Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
2011 Emerging Trends and Leading Practices
1 Copyright © 2011 The Institute of Internal Auditors
Emerging Trends and Leading Practices 2011
North American Respondents
Executive Summary Report
Number of Responses Analyzed: 707
Total number of responses collected Globally: 1,377
1: From 2010 to 2011, the staffing levels of my internal audit function:
Response Chart Frequency Count
Increased, by what % (below) 18.2% 129
Decreased, by what % (below) 12.6% 89
Stayed the same 69.2% 489
Valid Responses 707
Total Responses 707
Increased by: Count Decreased by: Count
1–5% 22 1–5% 12
6–10% 26 6–10% 19
11–15% 11 11–15% 10
16–20% 17 16–20% 12
21–30% 18 21–30% 12
31–40% 12 31–40% 8
41–50% 12 41–50% 15
More than 50% 7 More than 50% 1
2 Copyright © 2011 The Institute of Internal Auditors
2: From 2010 to 2011, the budget of my internal audit function:
Response Chart Frequency Count
Increased, by what percentage (see below)
31.3% 221
Decreased, by what percentage (see below)
19.0% 134
Stayed the same 49.7% 351
Not Answered 1
Valid Responses 706
Total Responses 707
Increased by: Count Decreased by: Count
1–5% 95 1–5% 31
6–10% 50 6–10% 38
11–15% 15 11–15% 13
16–20% 19 16–20% 12
21–30% 13 21–30% 10
31–40% 10 31–40% 4
41–50% 3 41–50% 11
More than 50% 7 More than 50% 2
3 Copyright © 2011 The Institute of Internal Auditors
3: How would you rate the collective knowledge of your organization’s business by your internal audit staff: (Respondents could only choose a single response)
Response Chart Frequency Count
Inadequate 0.4% 3
Limited/developing 15.6% 110
Adequate 36.8% 260
Above average 35.7% 252
Extensive 11.5% 81
Not Answered 1
Mean 3.422
Valid Responses 706
Total Responses 707
4: Which of the following staffing strategies do you employ to acquire and maintain knowledge of the business by your staff: (Choose all that apply)
Response Chart Frequency Count
Rotational program in which
experienced professionals from the business rotate into
internal auditing on an
ongoing basis
15.6% 110
Active recruitment of
experienced professionals with industry experience or
knowledge
42.4% 300
Co-sourcing relationship with a third-party provider to
leverage industry experience
33.5% 237
Internal development of
existing personnel 85.1% 602
Other, please explain (see
Appendix A): 11.6% 82
I do not consider acquisition of business/industry
knowledge to be a priority
0.8% 6
Valid Responses 707
Total Responses 707
4 Copyright © 2011 The Institute of Internal Auditors
5: Which of the following strategies do you employ to enhance and maintain knowledge of the business within your staff: (Choose all that apply)
Response Chart Frequency Count
Partnering inexperienced staff with more experienced or seasoned staff on
engagements warranting knowledge of
the business
66.5% 470
Hosting regular all-staff training events
to learn from company executives, business unit leaders, and others
31.0% 219
The CAE participates in one or more
industry focused CAE groups, roundtables, or events
53.5% 378
The CAE frequently, but informally,
benchmarks and networks with CAEs of peer companies in the industry
46.5% 329
Staff receive training focused on
industry risks or issues that may warrant internal audit coverage
66.6% 471
Internal audit staff subscribe to
industry periodicals or other
literature to stay current on risks or issues that may warrant internal
audit coverage
73.8% 522
Internal auditing or the company has
deployed an extensive knowledge
management framework that is drawn upon to acquire, enhance, and maintain
knowledge of the business
20.5% 145
Other, please explain (see Appendix B) 6.2% 44
Valid Responses 707
Total Responses 707
5 Copyright © 2011 The Institute of Internal Auditors
6: If surveyed today on how well internal auditing is meeting their needs and expectations, executive management in my company would probably rate their overall satisfaction as: (Respondents could only choose a single response)
Response Chart Frequency Count
Unacceptable 0.4% 3
Poor 2.3% 16
Acceptable 27.4% 194
Good 57.0% 403
Outstanding 12.9% 91
Mean 3.796
Valid Responses 707
Total Responses 707
7: If surveyed today on how well internal auditing is meeting its needs and expectations, my audit committee would probably rate its overall satisfaction as: (Respondents could only choose a single response)
Response Chart Frequency Count
Unacceptable 0.1% 1
Poor 0.7% 5
Acceptable 18.1% 127
Good 56.3% 395
Outstanding 24.8% 174
Not Answered 5
Mean 4.048
Valid Responses 702
Total Responses 707
6 Copyright © 2011 The Institute of Internal Auditors
8: Over the past year, how much have the needs and expectations of management and the audit committee driven change in the focus or coverage of your internal audit function? (Respondents could only choose a single response)
Response Chart Frequency Count
No influence 2.4% 17
Minimal 6.8% 48
There has been some influence, but no more than usual
51.3% 362
More than usual 31.3% 221
Extensive 8.2% 58
Not Answered 1
Mean 3.361
Valid Responses 706
Total Responses 707
9: Which of the following strategies do you employ in assessing the needs and expectations of your stakeholders? (Choose all that apply)
Response Chart Frequency Count
Formal surveys of key stakeholders to assess expectations and internal
auditing’s performance against them
40.3% 285
Regular formal meetings with key
stakeholders to assess their expectations
and internal auditing’s performance against them
59.5% 421
Discussions with the full executive leadership/management team of my
company in the same room to assess their collective expectations and internal
auditing’s performance against them.
