Changes in the IIA Standards: New Requirements for Internal Audit Functions

Similar documents
Changes in the IIA Standards: New Requirements for Internal Audit Functions

The Red (Book) Rocks The Latest and Greatest Audit Standards

Group Internal Audit Charter

Quality Assurance and Improvement Program (QAIP)

Caribbean Association of Audit Committee Members Inc. Independent Quality Assurance Assessment of the Internal Audit function

Internal Audit Quality Analysis Evaluation against the Standards International Standards for the Professional Practice of Internal Auditing (2017)

External Quality Assessment Are You Ready? Institute of Internal Auditors

GoldSRD Audit 101 Table of Contents & Resource Listing

This Internal Audit Charter is intended to define the role, responsibility and accountability of the Society s Internal Audit function.

Quality Assurance in Internal Audit. Standard on Internal Audit (SIA) 7

10/5/2016. Quality Assessment Review. Agenda. What s the purpose of a QAR? Internal Audit Manager Training October 3-4, 2016

Report. Quality Assessment of Internal Audit at <Organisation> Draft Report / Final Report

Implementation Guide 1312

INTERNAL AUDIT CHARTER SECURE TRUST BANK PLC

SUNEDISON, INC. AUDIT COMMITTEE CHARTER (Adopted October 29, 2008)

COSO What s New, What s Changed, Why Does it Matter and Other Frequently Asked Questions

Tools & Techniques II: Lead Auditor

Internal Audit Challenges & Opportunities Speaker: Laurie Shen, Director, Grant Thornton LLP

GROUP INTERNAL AUDIT. Internal Audit Charter 24 February 2016

Internal Audit Charter

SIAAB Guidance #02 Internal Audit Independence- Interaction with Agency Head, Senior Staff and Placement Within the Organizational Structure

Internal Audit Charter

AUDIT COMMITTEE REPORTING: TRENDS & BEST PRACTICES Timothy Etoori Head of Internal Audit UGAFODE Microfinance

Practice Advisory : Quality Assurance and Improvement Program

Audit Committee Charter

Session 7: Corporate Governance

RIAS 2015 Positioning of Internal Audit. EIB Perspective

Implementation Guide 1000

FLORIDA STATE UNIVERSITY Office of Inspector General Services Report #17-06

INTERNAL AUDIT CHARTER

This charter defines the purpose, authority and responsibility of News Corporation s (the Company ) Corporate Audit Department.

Strengthening Control and integrity: A Checklist for government Managers

Policy and Procedures Date: November 5, 2017

Bank of Botswana Internal Audit Charter March 18, 2013 INTERNAL AUDIT CHARTER BANK OF BOTSWANA

Implementation Guide 1300

What We Will Cover Today

Internal Audit Mandate

BioAmber Inc. Audit Committee Charter

1. Definition & Mission

Audit Standards 6/23/2017. Outline. Let s Refresh. Changes to the IIA Standards

Changes To the Public Sector Internal Audit Standards April 2017

NORFOLK SOUTHERN CORPORATION. Committee s Role and Purpose

Internal Audit Annual Assertion on Internal Auditing. for Financial Year

Quality Assessments what you need to know

BIOSCRIP, INC. CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS

Quality Assurance and Improvement Program

Implementation Guide 1200

TITLE 21 - AUDIT. Chapter 01. Audit Committee Chair... 2

SERBA DINAMIK GROUP BERHAD INTERNAL AUDIT CHARTER

UPMC POLICY AND PROCEDURE MANUAL. Links to policies referenced within this policy can be found in Section V.

