SlideShare a Scribd company logo

SFC Plan of engagement

J
Jonathan Lamboi

The presentation provided an overview of the internal audit department's organization, mission, and 2009/10 audit plan for the audit committee. It discussed the department's responsibilities in providing independent assurance and consulting services. It also outlined the audit approach, including risk-based planning and a rating system for audit reports. Quality assurance processes were reviewed, including onboarding, training, performance reviews, and internal/external reviews. The benefits of internal audit for ensuring adherence to policies and ongoing risk management were also highlighted.

1 of 22
Download to read offline
Presentation to the Audit Committee Internal Audit Overview September 2009
2 AGENDA Internal audit organization, mission statement & responsibilities Internal control responsibilities Audit approach & 2009/10 audit plan Audit reports & rating system Quality assurance
3 SFC GOVERNANCE MODEL MD//GM/CFO/others set policies & operating principles Depts. adheres to policies and operating principles SFC/IFRS. directs compliance of controls over financial reporting Internal Audit evaluates compliance against policies & reports non-compliance Board of Directors evaluates risk& dictates organization to review, evaluate, monitor & control risk GM evaluate risks & compliance with laws Treasury evaluates credit/treasury risks & develops policies to minimize risks IT evaluates technology risks & develops policies to minimize riskLegal assures compliance With laws FC establishes reporting Mechanism to assure compliance to law & policy
4 Shareholders INTERNAL AUDIT PKF Board Senior Management Departments Internal stakeholders External stakeholders • Objective Assurance • Consulting & value-add • Best practice sharing • Evaluate & improve effectiveness of risk management, control & governance processes • Proactive communications to improve controls • Consulting assistance to key initiatives (e.g. Sarbanes-Oxley, acquisitions) • Objective Assurance • Improve organization's operations Independent VALUE OF IAD TO SFC
5 KEY CUSTOMERS, PRODUCTS & METRICS KEY PRODUCTS PRIMARY CUSTOMERS SECONDARY CUSTOMERS METRICS Audit Assurance Audit Committee Bassem Niall Depts. FC Entity receiving audit Completion of audit plan Quality of audit reports Timeliness of audit reports Successful external assurance review Talent Depts. receiving talent Greater finance & IT organizations Attrition rates below benchmark Quality of talent placed Consulting Services Entity/Depts. receiving consulting service (Dependent upon the nature of services provided) Depts. Heads Acct & Control GM Quality of services provided Quantity of services provided
IAD Structure and Function Audit Committee Internal Auditor Finance Audit Internal Control Audit Information Systems Audit Compliance Audit Other
MISSION AND SCOPE OF WORK • The mission of the internal audit department is to provide independent, objective and reasonable assurance and consulting services designed to add value and to assist management in monitoring a system of internal control. The scope and frequency of these evaluations are determined through an assessment of risks, including the effectiveness of management’s ongoing monitoring procedures. The scope of work of the internal audit department is to determine whether the organization’s network of risk management, control, and governance processes, as designed and represented by management, is adequate and functioning in a manner to ensure: Risks are appropriately identified and managed Interaction with the various governance groups occurs as needed Significant financial, managerial, and operating information is accurate, reliable, and timely Employees’ actions are in compliance with policies, standards, procedures, and applicable laws and regulations Resources are acquired economically, used efficiently, and adequately protected Programs, plans, and objectives are achieved Quality and continuous improvement are fostered in the organization’s control process Significant legislative or regulatory issues impacting the organization are recognized and addressed appropriately
8 INTERNAL AUDIT RESPONSIBILITIES Responsibilities include: Independently assess internal controls at SFC departments Maintain an annual cyclical audit plan Perform compliance audits of contracts with the JVs Perform IT system audits Conduct control reviews at acquisitions generally within a year of purchase Assist the organization in select investigations Test compliance with policies & procedures Review selected transactions for possible improper payments
9 MANAGEMENT RESPONSIBILITIES Responsibilities include: Establish internal control systems to provide safeguarding of assets, proper financial reporting and accomplish business objectives Perform on-going management control reviews and control self- assessment activities Maintain a system to track completion of control issues & recommendations Comply with IFRS and local accounting requirements
AUDIT APPROACH
Input-Process-Output Inputs Audit Staff Dept Staff IS e.g. Final Accounts Customers/ Suppliers Processes Work Programs Control Reviews Compliance/Sub stantive Tests Walk through Tests Outputs Audit Reports -Observations -Recommendations Management Action
Audit Universe 2009/2010 32% 19%16% 11% 22% Auditable areas Accounts Operations Sales & Mktg HR Other
Audit Approach Annual Audit Plan Audit Risk Assessment Audit Execution Identify critical risks Measure objective achievement Capture known issues quickly Drill down into known issues,(dimension the issue and determine underlying cause) Measure, Test and Evaluate design of controls over critical objectives & risks Annual Process cyclical and risk based Approach
