IABC WELCOME Entering the World of Internal Audit.
-
Upload
bethany-burke -
Category
Documents
-
view
216 -
download
0
Transcript of IABC WELCOME Entering the World of Internal Audit.
IABC Corruption At a Glance
Global Financial Integrity (GFI)
Top 5 Countries (Highest measured cumulative illicit financial outflow)
2000 to 2009:
USD 2.74 Trillion USD 504 Billion USD 501 Billion
USD 380 Billion USD 350 Billion
Main Programme
• Introduction
• Internal Audit Profession
• Internal Auditor Toolset
– Internal Auditor’s Skills Requirement – Business Evaluation Techniques – Business Environment Awareness – Audit Program Design & Planning– Project Management
New IA Survival Boot Camp S u r v i v i n g t h e f i r s t 6 0 d a y s
IABC Introduction
Facilitator- Jerry Lee, FCCA, CPA, CIA, CRMA
A Practitioner in Internal Audit/ Risk Management/ Business Operations Review:
• 15 years, 3 MNCs • 450 business operational reviews over 120 locations (Asia Pacific,
SEA, Europe, etc.) • Multiple Industries (Chemical, Pharmaceuticals, FMCG, Home
Appliances)• Project Management (Business restructuring, re-engineering, SOX
404)• Generated RMB 7 million savings for business projects
IABC Getting to know You
Introduction
• Name
• Year (s) in Internal Audit
• Company & Industry
• What is your objective?
IABC Learning Objectives
• Understanding the challenges of being an Internal Auditor
• Understanding the perceptions & opinions on internal auditors
• Equip you with a set of practical skill
IABCPerception of the Auditor
• Follow the book, Bloodhound
• Stubborn
• Not Practical, Do not know the business
• Living in their own world
• No Comments ………….
IABCPerception of the Auditor
How did the auditor cross the road?
He looked at the P- file and followed last year’s working papers.
IABC Introduction to Internal Auditing
• IIA & IPPF
• Definition of Internal Auditing
• International Professional Practices Framework (IPPF)– Code of ethics (Rules of conduct)– Attribute Standard (Practice Advisory)– Performance Standard (Practice Advisory)
IABCDefinition of Internal Auditing
Internal Auditing is an independent, objective assurance and consulting activity to add value and improve an organization's operations.
It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes.
IABCInternational Professional Practices Framework (IPPF)
IPPF 1. Organize the Institute of Internal Auditors (IIA) authoritative guidance
for ready access on a timely basis
2. Structural blueprint of knowledge and guidance , facilitates consistent development, interpretation, and application of concept, methodologies and techniques
3. Assist practitioners and stakeholders throughout the world in being responsive to expanding markets for high quality internal auditing.
IABCCode of Ethics
Principles that are relevant to the profession and practices of internal Auditing.
Rules of Conduct describe the behavior norms expected of internal Auditors.
IABCAttribute & Performance Standards
Attribute Standards – Purpose, Authority & Responsibility Practice advisory – 1000-1 to 1321-1
Performance Standards- Managing the Internal Audit Activity Practice Advisory- 2000 to 2600
IABCInternal Audit Department Set up
• Department Structure
• Mission/ Charter Statement
• Audit Manual
• Reporting & Work Procedures
• Audit Committee
23
IABCAudit Organization
CAE
Area Director
AreaDirector
AreaDirector
AreaDirector
AreaDirector
Assistant
ManagerSenior Auditor
Auditor
ManagerSenior Auditor
Auditor
ManagerSenior Auditor
Auditor
ManagerSenior Auditor
Auditor
ManagerSenior Auditor
Auditor
IABCMission & Charter
• To perform independent objective assurance and consulting activities designed to add value and improve the company’s operations.
• To help the company to accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of the governance, internal control and risk management processes.
IABCMission & Charter
Internal Audit Based on risk assessment input, plan & roll out the audit strategy to fulfill Board objectives in Operational, Financial & Compliance audits.
Financial DiligencePerform and coordinate financial due diligence activities in acquisition and divestment situations.
Internal Control
Formulate action plans to improve governance, internal controls and risk management processes, e.g. SOX Programme
ConsultingPerform consulting activities designed to improve the company’s operations.