Internal Audit Appendix: IIA Standards

From Dictionary.com. Risk: Exposure to the chance of injury or loss; a hazard or dangerous chance

(

Consultancy engagements

The University of Texas at San Antonio 2014 External Quality Assessment of the Auditing and Consulting Services Office

MISSISSIPPI STATE UNIVERSITY INTERNAL AUDIT CHARTER

September Terms of Reference for the Office of the Auditor General

CHARTER OF THE SONOMA COUNTY INTERNAL AUDIT FUNCTION JANUARY 15, 2013

EFFICIENT USE OF AUDIT COMMITTEES

Audit Committee Member Roles and Responsibilities

Checklist for Higher Education

BrightPath Early Leaning Inc. Audit Committee Charter

Measuring the value of internal audit in the banking industry

Building a Sustainable Quality Program

City of Edmonton EXTERNAL QUALITY ASSESSMENT OF THE OFFICE OF THE CITY AUDITOR. September 11, 2015

2012 IIA Standards Update

Diving into the 2013 COSO Framework. Presented by: Ronald A. Conrad

Implementation Guide 2000

The Internal Auditor s Duties Outside of Auditing

AT&T INC. CORPORATE GOVERNANCE GUIDELINES

AUDIT COMMITTEE OF THE BOARD OF DIRECTORS

AMERICAN EXPRESS COMPANY AUDIT AND COMPLIANCE COMMITTEE CHARTER (as amended and restated as of September 26, 2017)

CHARTER OF THE AUDIT COMMITTEE NATIONWIDE MUTUAL INSURANCE COMPANY NATIONWIDE MUTUAL FIRE INSURANCE COMPANY NATIONWIDE CORPORATION

FIAT CHRYSLER AUTOMOBILES N.V. AUDIT COMMITTEE CHARTER

CORPORATE GOVERNANCE THEORY, SCOPE AND IMPORTANCE

DIAMOND OFFSHORE DRILLING, INC. Corporate Governance Guidelines

GAP INC. AUDIT AND FINANCE COMMITTEE CHARTER February 23, 2016

BOARD OF DIRECTORS CHARTER

OFFICE OF INTERNAL AUDITS APPALACHIAN STATE UNIVERSITY AUDIT MANUAL

EY Center for Board Matters. Leading practices for audit committees

Office of Internal Auditing

Audit Committee Charter Amended September 3, Tyco International plc

AUDIT COMMITTEE CHARTER REINSURANCE GROUP OF AMERICA, INCORPORATED. the audits of the Company s financial statements;

Audit Committee Charter

A. Independence/Composition. The Committee shall be comprised of not less than three members. The members of the Committee:

AUDITING. Auditing PAGE 1

GRANITE CONSTRUCTION INCORPORATED AUDIT/COMPLIANCE COMMITTEE CHARTER

irobot Corporation Audit Committee Charter I. General Statement of Purpose

Audit Committee Charter for XL Group Ltd

Internal Audit Performance

THOMSON REUTERS CORPORATE GOVERNANCE COMMITTEE CHARTER

King lll Principle Comments on application in 2013 Reference in 2013 Integrated Report

Developing an Integrated Anti-Fraud, Compliance, and Ethics Program

Meeting Stakeholder Expectations for Assurance: Internal Audit s Role in a Group Effort

Charter of the Audit Committee of the Board of Directors of Novo Nordisk A/S. CVR no

LEVERAGING COSO ACROSS THE THREE LINES OF DEFENSE

Dexia Group Audit Charter

Catching Fraud During a Recession Through Superior Internal Controls. FICPA s 25 th Annual Accounting Show. J. Stephen Nouss September 29, 2010

DAVITA INC. AUDIT COMMITTEE CHARTER

TG Therapeutics, Inc. Audit Committee Charter

Transcription:

Changes in the IIA Standards: New Requirements for Internal Audit Functions

Summary of Changes Effective January 1, 2009, the Institute of Internal Auditors (IIA) made changes to the International Standards for the Professional Practice of Internal Auditing (Standards): Changed from should to must throughout most of the Standards Added five new Standards Added new verbiage to existing Standards Interpretations have been added which incorporate components which were previously part of the Practice Advisories The change from should to must" has created a requirement for action to be taken. For some IA departments, only minimal changes will be needed. But for others there are many additional actions, some substantial, to be taken in order to comply with the revised Standards. We have summarized the most common areas which we believe will have an impact on IA functions based on our knowledge and experience from working with organizations around the globe. However, your IA function should compare its individual practices to the Standards to see whether there are additional items that require attention. http://www.theiia.org/guidance/standards-and-guidance/ 1 2009 Protiviti Inc. An Equal Opportunity Employer.