Audit Methodology Risk and Audit Universe (RAU) planning Details of planned audit Quarterly plan for IA activity Database for individual Audit Monitoring and review SFC risk register
Individual Audits Define draft audit scope Feedback results into risk and audit universe Set up an audit database to record the audit details, or update the Risk and Audit Universe Agreed scope Audit report Test the monitoring and proper operation of controls Audit plan Meetings to determine objectives, risks and agree scope Draw preliminary conclusions and discuss them Obtain relevant documentation on processes Audit database Examine the risk management process for the area audited Decide on audit approach Conclude on risk maturity for the area audited Risk and audit universe
Key Criteria For Identifying Risk: • Size • Likelihood/impact • Departmental risk • Date and result of last audit • Degree of changes (Management, organization, systems) • Awareness of risks/control issues
Audit Reports • Audit reports recommend control improvements and assess the adequacy of corrective actions taken or planned • Ratings are given to conclude on the control environment: Large Audit areas: -Unsatisfactory/Fail -Marginal/Some improvements -Acceptable/Pass Small Audit areas: Pass Fail • Unsatisfactory and Fail reports are presented in detail to the audit committee.
Large Depts. Small Depts. Unsatisfactory Marginal Acceptable Fail Pass Definition Controls substantially below SFC standards Controls do not fully meet SFC standards Controls meet SFC standards Controls substantially below SFC standards Controls generally meet SFC standards Key Indicators Fundamental weaknesses exposing the company to substantial risks. Documentation for financial reporting controls does not exist, and key controls not tested. Weaknesses exist that expose the SFC to unnecessary risks. Documentation for most financial reporting controls does not meet SFC minimum standards, and many key controls not adequately tested. No critical process breakdown or policy violations. Key financial reporting controls documented and tested. Fundamental weaknesses exposing the company to substantial risks Weaknesses may exist that expose the company to unnecessary risks Deficiencies identified Number and nature of observations indicate clearly unsatisfactory situations such as a breakdown of critical procedures and controls or performance Pertain to the design or function of internal controls Process improvement opportunities Number and nature of observations indicate clearly unsatisfactory situations such as a exposure to fraud and breakdown of critical controls and procedures May pertain to design or function of internal controls, or process improvement opportunities Audit Committee Involvement Each report discussed in detail with the audit committee Presented to audit committee on a summary level – some discussed in detail Presented to audit committee on a summary level only Each report discussed in detail with the audit committee Presented to audit committee on a summary level only IAD Follow-Up Corrective action status updates reviewed semi- annually with the audit committee. A follow-up audit is scheduled within a year. Corrective action status updates reviewed semi- annually with the audit committee Corrective action status of high risk findings reviewed semi-annually with the audit committee. A follow-up audit is scheduled within a year. Corrective action status of high risk findings reviewed semi-annually with the audit committee RATING SYSTEM DEFINITION & INDICATORS
AUDIT QUALITY ASSURANCE PROCESS Determine skills requirements Develop & execute plan Hire individuals & assess training Schedule one week Orientation1 Scheduling process (New joiner assigned with more experienced staff) Attend three- day auditing training With audit experience² Audit engagement quality review process Engagement staff evaluation (Identity development needs) Specialized training (For needs identified or specific types of audits) General training (2 times a year) - trends, Dept leaders, IIA training, audit process, technical updates, etc. Audit plan Determine staffing levels Resource Planning Onboarding (wherenecessary) Qualityreview, training& development 1 Survey new hire on process & adjust if necessary 2 New standard 3 3 years average financial experience On the job training
Performance Evaluation Internal Review • A sample of the audit work papers reviewed each year by head of internal audit • Standard work (work program, templates) • Lessons learned communicated to department • Plans or in process for the following year audits. • External Review • Objective • Assess effectiveness • Validate conformance to IIAs standards and code of Ethics • Identify opportunities for improvement • Scope • Risk assessment and audit planning processes • Audit tools and methodologies • Engagement and staff management process • Sample review of working papers and reports • Benchmaking
SUMMARY - IAD OPERATING SYSTEM Feedback/ interviews Prioritization Improvement projects & activities Current state Achieve future state (becomes current state) Measure, control, IAD will use IIA tools in support of this system Survey data Impact/maturity Sustaining teams Turnbacks process & Process certification Performance monitoring
Benefits • Adherence to corporate policies, rules and regulations. • Ongoing management control activities. • Translates operational strategy and aligns it to the corporate mission. • Serves as a motivational tool to employees. ***need for establishing IAD*** • Scale , diversity and complexity of company activities • Number of employees – more employees increase need • Increase in unacceptable events • Problems with internal control systems • Amount of changes in information systems • Changes in key risks • Cost-benefit of department

