1 / 14

Internal Audit

Internal Audit . It’s Time to Talk About Risk and Control. Demands/Expectations of Internal Audit’s Stakeholders Have Changed. The Audit Committee and Board: Execution of a comprehensive “risk based audit plan” Expertise and assurance on risks and controls

lafayette
Download Presentation

Internal Audit

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Internal Audit It’s Time to Talk About Risk and Control

  2. Demands/Expectations of Internal Audit’s Stakeholders Have Changed The Audit Committee and Board: Execution of a comprehensive “risk based audit plan” Expertise and assurance on risks and controls Assistance in executing governance responsibilities Resident “eyes and ears” within the enterprise A “trusted advisor” • Management: • Expertise and assurance on internal controls • Insight, advice, and assurance on enterprise risks • Timely and relevant information to facilitate risk management and business decisions • Additional financial related coverage The Audit Committee and Board: Execution of a comprehensive “risk based audit plan” Expertise and assurance on risks and controls Assistance in executing governance responsibilities Resident “eyes and ears” within the enterprise A “trusted advisor” External Auditors: Insight into the adequacy of financial controls Execution of a “risk-based audit plan” addressing financial risks – including relevant IT controls

  3. Demands/Expectations of Internal Audit’s Stakeholders Have Changed The Audit Committee and Board: Execution of a comprehensive “risk based audit plan” Expertise and assurance on risks and controls Assistance in executing governance responsibilities Resident “eyes and ears” within the enterprise A “trusted advisor” • Management: • Expertise and assurance on internal controls • Insight, advice, and assurance on enterprise risks • Timely and relevant information to facilitate risk management and business decisions • Additional financial related coverage External Auditors: Insight into the adequacy of financial controls Execution of a “risk-based audit plan” addressing financial risks – including relevant IT controls

  4. Demands/Expectations of Internal Audit’s Stakeholders Have Changed The Audit Committee and Board: Execution of a comprehensive “risk based audit plan” Expertise and assurance on risks and controls Assistance in executing governance responsibilities Resident “eyes and ears” within the enterprise A “trusted advisor” • Management: • Expertise and assurance on internal controls • Insight, advice, and assurance on enterprise risks • Timely and relevant information to facilitate risk management and business decisions • Additional financial related coverage External Auditors: Insight into the adequacy of financial controls Execution of a “risk-based audit plan” addressing financial risks – including relevant IT controls External Auditors: Insight into the adequacy of financial controls Execution of a “risk-based audit plan” addressing financial risks – including relevant IT controls

  5. Attributes of High Performing Internal Audit Functions: “The Top 10” • Prominent Stature of Internal Audit Within the Organization • A Formal Strategic Plan for Internal Audit • Continuous Communications with Key Stakeholders • An HR Strategy Focused on Stakeholder and Enterprise Needs • A Risk Assessment Process that Produces Current Risk Profiles • Integrated IT Audit Coverage as a Component of an Overall IT Audit Strategy • Integration of Technology Solutions Into Multiple Aspects of Internal Audit Operations • A Knowledge Management Strategy • A Comprehensive Quality Assurance and Improvement Program • Performance Measures Linked to Strategic Goals

  6. Governance • Internal auditing provides assurance to management and the audit committee that risks are understood and managed properly.

  7. Internal Auditing’s Role in ERM © The Institute of Internal Auditors at guidance@theiia.org

  8. Risk Management • Internal auditors identify all auditable activities and relevant risk factors, and assess their significance. • Investigating • Evaluating • Identifying potential trouble spots • Communicating • Anticipating emerging issues • Identifying opportunities

  9. Internal Auditors’ Roles • • Risk management, control, & governance processes • Financial analysts • Risk evaluators • Improving operations • Supplying analyses, suggestions, & recommendations • Adding Value

  10. A Risk Assessment Process that Produces Current Risk Profiles • Beyond an annual risk assessment process – risk assessment should have a continuous component • Continuous risk assessment process is formalized within internal audit and aligned with business units • Risk assessments are transparent and interactive – involving senior management, external auditors, and the audit committee • Emerging risks are identified and addressed through flexible internal audit coverage

  11. Essential Services • Internal auditing reviews the reliability and integrity of information, compliance with policies and regulations, the safeguarding of assets, the economical and efficient use of resources, and established operational goals and objectives. Internal audits encompass financial activities and operations including systems, production, engineering, marketing, and human resources. Can you afford to be without it?

  12. IPPF – Standards Mandatory Guidance 2120-Risk Management The internal audit activity must evaluate the effectiveness and contribute to the improvement of risk management processes. Interpretation: Determining whether risk management processes are effective is a judgment resulting from the internal auditor's assessment that: Organizational objectives support and align with the organization's mission; Significant risks are identified and assessed; Appropriate risk responses are selected that align risks with the organization's risk appetite; and Relevant risk information is captured and communicated in a timely manner across the organization, enabling staff, management, and the board to carry out their responsibilities. The internal audit activity may gather the information to support this assessment during multiple engagements. The results of these engagements, when viewed together, provide an understanding of the organization’s risk management processes and their effectiveness. Risk management processes are monitored through ongoing management activities, separate evaluations, or both.

  13. Outsourced Internal Audit

  14. VACO Can Help You For additional information, please contact Heriot Prentice Director, Governance Risk and Compliance Vaco Orlando, LLC 485 N. Keller Road, Suite 451 Maitland, FL 32751 www.vaco.com (407) 712-7878 Office hprentice@vaco.com

More Related