IABC WELCOME Entering the World of Internal Audit.

IABC

WELCOME

Entering the World of Internal Audit

IABC Corruption At a Glance

Global Financial Integrity (GFI)

Top 5 Countries (Highest measured cumulative illicit financial outflow)

2000 to 2009:

USD 2.74 Trillion USD 504 Billion USD 501 Billion

USD 380 Billion USD 350 Billion

Main Programme

• Introduction

• Internal Audit Profession

• Internal Auditor Toolset

– Internal Auditor’s Skills Requirement – Business Evaluation Techniques – Business Environment Awareness – Audit Program Design & Planning– Project Management

New IA Survival Boot Camp S u r v i v i n g t h e f i r s t 6 0 d a y s

IABC Introduction

Facilitator- Jerry Lee, FCCA, CPA, CIA, CRMA

A Practitioner in Internal Audit/ Risk Management/ Business Operations Review:

• 15 years, 3 MNCs • 450 business operational reviews over 120 locations (Asia Pacific,

SEA, Europe, etc.) • Multiple Industries (Chemical, Pharmaceuticals, FMCG, Home

Appliances)• Project Management (Business restructuring, re-engineering, SOX

404)• Generated RMB 7 million savings for business projects

My Travel

IABC Getting to know You

Introduction

• Name

• Year (s) in Internal Audit

• Company & Industry

• What is your objective?

IABC Learning Objectives

• Understanding the challenges of being an Internal Auditor

• Understanding the perceptions & opinions on internal auditors

• Equip you with a set of practical skill

IABCPerception of the Auditor

• Follow the book, Bloodhound

• Stubborn

• Not Practical, Do not know the business

• Living in their own world

• No Comments ………….

IABCPerception of the Auditor

How did the auditor cross the road?

He looked at the P- file and followed last year’s working papers.

IABCIs the Auditor that bad?

IABCThe Auditor - Bloodhound?

IABCThe Auditor-Stubborn Detective ?

It’s in there somewhere, I just know it!!!

IABCWho Audit the Auditor?

Mgt.

Anybody

AuditeeAudit

Committee

Employees

Auditor

IABC Introduction to Internal Auditing

• IIA & IPPF

• Definition of Internal Auditing

• International Professional Practices Framework (IPPF)– Code of ethics (Rules of conduct)– Attribute Standard (Practice Advisory)– Performance Standard (Practice Advisory)

IABCDefinition of Internal Auditing

Internal Auditing is an independent, objective assurance and consulting activity to add value and improve an organization's operations.

It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes.

IABCInternational Professional Practices Framework (IPPF)

IPPF 1. Organize the Institute of Internal Auditors (IIA) authoritative guidance

for ready access on a timely basis

2. Structural blueprint of knowledge and guidance , facilitates consistent development, interpretation, and application of concept, methodologies and techniques

3. Assist practitioners and stakeholders throughout the world in being responsive to expanding markets for high quality internal auditing.

IABCCode of Ethics

Principles that are relevant to the profession and practices of internal Auditing.

Rules of Conduct describe the behavior norms expected of internal Auditors.

IABC Code of Ethics

Principles & Rules:

Integrity ….

Objectivity ….

Confidentiality….

Competency ….

IABCAttribute & Performance Standards

Attribute Standards – Purpose, Authority & Responsibility Practice advisory – 1000-1 to 1321-1

Performance Standards- Managing the Internal Audit Activity Practice Advisory- 2000 to 2600

IABCOur Existence- Value Add

IABCInternal Audit Department Set up

• Department Structure

• Mission/ Charter Statement

• Audit Manual

• Reporting & Work Procedures

• Audit Committee

23

IABCAudit Organization

CAE

Area Director

AreaDirector

AreaDirector

AreaDirector

AreaDirector

Assistant

ManagerSenior Auditor

Auditor


Auditor


Auditor


Auditor


Auditor

IABCMission & Charter

• To perform independent objective assurance and consulting activities designed to add value and improve the company’s operations.

• To help the company to accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of the governance, internal control and risk management processes.

IABCMission & Charter

Internal Audit Based on risk assessment input, plan & roll out the audit strategy to fulfill Board objectives in Operational, Financial & Compliance audits.

