Upload
altum-pokoo-aikins
View
223
Download
1
Embed Size (px)
Citation preview
8/12/2019 Internal Auditing for beginners
http://slidepdf.com/reader/full/internal-auditing-for-beginners 1/72
Governance, Risk
Management & Compliance
8/12/2019 Internal Auditing for beginners
http://slidepdf.com/reader/full/internal-auditing-for-beginners 2/72
Governance, Risk
Management & Compliance
Our Vision
To be the lead advocate, trainer
and practitioner in internal
auditing in Africa by providing
superior internal audit solutionsto the private and public sectors
as well as the third sector .
8/12/2019 Internal Auditing for beginners
http://slidepdf.com/reader/full/internal-auditing-for-beginners 3/72
Governance, Risk
Management & Compliance
Our Mission
To engage internal audit leaders
and their customers; government
officials, corporate executives and
senior management in a constantdialogue on the position, role and
value of the internal audit
activity.
8/12/2019 Internal Auditing for beginners
http://slidepdf.com/reader/full/internal-auditing-for-beginners 4/72
Governance, Risk
Management & Compliance
8/12/2019 Internal Auditing for beginners
http://slidepdf.com/reader/full/internal-auditing-for-beginners 5/72
8/12/2019 Internal Auditing for beginners
http://slidepdf.com/reader/full/internal-auditing-for-beginners 6/72
Governance, Risk
Management & Compliance
Course Overview
• Day One – Modern Internal Auditing – The Audit Process
– Risk Management and Risk Assessment
– Audit Planning
• Day Two – Process Documentation
– Audit Programs
– Audit Fieldwork
– Audit Reports
– Soft Skills
8/12/2019 Internal Auditing for beginners
http://slidepdf.com/reader/full/internal-auditing-for-beginners 7/72
Governance, Risk
Management & Compliance
Module One
Modern Internal Auditing
8/12/2019 Internal Auditing for beginners
http://slidepdf.com/reader/full/internal-auditing-for-beginners 8/72
Governance, Risk
Management & Compliance
Modern Internal Auditing
• Internal Auditing Defined
• Code of Ethics
• The Value Proposition of IA
• The Role of Internal Auditor
• The IIA Competency Framework
• Components of the Audit Model
8/12/2019 Internal Auditing for beginners
http://slidepdf.com/reader/full/internal-auditing-for-beginners 9/72
Governance, Risk
Management & Compliance
Internal Auditing Defined
• “independent, objective assurance
and consulting activity designed to1add value and improve an
organization’s operations. It 2helps
an organization accomplish itsobjectives by bringing a systematic,disciplined approach to 3evaluate
and improve the effectiveness ofrisk management, control, and
governance processes”
8/12/2019 Internal Auditing for beginners
http://slidepdf.com/reader/full/internal-auditing-for-beginners 10/72
Governance, Risk
Management & Compliance
Internal Auditing Defined
Thewhat
The
how
The
why
8/12/2019 Internal Auditing for beginners
http://slidepdf.com/reader/full/internal-auditing-for-beginners 11/72
Governance, Risk
Management & Compliance
What are we doing?
•1adding value and improving on
organisations operations –
• Making things better than whenwe met it.
Systems | Processes | Procedures
8/12/2019 Internal Auditing for beginners
http://slidepdf.com/reader/full/internal-auditing-for-beginners 12/72
Governance, Risk
Management & Compliance
Why are we doing it?
•2helping the organization
accomplish its objectives
• How do you determineorganisational objectives?
• Gain a seat at the table
8/12/2019 Internal Auditing for beginners
http://slidepdf.com/reader/full/internal-auditing-for-beginners 13/72
Governance, Risk
Management & Compliance
How are you doing it?
