Changing role of Internal...
Transcript of Changing role of Internal...
Changing role of Internal Auditors
September 7, 2016
Slide 1
• History
• Evolution
• Current Status
• Critical risks faced by organisations
• Effective internal audit – the new floor
• Risk perceptions and stakeholder expectations
• Definition and Mission of Internal Audit
• Core Principles for the Professional Practice of Internal Auditing
• Foundational attributes of Internal Audit function
• Change in focus
• Participation in transformational initiatives
• Role of Internal Audit in Risk Management
• Internal Audit - Good corporate governance
• Use of Analytics and technology in internal audit
• Characteristics of effective internal audit leaders
• Actions to take now
• Current focus points
• Steps towards the future
Agenda
Slide 2
• Going back to 3500 B.C.
• At the beginning of the 13th Century, the first two official state auditors were appointed in the city of Pisa: an internal and an external auditor
• Association of professional auditors was established in the 16th century in
Venice, Bologna and Milan
• Origins of the more recent internal audit functions can be traced to the 19th century U.S. and U.K. railways and the related development of accounting systems
History
Slide 3
• Prior to the 16th century, internal auditors were mostly state auditors who acted on behalf of the king and/or state.
• During the 16th to 18th centuries – expanded to include the transactions of a business-oriented society.
focus remained on fraud detection and prevention.
• Early 19 the century, the focus of on the financial processes in addition to
investigation of non-financial data
• From the 1930s onwards, the Securities and Exchange Commission (SEC) required firms to provide audited financial statements if they wanted to be registered at the Stock Exchange.
strengthened the establishment of internal audit functions within firms detailed verification activities of transactions
Evolution
Slide 4
• As firms became larger and more complicated, management’s ability to monitor its operations became more limited, the role increased.
• Was a sub function of the accounting function and performed accounting related audits.
• The internal auditor usually had some kind of quality control function
Evolution
Slide 5
• Served as business and operational consultants to their organizations, adding value enterprise wide.
• With the Sarbanes-Oxley Act and other laws and regulations, focus has
shifted towards financial controls. • Playing a more key role in risk assessment and risk management due to the
following reasons:
Risk assessments and risk management are becoming more complex, and important
External market forces, economic volatility, and regulatory
expectations
Current status
Slide 6
Critical risks faced by organisations
Slide 7
Risk profiles are changing • Complexity: Linkages between global trade, financial markets and supply
chains
• Unpredictability: Privacy breaches, environmental factors, financial
• Variety: Global diversification, culture challenges
• Speed: Social media, reputation
Critical risks faced by organisations (contd.)
Slide 8
Critical risks faced by organisations (contd.)
Slide 9
Effective internal audit – the new floor
Slide 10
Effective internal audit – the new floor (contd.)
Slide 11
Risk perceptions and stakeholder expectations
Slide 12
Risk perceptions and stakeholder expectations (contd.)
Slide 13
Risk perceptions and stakeholder expectations (contd.)
Slide 14
As per the Institute of Internal Auditors – The Definition of Internal Auditing states the fundamental purpose, nature, and scope of internal auditing: Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes. The Mission of Internal Audit articulates what internal audit aspires to accomplish within an organization: To enhance and protect organizational value by providing risk-based and objective assurance, advice, and insight
Definition and Mission of Internal Audit
Slide 15
As per the Institute of Internal Auditors –
• Demonstrates integrity.
• Demonstrates competence and due professional care.
• Is objective and free from undue influence (independent).
• Aligns with the strategies, objectives, and risks of the organization.
• Is appropriately positioned and adequately resourced.
• Demonstrates quality and continuous improvement.
• Communicates effectively.
• Provides risk-based assurance.
• Is insightful, proactive, and future-focused.
• Promotes organizational improvement.