26
IABCAudit Manual
Audit work programPreparation Audit Visit
Letter
Scheduling &
confirmation
Audit Close Meeting
Field work
Audit Open Meeting
Operational Audit
Financial Audit
Risk Theme Audit
Special Projects
Planning Execution Completion
Post Audit
Finalize Report
Mgt. ResponseDraft Audit
Report
Internal Auditvs.
External Audit
Internal Audit – Risk Management + Control Design Impact + Financial Impact + Financial Standards Compliance + Environmental Impact
External Audit- Materiality Level + Financial Standards Compliance + Environmental Impact
IABCIA vs. EA
IABCIA vs. EA
Internal Audit
• WP regulated by IIA
• Mostly Regional focused
External Audit
• WP regulated
• Mostly Local focused
IABCIA vs. EA
Internal Audit
• IIA, IPPF & COSO Framework
• Need & Regulation (For Listed)
• A set of Programs
• Operations Inclined
• Detailed business knowledge required
External Audit• FRS, GAAP, etc.
• Regulation (with exceptions)
• A set of Programs
• Financial Compliance inclined
• Detailed business knowledge limited to audit
IABCFieldwork
Internal Audit • Sample (often judgmental)
• Flowcharts
• Weaknesses Focused– Design – Operating
• Recommendations & Follow up
External Audit • Sample (follow a basis)
• Flowcharts • Detailed business
knowledge limited to audit
• Management Letter & Audit Report
IABCFieldwork
Internal Audit
• View- Complete Process
• Interaction Multiple Levels
• Assignments & Projects
• Often very challenging situations
External Audit
• View- Restricted
• Interaction Restricted
• Assignments
• Supported by law
IABCInternal & External Auditors
Internal • Financial related basic
Training
• Financial & Business Knowledge
• Thought Process- Risk
External • Financial related basic
Training
• Financial & Business (limited) knowledge
• Thought process- Compliance
33
IABCIA Work Flow Process
• Planning Discussion & Audit Announcement
• On-Site Opening Meeting
• Field Work
• On-Site Closing Meeting
• Issue Draft Report
• Issue Final Report
• Follow up on audit report on pre-determined deadline
Auditor’s Credo
• Integrity (honest, diligent & responsible)
• Objectivity (unbiased assessment)
• Confidentiality (protection of information)
• Competency (seek help if necessary)
• Consistency (Principle applications)
IABC Internal Auditor’s Skill Requirement
Composure Mechanism
1. Be open to constructive criticism
2. Engage only after you have taken a step back, do not react immediately
3. Never get personal
4. Deal with the emotion not the person
5. Argue on fact, never “ass-u-me”
6. Maintain a cool composure under fire
IABCInternal Auditor’s Skill Requirement
IABC Internal Auditor’s Skill Requirement
Profession Skill
1. Interviewing Techniques
2. Presentation skills
3. Body Language Observations
4. Report Writing
5. Closing Meeting Etiquette
IABC Operation Evaluation Technique
Evaluating the business- Eagle Technique
• Relate the sub-sections to the whole
• Read about the business and its recent development
• Review information collected during discussion
• Retain Objective in sight
Evaluating Controls - Path Finder Technique
• What can go wrong ?
• Where can I find it ?
• Who is doing it ?
• When can it happen ?
• Why did it happen ?
• How to prevent ?
IABC Operation Evaluation Technique
• Operations
• Processes
• Procedures
IABC Operation Evaluation Technique
Risk Management
What Can Go Wrong !!!
IABC Operation Evaluation Technique
Risk Management
What Can Go Wrong
Operations
ProcessesProcedures
IABC Operation Evaluation Technique
Weakness/ Risk
• Design Control Weakness – Inadequate knowledge
• Operating Control Weakness– Over-ride or errors not detected
• Inherent/ Environment – Countries with weak regulations– Excessive Manual workaround – Segregation of Duties (Lean operations)
43
IABC Operation Evaluation Technique
Quantifiable cost of weak controls or the lack of it:
RMB 5 Million…….
Not Quantifiable…..????
IABCOperation Evaluation Technique
Factors to consider when assessing the severity of an issue.