•3evaluating and improving the
effectiveness of risk
management, control, and
governance processes
• The triple magic wand
8/12/2019 Internal Auditing for beginners
http://slidepdf.com/reader/full/internal-auditing-for-beginners 14/72
Governance, Risk
Management & Compliance
IIA Definition Logic
Helps the organizationaccomplish its objectives
Adding value and improving onorganisations operations
Evaluating and improving on the effectivenessof GRC processes
8/12/2019 Internal Auditing for beginners
http://slidepdf.com/reader/full/internal-auditing-for-beginners 15/72
Governance, Risk
Management & Compliance
Internal Auditing Defined
• “independent, objective assurance
and consulting activity designed to1add value and improve an
organization’s operations. It 2helps
an organization accomplish itsobjectives by bringing a systematic,disciplined approach to 3evaluate
and improve the effectiveness ofrisk management, control, and
governance processes”
8/12/2019 Internal Auditing for beginners
http://slidepdf.com/reader/full/internal-auditing-for-beginners 16/72
Governance, Risk
Management & Compliance
Code of Ethics
• Principles and Rules
– Integrity
– Objectivity
– Confidentiality
– Competency
8/12/2019 Internal Auditing for beginners
http://slidepdf.com/reader/full/internal-auditing-for-beginners 17/72
Governance, Risk
Management & Compliance
Code of Ethics – Principles
• Integrity
– The integrity of internal auditors
establishes trust and thus provides
the basis for reliance on their
judgment
8/12/2019 Internal Auditing for beginners
http://slidepdf.com/reader/full/internal-auditing-for-beginners 18/72
Governance, Risk
Management & Compliance
Integrity Rules
• Shall perform their work with honesty,
diligence, and responsibility• Shall observe the law and make
disclosures expected by the law and the
profession• Shall not knowingly be a party to any
illegal activity, or engage in acts that are
discreditable to the profession of internal
auditing or to the organization
• Shall respect and contribute to the
legitimate and ethical objectives of the
organization
8/12/2019 Internal Auditing for beginners
http://slidepdf.com/reader/full/internal-auditing-for-beginners 19/72
Governance, Risk
Management & Compliance
Code of Ethics – Principles
• Objectivity
–Internal auditors exhibit the
highest level of professional
objectivity in gathering,
evaluating, and communicating
information about the activity or
process being examined.
8/12/2019 Internal Auditing for beginners
http://slidepdf.com/reader/full/internal-auditing-for-beginners 20/72
Governance, Risk
Management & Compliance
Objectivity Rules
• Shall not participate in any activity or
relationship that may impair or be presumed to impair their unbiased
assessment.
•
Shall not accept anything that mayimpair or be presumed to impair their
professional judgment.
• Shall disclose all material facts known
to them that, if not disclosed, may
distort the reporting of activities
under review.
8/12/2019 Internal Auditing for beginners
http://slidepdf.com/reader/full/internal-auditing-for-beginners 21/72
Governance, Risk
Management & Compliance
Code of Ethics – Principles
• Confidentiality
– Internal auditors respect the value
and ownership of information they
receive and do not disclose
information without appropriateauthority unless there is a legal or
professional obligation to do so.
8/12/2019 Internal Auditing for beginners
http://slidepdf.com/reader/full/internal-auditing-for-beginners 22/72
Governance, Risk
Management & Compliance
Confidentiality Rules
• Shall be prudent in the use and
protection of information acquiredin the course of their duties.
• Shall not use information for any
personal gain or in any manner
that would be contrary to the law
or detrimental to the legitimateand ethical objectives of the
organization.
8/12/2019 Internal Auditing for beginners
http://slidepdf.com/reader/full/internal-auditing-for-beginners 23/72
Governance, Risk
Management & Compliance
Code of Ethics – Principles
• Competency
– Internal auditors apply the
knowledge, skills, and experience
needed in the performance of internal
audit services.
8/12/2019 Internal Auditing for beginners
http://slidepdf.com/reader/full/internal-auditing-for-beginners 24/72
Governance, Risk
Management & Compliance
Competency Rules
• Shall engage only in those services
for which they have the necessaryknowledge, skills, and experience.
• Shall perform internal audit services
in accordance with the InternationalStandards for the ProfessionalPractice of Internal Auditing.