Recommended

CMS Program Audit Universe Preparation M. Juhanson
CMS Program Audit Universe Preparation M. JuhansonCMS Program Audit Universe Preparation M. Juhanson
CMS Program Audit Universe Preparation M. Juhanson
Michelle Juhanson, CHC, CHPC
 
Audit planning
Audit planningAudit planning
Audit planningRichard Clarke Academy
 
Audit Risk Assessment Chapter 9
Audit Risk Assessment Chapter 9Audit Risk Assessment Chapter 9
Audit Risk Assessment Chapter 9
Sazzad Hossain, ITP, MBA, CSCA™
 
Audit Planning - Considerations
Audit Planning - ConsiderationsAudit Planning - Considerations
Audit Planning - Considerations
Ryan Vaz
 
Utf8''internal audit plan presentation to the audit committee
Utf8''internal audit plan presentation to the audit committeeUtf8''internal audit plan presentation to the audit committee
Utf8''internal audit plan presentation to the audit committeeAbuallia
 
Process Audit and ISO
Process Audit and ISOProcess Audit and ISO
Process Audit and ISO
Sadafhazel
 
Arens12e 08
Arens12e 08Arens12e 08
Arens12e 08John Sy
 
Operational audit
Operational auditOperational audit
Operational auditAbdoulaye M Yansane
 

Recommended

CMS Program Audit Universe Preparation M. Juhanson
CMS Program Audit Universe Preparation M. JuhansonCMS Program Audit Universe Preparation M. Juhanson
CMS Program Audit Universe Preparation M. Juhanson
Michelle Juhanson, CHC, CHPC
 
Audit planning
Audit planningAudit planning
Audit planningRichard Clarke Academy
 
Audit Risk Assessment Chapter 9
Audit Risk Assessment Chapter 9Audit Risk Assessment Chapter 9
Audit Risk Assessment Chapter 9
Sazzad Hossain, ITP, MBA, CSCA™
 
Audit Planning - Considerations
Audit Planning - ConsiderationsAudit Planning - Considerations
Audit Planning - Considerations
Ryan Vaz
 
Utf8''internal audit plan presentation to the audit committee
Utf8''internal audit plan presentation to the audit committeeUtf8''internal audit plan presentation to the audit committee
Utf8''internal audit plan presentation to the audit committeeAbuallia
 
Process Audit and ISO
Process Audit and ISOProcess Audit and ISO
Process Audit and ISO
Sadafhazel
 
Arens12e 08
Arens12e 08Arens12e 08
Arens12e 08John Sy
 
Operational audit
Operational auditOperational audit
Operational auditAbdoulaye M Yansane
 
Internal audit strategy for non-profits
Internal audit strategy for non-profitsInternal audit strategy for non-profits
Internal audit strategy for non-profitsDebashis Gupta
 
Audit Technique
Audit TechniqueAudit Technique
Audit Technique
Monzure Mahbub
 
Audit Process: How to Successfully Plan Audit
Audit Process: How to Successfully Plan Audit Audit Process: How to Successfully Plan Audit
Audit Process: How to Successfully Plan Audit
complianceonline123
 
Introduction to internal auditing
Introduction to internal auditingIntroduction to internal auditing
Introduction to internal auditing
David Griffiths
 
Operational Auditing
Operational AuditingOperational Auditing
Operational Auditing
ahmad bassiouny
 
Standards of Internal Audit
Standards of Internal AuditStandards of Internal Audit
Standards of Internal Audit
Karan Puri
 
ISA 315
ISA 315ISA 315
ISA 315varuna177
 
Hanrick Curran Audit Training - Risk Assessment - March 2013
Hanrick Curran Audit Training - Risk Assessment - March 2013Hanrick Curran Audit Training - Risk Assessment - March 2013
Hanrick Curran Audit Training - Risk Assessment - March 2013Matthew Green
 
Risk Based Quality Management System Auditing
Risk Based Quality Management System AuditingRisk Based Quality Management System Auditing
Risk Based Quality Management System Auditing
AQSS-USA
 
Audit planning and analytical procedures (jzanzig auditing ch 7 lecture)
Audit planning and analytical procedures (jzanzig auditing ch 7 lecture)Audit planning and analytical procedures (jzanzig auditing ch 7 lecture)
Audit planning and analytical procedures (jzanzig auditing ch 7 lecture)bagarza
 
Chapter 4
Chapter 4Chapter 4
Chapter 4bugbuster123
 
Internal audit and document retention
Internal audit and document retentionInternal audit and document retention
Internal audit and document retention
Sanchita Mahale
 
Introduction to auditing, Meaning, Objects and Techniques
Introduction to auditing, Meaning, Objects and TechniquesIntroduction to auditing, Meaning, Objects and Techniques
Introduction to auditing, Meaning, Objects and Techniques
mack19921
 
