Hur kan kvaliteten

förbättras på din

internrevisionsaktivitet;

vad fungerar?Hans Löfgren

20 maj, GRC 2015

Vem är jag?

© T

ran

scen

den

t G

rou

p S

veri

ge A

B 2

015

Hos Transcendent Group möter du erfarna

konsulter inom governance, risk and compliance. Våra

tjänster skapar trygghet och möjligheter för

myndigheter, företag och andra organisationer

inom en rad olika branscher.

Transcendent Group har fyra år i rad utsetts till en

av Sveriges bästa arbetsplatser.

Om företaget

© T

ran

scen

den

t G

rou

p S

veri

ge

AB

2015

Agenda

• What is quality?

• What to do?

• How to do it?

© T

ran

scen

den

t G

rou

p S

veri

ge A

B 2

015

What is quality?

Quality in internal audit is guided by both an

obligation to meet customer expectations as

well as professional responsibilities inherent

in conforming with the Standards. While

predominantly complementary, it is the

challenge for the CAE to achieve both these

requirements.

It is the combination of the right people, the

right systems, and a commitment to

excellence. It is driven by the leaders of the

organization who are responsible for setting

the ”tone at the top”

© T

ran

scen

den

t G

rou

p S

veri

ge A

B 2

015

What prevent us to work

systematically with quality?

– CBOK 2011

The principle reasons for noncompliance include:

• small size of the organization or internal audit staff,

• cost of using the Standards,

• amount of time required for compliance, or

• lack of management/board support.

© T

ran

scen

den

t G

rou

p S

veri

ge A

B 2

015

Small Internal Audit Activities

• In sole auditor activities, the internal auditor

may seek assistance from other parts of the

organisation to undertake quality assurance

activities, provided this does not impact the

independence of internal audit.

• The internal auditor may also look to peers in

other organisations for support.

• Using checklists can also assist in providing

assurance over audit quality.

© T

ran

scen

den

t G

rou

p S

veri

ge A

B 2

015

How does internal auditors perceive

their own value? – CBOK 2011

• Internal audit activities add value to their organizations.

• Internal audit activities are contributing to controls, but not to the same

extent contributing to risk management or governance.

• The most important factors to the perceived contribution of the internal

audit activity are:

– having appropriate access to the audit committee,

– functioning without coercion to change a rating assessment or withdraw a

finding and

– more audit tools or technology used on a typical audit engagement.

© T

ran

scen

den

t G

rou

p S

veri

ge A

B 2

015

What to do?

• An active dialogue with stakeholders

(Board, AC, Senior Mgmt)

• Align the Internal Audit Strategy to the

Strategy of the Organization

• Define your Audit Universe

• Link your internal audit plan to the

Audit Universe

• Build in quality in your internal audit

process

© T

ran

scen

den

t G

rou

p S

veri

ge A

B 2

015

How to do it?

• Developing a client service culture

• Developing a strategic plan for

internal audit

• Map all assurance providers

• Prioritize on high risk areas and

other stakeholder’s needs

• Planning, performing, and

reporting

• An active dialogue with

stakeholders (board, AC, senior

management)

• Align the Internal Audit Strategy to

the Strategy of the Organization

• Define your Audit Universe

• Link your internal audit plan to the

Audit Universe

• Build in quality in your internal

audit process

© T

ran

scen

den

t G

rou

p S

veri

ge A

B 2

015

Developing a client service culture

It starts with relationships

• Understand and exceed stakeholder expectations

• Formal relationship management program—involve the whole team

Focus on people and talent development

• Training programs include business acumen and leadership

• Coaching and development programs to reinforce OTJ training

Establish credibility and earn a seat at the table

• Bring the right skills to cover a broader range of risks

• Ask for feedback and measure client satisfaction

• Balance independence, objectivity and value

© T

ran

scen

den

t G

rou

p S

veri

ge A

B 2

015

Developing a strategic plan for

internal audit

• Understand the relevant. industry(ies)

and the organization’s objectives.

• Consider the IPPF Standards and

Guidance.

• Understand stakeholder expectations.

• Update the internal audit vision and

mission.

• Define the critical success factors.

• Perform a SWOT analysis.

• Identify key initiatives.

© T

ran

scen

den

t G

rou

p S

veri

ge A

B 2

015

Collaboration between assurance providers

Develop common view of risk to organisation

Presents to Board how key risks are being covered by assurance providers

THIS IS IS MORE THAN developing improvements in risk-based internal auditing

Today Tomorrow

Assurance need

legal

external audit

External Audit

No single view of assurance across organisation

Differing perspectives on risk (audit vs business, inherent vs residual, BU vs Group)

Potential for duplication and gaps in assurance

Little Board/AC level visibility of the linkage between sources of assurance

Mapping the assurance need

risk

treasury

health and safety

SOX

co. secretary

legal

compliance

external audit

CSR

internal audit

© T

ran

scen

den

t G

rou

p S

veri

ge A

B 2

015

Prioritize on high risk areas and other

stakeholder’s needs

Riskbased audituniverse

Require-ments from Board/AC

Require-ments from regulators

© T

ran

scen

den

t G

rou

p S

veri

ge A

B 2

015

Quality assurance and

improvement program

• Build in quality in the internal audit

process through

• On-going monitoring

• Periodic self-assessments

© T

ran

scen

den

t G

rou

p S

veri

ge A

B 2

015

Ongoing Monitoring

• Ongoing monitoring provides assurance that the processes in place are working effectively to ensure quality is delivered on an audit-by-audit basis. It is primarily achieved through:

• continuous monitoring activities including engagement planning and supervision,

• standard working practices,

• working paper procedures and signoffs and

• report reviews.

© T

ran

scen

den

t G

rou

p S

veri

ge A

B 2

015

Engagement supervision, working papers

and working paper quality review

• engagement supervision

• monitor progress

• assess quality

• provide coaching

• the work provided by consultants should also be supervised and

monitored.

• working papers

• engagement working papers

© T

ran

scen

den

t G

rou

p S

veri

ge A

B 2

015

Periodic self-assessments should be

conducted through:

• Working paper reviews for conformance with the Definition of

Internal Auditing, the Code of Ethics and the Standards and

internal audit policies and procedures, by staff not involved in

the respective audits,

• Self-assessment of the internal audit activity with objectives/

criteria established as part of the QAIP,

• Review of internal audit performance metrics and benchmarking

of best practices and

• Periodic activity and performance reporting to the board and

other stakeholders as deemed necessary.

© T

ran

scen

den

t G

rou

p S

veri

ge A

B 2

015

Can we apply best practices?

or leading practices?

• Criteria: Best practices for internal audit activities could be defined in accordance with a number of quality benchmark criteria, and further sub-criteria. Each sub-criteria comprises a number of processes or behaviours which represent best practices for internal audit activities.

• Achievement of "Best Practice": It is acknowledged that it is not appropriate or desirable to achieve best practice in all sub-criteria. Best practice internal audit activities are typically stronger in some areas than others and since the market is in a constant state of change, so the measure of "best practice" can only be judged at any point in time by comparison to other similar organisations.

© T

ran

scen

den

t G

rou

p S

veri

ge A

B 2

015

www.transcendentgroup.com