•
Shall continually improve their proficiency and the effectiveness andquality of their services
8/12/2019 Internal Auditing for beginners
http://slidepdf.com/reader/full/internal-auditing-for-beginners 25/72
Governance, Risk
Management & Compliance
Internal Auditing is the
cornerstone for sustainable
organisational success
The IIA Value Proposition
8/12/2019 Internal Auditing for beginners
http://slidepdf.com/reader/full/internal-auditing-for-beginners 26/72
Governance, Risk
Management & Compliance
Role of Internal Auditors
• Re- Corporate Governance
• Re- Risk Management
• Re- Fraud
• Re- Corporate Ethics
• Re- Internal Controls
• Re- Information Technology• Re- Financial Reporting
Th IIA Gl b l I t l A dit
8/12/2019 Internal Auditing for beginners
http://slidepdf.com/reader/full/internal-auditing-for-beginners 27/72
Governance, Risk
Management & Compliance
The IIA Global Internal Audit
Competency Framework - 2013
8/12/2019 Internal Auditing for beginners
http://slidepdf.com/reader/full/internal-auditing-for-beginners 28/72
Governance, Risk
Management & Compliance
Module Two
The Audit Process
8/12/2019 Internal Auditing for beginners
http://slidepdf.com/reader/full/internal-auditing-for-beginners 29/72
Governance, Risk
Management & Compliance
The Audit Process
h d
8/12/2019 Internal Auditing for beginners
http://slidepdf.com/reader/full/internal-auditing-for-beginners 30/72
Governance, Risk
Management & Compliance
The Audit Process
h l d
8/12/2019 Internal Auditing for beginners
http://slidepdf.com/reader/full/internal-auditing-for-beginners 31/72
Governance, Risk
Management & Compliance
The Internal Audit Process
8/12/2019 Internal Auditing for beginners
http://slidepdf.com/reader/full/internal-auditing-for-beginners 32/72
Governance, Risk
Management & Compliance
H di i d d
8/12/2019 Internal Auditing for beginners
http://slidepdf.com/reader/full/internal-auditing-for-beginners 33/72
Governance, Risk
Management & Compliance
How an audit is conducted
Pl i
8/12/2019 Internal Auditing for beginners
http://slidepdf.com/reader/full/internal-auditing-for-beginners 34/72
Governance, Risk
Management & Compliance
Planning• Distribute Audit Notification
•Conduct Pre-Audit Meeting
• Interview Department Personnel
• Review Policies and Procedures
•
Understand and Document theBusiness Processes
• Perform Risk Assessment
• Prepare a Detailed Audit Program
• Prepare audit budget (in hours)
• Select items to be Audited (samples,not 100%)
Fi ld k
8/12/2019 Internal Auditing for beginners
http://slidepdf.com/reader/full/internal-auditing-for-beginners 35/72
Governance, Risk
Management & Compliance
Fieldwork• Review Supporting Documentation
•Interview department personnel
• Perform analyses
• Identify Exceptions
•
Identify Recommendations forImprovement
• Prepare Written Audit Comments (i.e.,findings)
• Department Provides WrittenResponse and Corrective Action Planfor findings
R ti
8/12/2019 Internal Auditing for beginners
http://slidepdf.com/reader/full/internal-auditing-for-beginners 36/72
Governance, Risk
Management & Compliance
Reporting
• Issue a draft report
• Discuss draft report with unit
management
• Issue final report• Report is factual, clear, concise,
with an appropriate tone
8/12/2019 Internal Auditing for beginners
http://slidepdf.com/reader/full/internal-auditing-for-beginners 37/72
Governance, Risk
Management & Compliance
Module Three
Risk Management/Assessment
8/12/2019 Internal Auditing for beginners
http://slidepdf.com/reader/full/internal-auditing-for-beginners 38/72
Governance, Risk
Management & Compliance
A f thi b t Ri k
8/12/2019 Internal Auditing for beginners
http://slidepdf.com/reader/full/internal-auditing-for-beginners 39/72
Governance, Risk
Management & Compliance
A few things about Risk
• What is Risk?
– The effect of uncertainty on an
objective
– Could be positive or negative
A f thi b t Ri k
8/12/2019 Internal Auditing for beginners
http://slidepdf.com/reader/full/internal-auditing-for-beginners 40/72
Governance, Risk
Management & Compliance
A few things about Risk
• What is Risk Management?
– Coordinated activities to direct and
control an organisation with regard to
risk
Th Ri k M P
8/12/2019 Internal Auditing for beginners
http://slidepdf.com/reader/full/internal-auditing-for-beginners 41/72
Governance, Risk
Management & Compliance
The Risk Management Process
A f thi b t Ri k
8/12/2019 Internal Auditing for beginners
http://slidepdf.com/reader/full/internal-auditing-for-beginners 42/72
Governance, Risk
Management & Compliance
A few things about Risk
• What is Risk Management
Process? – Systematic application of management
policies, procedures and practices to
the activities of communicating,consulting, establishing the context,
and identifying, analyzing, evaluating,
treating, monitoring and reviewingrisk.
