Embed Size (px)
Citation preview
Internal Audit It’s Time to Talk About Risk and Control
Demands/Expectations of Internal Audit’s Stakeholders Have Changed
The Audit Committee and Board:Execution of a comprehensive “risk based audit plan”
Expertise and assurance on risks and controls
Assistance in executing governance responsibilities
Resident “eyes and ears” within the enterprise
A “trusted advisor”
Management: Expertise and assurance on internal controls
Insight, advice, and assurance on enterprise risks
Timely and relevant information to facilitate risk management and business decisions
Additional financial related coverage
External Auditors:Insight into the adequacy of financial controls
Execution of a “risk-based audit plan” addressing financial risks – including relevant IT controls
The Audit Committee and Board:Execution of a comprehensive “risk based audit plan”
Expertise and assurance on risks and controls
Assistance in executing governance responsibilities
Resident “eyes and ears” within the enterprise
A “trusted advisor”
Demands/Expectations of Internal Audit’s Stakeholders Have Changed
The Audit Committee and Board:Execution of a comprehensive “risk based audit plan” Expertise and assurance on risks and controlsAssistance in executing governance responsibilitiesResident “eyes and ears” within the enterpriseA “trusted advisor”
External Auditors:Insight into the adequacy of financial controlsExecution of a “risk-based audit plan” addressing financial risks – including relevant IT controls
Management: Expertise and assurance on internal controlsInsight, advice, and assurance on enterprise risksTimely and relevant information to facilitate risk management and business decisionsAdditional financial related coverage
Demands/Expectations of Internal Audit’s Stakeholders Have Changed
External Auditors:Insight into the adequacy of financial controls
Execution of a “risk-based audit plan” addressing financial risks – including relevant IT controls
The Audit Committee and Board:Execution of a comprehensive “risk based audit plan” Expertise and assurance on risks and controlsAssistance in executing governance responsibilitiesResident “eyes and ears” within the enterpriseA “trusted advisor”
Management: Expertise and assurance on internal controlsInsight, advice, and assurance on enterprise risksTimely and relevant information to facilitate risk management and business decisionsAdditional financial related coverage
External Auditors:Insight into the adequacy of financial controlsExecution of a “risk-based audit plan” addressing financial risks – including relevant IT controls
1. Prominent Stature of Internal Audit Within the Organization2. A Formal Strategic Plan for Internal Audit3. Continuous Communications with Key Stakeholders4. An HR Strategy Focused on Stakeholder and Enterprise Needs5. A Risk Assessment Process that Produces Current Risk Profiles6. Integrated IT Audit Coverage as a Component of an Overall IT Audit Strategy7. Integration of Technology Solutions Into Multiple Aspects of Internal Audit
Operations8. A Knowledge Management Strategy9. A Comprehensive Quality Assurance and Improvement Program10. Performance Measures Linked to Strategic Goals
Attributes of High Performing Internal Audit Functions:
“The Top 10”
Governance
• Internal auditing provides assurance to management and the audit committee that risks are understood and managed properly.
• Internal auditors identify all auditable activities and relevant risk factors, and assess their significance.– Investigating– Evaluating– Identifying potential trouble spots– Communicating– Anticipating emerging issues– Identifying opportunities
Risk Management
• Risk management, control, & governance processes–Financial analysts–Risk evaluators–Improving operations–Supplying analyses, suggestions, &
recommendations–Adding Value
Internal Auditors’ Roles
•Beyond an annual risk assessment process – risk assessment should have a continuous component
•Continuous risk assessment process is formalized within internal audit and aligned with business units
•Risk assessments are transparent and interactive – involving senior management, external auditors, and the audit committee
•Emerging risks are identified and addressed through flexible internal audit coverage
A Risk Assessment Process that Produces Current Risk Profiles
• Internal auditing reviews the reliability and integrity of information, compliance with policies and regulations, the safeguarding of assets, the economical and efficient use of resources, and established operational goals and objectives. Internal audits encompass financial activities and operations including systems, production, engineering, marketing, and human resources. Can you afford to be without it?
Essential Services
IPPF – Standards Mandatory Guidance
2120-Risk ManagementThe internal audit activity must evaluate the effectiveness and contribute to the improvement of risk management processes.
Interpretation: Determining whether risk management processes are effective is a judgment resulting from the internal auditor's assessment that: Organizational objectives support and align with the organization's mission; Significant risks are identified and assessed; Appropriate risk responses are selected that align risks with the organization's risk appetite; and Relevant risk information is captured and communicated in a timely manner across the organization, enabling staff, management, and the board to carry out their responsibilities. The internal audit activity may gather the information to support this assessment during multiple engagements. The results of these engagements, when viewed together, provide an understanding of the organization’s risk management processes and their effectiveness.Risk management processes are monitored through ongoing management activities, separate evaluations, or both.
Outsourced Internal Audit
VACO Can Help You
For additional information, please contact
Heriot PrenticeDirector, Governance Risk and ComplianceVaco Orlando, LLC485 N. Keller Road, Suite 451Maitland, FL 32751www.vaco.com(407) 712-7878 [email protected]