Hanrick Curran Audit Training - Internal Controls - March 2013
Hanrick Curran Audit Training - Internal Controls - March 2013Hanrick Curran Audit Training - Internal Controls - March 2013
Hanrick Curran Audit Training - Internal Controls - March 2013
Matthew Green
 
Audit report writing 5
Audit report writing 5Audit report writing 5
Audit report writing 5
DJones68
 
Internal Audit effectiveness
Internal Audit effectivenessInternal Audit effectiveness
Internal Audit effectiveness
Karan Puri
 
Arens12e 10
Arens12e 10Arens12e 10
Arens12e 10John Sy
 
Internal Audit Strategic Framework
Internal Audit Strategic FrameworkInternal Audit Strategic Framework
Internal Audit Strategic Framework
Jeremy Cheng
 
Basic Internal Auditing Presentation
Basic Internal Auditing PresentationBasic Internal Auditing Presentation
Basic Internal Auditing Presentation
Vernon Benjamin
 
An introduction to internal auditing
An introduction to internal auditingAn introduction to internal auditing
An introduction to internal auditing
grifff
 
Internal Audit Best Practices for Safety, Environment, and Quality Audits
Internal Audit Best Practices for Safety, Environment, and Quality AuditsInternal Audit Best Practices for Safety, Environment, and Quality Audits
Internal Audit Best Practices for Safety, Environment, and Quality Audits
Nimonik
 
Process Level Auditing Presentation
Process Level Auditing PresentationProcess Level Auditing Presentation
Process Level Auditing Presentation
Vernon Benjamin
 

More Related Content

What's hot

Internal audit strategy for non-profits
Internal audit strategy for non-profitsInternal audit strategy for non-profits
Internal audit strategy for non-profitsDebashis Gupta
 
Audit Technique
Audit TechniqueAudit Technique
Audit Technique
Monzure Mahbub
 
Audit Process: How to Successfully Plan Audit
Audit Process: How to Successfully Plan Audit Audit Process: How to Successfully Plan Audit
Audit Process: How to Successfully Plan Audit
complianceonline123
 
Introduction to internal auditing
Introduction to internal auditingIntroduction to internal auditing
Introduction to internal auditing
David Griffiths
 
Operational Auditing
Operational AuditingOperational Auditing
Operational Auditing
ahmad bassiouny
 
Standards of Internal Audit
Standards of Internal AuditStandards of Internal Audit
Standards of Internal Audit
Karan Puri
 
Hanrick Curran Audit Training - Risk Assessment - March 2013
Hanrick Curran Audit Training - Risk Assessment - March 2013Hanrick Curran Audit Training - Risk Assessment - March 2013
Hanrick Curran Audit Training - Risk Assessment - March 2013Matthew Green
 
Risk Based Quality Management System Auditing
Risk Based Quality Management System AuditingRisk Based Quality Management System Auditing
Risk Based Quality Management System Auditing
AQSS-USA
 
Audit planning and analytical procedures (jzanzig auditing ch 7 lecture)
Audit planning and analytical procedures (jzanzig auditing ch 7 lecture)Audit planning and analytical procedures (jzanzig auditing ch 7 lecture)
Audit planning and analytical procedures (jzanzig auditing ch 7 lecture)bagarza
 
Internal audit and document retention
Internal audit and document retentionInternal audit and document retention
Internal audit and document retention
Sanchita Mahale
 
Introduction to auditing, Meaning, Objects and Techniques
Introduction to auditing, Meaning, Objects and TechniquesIntroduction to auditing, Meaning, Objects and Techniques
Introduction to auditing, Meaning, Objects and Techniques
mack19921
 
Hanrick Curran Audit Training - Internal Controls - March 2013
Hanrick Curran Audit Training - Internal Controls - March 2013Hanrick Curran Audit Training - Internal Controls - March 2013
Hanrick Curran Audit Training - Internal Controls - March 2013
Matthew Green
 
Audit report writing 5
Audit report writing 5Audit report writing 5
Audit report writing 5
DJones68
 
Internal Audit effectiveness
Internal Audit effectivenessInternal Audit effectiveness
Internal Audit effectiveness
Karan Puri
 
Arens12e 10
Arens12e 10Arens12e 10
Arens12e 10John Sy
 
Internal Audit Strategic Framework
Internal Audit Strategic FrameworkInternal Audit Strategic Framework
Internal Audit Strategic Framework
Jeremy Cheng
 
Basic Internal Auditing Presentation
Basic Internal Auditing PresentationBasic Internal Auditing Presentation
Basic Internal Auditing Presentation
Vernon Benjamin
 
An introduction to internal auditing
An introduction to internal auditingAn introduction to internal auditing
An introduction to internal auditing
grifff
 

What's hot (20)

Internal audit strategy for non-profits
Internal audit strategy for non-profitsInternal audit strategy for non-profits
Internal audit strategy for non-profits
 
