Presentation från GRC 2015 den 20 maj. Kontakta gärna talaren om du har några frågor. Hela schemat för eventet hittar du här: http://www.transcendentgroup.com/sv/har-har-du-hela-schemat-for-grc-2015/

1. Hur kan kvaliteten
förbättras på din
internrevisionsaktivitet;
vad fungerar?
Hans Löfgren
20 maj, GRC 2015

2. Vem är jag?
©TranscendentGroupSverigeAB2015

3. Hos Transcendent Group möter du erfarna
konsulter inom governance, risk and compliance. Våra
tjänster skapar trygghet och möjligheter för
myndigheter, företag och andra organisationer
inom en rad olika branscher.
Transcendent Group har fyra år i rad utsetts till en
av Sveriges bästa arbetsplatser.
Om företaget
©TranscendentGroupSverigeAB2015

4. Agenda
• What is quality?
• What to do?
• How to do it?
©TranscendentGroupSverigeAB2015

5. What is quality?
Quality in internal audit is guided by both an
obligation to meet customer expectations as
well as professional responsibilities inherent
in conforming with the Standards. While
predominantly complementary, it is the
challenge for the CAE to achieve both these
requirements.
It is the combination of the right people, the
right systems, and a commitment to
excellence. It is driven by the leaders of the
organization who are responsible for setting
the ”tone at the top”
©TranscendentGroupSverigeAB2015

6. What prevent us to work
systematically with quality?
– CBOK 2011
The principle reasons for noncompliance include:
• small size of the organization or internal audit staff,
• cost of using the Standards,
• amount of time required for compliance, or
• lack of management/board support.
©TranscendentGroupSverigeAB2015

7. Small Internal Audit Activities
• In sole auditor activities, the internal auditor
may seek assistance from other parts of the
organisation to undertake quality assurance
activities, provided this does not impact the
independence of internal audit.
• The internal auditor may also look to peers in
other organisations for support.
• Using checklists can also assist in providing
assurance over audit quality.
©TranscendentGroupSverigeAB2015

8. How does internal auditors perceive
their own value? – CBOK 2011
• Internal audit activities add value to their organizations.
• Internal audit activities are contributing to controls, but not to the same
extent contributing to risk management or governance.
• The most important factors to the perceived contribution of the internal
audit activity are:
– having appropriate access to the audit committee,
– functioning without coercion to change a rating assessment or withdraw a
finding and
– more audit tools or technology used on a typical audit engagement.
©TranscendentGroupSverigeAB2015

9. What to do?
• An active dialogue with stakeholders
(Board, AC, Senior Mgmt)
• Align the Internal Audit Strategy to the
Strategy of the Organization
• Define your Audit Universe
• Link your internal audit plan to the
Audit Universe
• Build in quality in your internal audit
process
©TranscendentGroupSverigeAB2015

10. How to do it?
• Developing a client service culture
• Developing a strategic plan for
internal audit
• Map all assurance providers
• Prioritize on high risk areas and
other stakeholder’s needs
• Planning, performing, and
reporting
• An active dialogue with
stakeholders (board, AC, senior
management)
• Align the Internal Audit Strategy to
the Strategy of the Organization
• Define your Audit Universe
• Link your internal audit plan to the
Audit Universe
• Build in quality in your internal
audit process
©TranscendentGroupSverigeAB2015

11. Developing a client service culture
It starts with
relationships
• Understand and exceed
stakeholder expectations
• Formal relationship
management program—
involve the whole team
Focus on people and
talent development
• Training programs
include business acumen
and leadership
• Coaching and
development programs to
reinforce OTJ training
Establish credibility and
earn a seat at the table
• Bring the right skills to
cover a broader range of
risks
• Ask for feedback and
measure client
satisfaction
• Balance independence,
objectivity and value
©TranscendentGroupSverigeAB2015

12. Developing a strategic plan for
internal audit
• Understand the relevant. industry(ies)
and the organization’s objectives.
• Consider the IPPF Standards and
Guidance.
• Understand stakeholder expectations.
• Update the internal audit vision and
mission.
• Define the critical success factors.
• Perform a SWOT analysis.
• Identify key initiatives.
©TranscendentGroupSverigeAB2015

13. Collaboration between assurance providers
Develop common view of risk to organisation
Presents to Board how key risks are being covered by
assurance providers
THIS IS IS MORE THAN developing improvements
in risk-based internal auditing
Today Tomorrow
Assurance need
legal
external audit
External Audit
No single view of assurance across organisation
Differing perspectives on risk (audit vs business, inherent
vs residual, BU vs Group)
Potential for duplication and gaps in assurance
Little Board/AC level visibility of the linkage between
sources of assurance
Mapping the assurance need
risk
treasury
health and safety
SOX
co. secretary
legal
compliance
external audit
CSR
internal audit
©TranscendentGroupSverigeAB2015

14. Prioritize on high risk areas and other
stakeholder’s needs
Riskbased audit
universe
Require-
ments from
Board/AC
Require-
ments from
regulators
©TranscendentGroupSverigeAB2015

15. Quality assurance and
improvement program
• Build in quality in the internal audit
process through
• On-going monitoring
• Periodic self-assessments
©TranscendentGroupSverigeAB2015

16. Ongoing Monitoring
• Ongoing monitoring provides assurance
that the processes in place are working
effectively to ensure quality is delivered
on an audit-by-audit basis. It is
primarily achieved through:
• continuous monitoring activities
including engagement planning and
supervision,
• standard working practices,
• working paper procedures and signoffs
and
• report reviews.
©TranscendentGroupSverigeAB2015

17. Engagement supervision, working papers
and working paper quality review
• engagement supervision
• monitor progress
• assess quality
• provide coaching
• the work provided by consultants should also be supervised and
monitored.
• working papers
• engagement working papers
©TranscendentGroupSverigeAB2015

18. Periodic self-assessments should be
conducted through:
• Working paper reviews for conformance with the Definition of
Internal Auditing, the Code of Ethics and the Standards and
internal audit policies and procedures, by staff not involved in
the respective audits,
• Self-assessment of the internal audit activity with objectives/
criteria established as part of the QAIP,
• Review of internal audit performance metrics and benchmarking
of best practices and
• Periodic activity and performance reporting to the board and
other stakeholders as deemed necessary.
©TranscendentGroupSverigeAB2015

19. Can we apply best practices?
or leading practices?
• Criteria: Best practices for internal audit activities could be
defined in accordance with a number of quality benchmark
criteria, and further sub-criteria. Each sub-criteria comprises a
number of processes or behaviours which represent best
practices for internal audit activities.
• Achievement of "Best Practice": It is acknowledged that it is not
appropriate or desirable to achieve best practice in all sub-
criteria. Best practice internal audit activities are typically
stronger in some areas than others and since the market is in a
constant state of change, so the measure of "best practice" can
only be judged at any point in time by comparison to other
similar organisations.
©TranscendentGroupSverigeAB2015

20. www.transcendentgroup.com