28.6% 202
Ongoing informal discussions with the chairman of the audit committee
to assess his/her expectations and internal auditing’s performance
against them
69.3% 490
Discussions with the full audit committee to assess their collective expectations and
internal auditing’s performance against them
56.0% 396
Other, please explain (See Appendix C): 14.1% 100
Valid Responses 707
Total Responses 707
7 Copyright © 2011 The Institute of Internal Auditors
10: In what areas is technology leveraged for ongoing internal audit activities and what tools are used? (Technology used)
Yes No Total Mean
Risk assessment activities
Count 419 259 678 1.382
% by Row 61.8% 38.2% 100.0%
Audit planning Count 425 253 678 1.373
% by Row 62.7% 37.3% 100.0%
Control analysis Count 329 329 658 1.500
% by Row 50.0% 50.0% 100.0%
Data analysis Count 528 133 661 1.201
% by Row 79.9% 20.1% 100.0%
Substantive
testing Count 446 213 659 1.323
% by Row 67.7% 32.3% 100.0%
Workpaper management
Count 485 190 675 1.281
% by Row 71.9% 28.1% 100.0%
Reporting Count 410 255 665 1.383
% by Row 61.7% 38.3% 100.0%
Managing findings
and issues Count 469 199 668 1.298
% by Row 70.2% 29.8% 100.0%
Performance
management for
internal auditing
Count 273 396 669 1.592
% by Row 40.8% 59.2% 100.0%
Communication Count 371 295 666 1.443
% by Row 55.7% 44.3% 100.0%
Continuous audit
activities Count 280 382 662 1.577
% by Row 42.3% 57.7% 100.0%
Total Count 4435 2904 7339 N/A
% by Row 60.4% 39.6% 100.0%
8 Copyright © 2011 The Institute of Internal Auditors
10: In what areas is technology leveraged for ongoing internal audit activities and what tools are used? (Type of tool used, if applicable)
Data analysis
GRC system
Security monitoring
Audit management
Other Total
Risk assessment
activities Count 227 67 40 203 113 707
% by
Row 32.1% 9.5% 5.7% 28.7% 16.0% 100.0%
Audit planning Count 211 44 23 280 107 707
% by
Row 29.8% 6.2% 3.3% 39.6% 15.1% 100.0%
Control analysis Count 174 70 59 160 91 707
% by
Row 24.6% 9.9% 8.3% 22.6% 12.9% 100.0%
Data analysis Count 457 24 39 88 87 707
% by
Row 64.6% 3.4% 5.5% 12.4% 12.3% 100.0%
Substantive testing Count 303 38 48 159 105 707
% by
Row 42.9% 5.4% 6.8% 22.5% 14.9% 100.0%
Workpaper management
Count 61 56 14 329 150 707
% by Row
8.6% 7.9% 2.0% 46.5% 21.2% 100.0%
Reporting Count 53 36 15 253 179 707
% by
Row 7.5% 5.1% 2.1% 35.8% 25.3% 100.0%
Managing findings
and issues Count 73 52 15 278 192 707
% by Row
10.3% 7.4% 2.1% 39.3% 27.2% 100.0%
Performance management for
internal auditing
Count 66 17 9 149 155 707
% by Row
9.3% 2.4% 1.3% 21.1% 21.9% 100.0%
Communication Count 39 26 15 162 225 707
% by
Row 5.5% 3.7% 2.1% 22.9% 31.8% 100.0%
Continuous audit
activities Count 217 23 32 86 85 707
% by
Row 30.7% 3.3% 4.5% 12.2% 12.0% 100.0%
9 Copyright © 2011 The Institute of Internal Auditors
11: For the following tools that you use, please identify whether these tools are commercially available, internally developed, a combination of the two, or not used, and rank your satisfaction with each of them.
(Source)
Commercially available
Internally developed
Combination of commercially available and internally developed
Not used Total
Data analysis tools
Count 388 76 112 70 646
% by Row 60.1% 11.8% 17.3% 10.8% 100.0%
GRC systems Count 122 47 21 350 540
% by Row 22.6% 8.7% 3.9% 64.8% 100.0%
Security
monitoring tools
Count 134 59 53 287 533
% by Row 25.1% 11.1% 9.9% 53.8% 100.0%
Audit
management tools
Count 274 129 68 132 603
% by Row 45.4% 21.4% 11.3% 21.9% 100.0%
Other tools Count 183 103 73 153 512
% by Row 35.7% 20.1% 14.3% 29.9% 100.0%
Total Count 1101 414 327 992 2834
% by Row 38.8% 14.6% 11.5% 35.0% 100.0%
(Level of Satisfaction)
Not satisfied at all
Needs improvement
Satisfied Extremely satisfied
Total Mean
Data analysis
tools
Count 4 127 375 53 559 2.853
% by Row 0.7% 22.7% 67.1% 9.5% 100.0%
GRC systems Count 20 66 111 15 212 2.571
% by Row 9.4% 31.1% 52.4% 7.1% 100.0%
Security monitoring tools
Count 19 61 160 15 255 2.671
% by Row 7.5% 23.9% 62.7% 5.9% 100.0%
Audit
management
tools
Count 16 126 264 52 458 2.769
% by Row 3.5% 27.5% 57.6% 11.4% 100.0%
Other tools Count 9 87 238 23 357 2.770
% by Row 2.5% 24.4% 66.7% 6.4% 100.0%
Total Count 68 467 1148 158 1841 N/A
% by Row 3.7% 25.4% 62.4% 8.6% 100.0%
10 Copyright © 2011 The Institute of Internal Auditors
12: For 2011 audit activities, please indicate whether the focus of your internal audit plan has changed for the following since 2010:
Increased No change Decreased Total
Financial risks Count 196 437 31 664
% by Row 29.5% 65.8% 4.7% 100.0%
Financial reporting controls testing
Count 87 480 113 680
% by Row 12.8% 70.6% 16.6% 100.0%
Operational risks Count 395 286 17 698
% by Row 56.6% 41.0% 2.4% 100.0%
Compliance risks Count 395 289 15 699
% by Row 56.5% 41.3% 2.1% 100.0%
Credit risks Count 106 539 48 693
% by Row 15.3% 77.8% 6.9% 100.0%
Fraud risks Count 308 382 8 698
% by Row 44.1% 54.7% 1.1% 100.0%
Catastrophic/disaster
recovery risks
Count 125 539 33 697
% by Row 17.9% 77.3% 4.7% 100.0%
Crisis management Count 84 578 34 696
% by Row 12.1% 83.0% 4.9% 100.0%
Effectiveness of risk management
Count 291 389 19 699
% by Row 41.6% 55.7% 2.7% 100.0%
Cost/expense reduction or
containment
Count 212 452 36 700
% by Row 30.3% 64.6% 5.1% 100.0%
Reputational risks Count 177 507 18 702
% by Row 25.2% 72.2% 2.6% 100.0%
Mergers and acquisitions Count 120 503 59 682
% by Row 17.6% 73.8% 8.7% 100.0%