Financial DiligencePerform and coordinate financial due diligence activities in acquisition and divestment situations.

Internal Control

Formulate action plans to improve governance, internal controls and risk management processes, e.g. SOX Programme

ConsultingPerform consulting activities designed to improve the company’s operations.

26

IABCAudit Manual

Audit work programPreparation Audit Visit

Letter

Scheduling &

confirmation

Audit Close Meeting

Field work

Audit Open Meeting

Operational Audit

Financial Audit

Risk Theme Audit

Special Projects

Planning Execution Completion

Post Audit

Finalize Report

Mgt. ResponseDraft Audit

Report

Internal Auditvs.

External Audit

Internal Audit – Risk Management + Control Design Impact + Financial Impact + Financial Standards Compliance + Environmental Impact

External Audit- Materiality Level + Financial Standards Compliance + Environmental Impact

IABCIA vs. EA

IABCIA vs. EA

Internal Audit

• WP regulated by IIA

• Mostly Regional focused

External Audit

• WP regulated

• Mostly Local focused

IABCIA vs. EA

Internal Audit

• IIA, IPPF & COSO Framework

• Need & Regulation (For Listed)

• A set of Programs

• Operations Inclined

• Detailed business knowledge required

External Audit• FRS, GAAP, etc.

• Regulation (with exceptions)

• A set of Programs

• Financial Compliance inclined

• Detailed business knowledge limited to audit

IABCFieldwork

Internal Audit • Sample (often judgmental)

• Flowcharts

• Weaknesses Focused– Design – Operating

• Recommendations & Follow up

External Audit • Sample (follow a basis)

• Flowcharts • Detailed business

knowledge limited to audit

• Management Letter & Audit Report

IABCFieldwork

Internal Audit

• View- Complete Process

• Interaction Multiple Levels

• Assignments & Projects

• Often very challenging situations

External Audit

• View- Restricted

• Interaction Restricted

• Assignments

• Supported by law

IABCInternal & External Auditors

Internal • Financial related basic

Training

• Financial & Business Knowledge

• Thought Process- Risk

External • Financial related basic

Training

• Financial & Business (limited) knowledge

• Thought process- Compliance

33

IABCIA Work Flow Process

• Planning Discussion & Audit Announcement

• On-Site Opening Meeting

• Field Work

• On-Site Closing Meeting

• Issue Draft Report

• Issue Final Report

• Follow up on audit report on pre-determined deadline

IABCThe Real Internal Auditor?

Auditor’s Credo

• Integrity (honest, diligent & responsible)

• Objectivity (unbiased assessment)

• Confidentiality (protection of information)

• Competency (seek help if necessary)

• Consistency (Principle applications)

IABC Internal Auditor’s Skill Requirement

Composure Mechanism

1. Be open to constructive criticism

2. Engage only after you have taken a step back, do not react immediately

3. Never get personal

4. Deal with the emotion not the person

5. Argue on fact, never “ass-u-me”

6. Maintain a cool composure under fire

IABCInternal Auditor’s Skill Requirement

IABC Internal Auditor’s Skill Requirement

Profession Skill

1. Interviewing Techniques

2. Presentation skills

3. Body Language Observations

4. Report Writing

5. Closing Meeting Etiquette

IABC Operation Evaluation Technique

Evaluating the business- Eagle Technique

• Relate the sub-sections to the whole

• Read about the business and its recent development

• Review information collected during discussion

• Retain Objective in sight

Evaluating Controls - Path Finder Technique

• What can go wrong ?

• Where can I find it ?

• Who is doing it ?

• When can it happen ?

• Why did it happen ?

• How to prevent ?


• Operations

• Processes

• Procedures


Risk Management

What Can Go Wrong !!!


Risk Management

What Can Go Wrong

Operations

ProcessesProcedures


Weakness/ Risk

• Design Control Weakness – Inadequate knowledge

• Operating Control Weakness– Over-ride or errors not detected

• Inherent/ Environment – Countries with weak regulations– Excessive Manual workaround – Segregation of Duties (Lean operations)

43


Quantifiable cost of weak controls or the lack of it:

RMB 5 Million…….

