Upload
annamaannama
View
219
Download
0
Embed Size (px)
Citation preview
8/10/2019 Best Practices on Internal Auditing_2.pdf
1/79
INTERNAL AUDITING:
WHAT'S THE LATEST?
Lilian S. Linsangan, CPA, CIA, CCSA, CFE
8/10/2019 Best Practices on Internal Auditing_2.pdf
2/79
Internal Auditing - Evolution
What precipitated it?
Globalization ofBusiness
8/10/2019 Best Practices on Internal Auditing_2.pdf
3/79
Internal Auditing - Evolution
Growing Complexity of Business
8/10/2019 Best Practices on Internal Auditing_2.pdf
4/79
Internal Auditing
Evolution
Manual Computerized
8/10/2019 Best Practices on Internal Auditing_2.pdf
5/79
Internal Auditing
Evolution
Internal Police/
Adversary
Valued Advisor
Partner
8/10/2019 Best Practices on Internal Auditing_2.pdf
6/79
Internal Auditing
Definition
Internal Auditing is an independent, objective
assurance and consulting activity designed to add
value and improve an organization's operations. Ithelps an organization accomplish its objectives by
bringing a systematic, disciplined approach to
evaluate and improve the effectiveness of risk
management, control and governance processes
8/10/2019 Best Practices on Internal Auditing_2.pdf
7/79
Internal Auditing
Definition
Internal Auditing is an independent, objective
assurance and consulting activitydesigned to add value and improve an organization's
operations. It helps an organization accomplish its
objectives by bringing a systematic, disciplined
approach to evaluate and improve the effectiveness of
risk management, control and governance processes
8/10/2019 Best Practices on Internal Auditing_2.pdf
8/79
Internal Auditing
Nature of Activity
Objective
ASSURANCE
* an objective examination ofevidence for the purpose ofproviding an independentassessment of governance, riskmanagement, and controlprocesses
CONSULTING
* Objective advisory,facilitative, and trainingactivities, the nature and scopeof which are agreed to with thecustomer, intended to improvegovernance, risk management,
and control processes.
Paul J. Sobel, Blended Engagements
8/10/2019 Best Practices on Internal Auditing_2.pdf
9/79
Internal Auditing
Assurance vs Consulting
ASSURANCE
* To provide anindependent assessmentbased on examination ofevidence
CONSULTING* To provide andindependent advice,facilitation, or trainingservices at the request ofthe customer
ASSURANCE
* Internal auditfunction determinesthe nature and scopeof the engagement
CONSULTING* The customer andthe IA function agreeon the nature andscope of theengagement
ASSURANCE
* The processowner, the IAfunction, the usersof the assessment
CONSULTING* The customerand the IA function
Primary aim of
the engagement
Who
determines
the nature
and scope
Parties
involved
8/10/2019 Best Practices on Internal Auditing_2.pdf
10/79
Internal Auditing
Assurance vs Consulting
The challenge
is . . . . . strikinga balance and
making a
paradigm shift.