Audit Technique
Audit TechniqueAudit Technique
Audit Technique
 
Audit Process: How to Successfully Plan Audit
Audit Process: How to Successfully Plan Audit Audit Process: How to Successfully Plan Audit
Audit Process: How to Successfully Plan Audit
 
Introduction to internal auditing
Introduction to internal auditingIntroduction to internal auditing
Introduction to internal auditing
 
Operational Auditing
Operational AuditingOperational Auditing
Operational Auditing
 
Standards of Internal Audit
Standards of Internal AuditStandards of Internal Audit
Standards of Internal Audit
 
ISA 315
ISA 315ISA 315
ISA 315
 
Hanrick Curran Audit Training - Risk Assessment - March 2013
Hanrick Curran Audit Training - Risk Assessment - March 2013Hanrick Curran Audit Training - Risk Assessment - March 2013
Hanrick Curran Audit Training - Risk Assessment - March 2013
 
Risk Based Quality Management System Auditing
Risk Based Quality Management System AuditingRisk Based Quality Management System Auditing
Risk Based Quality Management System Auditing
 
Audit planning and analytical procedures (jzanzig auditing ch 7 lecture)
Audit planning and analytical procedures (jzanzig auditing ch 7 lecture)Audit planning and analytical procedures (jzanzig auditing ch 7 lecture)
Audit planning and analytical procedures (jzanzig auditing ch 7 lecture)
 
Chapter 4
Chapter 4Chapter 4
Chapter 4
 
Internal audit and document retention
Internal audit and document retentionInternal audit and document retention
Internal audit and document retention
 
Introduction to auditing, Meaning, Objects and Techniques
Introduction to auditing, Meaning, Objects and TechniquesIntroduction to auditing, Meaning, Objects and Techniques
Introduction to auditing, Meaning, Objects and Techniques
 
Hanrick Curran Audit Training - Internal Controls - March 2013
Hanrick Curran Audit Training - Internal Controls - March 2013Hanrick Curran Audit Training - Internal Controls - March 2013
Hanrick Curran Audit Training - Internal Controls - March 2013
 
Audit report writing 5
Audit report writing 5Audit report writing 5
Audit report writing 5
 
Internal Audit effectiveness
Internal Audit effectivenessInternal Audit effectiveness
Internal Audit effectiveness
 
Arens12e 10
Arens12e 10Arens12e 10
Arens12e 10
 
Internal Audit Strategic Framework
Internal Audit Strategic FrameworkInternal Audit Strategic Framework
Internal Audit Strategic Framework
 
Basic Internal Auditing Presentation
Basic Internal Auditing PresentationBasic Internal Auditing Presentation
Basic Internal Auditing Presentation
 
An introduction to internal auditing
An introduction to internal auditingAn introduction to internal auditing
An introduction to internal auditing
 

Similar to SFC Plan of engagement

Internal Audit Best Practices for Safety, Environment, and Quality Audits
Internal Audit Best Practices for Safety, Environment, and Quality AuditsInternal Audit Best Practices for Safety, Environment, and Quality Audits
Internal Audit Best Practices for Safety, Environment, and Quality Audits
Nimonik
 
Process Level Auditing Presentation
Process Level Auditing PresentationProcess Level Auditing Presentation
Process Level Auditing Presentation
Vernon Benjamin
 
Iso Internal Auditor
Iso Internal AuditorIso Internal Auditor
Iso Internal Auditor
Danyah Hejaij
 
Risk-Assessment-.pptx
Risk-Assessment-.pptxRisk-Assessment-.pptx
Risk-Assessment-.pptx
Siraj332397
 
Risk-Assessment-.pptx
Risk-Assessment-.pptxRisk-Assessment-.pptx
Risk-Assessment-.pptx
Siraj332397
 
Risk Assessments Best Practice and Practical Approaches Webinar
Risk Assessments Best Practice and Practical Approaches WebinarRisk Assessments Best Practice and Practical Approaches Webinar
Risk Assessments Best Practice and Practical Approaches Webinar
Aviva Spectrum™
 
Leveraging Gap Assessments and Internal Audits in ISO 22301
Leveraging Gap Assessments and Internal Audits in ISO 22301Leveraging Gap Assessments and Internal Audits in ISO 22301
Leveraging Gap Assessments and Internal Audits in ISO 22301
PECB
 
Argannoo Odiitii Auditing-Degu Desta (3).pptx
Argannoo Odiitii Auditing-Degu Desta (3).pptxArgannoo Odiitii Auditing-Degu Desta (3).pptx
Argannoo Odiitii Auditing-Degu Desta (3).pptx
miadjafar463
 
Performance audit adding value
Performance audit adding valuePerformance audit adding value
Performance audit adding valueicgfmconference
 