Total Count 2496 5381 431 8308
% by Row 30.0% 64.8% 5.2% 100.0%
12a: If there is a notable area not listed in question 12, please list it here and indicate whether it has increased or decreased in focus, or stayed the same. SEE APPENDIX D
11 Copyright © 2011 The Institute of Internal Auditors
13: Rate the following attributes in terms of importance and level of performance for your internal audit function: (Importance)
Not important at all
Somewhat important
Important Very important
Extremely important
Total Mean
Effectively managing stakeholder
relationships
Count 5 44 161 264 224 698 3.943
% by
Row 0.7% 6.3% 23.1% 37.8% 32.1% 100.0%
Effectively meeting stakeholder
expectations
Count 5 22 166 296 208 697 3.976
% by
Row 0.7% 3.2% 23.8% 42.5% 29.8% 100.0%
Effectively leveraging
technology
Count 24 138 253 210 66 691 3.226
% by Row
3.5% 20.0% 36.6% 30.4% 9.6% 100.0%
Promoting customer service focus
Count 17 123 221 235 95 691 3.388
% by Row
2.5% 17.8% 32.0% 34.0% 13.7% 100.0%
Conformance with The
IIA's Standards
Count 24 106 204 195 148 677 3.498
% by
Row 3.5% 15.7% 30.1% 28.8% 21.9% 100.0%
Risk methodology that
focuses on critical risks
Count 3 30 131 313 208 685 4.012
% by
Row 0.4% 4.4% 19.1% 45.7% 30.4% 100.0%
Value proposition of
internal auditing that
is well documented and communicated
Count 33 139 230 204 81 687 3.234
% by
Row 4.8% 20.2% 33.5% 29.7% 11.8% 100.0%
Internal audit plan that is aligned with the
organization’s strategic
plan
Count 13 48 172 279 181 693 3.818
% by
Row 1.9% 6.9% 24.8% 40.3% 26.1% 100.0%
Continuous improvement and
innovation
Count 12 96 240 253 90 691 3.453
% by
Row 1.7% 13.9% 34.7% 36.6% 13.0% 100.0%
Appropriate talent pool
Count 9 44 170 294 168 685 3.829
% by
Row 1.3% 6.4% 24.8% 42.9% 24.5% 100.0%
Cost-effective and efficient operations
Count 8 79 278 252 76 693 3.446
% by Row
1.2% 11.4% 40.1% 36.4% 11.0% 100.0%
Alignment of risk, control, and
compliance functions
Count 14 81 218 272 109 694 3.549
% by
Row 2.0% 11.7% 31.4% 39.2% 15.7% 100.0%
Total Count 167 950 2444 3067 1654 8282 N/A
% by Row
2.0% 11.5% 29.5% 37.0% 20.0% 100.0%
12 Copyright © 2011 The Institute of Internal Auditors
(See Appendix E for alternative analysis of the data in question 13)
13: Rate the following attributes in terms of importance and level of performance for your internal audit function: (Level of Performance)
Inadequate Limited/ developing
Adequate Above average
Exceptional Total Mean
Effectively managing
stakeholder relationships
Count 8 50 302 289 37 686 3.433
% by Row
1.2% 7.3% 44.0% 42.1% 5.4% 100.0%
Effectively meeting stakeholder
expectations
Count 9 58 296 293 29 685 3.401
% by Row
1.3% 8.5% 43.2% 42.8% 4.2% 100.0%
Effectively leveraging technology
Count 58 255 270 80 15 678 2.615
% by
Row 8.6% 37.6% 39.8% 11.8% 2.2% 100.0%
Promoting customer service focus
Count 5 98 335 199 40 677 3.253
% by
Row 0.7% 14.5% 49.5% 29.4% 5.9% 100.0%
Conformance with The IIA's Standards
Count 14 89 327 191 53 674 3.267
% by
Row 2.1% 13.2% 48.5% 28.3% 7.9% 100.0%
Risk methodology that
focuses on critical risks
Count 12 120 271 237 38 678 3.249
% by
Row 1.8% 17.7% 40.0% 35.0% 5.6% 100.0%
Value proposition of internal auditing that is
well documented and communicated
Count 40 186 308 124 18 676 2.843
% by
Row 5.9% 27.5% 45.6% 18.3% 2.7% 100.0%
Internal audit plan that
is aligned with the organization’s strategic
plan
Count 14 113 293 218 44 682 3.242
% by Row
2.1% 16.6% 43.0% 32.0% 6.5% 100.0%
Continuous
improvement and innovation
Count 21 173 306 153 29 682 2.994
% by
Row 3.1% 25.4% 44.9% 22.4% 4.3% 100.0%
Appropriate talent pool Count 36 132 312 178 19 677 3.018
% by Row
5.3% 19.5% 46.1% 26.3% 2.8% 100.0%
Cost-effective and
efficient operations
Count 13 77 366 186 41 683 3.242
% by
Row 1.9% 11.3% 53.6% 27.2% 6.0% 100.0%
Alignment of risk, control, and
compliance functions
Count 28 155 316 154 27 680 2.996
% by
Row 4.1% 22.8% 46.5% 22.6% 4.0% 100.0%
Total Count 258 1506 3702 2302 390 8158 N/A
% by Row
3.2% 18.5% 45.4% 28.2% 4.8% 100.0%
13 Copyright © 2011 The Institute of Internal Auditors
14: What do you feel are the top three risks that are or will impact your organization in 2011, and how is internal auditing positioned to assess and help the organization mitigate these risks? (Positioning)
Not positioned at all
Somewhat positioned
Well positioned Total Mean
Risk 1 Count 79 331 217 627 2.220
% by Row
12.6% 52.8% 34.6% 100.0%
Risk 2 Count 58 342 207 607 2.245
% by
Row 9.6% 56.3% 34.1% 100.0%
Risk 3 Count 88 327 155 570 2.118
% by Row
15.4% 57.4% 27.2% 100.0%
Total Count 225 1000 579 1804 N/A
% by Row
12.5% 55.4% 32.1% 100.0%
14-1: List of top risks, and how internal auditing is positioned to assess and help the organization mitigate these risks: (Respondents were limited to brief text responses)
RISK Not positioned at all Somewhat positioned Well positioned Total
Specific risks yet to be analyzed
Responses
14 Copyright © 2011 The Institute of Internal Auditors
15: For each of the following, indicate the extent to which your internal audit staff collectively possesses the required skills to address needed coverage: (Extent of Skills)
Significantly lacking
Inadequate Adequate Expert level
Not required
Total Mean
Business and industry-
specific knowledge
Count 2 36 428 228 1 695 3.273
% by
Row 0.3% 5.2% 61.6% 32.8% 0.1% 100.0%
IT (general) Count 20 137 361 164 14 696 3.022
% by Row
2.9% 19.7% 51.9% 23.6% 2.0% 100.0%
Data mining and analytics
Count 34 241 322 86 10 693 2.707
% by
Row 4.9% 34.8% 46.5% 12.4% 1.4% 100.0%
Cybersecurity
and privacy Count 48 221 317 70 40 696 2.760
% by
Row 6.9% 31.8% 45.5% 10.1% 5.7% 100.0%
Risk
management Count 1 50 458 181 5 695 3.200
% by Row
0.1% 7.2% 65.9% 26.0% 0.7% 100.0%
Fraud auditing Count 8 107 423 153 6 697 3.060
% by
Row 1.1% 15.4% 60.7% 22.0% 0.9% 100.0%
Forensics and
investigations Count 33 179 317 111 54 694 2.963
% by
Row 4.8% 25.8% 45.7% 16.0% 7.8% 100.0%
Quality control (e.g., Six
Sigma, ISO)
Count 49 215 265 37 129 695 2.974
% by
Row 7.1% 30.9% 38.1% 5.3% 18.6% 100.0%
Strategic initiatives and
programs
Count 8 127 451 76 29 691 2.987
% by
Row 1.2% 18.4% 65.3% 11.0% 4.2% 100.0%
Interviewing Count 3 47 478 157 8 693 3.173
% by Row
0.4% 6.8% 69.0% 22.7% 1.2% 100.0%
Total Count 206 1360 3820 1263 296 6945 N/A
% by Row
3.0% 19.6% 55.0% 18.2% 4.3% 100.0%
15 Copyright © 2011 The Institute of Internal Auditors
15a: If there is any other area not mentioned above, please list it and indicate the extent to which your internal audit staff collectively possesses the required skills to address needed coverage: (Extent of Skills)
Significantly lacking
Inadequate Adequate Expert level Total Mean
Area 1: Count 2 17 26 16 61 2.918
% by Row
3.3% 27.9% 42.6% 26.2% 100.0%
Area 2: Count 2 9 18 9 38 2.895
% by
Row 5.3% 23.7% 47.4% 23.7% 100.0%
Area 3: Count 2 6 4 4 16 2.625
% by Row
12.5% 37.5% 25.0% 25.0% 100.0%
Total Count 6 32 48 29 115 N/A
% by Row
5.2% 27.8% 41.7% 25.2% 100.0%
15a-1: For areas not mentioned above, please list them and indicate the extent to which your internal audit staff collectively possesses the required skills to address needed coverage: (Respondents were limited to brief text responses)
Significantly lacking
Inadequate Adequate Expert level Total
Specific areas yet to be analyzed
Total Responses
16 Copyright © 2011 The Institute of Internal Auditors
16: What skill sets are you actively recruiting for, or anticipating recruiting for, in your internal audit function this year? (Choose all that apply)
Response Chart Frequency Count
Business and industry-specific knowledge 44.0% 311
IT (general) 44.6% 315
Data mining and analytics 37.9% 268
Cybersecurity and privacy 11.7% 83
Risk management 20.2% 143
Risk assessment activities 20.5% 145
Report writing 19.4% 137
Fraud auditing 16.3% 115
Forensics and investigations 11.7% 83
Quality control (e.g., Six Sigma, ISO) 10.5% 74
Strategic initiatives and programs 9.9% 70
Interviewing 8.9% 63
Other, please specify (See Appendix F): 17.4% 123
Valid Responses 707
Total Responses 707
17: In addition to traditional roles and responsibilities, internal auditing is also primarily responsible for: (Choose all that apply) Response Chart Frequency Count
Risk management 33.1% 234
Ethics investigations 37.5% 265
Managing corporate hotline 28.6% 202
Financial reporting controls compliance (e.g., the U.S. Sarbanes-Oxley Act)
39.9% 282
Regulatory compliance (general) 28.6% 202
IT security 11.3% 80
Fraud investigations 57.1% 404
Compliance with anti-bribery legislation 12.9% 91
None of the above 14.6% 103
Other, please specify (see Appendix G): 8.8% 62
Valid Responses 707
Total Responses 707
17 Copyright © 2011 The Institute of Internal Auditors
18: What is the size of your internal audit function (calculated in total full-time equivalents)? (Respondents could only choose a single response)
Response Chart Frequency Count
1–2 16.4% 116
3–6 34.3% 242
7–15 22.7% 160
16–20 7.6% 54
21–30 6.9% 49
More than 30 12.0% 85
Not Answered 1
Valid Responses 706
Total Responses 707
19: Select the annual revenue range that best fits your organization: (Respondents could only choose a single response)
Response Chart Frequency Count
Less than USD 10 million 6.0% 42
USD 10 million to less than
USD 50 million 6.6% 46
USD 50 million to less than USD 100 million
4.4% 31
USD 100 million to less than USD 500 million
18.5% 130
USD 500 million to less than USD 1 billion
17.7% 124
USD 1 billion to less than
USD 10 billion 33.7% 236
USD 10 billion or more 13.1% 92
Not Answered 6
Valid Responses 701
Total Responses 707
18 Copyright © 2011 The Institute of Internal Auditors
20: What best describes your title or is equivalent to your current position or role within your organization? (Respondents could only choose a single response)
Response Chart Frequency Count
Chief audit executive
(CAE) 64.2% 453
Internal audit director or
manager who is direct report
to CAE
22.2% 157
Other internal audit manager
or supervisor 7.2% 51
Internal audit staff with 3 or
more years of internal audit experience
2.8% 20
Internal audit staff with less
than 3 years of internal audit experience
1.3% 9
Other, please specify: 2.3% 16
Not Answered 1
Valid Responses 706
Total Responses 707
20-1: If not listed above, what best describes your title or is equivalent to your current position or role within your organization?
Response
Owner
business consultant and trainer of auditors
Security Manager
All staff are senior auditors. I have over 25 years experience.
Consultant (4 responses)
Staff/Consultant
VP operations
Audit Committee Chair
Director of KM
Audit Manager
Director of KM
Chief Risk Officer
past CEA of 9+ years
VP Internal Audit - Direct Report to CAE
Responses 16
19 Copyright © 2011 The Institute of Internal Auditors
21: Which category best describes your organization's primary industry?