8/10/2019 Best Practices on Internal Auditing_2.pdf
11/79
Internal Auditing
Definition
Internal Auditing is an independent, objective assurance
and consulting activity designed to add value and
improve an organization's operations. It helps an
organization accomplish its objectives by bringing a
systematic, disciplined approach to evaluate and
improve the effectiveness of risk management,
control and governance processes
8/10/2019 Best Practices on Internal Auditing_2.pdf
12/79
Internal Auditing
Coverage
Internal
Audit
Assurance
Governance
RiskManagement
Consulting Controls
8/10/2019 Best Practices on Internal Auditing_2.pdf
13/79
Internal Auditing on Governance
Assess & make recommendations for improving thegovernance process in its accomplishments of thefollowing objectives (IIA-PS 2110)
Promoting appropriate ethics and values within the
organization Ensuring effective organizational performance management
and accountability
Communicating risk and control information to appropriateareas of the organization
Coordinating the activities of and communicatinginformation among the board, external and internalauditors, and management
8/10/2019 Best Practices on Internal Auditing_2.pdf
14/79
Internal Auditing on Governance
Evaluate the design, implementation and
effectiveness of the organization's ethics-related
objectives, programs and activities (2110.A1)
Assess whether the information technologygovernance of the organization supports the
organization's strategies and objectives (2110.A2)
8/10/2019 Best Practices on Internal Auditing_2.pdf
15/79
Internal Auditing on Risk Management
Evaluate the effectiveness and contribute to theimprovement of risk management processes (2120)Interpretation):
Organizational objectives support and are aligned with the
organization's mission Significant risks are identified and assessed
Appropriate risk responses are selected that align risk withthe organization's risk appetite
Relevant risk information is captured and communicated in a
timely manner across the organization, enabling staff,management and the board to carry out their responsibilities
8/10/2019 Best Practices on Internal Auditing_2.pdf
16/79
Internal Auditing on Risk Management
Evaluate risk exposures relating to the
organization's governance, operations, and
information systems regarding the (2120.A1):
Reliability and integrity of financial and operational
information
Effectiveness and efficiency of operations and
programs
Safeguarding of assets
Compliance with laws, regulations, policies, procedures
and contracts
8/10/2019 Best Practices on Internal Auditing_2.pdf
17/79
Internal Auditing on Risk Management
Evaluate the potential for the occurrence of fraud
and how the organization manages fraud risk(2120.A2)
Address risk consistent with the engagement's
objectives and be alert to the existence of other
significant risks (2120.C1)
Incorporate knowledge of risks gained from consulting
engagements into their evaluation of the
organization's RM processes (2120.C2)
8/10/2019 Best Practices on Internal Auditing_2.pdf
18/79
Internal Auditing on Risk Management
Objective assurance on the following areas:
Process
Risk management processes, both theirdesign and how well they are working
Management
Management of those risks classified as"key", Including the effectiveness of thecontrols and other responses to them
Assessment&
Reporting
Reliable and appropriate assessment of
risks and reporting of risk and controlsstatus
IIA ERM PP
January 2009
8/10/2019 Best Practices on Internal Auditing_2.pdf
19/79
Internal Auditing on Risk Management
Consulting Role
Making available to management tools andtechniques used by internal auditing to analyze risksand controls
Providing advice, facilitating workshops, coaching the organizationon risk and control and promoting the development of a commonlanguage, framework and understanding
Supporting managers as they work to identify the best way tomitigate a risk
Being a champion for introducing ERM into the organization,
leveraging its expertise in risk management and controland its overall knowledge of the organization
Acting as the central point for coordinating, monitoring
and reporting on risks
IIA ERM PPJanuary 2009
8/10/2019 Best Practices on Internal Auditing_2.pdf
20/79
Internal Auditing on Control
Must assist the organization in maintaining effective
controls by evaluating their effectiveness and
efficiency and by promoting continuous
improvement (2130)
Incorporate knowledge of controls gained from
consulting engagements into evaluation of the
organization's control processes.