Auditing Management systems based on ISO19011 By Eng. Karam Malkawi - Jordan
Auditing Management systems based on ISO19011 By Eng. Karam Malkawi - JordanAuditing Management systems based on ISO19011 By Eng. Karam Malkawi - Jordan
Auditing Management systems based on ISO19011 By Eng. Karam Malkawi - Jordan
Eng. A.karam Al Malkawi
 
Internal Control
Internal ControlInternal Control
Internal Control
Salih Islam
 
Coso internal control integrated framework
Coso internal control integrated frameworkCoso internal control integrated framework
Coso internal control integrated framework
Irfan Ahmed - ACA, CICA
 
Audit Framework presentation.pptx
Audit Framework presentation.pptxAudit Framework presentation.pptx
Audit Framework presentation.pptx
OnwVinx
 
Auditing.pdf
Auditing.pdfAuditing.pdf
Auditing.pdf
ShanzaAsif
 
3a 9 Working With Audit Committees
3a 9 Working With Audit Committees3a 9 Working With Audit Committees
3a 9 Working With Audit Committees
Rajeswaran Muthu Venkatachalam
 
2019_SOU_Internal_Audit.pptx
2019_SOU_Internal_Audit.pptx2019_SOU_Internal_Audit.pptx
2019_SOU_Internal_Audit.pptx
BingkyAresiaLandaric2
 
Risk Based Approach to Auditing Financial Statements.pptx
Risk Based Approach to Auditing Financial Statements.pptxRisk Based Approach to Auditing Financial Statements.pptx
Risk Based Approach to Auditing Financial Statements.pptx
hesnib
 

Similar to SFC Plan of engagement (20)

Internal Audit Best Practices for Safety, Environment, and Quality Audits
Internal Audit Best Practices for Safety, Environment, and Quality AuditsInternal Audit Best Practices for Safety, Environment, and Quality Audits
Internal Audit Best Practices for Safety, Environment, and Quality Audits
 
Process Level Auditing Presentation
Process Level Auditing PresentationProcess Level Auditing Presentation
Process Level Auditing Presentation
 
Iso Internal Auditor
Iso Internal AuditorIso Internal Auditor
Iso Internal Auditor
 
Risk-Assessment-.pptx
Risk-Assessment-.pptxRisk-Assessment-.pptx
Risk-Assessment-.pptx
 
Risk-Assessment-.pptx
Risk-Assessment-.pptxRisk-Assessment-.pptx
Risk-Assessment-.pptx
 
Risk Assessments Best Practice and Practical Approaches Webinar
Risk Assessments Best Practice and Practical Approaches WebinarRisk Assessments Best Practice and Practical Approaches Webinar
Risk Assessments Best Practice and Practical Approaches Webinar
 
Leveraging Gap Assessments and Internal Audits in ISO 22301
Leveraging Gap Assessments and Internal Audits in ISO 22301Leveraging Gap Assessments and Internal Audits in ISO 22301
Leveraging Gap Assessments and Internal Audits in ISO 22301
 
Argannoo Odiitii Auditing-Degu Desta (3).pptx
Argannoo Odiitii Auditing-Degu Desta (3).pptxArgannoo Odiitii Auditing-Degu Desta (3).pptx
Argannoo Odiitii Auditing-Degu Desta (3).pptx
 
The EISA Audit Presentation
The EISA Audit PresentationThe EISA Audit Presentation
The EISA Audit Presentation
 
Performance audit adding value
Performance audit adding valuePerformance audit adding value
Performance audit adding value
 
Auditing Management systems based on ISO19011 By Eng. Karam Malkawi - Jordan
Auditing Management systems based on ISO19011 By Eng. Karam Malkawi - JordanAuditing Management systems based on ISO19011 By Eng. Karam Malkawi - Jordan
Auditing Management systems based on ISO19011 By Eng. Karam Malkawi - Jordan
 
Internal Control
Internal ControlInternal Control
Internal Control
 
Coso internal control integrated framework
Coso internal control integrated frameworkCoso internal control integrated framework
Coso internal control integrated framework
 
Audit Framework presentation.pptx
Audit Framework presentation.pptxAudit Framework presentation.pptx
Audit Framework presentation.pptx
 
Quality Assurance
Quality AssuranceQuality Assurance
Quality Assurance
 
Auditing.pdf
Auditing.pdfAuditing.pdf
Auditing.pdf
 
3a 9 Working With Audit Committees
3a 9 Working With Audit Committees3a 9 Working With Audit Committees
3a 9 Working With Audit Committees
 
3a 9 Working With Audit Committees
3a 9 Working With Audit Committees3a 9 Working With Audit Committees
3a 9 Working With Audit Committees
 
2019_SOU_Internal_Audit.pptx
2019_SOU_Internal_Audit.pptx2019_SOU_Internal_Audit.pptx
2019_SOU_Internal_Audit.pptx
 