Summary of Changes The changes create new requirements around: IT Governance Technology Based Audit and Other Data Analysis Techniques Fraud Risk Management Ethics Programs Limitation and Adequacy of Resources Records Retention Quality Assurance Reviews Modifications to the IA Charter Communication with the Board ALL INTERNAL AUDIT FUNCTIONS SHOULD BE DISCUSSING THESE CHANGES AS WELL AS THE INCREMENTAL REQUIRED ACTIONS TO BE TAKEN WITH THEIR MANAGEMENT AND AUDIT COMMITTEES NOW. This presentation is not intended to be an exhaustive analysis of the IIA Standards and as such, each organization should makes its own analysis of the Standards and changes required to comply with those Standards as of January 1, 2009. 2 2009 Protiviti Inc. An Equal Opportunity Employer.

IT Governance 2110.A2 The internal audit activity must assess whether the information technology governance of the organization sustains and supports the organization s strategies and objectives. Assess IT governance and determine appropriate reporting Potentially increase IT auditing to be able to adequately report on IT Governance Perform enhanced IT risk assessment Use IT SMEs or outside resources as needed and re-evaluate capability of existing resources Consider adopting the ITGI Five Elements of IT Governance to review the IT organization s governance framework NEW Standard 3 2009 Protiviti Inc. An Equal Opportunity Employer.

Technology Based Audit and Other Data Analysis Techniques 1220.A2 In exercising due professional care internal auditors must consider the use of technology-based audit and other data analysis techniques. Train personnel on data analysis tools such as ACL, Excel, Access and other appropriate tools; Consider designating individuals as SME s Revise audit methodology and expand audit assignment budgets to allow time to incorporate appropriate data analysis techniques Purchase and utilize third-party applications and use outside resources as needed Coordinate with your CIO organization as needed Consider continuous auditing and monitoring programs Some IA functions make good use of data analysis tools and techniques already. Few have implemented continuous auditing/monitoring. 4 2009 Protiviti Inc. An Equal Opportunity Employer.

Fraud Risk Management 2120.A2 The internal audit activity must evaluate the potential for the occurrence of fraud and how the organization manages fraud risk. Perform a fraud risk management assessment, by: Assisting management in performing one, Leveraging an existing assessment performed as part of SOX, or Performing an independent assessment Utilize outside resources as needed Utilize data analysis and continuous auditing and monitoring to enhance detection Determine style and scope of reporting Coordinate with legal counsel as appropriate NEW Standard 5 2009 Protiviti Inc. An Equal Opportunity Employer.

Ethics Programs 2110.A1 The internal audit activity must evaluate the design, implementation and effectiveness of the organization s ethics-related objectives, programs and activities. Perform an ethics program assessment Determine scope and reporting style Coordinate with Human Resources and legal as needed Include a review of the awareness program, policies, exception reporting and measuring of success Companies may be able to leverage off of SOX tone at the top work Previously a should standard, many internal audit functions have done limited auditing of their organization s ethics programs to date. This is typically limited to verifying the code of conduct circularization process. 6 2009 Protiviti Inc. An Equal Opportunity Employer.

Limitation and Adequacy of Resources 2020 Communication and Approval The chief audit executive must communicate the internal audit activity s plans and resource requirements, including significant interim changes, to senior management and the board for review and approval. The chief audit executive must also communicate the impact of resource limitations. Ensure the size of, and investment in, the internal audit activity is appropriate for the organization s size and risk profile Report resource limitations in Audit Committee presentations, including open positions and deferred work due to these constraints Consider getting additional help from guest auditors or outside parties to fill the gap while waiting to fill open positions Resource limitations should consider key skill shortages and expertise levels, not just quantity of resources Resource skill needs will change over time Critically evaluate which skills are needed in residence and which ones can be contracted Many IA functions already report this as part of their KPI statistics and quarterly plan status reporting. 7 2009 Protiviti Inc. An Equal Opportunity Employer.