Response Chart Frequency Count
Aerospace and defense 0.7% 5
Agriculture/forestry/fisheries 0.4% 3
Communication/telecommunication
services 1.4% 10
Construction/engineering/architecture 1.4% 10
Consulting services 1.4% 10
Consumer packaged goods 1.9% 13
Distribution 1.0% 7
Educational services 5.6% 39
Energy/oil and gas 3.0% 21
Financial services/banking/real
estate 19.4% 136
Gaming/lotteries 1.4% 10
Health services 6.8% 48
Hospitality/entertainment/restaurant 2.1% 15
Insurance carriers/agents 6.7% 47
Local government 5.0% 35
National/federal government 2.1% 15
Manufacturing 10.5% 74
Mining 0.6% 4
Nonprofit sector 3.1% 22
Pharmaceuticals 1.6% 11
Public accounting/accounting services 0.6% 4
State/provincial government 3.6% 25
Technology 4.0% 28
Transportation 1.7% 12
Utilities 4.3% 30
Wholesale/retail 5.4% 38
Other 4.3% 30
Not Answered 5
Valid Responses 702
Total Responses 707
20 Copyright © 2011 The Institute of Internal Auditors
22: Is your organization listed as: (Respondents could only choose a single response)
Response Chart Frequency Count
Fortune 100 5.6% 39
Fortune 250 3.9% 27
Fortune 500 10.8% 75
Fortune 1000 6.5% 45
Global 2000 2.7% 19
None of the above 70.5% 491
Not Answered 11
Valid Responses 696
Total Responses 707
23: Please select the geographic region in which you work. (For a list of countries in each region, click here.) (Respondents could only choose a single response)
Response Chart Frequency Count
Africa 0.0% 0
Asia 0.0% 0
Europe 0.0% 0
Latin America and the Caribbean
0.0% 0
North America 100.0% 707
Oceania (includes Australia,
New Zealand, Micronesia, Melanesia, and Polynesia)
0.0% 0
Valid Responses 707
Total Responses 707
21 Copyright © 2011 The Institute of Internal Auditors
(The following 202 respondents are from the non-North American versions of the survey, which was made available globally; the North American version of the survey did not present these next 3 questions)
24: In which country or territory do you work? (Respondents could only choose a single response)
Response Chart Frequency Count
United States 90.0% 180
Canada 7.5% 15
Mexico 1.0% 2
South Korea 0.5% 1
Venezuela 0.5% 1
Valid Responses 200
Total Responses 202
24a: Other country: Respondents to this question had also selected a country in question 24, indicating these are additional
countries in which they work. (Respondents were limited to brief text responses)
Response Chart Frequency Count
Other Responses 100.0% 9
Valid Responses 9
Total Responses 9
25: Please select your Institute: (Respondents could only choose a single response)
Response Chart Frequency Count
North American chapter in
the U.S., Canada, or
Caribbean
97.4% 187
IIA MEXICO (204) 0.5% 1
IIA UNITED KINGDOM & IRELAND (21)
0.5% 1
IIA VENEZUELA (290) 0.5% 1
None 1.0% 2
Not Answered 10
Valid Responses 192
Total Responses 202
22 Copyright © 2011 The Institute of Internal Auditors
Appendix A 4-1: What other staffing strategies do you employ to acquire and maintain knowledge of the business by your staff: Response
Active Knowledge Management program in IA
Active liaison program where auditor interacts with management. They stay abreast of what is happening in the industry, competitors, and detailed knowledge of our business.
Active recuritement with Co-sourcing
Active roles in North American lottery-related organizations
Broad and deep relationships with business partners
Brown Bag Lunches with Company subject matter experts, participation in industry groups (COPAS)
Close SOX testing with Business Unit people
Student/recent graduate pipeline (4 responses)
college recruiting - internal audit specialization programs
internship through local university
New college grads hired and trained and then placed into operations
student interns
consulting, sitting on committees, participating in planning, etc.
Continuing Education support
Daily briefings by me from Executive level meetings that I attend
Entrenamientos privado afueara de la oficina.
Exposure over time via audits
Extensive Training
External development (offsite training) (7 responses)
e.g., seminars, workshops, conferences
Fully outsourcing certain audit projects to bring in expertise that I cannot afford nor do I need on staff on a consistent basis.
gain knowledge through interaction with company personnel, brown bag session, and industry related educational opportunities
guest auditor program (4 responses); comments include:
functional area guest auditors
guest auditors from within the business and IA participation in business initiatives
Hire a potential candidate and train him or her internally
Hire external if internal not available, when, hiring.
Hiring qualified candidates from within the business (3 responses); comments include:
Recruitment from the business
I keep the staff informed of district level initiatives, objectives, and changes in the strategic plans through training and having them review documents
I would employ all 4 of the options listed in the survey (a staffing plan was developed in 2007); unfortunately it is currently being blocked by the CFO and the audit committee is not "actively" aware of the situation and, more importantly, the impact.
In house training and interviews with business personnel
industry specific certifications
internal availability of existing staff
23 Copyright © 2011 The Institute of Internal Auditors
Internal Orientation/Training
Internship from the business, but not a regular rotation
learn it thru industry groups etc
learning from other more experienced people in the organization
Low Turnover in audit staff (4 responses); comments include:
Retaining experienced internal audit staff - about half currently have over tens years of experience
lucky to have tenured staff
meet with inhouse subject matter experts as needed
networking and knowledge sharing
Specific training of new hires (2 responses) comments include:
New staff members work two to four weeks with the different levels of personnel and management to learn the industry, processes, roles, etc.
One man shop (3 responses)
ongoing visits with operating depts
participate on ISO Audits and audit of operating metrics
Participating on project teams for key strategic initiatives (i.e. new markets, new products, etc)
Performance of audits in many areas of business.
practice area relationships at many levels (IA interaction with business leaders)
professional development,pursue other professional designations;board service w/other professionals;professional periodicals;regularly attend staff meetings
Project-specific rotation from outside the IA staff
Quarterly lunch and learn by leaders in different business areas
Read literature on various business and operational aspects; not just auditing
regular speakers from the businesses at our training sessions
Review of internal product and financial presentations
Ride-along programs
rotating audit assignments in different operational areas
Rotational program for IT audit only
secondment of operational staff for specific short term audits
small size of company (less than 200 employees) helps; regular attendance in select core business status monitoring meetings helps.
Some auditors have industry knowledge
Subject Matter Expert Program (3 response); comments include:
Subject Matter Expert Program internal to IA
subject matter expert designation within dept and coordination with Corporate leaders.
Toda la plantilla, de manera ordinaria es considerada para evaluar todos los procesos sujetos a nuestro alcance.
trainings
walk throughs of business units prior to audits
We are in the process of restructuring to bring in a more technology focused staff.
We do a top-down operational risk assessment of each major business, meaning we document processes, risks, and controls that are operational/non-financial reporting. We acquire knowledge through the audit of key processes.
We have our internal audit staff actively participate in both our annual and quarterly enterprise risk assessment
24 Copyright © 2011 The Institute of Internal Auditors
activities, which helps them not only assess risks but also gain/maintain knowledge of our business.
working on a formal rotation plan now, but to date it has been very informal.
Responses 82
Back Appendix B
5-1: What other strategies do you employ to enhance and maintain knowledge of the business within your staff:
A knowledge warehouse has been established to share information.
Actively explore opportunities to work with Business Units on Continuous Improvement projects
Aggressive meeting schedule with key business leaders.
All directors (5) speak and are involved in national committees
Attendance at conferences by staff
Audit managers, directors and executives participate in each business/function's operational reviews and leadership meetings
audit staff participation in cross-functional committee projects.
Interaction with business management:
continuous interaction with management. Formal quarterly discussions with executive.
IA interaction with internal business leaders and groups
Staff networking with business unit leaders
COSOURCING ARRANGEMENT
exposure through projects
extensive interaction w/Management on operational audits
external training (3 responses); comments include:
such as IIA programs
professional seminars - webinars
GRC Requirements Management practice discipline from our vendor RuleSphere International
Having staff assist external auditors/consultants in financial, SAS 70, IT, fraud, and physical and IT security audits and consulting projects.
IA participating in company sponsored training, coordinating with senior leadership, and performing a variety of audits.
