation Reporting & accountability frameworks Discretionary, flexible & responsive Wider remit than EA Compliance vs. advisory Include best practice, efficiency and VFM recommendations Eyes & ears especially in dispersed locations Benchmarking against best practice Independent assurance: Internal auditors Independent assurance: External auditors What is the nature of this relationship? (rely; inform; ignore) Statutory audit Focus on financial statements Concept of materiality Management letter Local auditors / funder audits (esp. INGOs) Making IA work in practice: The R factors (1) Consider: Role and remit Resources available Relationship with risk Rolling strategic audit plan Responsiveness In-house vs. outsourced Staff, time, expertise and budget Risk policy, strategy, register Content, scope and timescales Compliance vs. consultancy Making IA work in practice: The R factors (2) Consider: Reporting lines Reporting format and process Respective responsibilities Relationship with External Audit Review and evaluate Day to day and overall Providing assurance Buy-in, ownership and follow-up Ensuring optimal audit coverage How does Internal Audit add value?

Role and remit What do you want to achieve? What is the nature and size of the Internal Audit jigsaw piece? Dedicated in-house resource vs. outsourced provider Independence and reporting lines Access to wider services and expertise Benchmarking Share resource with other charities? Flex to your charity s needs, priorities and challenges Internal Audit Charter Internal Audit Charter Define purpose and objectives of the IA function Link to ToR for the Trustee Board and relevant subcommittees e.g. Audit Committee Relationships and mutual responsibilities Reporting lines Reporting format Quality of recommendations Timeliness Expectations and KPIs Resources available Availability of your staff time and buy-in Are there any gaps in existing knowledge / expertise? e.g. IT, business continuity, data protection Budget Depends on scope and plan Annual input days x blended day rate Disbursements

Relationship with risk How does the charity define risk? Unrewarded and rewarded risk Relationship with the charity s attitude and tolerance to risk (risk policy); and risk management strategy Role of the risk register Align IA activity to the charity s overall risk management framework, which in turn should link clearly into the charity s strategic planning processes Rolling strategic audit plan Content and scope - assessing the audit universe Financial vs. other activities Head Office vs. regional activities Follow up; contract administration time Responsiveness Compliance vs. consultancy Agreed programme vs. reacting to unforeseen issues Timescales One year scoped in detail with an eye on the future [2] years Developing a strategic internal audit plan Three year rolling plan with first year scoped in detail Implementation of [new] governance / operational structures Effectiveness of the charity s assurance framework Effectiveness of the charity s risk management processes Identification and management of key risks and others Ownership and accountability Links with strategic planning Governance & assurance framework Key financial controls Core focus initially? Compliance with financial procedures Test implementation of new [financial] systems Head Office functions and support Anti-fraud policy, controls and awareness H.R. and volunteers Branding and marketing Safeguarding; Health & Safety Information security; Data Protection Fundraising; funding Capital projects Procurement and purchasing IT; Business continuity Operational reviews & VFM Local activity: themed / location reviews Compliance with procedures at a local level Delegation, documentation and implementation Compare, share and benchmark Relationship with Head Office KPIs review and reporting

Reporting lines Key is IA s objectivity and independence and perception thereof Balancing act: Need effective day to day relationship with management but overall responsibility is to Audit Committee / Trustees Where IA function is outsourced, nominate an internal designated IA liaison officer (typically the Resources / Finance Director) Conduit; coordination; collation of information Whistle-blowing provisions internal and external Reporting format and process: Assignment reports Agreeing findings and recommendations e.g. high, medium, low, advisory Factual accuracy, realistic and value added Action plans and timescales - ensure buy-in and ownership Clearance and circulation - staff, management, Audit Committee, Trustees Opinion on the assignment area audited e.g. substantial, adequate, low or no assurance Follow-up arrangements and responsibilities Reporting format and process: Annual report and opinion Providing annual assurance Opinion on the charity s overall internal control framework Coverage and scope, with reference to the Board assurance framework Who is relying on this opinion?

Relationship with External Audit Aspire to providing optimal audit assurance when both functions are viewed together but... Objectives are different so don t expect work from IA to reduce fees of EA Key is to fully appreciate the respective roles and responsibilities of each set of auditors In practice, role of IA work in relation to EA is somewhere on a spectrum, and may change with time: Ignore Inform Rely Review and evaluate What does adding value mean to your charity? How will success be measured? Quality assurance Assess the efficiency and effectiveness of IA payback time! Regular feedback from staff; annual survey; view of the Audit Committee Self-assessment; external assessment (CIIA recommends every 5 years) Realise the full potential of Internal Audit! In summary: Internal Audit Cycle

Thank you Any questions? E: sally.knight@mhllp.co.uk T: 020 7429 0501 W: www.macintyrehudson.co.uk

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback