hur kan kvaliten förbättras på din internrevisionsaktivitet vad fungerar
TRANSCRIPT
Hur kan kvaliteten
förbättras på din
internrevisionsaktivitet;
vad fungerar?Hans Löfgren
20 maj, GRC 2015
Vem är jag?
© T
ran
scen
den
t G
rou
p S
veri
ge A
B 2
015
Hos Transcendent Group möter du erfarna
konsulter inom governance, risk and compliance. Våra
tjänster skapar trygghet och möjligheter för
myndigheter, företag och andra organisationer
inom en rad olika branscher.
Transcendent Group har fyra år i rad utsetts till en
av Sveriges bästa arbetsplatser.
Om företaget
© T
ran
scen
den
t G
rou
p S
veri
ge
AB
2015
Agenda
• What is quality?
• What to do?
• How to do it?
© T
ran
scen
den
t G
rou
p S
veri
ge A
B 2
015
What is quality?
Quality in internal audit is guided by both an
obligation to meet customer expectations as
well as professional responsibilities inherent
in conforming with the Standards. While
predominantly complementary, it is the
challenge for the CAE to achieve both these
requirements.
It is the combination of the right people, the
right systems, and a commitment to
excellence. It is driven by the leaders of the
organization who are responsible for setting
the ”tone at the top”
© T
ran
scen
den
t G
rou
p S
veri
ge A
B 2
015
What prevent us to work
systematically with quality?
– CBOK 2011
The principle reasons for noncompliance include:
• small size of the organization or internal audit staff,
• cost of using the Standards,
• amount of time required for compliance, or
• lack of management/board support.
© T
ran
scen
den
t G
rou
p S
veri
ge A
B 2
015
Small Internal Audit Activities
• In sole auditor activities, the internal auditor
may seek assistance from other parts of the
organisation to undertake quality assurance
activities, provided this does not impact the
independence of internal audit.
• The internal auditor may also look to peers in
other organisations for support.
• Using checklists can also assist in providing
assurance over audit quality.
© T
ran
scen
den
t G
rou
p S
veri
ge A
B 2
015
How does internal auditors perceive
their own value? – CBOK 2011
• Internal audit activities add value to their organizations.
• Internal audit activities are contributing to controls, but not to the same
extent contributing to risk management or governance.
• The most important factors to the perceived contribution of the internal
audit activity are:
– having appropriate access to the audit committee,
– functioning without coercion to change a rating assessment or withdraw a
finding and
– more audit tools or technology used on a typical audit engagement.
© T
ran
scen
den
t G
rou
p S
veri
ge A
B 2
015
What to do?
• An active dialogue with stakeholders
(Board, AC, Senior Mgmt)
• Align the Internal Audit Strategy to the
Strategy of the Organization
• Define your Audit Universe
• Link your internal audit plan to the
Audit Universe
• Build in quality in your internal audit
process
© T
ran
scen
den
t G
rou
p S
veri
ge A
B 2
015
How to do it?
• Developing a client service culture
• Developing a strategic plan for
internal audit
• Map all assurance providers
• Prioritize on high risk areas and
other stakeholder’s needs
• Planning, performing, and
reporting
• An active dialogue with
stakeholders (board, AC, senior
management)
• Align the Internal Audit Strategy to
the Strategy of the Organization
• Define your Audit Universe
• Link your internal audit plan to the
Audit Universe
• Build in quality in your internal
audit process
© T
ran
scen
den
t G
rou
p S
veri
ge A
B 2
015
Developing a client service culture
It starts with relationships
• Understand and exceed stakeholder expectations
• Formal relationship management program—involve the whole team
Focus on people and talent development
• Training programs include business acumen and leadership
• Coaching and development programs to reinforce OTJ training
Establish credibility and earn a seat at the table
• Bring the right skills to cover a broader range of risks
• Ask for feedback and measure client satisfaction
• Balance independence, objectivity and value
© T
ran
scen
den
t G
rou
p S
veri
ge A
B 2
015
Developing a strategic plan for
internal audit
• Understand the relevant. industry(ies)
and the organization’s objectives.
• Consider the IPPF Standards and
Guidance.
• Understand stakeholder expectations.
• Update the internal audit vision and
mission.
• Define the critical success factors.
• Perform a SWOT analysis.
• Identify key initiatives.
© T
ran
scen
den
t G
rou
p S
veri
ge A
B 2
015
Collaboration between assurance providers
Develop common view of risk to organisation
Presents to Board how key risks are being covered by assurance providers
THIS IS IS MORE THAN developing improvements in risk-based internal auditing
Today Tomorrow
Assurance need
legal
external audit
External Audit
No single view of assurance across organisation
Differing perspectives on risk (audit vs business, inherent vs residual, BU vs Group)
Potential for duplication and gaps in assurance
Little Board/AC level visibility of the linkage between sources of assurance
Mapping the assurance need
risk
treasury
health and safety
SOX
co. secretary
legal
compliance
external audit
CSR
internal audit
© T
ran
scen
den
t G
rou
p S
veri
ge A
B 2
015
Prioritize on high risk areas and other
stakeholder’s needs
Riskbased audituniverse
Require-ments from Board/AC
Require-ments from regulators
© T
ran
scen
den
t G
rou
p S
veri
ge A
B 2
015
Quality assurance and
improvement program
• Build in quality in the internal audit
process through
• On-going monitoring
• Periodic self-assessments
© T
ran
scen
den
t G
rou
p S
veri
ge A
B 2
015
Ongoing Monitoring
• Ongoing monitoring provides assurance that the processes in place are working effectively to ensure quality is delivered on an audit-by-audit basis. It is primarily achieved through:
• continuous monitoring activities including engagement planning and supervision,
• standard working practices,
• working paper procedures and signoffs and
• report reviews.
© T
ran
scen
den
t G
rou
p S
veri
ge A
B 2
015
Engagement supervision, working papers
and working paper quality review
• engagement supervision
• monitor progress
• assess quality
• provide coaching
• the work provided by consultants should also be supervised and
monitored.
• working papers
• engagement working papers
© T
ran
scen
den
t G
rou
p S
veri
ge A
B 2
015
Periodic self-assessments should be
conducted through:
• Working paper reviews for conformance with the Definition of
Internal Auditing, the Code of Ethics and the Standards and
internal audit policies and procedures, by staff not involved in
the respective audits,
• Self-assessment of the internal audit activity with objectives/
criteria established as part of the QAIP,
• Review of internal audit performance metrics and benchmarking
of best practices and
• Periodic activity and performance reporting to the board and
other stakeholders as deemed necessary.
© T
ran
scen
den
t G
rou
p S
veri
ge A
B 2
015
Can we apply best practices?
or leading practices?
• Criteria: Best practices for internal audit activities could be defined in accordance with a number of quality benchmark criteria, and further sub-criteria. Each sub-criteria comprises a number of processes or behaviours which represent best practices for internal audit activities.
• Achievement of "Best Practice": It is acknowledged that it is not appropriate or desirable to achieve best practice in all sub-criteria. Best practice internal audit activities are typically stronger in some areas than others and since the market is in a constant state of change, so the measure of "best practice" can only be judged at any point in time by comparison to other similar organisations.
© T
ran
scen
den
t G
rou
p S
veri
ge A
B 2
015
www.transcendentgroup.com