IA Staff engage in Job shadowing/Ride-along experiences within the business
Internal Audit is developing an extensive knowledge management framework of the business
Internal Training Programs (2 responses); comments include:
internal training available to all staff at the company
Learnin while on assignments
Membership in Professional Organization and CPE
Ninguno, la función de auditoría interna tiene un presupuesto muy limitado.
Not sure what you mean by industry standards - does that mean internal audit or the sector that we are in?
Obtaining certifications
25 Copyright © 2011 The Institute of Internal Auditors
OTJ training with engineers filling the rotational positions to learn the project execution side of the business & associated risks
Providing inexperienced staff the opportunity to sit with various business units to gain an understanding of their function and their processes and controls.
Quarterly training
Rotation through different staff assignments to expand business exposure.
Se desarrollo un programa interno de actualización para la plantilla de auditores
SME Program
special Community of Practicemeetings within our industry group
Staff individually pursues areas of interest and shares with the balance of the staff
This is a 1-person shop. I attend IIA and industry audit events (National Retail Federation), webinars, and read periodicals.
Use training available in the organization but outside Internal Audit, both formal and informal (the latter from subject matter experts in the business)
variety of designations strongly encouraged
web based training on regulatory compliance
When we do the top-down operational risk assessment, we work closely with management to make sure we understand the process and have identified the right risks and controls.
work with management of areas under audit to understand their processes, risks and controls, they sign the RCM prepared by IA staff
Responses 42
Back
Appendix C 9: Which of the following strategies do you employ in assessing the needs and expectations of your stakeholders? (Choose all that apply) adding other roles resulting from staff shortages, so communication is as needed and if critical
annual evaluation survey of key constituents
attending operational reviews, strategic dialogue sessions, etc.
benchmarking and QAR
CAE attends various bank committee meetings and informal meetings with management ongoing
CAE takes senior mgmt members out to lunch periodically and informally discusses internal audit's performance vs their expectations
Company-wide internal satisfaction surveys, performance evaluations
cross-functional GRC requirements management
Discussion with mgt during creation of Audit Plan
Discussions with Audit Committee members individually
Discussions with regional- and plant-level management for feedback on our performance, and to identify areas of risk.
discussions with senior management, discussions with internal audit staff
26 Copyright © 2011 The Institute of Internal Auditors
Discussions with the full board in regards to how best to support the Board in its key risk oversight role.
due to the open meetings regulation I cannot meet with the audit committee or chair. I have limited exposure to them unless I am issuing an audit report or having my annual evaluation and providing periodic status reports to them
ERM
Externally led meetings with senior leaders to collect feedback
Formal discussions with the audit committee as we are subject to the Brown Act (sunshine law - California)
formal meetings w/stakeholders - just not regular - perhaps annually
frequent communication from AC Chair
frequent contact with executive management and the audit committee; annual discussions with directors, audit committee, executive team during risk assessment process
Individual meetings with Exec Leadership on an on-going basis for feedback and risk management
Informal communications/feedback from key stakeholders; formal Q&A during annual planning.
Informal discussion and/or meetings (31 responses); comments include
with the senior leadership team
with clients and senior managers
with key stakeholders to assess their expectations & IA's performance against them
with executive management and Audit Committee - nothing in writing
with executives and operational stakeholders
with executives regarding performance and areas where IA can assist
with executive team to discuss how IA is doing.
with management and with auditees
with senior mgmt; discussions with immediate VP
with various employees throughout the year.
with key stakeholders to understand their business and where our testing should focus
with key stakeholders; ongoing participation in management meetings
Informal ongoing individual discussions with most stakeholders
Informal lunch with stakeholders to discuss expectations and explore changes in their business line.
Interviews with key stakeholders as part of comprehensive annual risk assessment.
Keep up with current news items to update risks
Meet Quarterly with Executive Committee To Reveiw IA Activities and Planned Activities; 360 feedback from customers;
Meet with Controller Only
Meetings w/non-exec chair, ceo and audit committee chair
Meetings with CAO to evaluate audit actvities
meets with individual stakeholders due to lack of support by superintendent
Monthly discussions with the CEO
Monthly Meeting with Full Board of Trustees
Most feedback is delivered by CFO. Audit Committee Chairman works through CFO and has minimal direct communications with CAE.
ongoing interaction with all levels of business leaders
Ongoing meetings with senior management
Participation in strategic planning
perform risk assessment.
periodic discussions with external auditors and regulators
27 Copyright © 2011 The Institute of Internal Auditors
periodic feedback from audit committee
periodic meeting with senior management
Post Audit Performance Evaluations/surveys (2 responses)
Pre-planning meeting with Stakeholder and Follow up meetings after audit
QAR (5 responses); comments include:
QAR Results which included extensive interviews with Sr. Mgmt. and Audit Committee Members - Feedback was very positive
QAR: internal review of CAE performance
input from QAR every 5 years
Quarterly discussions with the Audit Committee Chair to assess her expectations
Quarterly formal meetings with Compliance Committee to discuss IA, SOX, and Legal issues
Regular correspondence and meetings with CEO and Business Unit leaders
Regular formal and informal meetings with key members of the executive team to discuss internal audit expectations and emerging risks that may impact the audit plan.
regular formal meetings with the direct reports of our senior leadership team to assess their expectations and our performance
Review with auditee Director after each audit
risk assessment
Self Assessment questionnaires, Self Assessed Risk analysis
Senior Staff and Regional Team Meetings
senior staff meetings, informal meetings w/staff
Separate meetings with members of senior management, not all together in one room.
survey completed by stakeholders after each audit, semi-annual survey of stakeholders (not just execs)
The CEO and CFO, within the past year, made concerted efforts to eliminate the need to communicate with internal audit. The utilized the BOD's lack of awareness to effectively limit and eliminate standard, non-threatening communication with the ac & ia
There is no coherent strategy.
Trending Audit Committee Requests
Use of ERM committee to identify and recommend expectations
Use of the company's ERM findings and periodic meeting with the CFO
We are in the process of launching these strategies.
We do not have an Audit Committee; discuss Board expectations with CFO
We don't have an audit committee. However, I send updates quarterly to management and seek their input.
We have discussions with Senior executives of each of our companies separately
We have the annual planning meetings as well as regular updates in the course of our audits. We also participate on the project teams for key company initiatives.
Yearly individual discussion with members of the audit committee
평가모델이 없음
Responses 101
Back
28 Copyright © 2011 The Institute of Internal Auditors
Appendix D 12a: If there is a notable area not listed in question 12, please list it here and indicate whether it has increased or decreased in focus, or stayed the same. Although we have increased compliance, financial, and operational risks, my staff has been reduced from three auditors to one plus an audit assistant and myself. I need to scope audits without process reviews and focus more on testing of transactions which is not optimal but is the reality of working for a school district. Education funding at the federal level may impact us $60+ million dollars
Anti-Money Laundering has decreased in Focus
BCP Increase
Company went private at the end of 2010 - impacting SOX, financial controls, and internal controls work areas.
