What’s Next For Internal Audit
This presentation is the property of its rightful owner.
Sponsored Links
1 / 23

What’s Next For Internal Audit … lesson’s learned from the economic crisis and the challenges that lie ahead… PowerPoint PPT Presentation


  • 68 Views
  • Uploaded on
  • Presentation posted in: General

What’s Next For Internal Audit … lesson’s learned from the economic crisis and the challenges that lie ahead…. Richard Chambers, CIA, CGAP, CCSA President and Chief Executive Officer The Institute of Internal Auditors [email protected] Topics.

Download Presentation

What’s Next For Internal Audit … lesson’s learned from the economic crisis and the challenges that lie ahead…

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


What s next for internal audit lesson s learned from the economic crisis and the challenges that lie ahead

What’s Next For Internal Audit…lesson’s learned from the economic crisis and the challenges that lie ahead…

Richard Chambers, CIA, CGAP, CCSA

President and Chief Executive Officer

The Institute of Internal Auditors

[email protected]


Topics

Topics

  • A decade in retrospect…evolving into the new definition

  • Impact of the current economic crisis on internal audit

  • 10 key challenges facing internal auditors in the year ahead

  • Beyond the current crisis: planning strategically for the long term

  • Final Thoughts


What s next for internal audit lesson s learned from the economic crisis and the challenges that lie ahead

A Decade of Dynamic Change

2009

1999

INTERNAL AUDIT REDEFINED

Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations.  It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.

Enhanced proficiency in assessing controls were byproduct of SOX

CONTROLS

Internal audit’s proficiency in assessing risks has increased dramatically

RISK

Internal audit’s role in corporate governance is still evolving

GOVERNANCE


Impact of the economic crisis on internal audit

Impact of the Economic Crisis on Internal Audit


What s next for internal audit lesson s learned from the economic crisis and the challenges that lie ahead

Lessons Learned from the Current Crisis:

Impact on Our Companies

  • 87% of respondents report that their companies have been negatively impacted

  • 45% report moderate or worse impacts (55% of F100 respondents)

  • 4% indicate that impacts threaten the future of their companies


What s next for internal audit lesson s learned from the economic crisis and the challenges that lie ahead

Lessons Learned from the Current Crisis:

Impact on Our Internal Audit Budgets

All Respondents

  • 2008 and 2009 have witnessed little overall growth and notable reductions in some internal audit functions

  • 2010 promises little relief

    • Projections are it will reflect the lowest instance of growth since pre-SOX

    • Almost 20 percent of all respondents and 17% of F1000 project outright declines next year.

Fortune 1000


Key challenges for internal audit in the year ahead

Key Challenges for Internal Audit in the Year Ahead


10 key challenges in the year ahead

10 Key Challenges In The Year Ahead

  • Aligning internal audit coverage to meet new expectations

  • Realigning skills to address new requirements

  • Addressing internal audit’s role in assessing risk management

  • Leveraging technology to achieve greater efficiencies

  • Coping with diminished resources

  • Demonstrating value and adding to the bottom line

  • Maintaining stature with the audit committee

  • Developing a continuous focus on risks

  • Maintaining a focus to prevent and detect fraud

  • Implementing new IPPF


Aligning internal audit coverage to meet new expectations

Aligning Internal Audit Coverage To Meet New Expectations

Areas of Increased Coverage

Implications for Internal Audit

  • Shift in internal audit focus has been swift and dramatic.

  • Following years of intense focus on SOX financial controls – coverage is shifting to:

    • Operational risks

    • Compliance risks

    • Cost/expense reduction or containment

    • Supplier or counterparty risks


Realigning skills to address new requirements

Realigning Skills To Address New Requirements

Implications and Strategies

The Challenge

  • Acquisition of new skills is underway – operational audit courses are very popular

  • Rotational staffing models are gaining popularity as swift way to infuse knowledge of business into internal audit

  • Alternative staffing strategies are also gaining traction

  • Shifting coverage requires different skills:

    • Knowledge of the business/operations

    • Better understanding of risk management

    • Deeper understanding of specialized risks

  • CAEs have also identified new priorities:

    • Data mining & analysis

    • Risk assessment

    • Information technology

    • Risk management

    • Fraud detection


Addressing internal audit s role in assessing risk management

Addressing Internal Audit’s Role In Assessing Risk Management

Strategies for Success

The Challenge

  • 76% currently prepare an organization wide risk assessment

  • 59% report risk management is informal but evolving

  • 55% report risk management will be a higher priority during the coming year

  • 79% informally provides consulting and advice on risk management practices

  • 46% provide independent assurance on risk management

  • Only 27% provide assurance through written audit reports over the risk management process

  • 34% report there is a perception that assessing risk management is beyond the scope of internal audit

  • Provide assurance to executives and board on:

    • Risk management processes, both design and effectiveness

    • Management of key risks, including the effectiveness of controls and mitigation

    • Reliable and appropriate assessment and reporting of risks

  • Provide consulting assistance:

    • Share tools and techniques used to analyze risks and controls

    • Be a catalyst to introduce ERM

    • Provide advice, facilitate workshops, coach on risk, control and a common language, framework and understanding;

    • Act as the central point for coordinating, monitoring and reporting on risks

    • Support management in identifying ways to mitigate risk

IIA Position Paper “The Role of Internal Audit in Enterprise-wide Risk Management,” reissued January 2009


Leveraging technology to achieve greater efficiencies

Leveraging Technology To Achieve Greater Efficiencies

Internal Auditing’s Role

The Challenge

  • 2010 will mark the third consecutive year in which internal audit functions report marked decreases.

  • Capacity is declining, but expectations are not.