Records Retention 2330.A2 The chief audit executive must develop retention requirements for engagement records, regardless of the medium in which each record is stored. These retention requirements must be consistent with the organization s guidelines and any pertinent regulatory or other requirements. Determine audit retention requirements. Assess cost and benefit of implementing an audit management system/electronic work paper tool to address records retention requirements. Leverage this technology to do more than just retain documents Improve audit workflow with consistent, predictable approach Enhance review and approval process Facilitate risk assessment Document the annual audit plan House other tools and documents Allow access by other stakeholders 30% of IA functions do not have a work paper tool 8 2009 Protiviti Inc. An Equal Opportunity Employer.

Quality Assurance Reviews 1312 External Assessments External assessments must be conducted at least once every five years by a qualified, independent reviewer or review team from outside the organization. The chief audit executive must discuss with the board: The need for more frequent external assessments; and The qualifications and independence of the external reviewer or review team, including any potential conflict of interest. 1320 Reporting on the Quality Assurance and Improvement Program The chief audit executive must communicate the results of the quality assurance and improvement program to senior management and the board. Establish, execute and improve a Quality Assurance and Improvement Program (QAIP) Obtain an external Quality Assurance Review (QAR) if one hasn t been done in 5 years Discuss with the Board the: 40% of IA functions have not had an external QAR Frequency of performing QAR s (every 5 years or more frequently) Qualifications and independence of the external QAR provider Results of your internal and external QAIP 9 2009 Protiviti Inc. An Equal Opportunity Employer.

Modifications to the IA Charter 1000 Purpose, Authority, and Responsibility The purpose, authority, and responsibility of the internal audit activity must be formally defined in an internal audit charter, consistent with the Definition of Internal Auditing, the Code of Ethics, and the Standards. The chief audit executive must periodically review the internal audit charter and present it to senior management and the board for approval. 1000.A1 The nature of the assurance services provided to the organization must be defined in the internal audit charter. If assurances are to be provided to parties outside the organization, the nature of these assurances must also be defined in the internal audit charter. 1000.C1 The nature of consulting services must be defined in the internal audit charter. 1010 Recognition of the Definition of Internal Auditing, the Code of Ethics, and the Standards in the Internal Audit Charter The mandatory nature of the Definition of Internal Auditing, the Code of Ethics, and the Standards must be recognized in the internal audit charter. The chief audit executive should discuss the Definition of Internal Auditing, the Code of Ethics, and the Standards with senior management and the board. Revise the IA charter as necessary to reference the mandatory nature of the definition of IA, Code of Ethics and Standards NEW Standard 10 2009 Protiviti Inc. An Equal Opportunity Employer.

Modifications to the IA Charter (con t) Definition of Internal Audit: Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes. IA functions that have a substantial focus on SOX activities will be out of compliance with the Standards. In these cases, IA will need to educate management and the board about the change in the Standards and the need to expand IA s efforts to cover all of the COSO cube. This would ultimately result in: Expanding or redistributing the IA budget to address the need to have an expanded focus to include operational and compliance risks Performing an updated and enhanced risk assessment to broaden the audit plan as now required by the revised charter Determining if different or additional resources are need now deliver on the revised charter 11 2009 Protiviti Inc. An Equal Opportunity Employer.

Communication with the Board 1111 Direct Interaction with the Board The chief audit executive must communicate and interact directly with the board. Increasing the Chief Audit Executive s visibility with the Board Implement the Standards communications requirements with the Board Evaluate if reporting style and approach should be revised and enhanced Coordinate with legal counsel on reporting guidelines NEW Standard Most IA functions present to the audit committee quarterly 12 2009 Protiviti Inc. An Equal Opportunity Employer.

13 2009 Protiviti Inc. An Equal Opportunity Employer.

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback