The presentation provided an overview of the internal audit department's organization, mission, and 2009/10 audit plan for the audit committee. It discussed the department's responsibilities in providing independent assurance and consulting services. It also outlined the audit approach, including risk-based planning and a rating system for audit reports. Quality assurance processes were reviewed, including onboarding, training, performance reviews, and internal/external reviews. The benefits of internal audit for ensuring adherence to policies and ongoing risk management were also highlighted.
A practical guide to preparing audit universes for CMS program audits where it's 3 strikes and you are out
Recently presented at the CBI Pharmacy Benefit Oversight and Compliance Conference – November 12-13, 2015
A practical guide to preparing audit universes for CMS program audits where it's 3 strikes and you are out
Recently presented at the CBI Pharmacy Benefit Oversight and Compliance Conference – November 12-13, 2015
What is the purpose of internal auditing? How important is it to the business? How are internal audits planned and carried out? These slides show the relevance of internal audit to the business, how internal audits relate to the objectives and risks of the business, how they are planned and the work involved in an internal audit. Further advice is available from www.internalaudit.biz
Risk Based Quality Management System AuditingAQSS-USA
All organizations have challenges in their businesses, But these internal and external challenges pose a threat to our goals and risk of their nonfulfillment.
Hanrick Curran Audit Training - Internal Controls - March 2013Matthew Green
Training delivered to assisting audit staff as part of their continuing professional development/education (CPE/CPD). Provided in a 60 minute session with substantial discussion and interaction.
Internal Audit Best Practices for Safety, Environment, and Quality AuditsNimonik
Nimonik has seen a wide variety of internal Health, Safety, Environmental and Quality (HSEQ) audit programs. They seem to come in all shapes and sizes! Each company tends to focus on different risks and controls.
Whether your organization conforms to ISO 19011 or another internal audit standard, re-focusing your internal audit program on your risks, controls, and operational reality is a key driver for operational excellence.
On March 14th, John Wolfe shared insights from over 20 years as a hands-on HSE Director and as the Sr. Director of Operations Integrity Audit for a global Oil & Gas company. John outlined the attributes of an outstanding Internal audit program. He showed you how you can build out a program tailored to your operations and add tremendous value to your business.
What is the purpose of internal auditing? How important is it to the business? How are internal audits planned and carried out? These slides show the relevance of internal audit to the business, how internal audits relate to the objectives and risks of the business, how they are planned and the work involved in an internal audit. Further advice is available from www.internalaudit.biz
Risk Based Quality Management System AuditingAQSS-USA
All organizations have challenges in their businesses, But these internal and external challenges pose a threat to our goals and risk of their nonfulfillment.
Hanrick Curran Audit Training - Internal Controls - March 2013Matthew Green
Training delivered to assisting audit staff as part of their continuing professional development/education (CPE/CPD). Provided in a 60 minute session with substantial discussion and interaction.
Internal Audit Best Practices for Safety, Environment, and Quality AuditsNimonik
Nimonik has seen a wide variety of internal Health, Safety, Environmental and Quality (HSEQ) audit programs. They seem to come in all shapes and sizes! Each company tends to focus on different risks and controls.
Whether your organization conforms to ISO 19011 or another internal audit standard, re-focusing your internal audit program on your risks, controls, and operational reality is a key driver for operational excellence.
On March 14th, John Wolfe shared insights from over 20 years as a hands-on HSE Director and as the Sr. Director of Operations Integrity Audit for a global Oil & Gas company. John outlined the attributes of an outstanding Internal audit program. He showed you how you can build out a program tailored to your operations and add tremendous value to your business.
Risk Assessments Best Practice and Practical Approaches WebinarAviva Spectrum™
Risk assessments are the primary component when planning, executing and delivering value in an internal audit. They are the building blocks of your internal audit activities and operational audit program. Sonia Luna CPA, CIA, CEO of Aviva Spectrum and Monica Raffety, CIA
Senior Manager, Financial Controls at Kaiser Permanente will help you to:
Understand risk assessment tools available
Learn how and when to apply risk assessment techniques
Leverage different forms of quantitative and qualitative analysis techniques
Learn when to deviate from risk assessment templates with a memo or scoring
Understand what external auditors, management and the Board need to know when executing a risk assessment.
Understand how risk assessment impact the internal audit activities, from walkthroughs to testing
Leveraging Gap Assessments and Internal Audits in ISO 22301PECB
A focus on the strategic operation of the assessment and audit function of the BCMS to meet system goals and objectives, maintain conformance and leverage to enhance the awareness and benefits of the BCMS. Topics include the design and methodology of the internal audit plan and opportunities for using proven performance to promote awareness of the BCMS and quantify value of the system.
Main points covered:
• Gap Assessment and Internal Audit Plan
• Methodology
• Show ROI on performance
Presenter:
The presenter of this webinar will be Jan Decker. She is a Consultant in Emergency Management, Crisis Management and related Business Continuity plans, programs, and information systems. She is certified ISO 22301 Lead Implementer and Lead Auditor Trainer.
Link of the recorded session published on YouTube: https://youtu.be/7AyikpO6GLA
Risk Based Approach to Auditing Financial Statements.pptxhesnib
Slides on Risk Based Approach to Auditing Financial Statements suitable for students preparing for the Auditing Exam either for the university course or for professional body
2. 2
AGENDA
Internal audit organization, mission statement
& responsibilities
Internal control responsibilities
Audit approach & 2009/10 audit plan
Audit reports & rating system
Quality assurance
3. 3
SFC GOVERNANCE MODEL
MD//GM/CFO/others
set policies & operating
principles
Depts. adheres to policies
and operating principles
SFC/IFRS. directs
compliance of controls
over financial reporting
Internal Audit evaluates
compliance against policies
& reports non-compliance
Board of Directors evaluates
risk& dictates organization
to review, evaluate,
monitor & control risk
GM evaluate risks &
compliance
with laws
Treasury evaluates
credit/treasury risks &
develops policies to
minimize risks
IT evaluates technology
risks & develops policies
to minimize riskLegal assures compliance
With laws
FC establishes reporting
Mechanism to assure
compliance to law & policy
4. 4 Shareholders
INTERNAL AUDIT
PKF
Board
Senior Management
Departments
Internal
stakeholders
External
stakeholders
• Objective Assurance
• Consulting & value-add
• Best practice sharing
• Evaluate & improve effectiveness of risk management,
control & governance processes
• Proactive communications to improve controls
• Consulting assistance to key initiatives (e.g. Sarbanes-Oxley, acquisitions)
• Objective Assurance
• Improve organization's operations
Independent
VALUE OF IAD TO SFC
5. 5
KEY CUSTOMERS, PRODUCTS & METRICS
KEY PRODUCTS PRIMARY CUSTOMERS SECONDARY
CUSTOMERS
METRICS
Audit Assurance Audit Committee
Bassem
Niall
Depts. FC
Entity receiving audit
Completion of audit plan
Quality of audit reports
Timeliness of audit reports
Successful external assurance
review
Talent Depts. receiving talent Greater finance & IT
organizations
Attrition rates below benchmark
Quality of talent placed
Consulting Services Entity/Depts. receiving
consulting service
(Dependent upon the nature
of services provided)
Depts. Heads
Acct & Control
GM
Quality of services provided
Quantity of services provided
6. IAD Structure and Function
Audit Committee
Internal
Auditor
Finance Audit Internal Control Audit
Information Systems
Audit
Compliance
Audit
Other
7. MISSION AND SCOPE OF WORK
• The mission of the internal audit department is to provide independent, objective and
reasonable assurance and consulting services designed to add value and to assist
management in monitoring a system of internal control. The scope and frequency of these
evaluations are determined through an assessment of risks, including the effectiveness of
management’s ongoing monitoring procedures.
The scope of work of the internal audit department is to determine whether the organization’s
network of risk management, control, and governance processes, as designed and
represented by management, is adequate and functioning in a manner to ensure:
Risks are appropriately identified and managed
Interaction with the various governance groups occurs as needed
Significant financial, managerial, and operating information is accurate, reliable, and
timely
Employees’ actions are in compliance with policies, standards, procedures, and
applicable laws and regulations
Resources are acquired economically, used efficiently, and adequately protected
Programs, plans, and objectives are achieved
Quality and continuous improvement are fostered in the organization’s control process
Significant legislative or regulatory issues impacting the organization are recognized and
addressed appropriately
8. 8
INTERNAL AUDIT RESPONSIBILITIES
Responsibilities include:
Independently assess internal controls at SFC departments
Maintain an annual cyclical audit plan
Perform compliance audits of contracts with the JVs
Perform IT system audits
Conduct control reviews at acquisitions generally within a year of
purchase
Assist the organization in select investigations
Test compliance with policies & procedures
Review selected transactions for possible improper payments
9. 9
MANAGEMENT RESPONSIBILITIES
Responsibilities include:
Establish internal control systems to provide safeguarding of assets,
proper financial reporting and accomplish business objectives
Perform on-going management control reviews and control self-
assessment activities
Maintain a system to track completion of control issues &
recommendations
Comply with IFRS and local accounting requirements
11. Input-Process-Output
Inputs
Audit Staff
Dept Staff
IS e.g. Final
Accounts
Customers/
Suppliers
Processes
Work Programs
Control Reviews
Compliance/Sub
stantive Tests
Walk through
Tests
Outputs
Audit Reports
-Observations
-Recommendations
Management
Action
13. Audit Approach
Annual
Audit
Plan
Audit Risk
Assessment
Audit Execution
Identify critical risks
Measure objective
achievement
Capture known issues
quickly
Drill down into known
issues,(dimension the issue
and determine underlying
cause) Measure, Test and
Evaluate design of controls
over critical objectives & risks
Annual Process cyclical and
risk based Approach
14. Audit Methodology
Risk and Audit
Universe (RAU)
planning
Details of
planned audit
Quarterly plan
for IA activity
Database for
individual Audit
Monitoring and
review
SFC risk register
15. Individual Audits
Define draft audit scope
Feedback results into risk and audit universe
Set up an audit database to record the audit details,
or update the Risk and Audit Universe
Agreed scope
Audit report
Test the monitoring and proper operation of controls
Audit plan
Meetings to determine objectives, risks and agree
scope
Draw preliminary conclusions and discuss them
Obtain relevant documentation on processes
Audit database
Examine the risk management process for the
area audited
Decide on audit approach
Conclude on risk maturity for the
area audited
Risk and audit universe
16. Key Criteria For Identifying Risk:
• Size
• Likelihood/impact
• Departmental risk
• Date and result of last audit
• Degree of changes (Management,
organization, systems)
• Awareness of risks/control issues
17. Audit Reports
• Audit reports recommend control improvements and assess the adequacy
of corrective actions taken or planned
• Ratings are given to conclude on the control environment:
Large Audit areas:
-Unsatisfactory/Fail
-Marginal/Some improvements
-Acceptable/Pass
Small Audit areas:
Pass
Fail
• Unsatisfactory and Fail reports are presented in detail to the audit
committee.
18. Large Depts. Small Depts.
Unsatisfactory Marginal Acceptable Fail Pass
Definition Controls substantially
below SFC standards
Controls do not fully meet
SFC standards
Controls meet
SFC standards
Controls substantially
below SFC standards
Controls generally
meet SFC standards
Key
Indicators
Fundamental weaknesses
exposing the company to
substantial risks.
Documentation for
financial reporting controls
does not exist, and key
controls not tested.
Weaknesses exist that
expose the SFC to
unnecessary risks.
Documentation for most
financial reporting controls
does not meet SFC
minimum standards, and
many key controls not
adequately tested.
No critical
process
breakdown or
policy violations.
Key financial
reporting controls
documented and
tested.
Fundamental weaknesses
exposing the company to
substantial risks
Weaknesses may
exist that expose the
company to
unnecessary risks
Deficiencies
identified
Number and nature of
observations indicate
clearly unsatisfactory
situations such as a
breakdown of critical
procedures and controls or
performance
Pertain to the design or
function of internal controls
Process
improvement
opportunities
Number and nature of
observations indicate
clearly unsatisfactory
situations such as a
exposure to fraud and
breakdown of critical
controls and procedures
May pertain to design
or function of internal
controls, or process
improvement
opportunities
Audit
Committee
Involvement
Each report discussed in
detail with the audit
committee
Presented to audit
committee on a summary
level – some discussed in
detail
Presented to
audit committee
on a summary
level only
Each report discussed in
detail with the audit
committee
Presented to audit
committee on a
summary level only
IAD
Follow-Up
Corrective action status
updates reviewed semi-
annually with the audit
committee.
A follow-up audit is
scheduled within a year.
Corrective action status
updates reviewed semi-
annually with the audit
committee
Corrective action status of
high risk findings reviewed
semi-annually with the
audit committee.
A follow-up audit is
scheduled within a year.
Corrective action
status of high risk
findings reviewed
semi-annually with
the audit committee
RATING SYSTEM DEFINITION & INDICATORS
19. AUDIT QUALITY ASSURANCE PROCESS
Determine
skills requirements
Develop &
execute plan
Hire
individuals &
assess
training
Schedule one
week
Orientation1
Scheduling process (New
joiner assigned with more
experienced staff)
Attend three-
day auditing
training
With audit experience²
Audit
engagement
quality
review
process
Engagement
staff evaluation
(Identity
development
needs)
Specialized training (For needs
identified or specific types of
audits)
General training (2 times a year) -
trends, Dept leaders, IIA training,
audit process, technical updates,
etc.
Audit plan
Determine
staffing
levels
Resource
Planning
Onboarding
(wherenecessary)
Qualityreview,
training&
development
1 Survey new hire on process & adjust if necessary
2 New standard 3 3 years average financial experience
On the job
training
20. Performance Evaluation
Internal Review
• A sample of the audit work papers reviewed each year by head of internal audit
• Standard work (work program, templates)
• Lessons learned communicated to department
• Plans or in process for the following year audits.
• External Review
• Objective
• Assess effectiveness
• Validate conformance to IIAs standards and code of Ethics
• Identify opportunities for improvement
• Scope
• Risk assessment and audit planning processes
• Audit tools and methodologies
• Engagement and staff management process
• Sample review of working papers and reports
• Benchmaking
21. SUMMARY - IAD OPERATING SYSTEM
Feedback/
interviews
Prioritization
Improvement
projects & activities
Current state
Achieve future
state
(becomes current state)
Measure, control,
IAD will use IIA tools in support of this system
Survey data
Impact/maturity
Sustaining teams
Turnbacks process
&
Process certification
Performance
monitoring
22. Benefits
• Adherence to corporate policies, rules and regulations.
• Ongoing management control activities.
• Translates operational strategy and aligns it to the corporate mission.
• Serves as a motivational tool to employees.
***need for establishing IAD***
• Scale , diversity and complexity of company activities
• Number of employees – more employees increase need
• Increase in unacceptable events
• Problems with internal control systems
• Amount of changes in information systems
• Changes in key risks
• Cost-benefit of department