8/10/2019 Best Practices on Internal Auditing_2.pdf
21/79
Internal Auditing
Definition
Internal Auditing is an independent, objective
assurance and consulting activity designed to add
value and improve an organization'soperations. It helps an organization accomplish itsobjectives by bringing a systematic, disciplinedapproach to evaluate and improve the effectiveness
of risk management, control and governanceprocesses
8/10/2019 Best Practices on Internal Auditing_2.pdf
22/79
Internal Auditing
Deliver Value
Assurance
ObjectivityInsight
Internal Auditing
IIARF - Insight: Delivering Value to Stakeholders
8/10/2019 Best Practices on Internal Auditing_2.pdf
23/79
Internal Auditing
Insightthe capacity to gain an accurate and
deep intuitive understanding of a person or thing
IIARF - Insight: Delivering Value to Stakeholders
One of the key goals of the IAfunction is to provide its
stakeholders with insights gleaned
while performing assessments, both
with respect to the implications of
those assessments and providingrecommendations
8/10/2019 Best Practices on Internal Auditing_2.pdf
24/79
Internal Auditing
Evolution
Internal Police/
Adversary
Valued Advisor
Partner
8/10/2019 Best Practices on Internal Auditing_2.pdf
25/79
What it is all about
2010 Global IA Survey
8/10/2019 Best Practices on Internal Auditing_2.pdf
26/79
2010 Global IA Survey
Most comprehensive study ever to capture the
current perspective and opinions from a large cross
section of IA stakeholders about internal auditing
worldwide
13,500 usable responses
107 countries
8/10/2019 Best Practices on Internal Auditing_2.pdf
27/79
2010 Global IA Survey
REPORTS:
1. Characteristics of an Internal Audit Activity
2. Core Competencies for Today's Internal Auditors
3.
Measuring Internal Audit Value4. What's Next for Internal Auditing
5. Imperatives for Change: The IIA's GlobalInternal Audit Survey in Action
8/10/2019 Best Practices on Internal Auditing_2.pdf
28/79
Characteristics of Internal Audit
2010 Global IA Survey
8/10/2019 Best Practices on Internal Auditing_2.pdf
29/79
2010 Global IA Survey
Characteristics of the Internal Audit Population:
30% are in the age group of 26 36, compared with11% in 2006
2/3 male; 1/3 female
Increasing % of IAs obtaining master's/graduate ordoctoral degrees
Increasing % of those with IA majors
50%+ of IA units get their staff from within,followed by employment agencies and referrals from
professional affiliates
8/10/2019 Best Practices on Internal Auditing_2.pdf
30/79
2010 Global IA Survey
Characteristics of the Internal Audit Population:
IA units rely on outsourcing or co-sourcing to
compensate for missing skills in the IA activity
Approx. 50% will recruit more staff during the next 5
years; others will maintain current staffing level
Most CAEs report either to CEO or Audit Committee;
highest % reporting to AC was in Middle East, US &
Canada, and Latin America
8/10/2019 Best Practices on Internal Auditing_2.pdf
31/79
2010 Global IA Survey
Characteristics of the Internal Audit Population:
In the next 5 years, focus of IA activities will be:
Corporate governance
ERM
Strategic reviews
Ethics audit
Migration to IFRS
8/10/2019 Best Practices on Internal Auditing_2.pdf
32/79
8/10/2019 Best Practices on Internal Auditing_2.pdf
33/79
Core Competencies for Today's
Internal Auditors
2010 Global IA Survey
8/10/2019 Best Practices on Internal Auditing_2.pdf
34/79
2010 Global Survey
Core Competencies Common at all levels
Communications skills (including oral, written, report
writing and presentation)
Problem identification and solution skills (including core,
conceptual and analytical thinking)
Keeping up to date with industry and regulatory
changes and professional standards.