Construction risk
Construction Risk of Mega Projects
Corporate Social Responsibility increased on focus
Customer experience/satisfaction risks
Department is relatively new (start-up) so understandably in a growth stage
Dispositions and discontinued business lines
Emerging Risks (change management, attraction & retention, outsourcing)
ERM - increased
ERM and Capital Allocation. More focus on modeling systems and data quality
Ethical behaviors and investigations - increased
examination of ISO audits to determine how we can utilize the results as part of our ERM and Audit Risk analsis.
Government oversight – increased (3 responses)
Healthcare - Quality Risk, Care Delivery System Innovation, Physician Integration,
Human capital and employment practices risks--increased
Information Security
Information Technology - Decreased
Information Technology - Decreased (due to budget reduction)
IT/Information Systems risks: increasing
IT and technology risks – increased
Technology/IT – increased
IT Security – Increased
Technology Risks – Increased
Technology risk enabling strategic initiatives—increased
Technology risks, increased and Emerging markets risk, increased
Technology/Information Security Risks, including those of Social Media -- increased in focus.
Increase in Network & Application Security Audit Coverage including emerging IT risks such as social media.
IT Security - increased.
IT risks – increased
IT has an increased focus for us this year. Although that could be considered operational.
IT risk - new clinical enterprise system being implemented.
IT risks - successful implementation of major systems or upgrades
IT will increase
Information Technology (IT) general controls -- increased focus.
29 Copyright © 2011 The Institute of Internal Auditors
Data reliability and integrity; increased in focus
Data Security risks increased.
Monitoring of application system development efforts (increased)
IT risks
IT risks: no change
IT system security
Insertion of formalized detailed risk assessment and management methodology.
Internal audits involvement in GRC is increasing.
International (Country) Risk
Investment risks
Key executive retiring in 2011.
Major system implementation and related business process improvements: increased in focus.
Management staffing risks have increased.
Much more emphasis on Mergers & Acquisitions.
operational improvement projects - increased
Physical security focus increased
Political risks
Regulatory compliance from healthcare changes is a huge focus for the coming 2012-13 time period.
regulatory focus heightened for banking industry
Regulatory Risk (Dodd-Frank legislation) - Increased
Revenue Cycle - Increased
Revenue Enhancement
Riesgo Tributario-Ha aumentado.
sarbanes oxley does not apply
Sr Mgt and the Audit Committee asked for a specific limited scope of every function (65) within the next 18 months. The focus is on specific internal controls and fraud risks. We are a fairly new audit shop (6 years total)
Strategic Risk
Strategic Risk - Increased. (3 responses); comments include:
strategic risks - we now include a review of strategic risk in each audit
Strategic risk involvement.
System Implementation Participation - Increased
Emerging markets risk, increased
The Board interest and engagement in enterprise risk governance and management (Which was high before) continues to increase.
There is an increased operational risk based on the optempo of the military and the affect unemployment has on society.
We are not concerned with Sarbanese Oxley as our organization is a Public School Board
We completed a material acquisition which has inherently increased our SOX focus and compliance focus.
We've increased our work around auditing third party relationships and out-sourced operations.
Responses 31
Back
30 Copyright © 2011 The Institute of Internal Auditors
Appendix E 13: Rate the following attributes in terms of importance and level of performance for your internal audit function:
Not important at all
Somewhat important
Important Very important
Extremely important
Total
Effectively managing stakeholder
relationships
Count 5 44 161 264 224 698
% by
Row 0.7% 6.3% 23.1% 37.8% 32.1% 100.0%
Inadequate Limited/ developing
Adequate Above average
Exceptional Total
Count 8 50 302 289 37 686
% by Row 1.2% 7.3% 44.0% 42.1% 5.4% 100.0%
Not important at all
Somewhat important
Important Very important
Extremely important
Total
Effectively meeting stakeholder
expectations
Count 5 22 166 296 208 697
% by Row 0.7% 3.2% 23.8% 42.5% 29.8% 100.0%
Inadequate Limited/ developing
Adequate Above average
Exceptional Total
Count 9 58 296 293 29 685
% by Row 1.3% 8.5% 43.2% 42.8% 4.2% 100.0%
Not important at all
Somewhat important
Important Very important
Extremely important
Total
Effectively
leveraging technology
Count 24 138 253 210 66 691
% by Row 3.5% 20.0% 36.6% 30.4% 9.6% 100.0%
Inadequate Limited/ developing
Adequate Above average
Exceptional Total
Count 58 255 270 80 15 678
% by Row 8.6% 37.6% 39.8% 11.8% 2.2% 100.0%
Not important at all
Somewhat important
Important Very important
Extremely important
Total
Promoting customer service focus
Count 17 123 221 235 95 691
% by Row
2.5% 17.8% 32.0% 34.0% 13.7% 100.0%
Inadequate Limited/ developing
Adequate Above average
Exceptional Total
Count 5 98 335 199 40 677
% by Row 0.7% 14.5% 49.5% 29.4% 5.9% 100.0%
31 Copyright © 2011 The Institute of Internal Auditors
13 continued:
Rate the following attributes in terms of importance and level of performance for your internal audit function:
Not important at all
Somewhat important
Important Very important
Extremely important
Total
Conformance with The IIA's Standards
Count 24 106 204 195 148 677
% by Row
3.5% 15.7% 30.1% 28.8% 21.9% 100.0%
Inadequate Limited/ developing
Adequate Above average
Exceptional Total
Count 14 89 327 191 53 674
% by Row 2.1% 13.2% 48.5% 28.3% 7.9% 100.0%
Not important at all
Somewhat important
Important Very important
Extremely important
Total
Risk methodology that
focuses on critical risks
Count 3 30 131 313 208 685
% by Row
0.4% 4.4% 19.1% 45.7% 30.4% 100.0%
Inadequate Limited/ developing
Adequate Above average
Exceptional Total
Count 12 120 271 237 38 678
% by Row 1.8% 17.7% 40.0% 35.0% 5.6% 100.0%
Not important at all
Somewhat important
Important Very important
Extremely important
Total
Value proposition of
internal auditing that is well documented
and communicated
Count 33 139 230 204 81 687
% by Row
4.8% 20.2% 33.5% 29.7% 11.8% 100.0%
Inadequate Limited/ developing
Adequate Above average
Exceptional Total
Count 40 186 308 124 18 676
% by Row 5.9% 27.5% 45.6% 18.3% 2.7% 100.0%
Not important at all
Somewhat important
Important Very important
Extremely important
Total
Internal audit plan that is aligned with the
organization’s strategic plan
Count 13 48 172 279 181 693
% by
Row 1.9% 6.9% 24.8% 40.3% 26.1% 100.0%
Inadequate Limited/ developing
Adequate Above average
Exceptional Total
Count 14 113 293 218 44 682