Risk Based Approach to Auditing Financial Statements.pptx
Risk Based Approach to Auditing Financial Statements.pptxRisk Based Approach to Auditing Financial Statements.pptx
Risk Based Approach to Auditing Financial Statements.pptx
 

SFC Plan of engagement

  • 1. Presentation to the Audit Committee Internal Audit Overview September 2009
  • 2. 2 AGENDA Internal audit organization, mission statement & responsibilities Internal control responsibilities Audit approach & 2009/10 audit plan Audit reports & rating system Quality assurance
  • 3. 3 SFC GOVERNANCE MODEL MD//GM/CFO/others set policies & operating principles Depts. adheres to policies and operating principles SFC/IFRS. directs compliance of controls over financial reporting Internal Audit evaluates compliance against policies & reports non-compliance Board of Directors evaluates risk& dictates organization to review, evaluate, monitor & control risk GM evaluate risks & compliance with laws Treasury evaluates credit/treasury risks & develops policies to minimize risks IT evaluates technology risks & develops policies to minimize riskLegal assures compliance With laws FC establishes reporting Mechanism to assure compliance to law & policy
  • 4. 4 Shareholders INTERNAL AUDIT PKF Board Senior Management Departments Internal stakeholders External stakeholders • Objective Assurance • Consulting & value-add • Best practice sharing • Evaluate & improve effectiveness of risk management, control & governance processes • Proactive communications to improve controls • Consulting assistance to key initiatives (e.g. Sarbanes-Oxley, acquisitions) • Objective Assurance • Improve organization's operations Independent VALUE OF IAD TO SFC
  • 5. 5 KEY CUSTOMERS, PRODUCTS & METRICS KEY PRODUCTS PRIMARY CUSTOMERS SECONDARY CUSTOMERS METRICS Audit Assurance Audit Committee Bassem Niall Depts. FC Entity receiving audit Completion of audit plan Quality of audit reports Timeliness of audit reports Successful external assurance review Talent Depts. receiving talent Greater finance & IT organizations Attrition rates below benchmark Quality of talent placed Consulting Services Entity/Depts. receiving consulting service (Dependent upon the nature of services provided) Depts. Heads Acct & Control GM Quality of services provided Quantity of services provided
  • 6. IAD Structure and Function Audit Committee Internal Auditor Finance Audit Internal Control Audit Information Systems Audit Compliance Audit Other
  • 7. MISSION AND SCOPE OF WORK • The mission of the internal audit department is to provide independent, objective and reasonable assurance and consulting services designed to add value and to assist management in monitoring a system of internal control. The scope and frequency of these evaluations are determined through an assessment of risks, including the effectiveness of management’s ongoing monitoring procedures. The scope of work of the internal audit department is to determine whether the organization’s network of risk management, control, and governance processes, as designed and represented by management, is adequate and functioning in a manner to ensure: Risks are appropriately identified and managed Interaction with the various governance groups occurs as needed Significant financial, managerial, and operating information is accurate, reliable, and timely Employees’ actions are in compliance with policies, standards, procedures, and applicable laws and regulations Resources are acquired economically, used efficiently, and adequately protected Programs, plans, and objectives are achieved Quality and continuous improvement are fostered in the organization’s control process Significant legislative or regulatory issues impacting the organization are recognized and addressed appropriately
  • 8. 8 INTERNAL AUDIT RESPONSIBILITIES Responsibilities include: Independently assess internal controls at SFC departments Maintain an annual cyclical audit plan Perform compliance audits of contracts with the JVs Perform IT system audits Conduct control reviews at acquisitions generally within a year of purchase Assist the organization in select investigations Test compliance with policies & procedures Review selected transactions for possible improper payments
  • 9. 9 MANAGEMENT RESPONSIBILITIES Responsibilities include: Establish internal control systems to provide safeguarding of assets, proper financial reporting and accomplish business objectives Perform on-going management control reviews and control self- assessment activities Maintain a system to track completion of control issues & recommendations Comply with IFRS and local accounting requirements
  • 11. Input-Process-Output Inputs Audit Staff Dept Staff IS e.g. Final Accounts Customers/ Suppliers Processes Work Programs Control Reviews Compliance/Sub stantive Tests Walk through Tests Outputs Audit Reports -Observations -Recommendations Management Action
  • 12. Audit Universe 2009/2010 32% 19%16% 11% 22% Auditable areas Accounts Operations Sales & Mktg HR Other
  • 13. Audit Approach Annual Audit Plan Audit Risk Assessment Audit Execution Identify critical risks Measure objective achievement Capture known issues quickly Drill down into known issues,(dimension the issue and determine underlying cause) Measure, Test and Evaluate design of controls over critical objectives & risks Annual Process cyclical and risk based Approach
  • 14. Audit Methodology Risk and Audit Universe (RAU) planning Details of planned audit Quarterly plan for IA activity Database for individual Audit Monitoring and review SFC risk register