8/10/2019 Best Practices on Internal Auditing_2.pdf
35/79
2010 Global Survey
Incremental Core Competencies
IA Staff Accounting frameworks, tools and techniques
IT/ICT frameworks, tools and techniques
ManagementOrganizational skills, including project and time management
Conflict resolution and negotiation skills
CAE Ability to promote the value of IA function within the organization
Conflict resolution and negotiation skills
8/10/2019 Best Practices on Internal Auditing_2.pdf
36/79
2010 Global IA Survey
Core competencies
Behavioral
Confidentiality
Communication Skills
Technical
Understanding business
Risk analysis & control assessment techniques
Knowledge
Auditing Internal audit standards
8/10/2019 Best Practices on Internal Auditing_2.pdf
37/79
Measuring Internal Auditing's Value
2010 Global IA Survey
8/10/2019 Best Practices on Internal Auditing_2.pdf
38/79
2010 Global IA Survey
Most respondents believe IA add value; objectivity
and independence as the major driver
While most respondents view IA as contributing to
controls; they do not have the same view for risk
management & governance
Declining trend in outsourcing
8/10/2019 Best Practices on Internal Auditing_2.pdf
39/79
2010 Global IA Survey
Most important factors to the perceived contribution
of IA activity
Appropriate access to AC
Independence; functioning without coercion to change
or withdraw audit findings
More use of audit tools or technology in typical audit
engagements
8/10/2019 Best Practices on Internal Auditing_2.pdf
40/79
2010 Global IA Survey
Measurement methods frequently used:
% of audit plan completed
Acceptance and implementation of recommendations
Surveys/feedback from board/AC/management
Surveys/feedback from auditee
Reliance by external auditors on the IA activity
Assurance of sound risk management
8/10/2019 Best Practices on Internal Auditing_2.pdf
41/79
What's Next for Internal Auditing
2010 Global IA Survey
8/10/2019 Best Practices on Internal Auditing_2.pdf
42/79
2010 Global IA Survey
Clear convergence of the governance and controls
context of IA activity
Role in risk management and governance will
continue to increase:
Training AC members
Advisory role in strategy development
Education role for the organization's personnel
8/10/2019 Best Practices on Internal Auditing_2.pdf
43/79
2010 Global IA Survey
Top 5 activities performed in 2010
Operational auditing (89%)
Audit of compliance with regulatory code, including
privacy requirements (75%)
Auditing financial risks (72%)
Investigations of fraud and irregularities (71%)
Evaluating the effectiveness of control framework (i.e.
COSO and COBIT) (69%)
8/10/2019 Best Practices on Internal Auditing_2.pdf
44/79
2010 Global IA Survey
Top seven (7) activities expected to be performed
in the next 5 years:
Corporate governance reviews (23%)
Audits of ERM processes (20%)
Reviews addressing linkage of strategy and
performance (20%)
Ethics audit (19%)
Social and sustainability audits (19%)
Migration to IFRS (19%)
Disaster recovery testing and support (18%)
8/10/2019 Best Practices on Internal Auditing_2.pdf
45/79
2010 Global IA Survey
Top five (5) audit tools and techniques predicted to
be used more in the next 5 years:
CAATs (63%)
Electronic workpapers (55%)
Continuous / Real-time Auditing (54%)
Data Mining (52%)
Risk-based Audit Planning (52%)
8/10/2019 Best Practices on Internal Auditing_2.pdf
46/79
Imperatives for Change:
The IIA's Global Internal Audit Survey inAction
2010 Global IA Survey
8/10/2019 Best Practices on Internal Auditing_2.pdf
47/79
2010 Global IA Survey
Ten (10) Imperatives for Change
Group 1 Emphasize Risk Management &
Governance
1. Sharpen your focus on risk management andgovernance
2. Conduct a more responsive and flexible risk-based
audit plan
8/10/2019 Best Practices on Internal Auditing_2.pdf
48/79
2010 Global IA Survey
Ten (10) Imperatives for Change
Group II Address Key Stakeholder Priorities
3. Develop a strategic vision for IA
4. Focus, monitor and report on IA's value5. Strengthen Audit Committee communications and
relationships
6. View compliance with IIA'sInternational Standards
for the Professional Practice of Internal Auditing as
mandatory, not optional
8/10/2019 Best Practices on Internal Auditing_2.pdf
49/79
2010 Global IA Survey
Ten (10) Imperatives for Change
Group III Optimize Internal Audit Resources
7. Acquire and develop top talent
8. Enhance training for internal audit activities9. Take advantage of expanding service provider
membership
Group IV Leverage Technology Effectively
10. Step up use of audit technology and tools.
8/10/2019 Best Practices on Internal Auditing_2.pdf
50/79
Internal Auditing
What does it mean forIAs?