% by Row 2.1% 16.6% 43.0% 32.0% 6.5% 100.0%
32 Copyright © 2011 The Institute of Internal Auditors
13 continued:
Rate the following attributes in terms of importance and level of performance for your internal audit function:
Not important at all
Somewhat important
Important Very important
Extremely important
Total
Continuous
improvement and
innovation
Count 12 96 240 253 90 691
% by Row
1.7% 13.9% 34.7% 36.6% 13.0% 100.0%
Inadequate Limited/ developing
Adequate Above average
Exceptional Total
Count 21 173 306 153 29 682
% by Row 3.1% 25.4% 44.9% 22.4% 4.3% 100.0%
Not important at all
Somewhat important
Important Very important
Extremely important
Total
Appropriate talent pool
Count 9 44 170 294 168 685
% by
Row 1.3% 6.4% 24.8% 42.9% 24.5% 100.0%
Inadequate Limited/ developing
Adequate Above average
Exceptional Total
Count 36 132 312 178 19 677
% by Row 5.3% 19.5% 46.1% 26.3% 2.8% 100.0%
Not important at all
Somewhat important
Important Very important
Extremely important
Total
Cost-effective and efficient operations
Count 8 79 278 252 76 693
% by Row
1.2% 11.4% 40.1% 36.4% 11.0% 100.0%
Inadequate Limited/ developing
Adequate Above average
Exceptional Total
Count 13 77 366 186 41 683
% by Row 1.9% 11.3% 53.6% 27.2% 6.0% 100.0%
Not important at all
Somewhat important
Important Very important
Extremely important
Total
Alignment of risk,
control, and compliance functions
Count 14 81 218 272 109 694
% by
Row 2.0% 11.7% 31.4% 39.2% 15.7% 100.0%
Inadequate Limited/ developing
Adequate Above average
Exceptional Total
Count 28 155 316 154 27 680
% by Row 4.1% 22.8% 46.5% 22.6% 4.0% 100.0%
Back
33 Copyright © 2011 The Institute of Internal Auditors
Appendix F 16-1: What other skill sets are you actively recruiting for, or anticipating recruiting for, in your internal audit function this year? ability to practically apply IIA standards customized for our business needs, and department development skills
Accounting/Internal Controls Assessment
analytical skills
basic audit skills
Basic auditing skills (proj mgmt, workpapers)
basic internal auditing skills
Big firm 2-4 yrs (brings foundational skills)
business acumen - tough but fair
Clinical expertise - healthcare
Clinical, RN, etc to convert to IA
Compliance (3 responses)
Construction
Construction / Development
contracts and construction
core operations experience from the business
co-sourcing if approved for transportation, food service and maintenance operations
CPA with known audit abilities
Environmental
ethnicity
External auditing
Finance - CPA
Financial / Communication
financial accounting
Financial audit
Financial controls
Financial reporting (3 responses)
Financial/SOX
Foreign language skills (7 responses); comments include:
language / cultural skills for Europe & China
MANDARIN SPEAKER
Fraud done in another Dept managed by GA
Governance, Risk & Compliance
Governmental Contract Experience
34 Copyright © 2011 The Institute of Internal Auditors
GRC requirements management
Internal Audit experience
Internal auditing
Internal controls knowledge
International audit presence
IT (non-general)
Leadership Skills (3 responses)
looks for CA only
Manufacturing experience
No specific skill set. recruit bright and ambitious professionals
None/not recruiting (47 responses); comments include:
Not recruiting this year
None ... full staff
not anticipating any turnover
Not recruiting. No money.
Recruiting on hold, but business knowledge, analytical skills, investigation skills would all be considered important
I don't have the budget for it this year but if I do have the opportunity I would want to hire someone to assist with auditing of financial reporting, ERM and corporate ethics.
Operational Auditing (3 responses)
other core competencies - initiative, accounting coursework
people management
Professional qualifications, e.g. CPA, CIA, etc.
Professionalism
Program Evaluation
Project management (2 responses)
Regulatory Compliance/knowledge (3 responses)
safety, health & environment
Strategic Auditing
technical accounting skills
time and project management skills
Top talent to rotate out of IA into other areas
We hire consultants with functional expertise for each project.
well rounded in Financial, Contract and IT auditing
written communication skills
구매부문
Responses 125
Back
35 Copyright © 2011 The Institute of Internal Auditors
Appendix G 17-1: What else is internal auditing also primarily responsible for?
Response
AML Compliance- money laundering
Annual Single Audit Coordination
Assisting the Compliance Dept by performing audits
Bank Secrecy / Patriot Act
BSA,OFAC IML, GLB
Business Continuity Planning
Business Licenses
CAE process owner ERM, but currently no auditing of Risk Mgmt processes. Also utilize auditors to test FCPA, but responsibility lies with legal
Change Management (should be in IT Area), but is isn't - with approval form AC (2 responses)
Completing the PCI review
Compliance Audits
Compliance Testing (testing compliance with all company policies and procedures one by one)
conflict of interest process and manage the relationship with all parent organizations (financials, club documentation, and training on district policies, and IRS regulations
Construction
corporate compliance program
Corporate Secretary
Corporate Security
Defining risk reporting standard terms and educating Governance
Disaster recovery
disclosure committee
environmental compliance auditing
Environmental Risks
ERM coordinator
External Audit substantive audit support
Facilitating the annual and quarterly enterprise risk assessment process
FDICIA Control Testing
FDICIA, Model Audit Rule Program
Financial Reporting
Global testing of/for FCPA compliance (but Legal owns compliance/training)
GRC program office set-up and technology tool enablement for the program office team
incident management, vendor viability assessments, sas 70 coordination
Insurance
36 Copyright © 2011 The Institute of Internal Auditors
Intellectual Property
Loss Prevention (2 responses)
Management has primary responsibility for these roles
Model Audit rule, testing of all of the above
Operational and compliance auditing
Participate with ethics and security on investigations
performs compliance, operational, and financial audits
Policies
policies & procedures, standards
POLICY DEVELOPMENT
Policy Portal, Brand Protection
Providing Support for SOX: Risk Management: Investigations;
Quality Assurance
records retention
Regulatory Compliance Audits (2 responses)
Sarbanes-Oxley Management Testing
support ethics, fraud and fcpa investigations
SOX testing
SOX testing (not responsible for other SOX areas) (3 responses)
Support government regulations, especially reg/statute changes
Tax audits
Title 31 (BSA Regulations)
we partner with Business Conduct Officer on ethics investigations, fraud allegations, etc.
While not "responsible for", IA assists with Risk Mgmt, Investigations, Regulatory Compliance and Fraud
working with Audit Committee
Responses 61
Back