C t f Ri k A t
8/12/2019 Internal Auditing for beginners
http://slidepdf.com/reader/full/internal-auditing-for-beginners 43/72
Governance, Risk
Management & Compliance
Components of Risk Assessment
• Risk Identification
• Risk Analysis
• Risk Evaluation
2013 COSO Internal Control
8/12/2019 Internal Auditing for beginners
http://slidepdf.com/reader/full/internal-auditing-for-beginners 44/72
Governance, Risk
Management & Compliance
2013 COSO Internal Control
• Definition
• Pillars | Components | Standards
• Principles
The ORC Relationship
8/12/2019 Internal Auditing for beginners
http://slidepdf.com/reader/full/internal-auditing-for-beginners 45/72
Governance, RiskManagement & Compliance
The ORC Relationship
• Group Work
8/12/2019 Internal Auditing for beginners
http://slidepdf.com/reader/full/internal-auditing-for-beginners 46/72
Governance, RiskManagement & Compliance
Module Four
Audit Planning
Audit Planning
8/12/2019 Internal Auditing for beginners
http://slidepdf.com/reader/full/internal-auditing-for-beginners 47/72
Governance, RiskManagement & Compliance
Audit Planning
• Annual Audit Planning
• Components of the Audit Project
Plan
Annual Audit Planning
8/12/2019 Internal Auditing for beginners
http://slidepdf.com/reader/full/internal-auditing-for-beginners 48/72
Governance, RiskManagement & Compliance
Annual Audit Planning
• Risk Based Audit Planning
– Overview
Components of the Audit Project Plan
8/12/2019 Internal Auditing for beginners
http://slidepdf.com/reader/full/internal-auditing-for-beginners 49/72
Governance, RiskManagement & Compliance
Components of the Audit Project Plan
• Audit Objectives
• Audit Scope
• Audit Methodology
• Audit Program
• Audit Time Budget
•Audit milestone dates
Audit Objectives
8/12/2019 Internal Auditing for beginners
http://slidepdf.com/reader/full/internal-auditing-for-beginners 50/72
Governance, RiskManagement & Compliance
Audit Objectives
• General audit objectives
• Specific audit objectives
Audit Objectives
8/12/2019 Internal Auditing for beginners
http://slidepdf.com/reader/full/internal-auditing-for-beginners 51/72
Governance, RiskManagement & Compliance
Audit Objectives
• Select one functional area in
your organisation and formulatea general audit objective and the
appropriate specific objectives
for that function
8/12/2019 Internal Auditing for beginners
http://slidepdf.com/reader/full/internal-auditing-for-beginners 52/72
Governance, RiskManagement & Compliance
Module Five
Audit Programs
Audit Programs
8/12/2019 Internal Auditing for beginners
http://slidepdf.com/reader/full/internal-auditing-for-beginners 53/72
Governance, RiskManagement & Compliance
Audit Programs
• Components of the Audit
Program
• Audit Objectives and Lines of
Enquiry
Components of the Audit Program
8/12/2019 Internal Auditing for beginners
http://slidepdf.com/reader/full/internal-auditing-for-beginners 54/72
Governance, RiskManagement & Compliance
Components of the Audit Program
• the audit objective(s);
• the relevant line(s) of inquiry,
criteria, and audit questions;
• the information to be requestedfrom entities
• how the evidence will be
analyzed;
Example of Audit Program
8/12/2019 Internal Auditing for beginners
http://slidepdf.com/reader/full/internal-auditing-for-beginners 55/72
Governance, RiskManagement & Compliance
Example of Audit Program
• Cash at Bank and on Hand
– Cash and bank.doc
8/12/2019 Internal Auditing for beginners
http://slidepdf.com/reader/full/internal-auditing-for-beginners 56/72
Governance, RiskManagement & Compliance
Module Six
Process Documentation
Process Documentation
8/12/2019 Internal Auditing for beginners
http://slidepdf.com/reader/full/internal-auditing-for-beginners 57/72
Governance, RiskManagement & Compliance
Process Documentation
• Process Flow charts
• Tools for Process Mapping
• System Narratives
• Interviewing Skills
Process Flow charts
8/12/2019 Internal Auditing for beginners
http://slidepdf.com/reader/full/internal-auditing-for-beginners 58/72
Governance, RiskManagement & Compliance