  • High performing internal audit functions leverage technology as a “capacity multiplier”

  • Integrated internal audit infrastructure software

    • Integrate work papers, risk assessments, reporting, issues tracking

    • Automate administrative activities and monitoring

  • Data retrieval/testing software

    • Automate testing

    • Require as a core competency skill for staff

    • Run testing routines outside audits

  • Data mining/analysis software

    • Predictive analysis and modeling

  • Knowledge tools and databases

    • “Best practices” to share with management

    • Business process benchmarking tools


Coping with diminished resources

Coping With Diminished Resources

The Challenge

Strategies for Success

  • Take a “holistic” look at your department: don’t “salami slice”

  • Take a hard look at:

    • Structure and processes

    • Procedures – particularly use of technology

  • Take an innovative approach to professional development and other HR practices

  • Consult with your stakeholders – where do they get value?

  • Update your risk assessment before making staffing reductions

  • Communicate the plan and impact to the Audit Committee before implementation

  • Above all - maintain a risk-based focus


Demonstrating value and adding to the bottom line

Demonstrating Value And Adding To The Bottom Line

Potential “Low Hanging Fruit”

The Challenge

  • Pressures on the “bottom line” have never been greater

  • Management is looking to internal audit to identify fraud, waste, and inefficiency

  • 49 percent of respondents report an increase in cost containment and expense reductions during the past year

  • 45 percent expect further increases in 2010

  • The challenge for internal audit is to swiftly identify actionable opportunities to enhance the bottom line

  • This presents an opportunity to demonstrate value

  • Organization control structure/span of control

  • Contract administration

  • Construction and capital projects

  • Outsourcing agreements

  • Sales Commissions

  • Vendor payments and contract compliance, including duplicate payments

  • Overtime payments

  • Revenue assurance

  • IT infrastructure spend

  • Additional streamlining of SOX compliance


Maintaining stature with the audit committee

Maintaining Stature With The Audit Committee

Strategies for Success

The Challenge

  • Stature with audit committees has been enhanced in the past decade

  • Audit committees have been keenly focused on financial controls

  • Internal audit’s shifting focus creates a threat that some audit committees will lose interest

  • Ensure the audit committee drives or embraces a broader focus on risks

  • Involve the audit committee in discussions on risk assessment results and changes to internal audit’s coverage

  • Ensure internal audit’s charter aligns with potential coverage

  • Reinforce the strong value that a comprehensive risk based approach to internal audit coverage will bring


Developing a continuous focus on risks

Developing A Continuous Focus On Risks

Strategies for Success

The Challenge

  • Audit committees are looking for no surprises

  • Risks are evolving dynamically

  • Annual risk assessments are no longer adequate for many industries/companies

  • An increasing number of internal audit functions are assessing risks more frequently

  • Beyond an annual risk assessment process – risk assessment should have a continuous component

  • Continuous risk assessment process is formalized within internal audit and aligned with business units

  • Risk assessments are transparent and interactive – involving senior management, external auditors, and the audit committee

  • Emerging risks are identified and addressed through flexible internal audit coverage


Maintaining a focus to prevent and detect fraud

Maintaining A Focus To Prevent And Detect Fraud

Strategies for Success

The Challenge

  • Current economic environment increases fraud risks by:

    • Employees experiencing personal financial duress

    • Executives seeking to manage/meet earnings expectations

    • Third party vendors also under financial stress

  • Reductions in internal audit budgets and internal controls in general increase fraud risks

  • Fraud risk identification & response

  • Fraud consideration in each audit

  • Fraud investigations

  • Hotline operations/support

  • Support education & training

  • Help “Officer” – Program

  • Help establish Corporate Compliance Program


Implementing new ippf

Implementing New IPPF

An Overview of the IPPF

  • IIA released new changes to the International Professional Practices Framework (IPPF), effective January 2009

  • Overview of changes

    • ‘Should’ replaced with ‘must’

    • Interpretations added to selectedStandards

    • Changes to some language

    • Six new Standards

  • Recent Practice Guides and Advisories

    • Auditing IT Projects (03/09)

    • Auditing External BusinessRelationships (05/09)

    • Formulating and Expressing InternalAudit Opinions (04/09)

    • Managing the Risk of the Internal Audit Activity (04/09)


Beyond the current crisis planning strategically for the long term

Beyond the Current Crisis: Planning Strategically for the Long Term


Planning strategically

Planning Strategically

The Mandate

Key Objectives

  • Internal auditing is a dynamic and evolving profession

  • A “high performing” internal audit function in 1999 would be average in 2009

  • The “curve” is constantly shifting

  • Staying on the leading edge requires a strategic view of the future

  • To position internal audit for success in a dynamic uncertain environment

  • To stimulate creative thinking about the future

  • To turn around or stimulate performance

  • To align internal audit with the strategic thinking of the enterprise


Strategic considerations

Strategic Considerations

  • Who are internal audit’s stakeholders?

  • What their current needs and expectations?

  • How are those expectations likely to evolve over 3-5 years?

  • What is the strategic outlook for the enterprise?

  • How are enterprise risks likely to evolve?

  • What key capabilities or disciplines will internal audit need to possess?

  • How will they be obtained?

  • What is the vision for internal audit?

  • What are the key strategic objectives necessary to achieve the vision.

  • How will progress be measured?


The strategic evolution of internal audit the line of sight

A Parting Thought

The Strategic Evolution of Internal Audit: The “Line of Sight”

Hindsight

Foresight

Insight


What s next for internal audit lesson s learned from the economic crisis and the challenges that lie ahead

Richard Chambers, CIA, CGAP, CCSA

President and Chief Executive Officer

The Institute of Internal Auditors

[email protected]


  • Login