managing a global audit function - iia congres/2015... · global audit adding value audit...

1

2

Managing a

Global Audit function

MOVIE

3

Introduction speaker

4

1. External Audit:

• KPMG 9 years Financial Audit

2. Finance

• Ahold 2 years Vice President Accounting & Reporting

• Burg Industries 6 years Group Controller, CFO

3. Internal Audit:

• Heerema 2 years Manager Internal Audit

• Ahold 1 year Vice President Internal Audit Europe

5 years Senior Vice President Internal Audit

• Heineken 5 years Executive Director Global Audit

30 years experience

Agenda

• Heineken at a glance

• The Global Audit journey

• Do’s and Dont’s

5

Heineken at a glance

6

• Diverse system landscape

• Large investments

• Change programmes

Global Audit adding value

Audit Governance, Risk & Compliance (GRC)

7

CHANGE MANAGER

Lines of defence

8

Internal Control

The journey

Structure, Staffing, Methodology, Rating & Reporting

Local Audit journeyAudit Manual

Audit toolQA reviewAudit academy

Audit ManualPeople flow IIA quality

assessment2011: 45 FTE

2012: 52 FTE

2013: 55 FTE

2014: 65 FTE

2010: 12 FTE

2015: 55 FTE

Internal Control

Risk Management

Business Conduct

Heineken Rules

GRC

AUDIT

Follow up tool

Audit activities

10

Agree upon audit universe and audit activities

Brewery audits

Integrated process audits

Project audits

IT audits

Special Investigations

Financial Reporting audits

Full scope audits

People and Locations

11

Central?

Decentral?

Staffing?

People

12

Global Audit Leadership Team55 fte

50% / 50%

> 20 nationalities

20% IT auditors

• > 40% have businesss experience

• 65% professional auditors

• 50% hired inside, 50% external

• Rotational program from/to the business

Tooling & Follow up

13

Global Audit Tool Control Self Assessment tool &

Issue and Task management tool

+ SAP GRC

+ ACM

+ ...others

Branding the function

14

CommunicationInternal Audit:

• Stakeholder Attitude Yardstick (SAY)

• Real Drives/Management Drives

• Yammer: Global, 2nd and 3rd line

• Cascade Packages: after meetings

• Conferences: Global and Regional

• Training sessions, webinars, conference calls

HEINEKEN organisation

• Audit report, findings, actions, timelines, issue & task owners

• Quarterly summary reports per region, function and total group

• Reporting of good practices

• Alerts

15

Do’s and Dont’s

Do’s

• Define the journey

• Brand the function

• Be clear about role and position

• Understand the business

• Agree upon the level of assurance

• Ask feedback from stakeholders

• Benchmark the function

Dont’s

• Take yourselves to serious

• Use a standard approach

• Use audit language

• Focus on finding or rating: follow up!

• Forget to take your moments of fame

• Get in your comfort zone

• Forget why you are there.

16