Core Principles for the Professional Practice of Internal Auditing
Slide 16
Protect the business and deliver measurable value
Quality and innovation • Quality standards • Formal quality • Innovation Service culture
• Metrics measure customer satisfaction • Services provide balance of objectivity and value
Foundational attributes of internal audit function
Slide 17
Stakeholder management • Operationally excellent and provider of strategic support • Strategic plan that captures expectations, communication strategy, and
timelines • Function-specific feedback regularly • Coordinates with the business unit to define expectations and share scope of
the audit Cost-effectiveness • Leverages internal and external resources, varying staff levels and
geographical locations to efficiently complete audit activities • Productivity is actively measured and managed • Delivery of services Audit methodology and processes are standardized and
simplified • Investments in audit infrastructure are based on a disciplined ROI approach
Foundational attributes of internal audit function
Slide 18
Business alignment • Expectations are clearly articulated and communicated • Defines and articulates its mission and value • Metrics are developed to measure progress towards the stated mission and
vision Technology • Data analytics are deployed • Data is utilized to provide deep and persuasive intelligence on business issues
and observations/ recommendations • Continuous auditing techniques are leveraged to increase audit coverage to
provide early warning of risk indicators and increase audit coverage • Leveraging governance, risk and compliance (GRC) tools `
Foundational attributes of internal audit function
Slide 19
Risk focus • Top-down, strategic approach and bottoms-up approach to identifying
business risks • Updated to respond to changes in the company and the external business
environment • Assessing the key risks, including emerging and enterprise risks Talent model • An appropriate mix of core internal audit and subject matter specialists • A continual learning and development model • Conflict management and critical thinking • Staff performance feedback
Foundational attributes of internal audit function
Slide 20
Internal audit focus is shifting from focus on financial and compliance areas
towards:
• CFO agenda
• Impact on value creation
• Evolving skill sets to meet a new role
• Participation in strategy development
• Integrated versus risk management
• Increased focus on fraud
Change in focus
Slide 21
Participation in transformational initiatives
Slide 22
Participation in transformational initiatives
Slide 23
• Greater likelihood of achieving Company’s objectives;
• Consolidated reporting of disparate risks at board level;
• Improved understanding of the key risks and their wider implications;
• Identification and sharing of cross business risks;
• Greater management focus on the issues that really matter;
• Fewer surprises or crises;
• More focus internally on doing the right things in the right way;
• Increased likelihood of change initiatives being achieved;
• Capability to take on greater risk for greater reward and
• More informed risk-taking and decision-making.
Role of Internal Audit in Risk Management
Slide 24
• Third line of defense: Plays an integral role in the governance structure aligned with stakeholders
• More than a compliance function – providing quality change.
• Sound understanding of business strategy and the associated risks
• Ability to challenge the control environment and infrastructure supporting the
strategy, visibility across the various functional areas of business units
• Builds a strategic (two to three years) plan, developed in collaboration with the management, aligned to the organisation's risk profile.
• Structured to enable both the maintenance of independence and objectivity, as well as proximity to the business
• Establish and maintain relationships with an in-depth understanding of the business.
• Dynamic processes, through integrated quality assurance and learning programs.
Internal Audit - Good corporate governance
Slide 25
Use of Analytics and technology in internal audit`
Slide 26
There is increasing use of technologies to support the risk assessment process and development of annual audit plan and also enhance collaboration among internal auditors. Benefits: • spending more time exercising their professional judgment, • providing greater insights Tools:
• Increased use of CAAT for analytical tests, data analysis reports and fraud
detection
• Use of benchmarking tools to compare similar Companies
• Artificial Intelligence (AI) in areas such as o counting inventories o processing confirmation responses. o reading through stacks of contracts to extract key terms
Use of Analytics and technology in internal audit (contd.)
Slide 27
Characteristics of effective internal audit leaders
Slide 28
Actions to take now
Slide 29
Internal audit is tipping at a point where progress is required
• The strength of cybersecurity measures hinges on board engagement and inclusion in the audit plan
• Cybersecurity risk is becoming a fixture in the annual audit plan
• Notable audit priorities include mobile applications, cloud computing, IT standards and Internet of things
• Move forward with data analysis and technology enabled auditing capabilities
Current focus points
Slide 30
To play a role beyond risk assessment, financial controls testing and risk mitigation, internal audit must overcome the imminent challenges of governance, staffing, operations and delivering value to the organisation. Internal audit needs to consider taking the following immediate actions: • Conduct internal and external quality reviews of the internal audit function on a
regular basis. • Establish a continuous quality-improvement program for all internal audit
locations. • Establish quality guidelines and standards for work papers and audit reports. • Perform multiple reviews of findings, recommendations, and management action
plans prior to report issuance. • Maintain continuous communication between the internal audit team and the
areas they audit during audit planning and execution, and encourage the use of post-audit surveys to gain feedback on audit processes.
• Develop a scorecard that communicates internal audit value during the year in such areas as cost reduction, revenue enhancement, risk mitigation, and best practices.
Steps towards the future
Slide 31
Thank you