Not Quantifiable…..????

IABCOperation Evaluation Technique

Factors to consider when assessing the severity of an issue.

• Design Control Weakness

• Operating Control Weakness

• Inherent Weakness

IABCOperation Evaluation Technique

4R methodology of good controls

• Robust controls (design & operating) & review • Regular review on processes & procedures • Revise Delegation of Authority in line with changes

• Who is authorized to sign• What is the amount authorized• What are the types

• Regulate granting of system access rights

IABC Playtime

IABCBe The Auditor

Task:

1. Complete this fact finding issue with a recommendation for a closing meeting conducted at the end of an audit week.

2. Construct a short paragraph to be included as part of the Executive Summary:

1. Title (representing the issue)2. Problem3. Impact 4. Management actions (presume management has agreed)

3. From your group, role play and present the issue in a closing meeting scenario

IABCBusiness Environment Awareness


Before Getting There

1. Flight - Timing

2. Hotel - Distance

3. Living Environment – Duration, Comfort

4. Transport & Traffic – Distance

5. Audit Preparation- Work Review


1. The People1. General Manager 2. Financial Controller 3. Finance Manager 4. The Office

2. The Culture1. SEA2. Asia Pacific3. European 4. Americas

3. The Country


Auditing & Fraud

PA 1220-1 Due Professional Care

Internal auditors must apply care and skills expected of a reasonably prudent and competent internal auditor……. Exercising due professional care involves being alert to the possibility of fraud…………


What is the average percentage of revenues of reported losses through fraud?

6%


Corporate Fraud

• Criminals have become multinational

• Technology changes the way criminals operates

• Companies are easy targets

• Less risky than an armed bank robbery

55


Broad Classification

1. Employee Fraud

2. Management Fraud

3. Third Party Fraud (against company)

56

IABC Business Environment Awareness

Theft of any company property through deception or abuse of power

Forgery or alteration of any document

Destruction or removal of records

Falsifying expense claims

Disclosing confidential information to outside parties without authority

Use of company assets for personal use

Personal gain through conflicts of interest

Acceptance of inappropriate gifts and entertaining

Personal gain through use of confidential or inside information

57

IABC Business Environment Awareness

How fraud starts for “Normal Employee”

• Motivated

• Can see an opportunity

• Do not expect to get caught

IABCDefence Against Non-Compliance

Detecting fraud is not easy, But neither is it

Finding a needle in a the Ocean.

IABCHandling the Fraud

4 Aspects to Examine

1. Intention

2. Methodology

3. Person Involved/ Responsible

4. Quantifying & Qualifying the Impact (Financial & Non-Financial)

60


Tone at the top

1. Code of Ethics

2. Policy on countering bribe and corruption

3. Conflict of interest policy

4. Insider policy

5. Antitrust & Anti Fraud Policy

61


3 Line- Defence Framework

1. Create a culture of honesty and ethics

2. Establish Anti- Fraud Processes & Controls

3. Develop an Appropriate Oversight Process

How makes a good fraud handling Process

4. Consistent, Transparent, Professional

62

IABC Audit Program Design & Planning

63


Planning Process

– Set Audit Scope & Identify Risks

– Detailed Discussion with Business Sub Process Owners to obtain information

– Where necessary, perform research for extra resources to enhance other operational aspects in the program

– Audit team members brainstorm and share ideas

64


Program Design Process

• Build Overall audit program framework by applying the business information

• Where necessary, draw Process Map as a visual guideline and later for use in the field as a check point for audit team.

• Add other desired audit controls Access Rights Review Item Master Control Log reports Requirement

• Build detailed audit steps, tests & procedures keeping overall flows in mind

65


Final Design Step

– Go through audit program again with audit team & challenge its logic, controls & flow to ensure risks identified & scope set are covered.

– Final Review with Audit team/ Manager/Director to ensure audit program has been properly designed to:

• Provide an adequate assessment on the design of controls in the processes

• Provide overall view & covers risks identified

• Detailed audit steps, procedure and tests are workable

PTP Cycle

67

IABCQ & A

IABC WELCOME Entering the World of Internal Audit.

Documents

Transcript of IABC WELCOME Entering the World of Internal Audit.