8/10/2019 Best Practices on Internal Auditing_2.pdf
51/79
Internal Auditing
. . . . presents significantchallenges
8/10/2019 Best Practices on Internal Auditing_2.pdf
52/79
Internal Auditing
. . . .but, at the same time offers a lot of
opportunities for career andpersonal advancement
8/10/2019 Best Practices on Internal Auditing_2.pdf
53/79
Internal Auditing
Developments in 2012
8/10/2019 Best Practices on Internal Auditing_2.pdf
54/79
New IPPF Standards
8/10/2019 Best Practices on Internal Auditing_2.pdf
55/79
Internal Auditing
New IPPF Standards
Effective January 1, 2013
Changes:
Applicability to individual auditors
Explicitly including in the interpretation of Standard
1110 - Organizational Independence that functional
reporting to the Board include:
Approving the IA budget & resource plan
Approving the remuneration of the CAE
8/10/2019 Best Practices on Internal Auditing_2.pdf
56/79
Internal Auditing
New IPPF Standards
Changes (cont.):
Including in the interpretation of Standard 2010
Planning that:
In the absence of a RM framework, the CAE uses his/herown judgment after consideration of input from senior
management & the board.
The CAE must review & adjust the plan in response to
changes in organizations business, risks, operations,
programs, systems & controls
8/10/2019 Best Practices on Internal Auditing_2.pdf
57/79
Internal Auditing
New IPPF Standards
Changes (cont.):2120 Risk Management & 2130 Control
Inclusion of "Achievement of the organization's strategic
objectives" among the objectives of RM & IC, along with: Reliability and integrity of financial and operational
information;
Effectiveness and efficiency of operations andprograms;
Safeguarding of assets; and
Compliance with laws, regulations, policies,procedures, and contracts.
8/10/2019 Best Practices on Internal Auditing_2.pdf
58/79
Internal Auditing
New IPPF Standards
Changes (cont.):
2201 Planning Considerations inclusion of
"governance" among the activities that must be
covered in planning
2210 Engagement Objectives inclusion of
"governance & risk management" (along with
control) in the areas for which adequate evaluation
criteria must be established.
8/10/2019 Best Practices on Internal Auditing_2.pdf
59/79
Internal Auditing
New IPPF Standards
Changes (cont.):
2440 - Disseminating Results the interpretation
clearly indicated that the CAE retains the
responsibility for the report even if he/she delegatesthe signing of the report.
2600 "Resolution of Senior Management's
Acceptance of Risks" changed to "Communicating
the Acceptance of Risks" Interpretation It is not the CAE's responsibility to resolve the
risks
8/10/2019 Best Practices on Internal Auditing_2.pdf
60/79
Internal Auditing
New IPPF Standards
Changes (cont.):
Glossary:
Board - The highest level of governing body charged with the
responsibility to direct and/or oversee the activities andmanagement of the organization. Typically, this includes an
independent group of directors (e.g., a board of directors, a
supervisory board, or a board of governors or trustees). If such a
group does not exist, the board may refer to the head of the
organization. Board may refer to an audit committee to which
the governing body has delegated certain functions.