• Design Control Weakness
• Operating Control Weakness
• Inherent Weakness
IABCOperation Evaluation Technique
4R methodology of good controls
• Robust controls (design & operating) & review • Regular review on processes & procedures • Revise Delegation of Authority in line with changes
• Who is authorized to sign• What is the amount authorized• What are the types
• Regulate granting of system access rights
IABCBe The Auditor
Task:
1. Complete this fact finding issue with a recommendation for a closing meeting conducted at the end of an audit week.
2. Construct a short paragraph to be included as part of the Executive Summary:
1. Title (representing the issue)2. Problem3. Impact 4. Management actions (presume management has agreed)
3. From your group, role play and present the issue in a closing meeting scenario
IABCBusiness Environment Awareness
Before Getting There
1. Flight - Timing
2. Hotel - Distance
3. Living Environment – Duration, Comfort
4. Transport & Traffic – Distance
5. Audit Preparation- Work Review
IABCBusiness Environment Awareness
1. The People1. General Manager 2. Financial Controller 3. Finance Manager 4. The Office
2. The Culture1. SEA2. Asia Pacific3. European 4. Americas
3. The Country
IABCBusiness Environment Awareness
Auditing & Fraud
PA 1220-1 Due Professional Care
Internal auditors must apply care and skills expected of a reasonably prudent and competent internal auditor……. Exercising due professional care involves being alert to the possibility of fraud…………
IABCBusiness Environment Awareness
What is the average percentage of revenues of reported losses through fraud?
6%
IABCBusiness Environment Awareness
Corporate Fraud
• Criminals have become multinational
• Technology changes the way criminals operates
• Companies are easy targets
• Less risky than an armed bank robbery
55
IABCBusiness Environment Awareness
Broad Classification
1. Employee Fraud
2. Management Fraud
3. Third Party Fraud (against company)
56
IABC Business Environment Awareness
Theft of any company property through deception or abuse of power
Forgery or alteration of any document
Destruction or removal of records
Falsifying expense claims
Disclosing confidential information to outside parties without authority
Use of company assets for personal use
Personal gain through conflicts of interest
Acceptance of inappropriate gifts and entertaining
Personal gain through use of confidential or inside information
57
IABC Business Environment Awareness
How fraud starts for “Normal Employee”
• Motivated
• Can see an opportunity
• Do not expect to get caught
IABCDefence Against Non-Compliance
Detecting fraud is not easy, But neither is it
Finding a needle in a the Ocean.
IABCHandling the Fraud
4 Aspects to Examine
1. Intention
2. Methodology
3. Person Involved/ Responsible
4. Quantifying & Qualifying the Impact (Financial & Non-Financial)
60
IABCBusiness Environment Awareness
Tone at the top
1. Code of Ethics
2. Policy on countering bribe and corruption
3. Conflict of interest policy
4. Insider policy
5. Antitrust & Anti Fraud Policy
61
IABCBusiness Environment Awareness
3 Line- Defence Framework
1. Create a culture of honesty and ethics
2. Establish Anti- Fraud Processes & Controls
3. Develop an Appropriate Oversight Process
How makes a good fraud handling Process
4. Consistent, Transparent, Professional
63
IABC Audit Program Design & Planning
Planning Process
– Set Audit Scope & Identify Risks
– Detailed Discussion with Business Sub Process Owners to obtain information
– Where necessary, perform research for extra resources to enhance other operational aspects in the program
– Audit team members brainstorm and share ideas
64
IABC Audit Program Design & Planning
Program Design Process
• Build Overall audit program framework by applying the business information
• Where necessary, draw Process Map as a visual guideline and later for use in the field as a check point for audit team.
• Add other desired audit controls Access Rights Review Item Master Control Log reports Requirement
• Build detailed audit steps, tests & procedures keeping overall flows in mind
65
IABC Audit Program Design & Planning
Final Design Step
– Go through audit program again with audit team & challenge its logic, controls & flow to ensure risks identified & scope set are covered.
– Final Review with Audit team/ Manager/Director to ensure audit program has been properly designed to:
• Provide an adequate assessment on the design of controls in the processes
• Provide overall view & covers risks identified
• Detailed audit steps, procedure and tests are workable