  • 15. Individual Audits Define draft audit scope Feedback results into risk and audit universe Set up an audit database to record the audit details, or update the Risk and Audit Universe Agreed scope Audit report Test the monitoring and proper operation of controls Audit plan Meetings to determine objectives, risks and agree scope Draw preliminary conclusions and discuss them Obtain relevant documentation on processes Audit database Examine the risk management process for the area audited Decide on audit approach Conclude on risk maturity for the area audited Risk and audit universe
  • 16. Key Criteria For Identifying Risk: • Size • Likelihood/impact • Departmental risk • Date and result of last audit • Degree of changes (Management, organization, systems) • Awareness of risks/control issues
  • 17. Audit Reports • Audit reports recommend control improvements and assess the adequacy of corrective actions taken or planned • Ratings are given to conclude on the control environment: Large Audit areas: -Unsatisfactory/Fail -Marginal/Some improvements -Acceptable/Pass Small Audit areas: Pass Fail • Unsatisfactory and Fail reports are presented in detail to the audit committee.
  • 18. Large Depts. Small Depts. Unsatisfactory Marginal Acceptable Fail Pass Definition Controls substantially below SFC standards Controls do not fully meet SFC standards Controls meet SFC standards Controls substantially below SFC standards Controls generally meet SFC standards Key Indicators Fundamental weaknesses exposing the company to substantial risks. Documentation for financial reporting controls does not exist, and key controls not tested. Weaknesses exist that expose the SFC to unnecessary risks. Documentation for most financial reporting controls does not meet SFC minimum standards, and many key controls not adequately tested. No critical process breakdown or policy violations. Key financial reporting controls documented and tested. Fundamental weaknesses exposing the company to substantial risks Weaknesses may exist that expose the company to unnecessary risks Deficiencies identified Number and nature of observations indicate clearly unsatisfactory situations such as a breakdown of critical procedures and controls or performance Pertain to the design or function of internal controls Process improvement opportunities Number and nature of observations indicate clearly unsatisfactory situations such as a exposure to fraud and breakdown of critical controls and procedures May pertain to design or function of internal controls, or process improvement opportunities Audit Committee Involvement Each report discussed in detail with the audit committee Presented to audit committee on a summary level – some discussed in detail Presented to audit committee on a summary level only Each report discussed in detail with the audit committee Presented to audit committee on a summary level only IAD Follow-Up Corrective action status updates reviewed semi- annually with the audit committee. A follow-up audit is scheduled within a year. Corrective action status updates reviewed semi- annually with the audit committee Corrective action status of high risk findings reviewed semi-annually with the audit committee. A follow-up audit is scheduled within a year. Corrective action status of high risk findings reviewed semi-annually with the audit committee RATING SYSTEM DEFINITION & INDICATORS
  • 19. AUDIT QUALITY ASSURANCE PROCESS Determine skills requirements Develop & execute plan Hire individuals & assess training Schedule one week Orientation1 Scheduling process (New joiner assigned with more experienced staff) Attend three- day auditing training With audit experience² Audit engagement quality review process Engagement staff evaluation (Identity development needs) Specialized training (For needs identified or specific types of audits) General training (2 times a year) - trends, Dept leaders, IIA training, audit process, technical updates, etc. Audit plan Determine staffing levels Resource Planning Onboarding (wherenecessary) Qualityreview, training& development 1 Survey new hire on process & adjust if necessary 2 New standard 3 3 years average financial experience On the job training
  • 20. Performance Evaluation Internal Review • A sample of the audit work papers reviewed each year by head of internal audit • Standard work (work program, templates) • Lessons learned communicated to department • Plans or in process for the following year audits. • External Review • Objective • Assess effectiveness • Validate conformance to IIAs standards and code of Ethics • Identify opportunities for improvement • Scope • Risk assessment and audit planning processes • Audit tools and methodologies • Engagement and staff management process • Sample review of working papers and reports • Benchmaking
  • 21. SUMMARY - IAD OPERATING SYSTEM Feedback/ interviews Prioritization Improvement projects & activities Current state Achieve future state (becomes current state) Measure, control, IAD will use IIA tools in support of this system Survey data Impact/maturity Sustaining teams Turnbacks process & Process certification Performance monitoring
  • 22. Benefits • Adherence to corporate policies, rules and regulations. • Ongoing management control activities. • Translates operational strategy and aligns it to the corporate mission. • Serves as a motivational tool to employees. ***need for establishing IAD*** • Scale , diversity and complexity of company activities • Number of employees – more employees increase need • Increase in unacceptable events • Problems with internal control systems • Amount of changes in information systems • Changes in key risks • Cost-benefit of department