8/10/2019 Best Practices on Internal Auditing_2.pdf
61/79
New IPPF Guidance
8/10/2019 Best Practices on Internal Auditing_2.pdf
62/79
8/10/2019 Best Practices on Internal Auditing_2.pdf
63/79
Internal Auditing
New IPPF Guidance (technology related)
GTAG 17 Auditing IT Governance
GTAG 7 Information Technology Outsourcing
GTAG 2 Change and Patch Management Controls:
Critical for Organizational Success
GTAG 1 Information Technology Risk and Controls
New Practice Advisory
2320-2 Root Cause Analysis
8/10/2019 Best Practices on Internal Auditing_2.pdf
64/79
Internal Auditing
Public Sector Supplementary Guidance
Public Sector Definition
The Role of Auditing in Public Sector Governance
Value Proposition of Internal Audit and the Internal Audit
Capability Model Implementing a New Internal Audit Function in the Public
Sector
IIA Standards/GAGAS, a Comparison
Optimizing Public Sector Audit Activities
Model Legislation (coming soon)
Transparency in Public Sector Reporting (coming soon)
8/10/2019 Best Practices on Internal Auditing_2.pdf
65/79
New Syllabus for CIA
8/10/2019 Best Practices on Internal Auditing_2.pdf
66/79
Internal Auditing
New Syllabus for CIA
To be launched in mid 2013
Realign content from the current four-part exam
to a three-part exam
Removed certain topics
Introduced new topics
Changed knowledge level on certain topics
"A" - Awareness"P" - Proficiency
8/10/2019 Best Practices on Internal Auditing_2.pdf
67/79
Internal Auditing
New Syllabus for CIA
Significant Additions:
Build and maintain networking with other organization
executives and the audit committee (P)
Educate senior management and the board on best
practices in governance, risk management, control and
compliance (P)
Assess the adequacy of the performance measurement
system, achievement of corporate objective (A)
8/10/2019 Best Practices on Internal Auditing_2.pdf
68/79
8/10/2019 Best Practices on Internal Auditing_2.pdf
69/79
Internal Auditing
New Syllabus for CIA
Significant Additions:
Outsourcing business process (A)
Stakeholder relationships (A)
Organizational theory (structure and configuration) (A)
Lead, inspire, mentor, and guide people, building
organizational commitment and entrepreneurial
orientation (A)
Create group synergy in pursuing collective goals. (A)
8/10/2019 Best Practices on Internal Auditing_2.pdf
70/79
IIA - Philippines
Whats Happening @ the Local Front?
8/10/2019 Best Practices on Internal Auditing_2.pdf
71/79
Internal Auditing
Business AnalysisLeadership &
Management
Special Topics
& Integration
Information
Technology &
SecurityFraud
Assurance &
Consulting
Audit processAudit
Communication
Ethics,
Governance &
Risks
Building Block Framework
Developmental
Courses
Technical
Courses
FoundationCourses
Develop IA Resources
8/10/2019 Best Practices on Internal Auditing_2.pdf
72/79
Internal Auditing
Foundation Courses
* InternalAuditing theory
* Operationsaudit
* Engagements &
practice*Problem-solvingand decision-making
*Communicatingaudit results
* Specializedcommunicationskills
* Presentationskills
* Ethics, socialresponsibility &governance
* Riskmanagement,
controls andmethodology
Internal
Auditing
Audit
Communication
Ethics,
Governance
& Risks
8/10/2019 Best Practices on Internal Auditing_2.pdf
73/79
Internal Auditing
Technical Courses
* Informationsystems auditing
* Advance ITaudit
* Information
Security andTechnology
* Fraudexamination
* Forensicaccounting andfraud
investigation* Lawcriminology ðics
* Assuranceand consulting,skills &attitudes
Information
Technology
& SecurityFraud
Assurance &
Consulting
8/10/2019 Best Practices on Internal Auditing_2.pdf
74/79
8/10/2019 Best Practices on Internal Auditing_2.pdf
75/79
Internal Auditing
Certifications
CIA
CCSACFSA
CISA
CFECISM
etc.
Integration
8/10/2019 Best Practices on Internal Auditing_2.pdf
76/79
Internal Auditing
Integration through Collaboration
IT, AUDIT
& FRAUDSUMMIT
ISACA
IIA-P
ACFE-P
8/10/2019 Best Practices on Internal Auditing_2.pdf
77/79
Internal Auditing Course
FEU Bachelor of Science in Business Administration
Major in Internal Auditing Since 2006 (BSC- major in Internal Auditing)
USC Masters of Arts in Internal Auditing Since 2004
8/10/2019 Best Practices on Internal Auditing_2.pdf
78/79
Internal Auditing
The world is in your
hands now it is up to
you to decide how you
use it.
8/10/2019 Best Practices on Internal Auditing_2.pdf
79/79
END OF PRESENTATION