Process Flow charts
• A Flowchart is a diagram that
uses graphic symbols to depictthe nature and flow of the steps
in a process
• This is very helpful in identifying
the risks embedded within the
process
Drawing a flow chart
8/12/2019 Internal Auditing for beginners
http://slidepdf.com/reader/full/internal-auditing-for-beginners 59/72
Governance, RiskManagement & Compliance
Drawing a flow chart
• Start with the big picture
• Observe the current process
• Record process steps
• Arrange the sequence of steps
• Draw the Flowchart
8/12/2019 Internal Auditing for beginners
http://slidepdf.com/reader/full/internal-auditing-for-beginners 60/72
Governance, RiskManagement & Compliance
Example – Washing of Hands
8/12/2019 Internal Auditing for beginners
http://slidepdf.com/reader/full/internal-auditing-for-beginners 61/72
Governance, RiskManagement & Compliance
Example Washing of Hands
8/12/2019 Internal Auditing for beginners
http://slidepdf.com/reader/full/internal-auditing-for-beginners 62/72
Governance, RiskManagement & Compliance
Module Seven
Audit Fieldwork
Audit Fieldwork
8/12/2019 Internal Auditing for beginners
http://slidepdf.com/reader/full/internal-auditing-for-beginners 63/72
Governance, RiskManagement & Compliance
Audit Fieldwork
• Testing Controls – design and
operating effectiveness
• Techniques for gathering audit
evidence• Working paper preparation
Testing Controls – design and
8/12/2019 Internal Auditing for beginners
http://slidepdf.com/reader/full/internal-auditing-for-beginners 64/72
Governance, RiskManagement & Compliance
Testing Controls – design and
operating effectiveness
• Group work.
• Design procurement (G1) and
recruitment and selection G2)
systems with requisite controls
for review by the audit team.
8/12/2019 Internal Auditing for beginners
http://slidepdf.com/reader/full/internal-auditing-for-beginners 65/72
Governance, RiskManagement & Compliance
Module Eight
Audit Reporting
Why write internal audit reports?
8/12/2019 Internal Auditing for beginners
http://slidepdf.com/reader/full/internal-auditing-for-beginners 66/72
Governance, RiskManagement & Compliance
Why write internal audit reports?
• Required by Standards.
• Inform- (Tell what auditorsfound)
• Persuade – (Convincemanagement of worth andvalidity of findings)
•
Get Results – (Movemanagement towards changeand improvement.)
Audit Reports
8/12/2019 Internal Auditing for beginners
http://slidepdf.com/reader/full/internal-auditing-for-beginners 67/72
Governance, RiskManagement & Compliance
Audit Reports
• From issues to findings
• The Five Cs
• Reporting Formats
• Other Reports
From issues to findings
8/12/2019 Internal Auditing for beginners
http://slidepdf.com/reader/full/internal-auditing-for-beginners 68/72
Governance, RiskManagement & Compliance
From issues to findings
• Findings are issues which are
fully developed to add value – Improve the current condition
The 5 Cs
8/12/2019 Internal Auditing for beginners
http://slidepdf.com/reader/full/internal-auditing-for-beginners 69/72
Governance, RiskManagement & Compliance
The 5 Cs
Criterion
Consequence
Corrective action
condition
Cause
In a nutshell
8/12/2019 Internal Auditing for beginners
http://slidepdf.com/reader/full/internal-auditing-for-beginners 70/72
Governance, RiskManagement & Compliance
In a nutshell
• What should be?
• What is?• Why the deviation from the “what
should be” occurred?
• What happened or could happenbecause the “what is” differed from
the “what should be”?
• What is needed to correct thecondition and improve operations?
Soft Skills
8/12/2019 Internal Auditing for beginners
http://slidepdf.com/reader/full/internal-auditing-for-beginners 71/72
Governance, RiskManagement & Compliance
Soft Skills
• Team work
• Communication
• Discussion with delegates – Importance of teamwork and
communication
– Improving teamwork and
comunication
The End
8/12/2019 Internal Auditing for beginners
http://slidepdf.com/reader/full/internal-auditing-for-beginners 72/72
The End
• Thank you for your time