1 / 29

Developing a Successful Integrated Audit Approach September 14, 2010

Developing a Successful Integrated Audit Approach September 14, 2010. Topics. Introduction and Perspectives An Integrated Audit Methodology. Developing a Successful Integrated Audit Approach. Introduction and perspectives. Defining Integrated Auditing.

vesna
Download Presentation

Developing a Successful Integrated Audit Approach September 14, 2010

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Developing a Successful Integrated Audit ApproachSeptember 14, 2010

  2. Topics • Introduction and Perspectives • An Integrated Audit Methodology

  3. Developing a Successful Integrated Audit Approach Introduction and perspectives

  4. Defining Integrated Auditing • An audit approach that takes into consideration key areas of risk regardless of type, such as: • Operations • Finance and accounting, including fraud • Information technology and security • Regulatory/compliance • Other, tailored to the business

  5. Benefits • Audit efficiencies • Comprehensive view of an auditable entity • Consolidated report covering key areas – fewer audits per entity • Enhanced stakeholder perceptions of audit coverage • Improved auditor morale • Accelerated auditor talent • Focused leverage of business knowledge and collaboration across the audit team

  6. Challenges • People • Expanding auditor skill sets to cover all areas while retaining benefits of subject matter expertise • Helping auditors with different skills communicate and find better ways to work together • Ensuring coverage is “just right” • Broad enough to cover the key risk areas • Deep enough where necessary • Organized sufficiently to avoid “spin-off” audits

  7. Prerequisites to an Integrated Approach • Perspective • Management: operational understanding • Auditor: process, risk and controls • Core audit skills – the raw materials translate easily! • Understand/document any process • Recognize risk where it exists • Translate across multiple disciplines • IIA body of knowledge • CIA’s are well positioned to help drive an integrated approach

  8. Critical Success Factors • Solid enterprise-level and engagement-level risk assessment processes • Scope • Top-down, bottom-up, aligned with the business • Includes • Material financial exposure • Possible reputational harm • Emerging risks and changes • Management’s operational concerns • Helps us say “yes, we looked at that”

  9. Developing a Successful Integrated Audit Approach An Integrated audit methodology

  10. Integrated Audit Methodology(ies!) • There are diverse schools of thought, methodologies, and approaches to integrated auditing – why so many? • Diversity in business – a desire for a tailored approach and a search for the “one best way” • Variability in what one believes should be integrated – people, process, technology or parts thereof • Differences in viewpoint taken: auditor or management • Inherent need for subject matter expertise • Timing and logistics for getting audits done

  11. Integrated Auditing

  12. Integrating People • Ensure the integrated audit team is working together – not just sitting in the same room • Offer tools to help • Formally documented methodology • A layered, multi-disciplined perspective with a common language • Recognize auditor common ground • Risk, control, and process orientation • Control assertions

  13. Integrating Process Occurrence Authorization All Reconciliation Authorization Input Output $ Database System Occurrence Completeness Accuracy Recording Confidentiality Availability Integrity Custody Other Areas to Overlay: Operational efficiencies, including technology aspects Regulatory/compliance considerations Fraud risk considerations

  14. Aligning Control Assertions Financial Auditors: • Financial statement assertions on transactions • Occurrence • Completeness • Accuracy • Authorization • Cutoff • Classification IT Auditors: • Information security components • Confidentiality • Availability • Integrity

  15. Integrating People and Process • Training for everyone • Get everyone talking and involved in planning/risk assessment • Drive efficiencies • Map in-scope risks to key controls in common across all areas • Drive efficiencies with audit coverage (SOX, SAS 70) • During fieldwork • Assign testing based on expertise • Establish periodic checkpoints within the team and an end-to-end quality review process

  16. Subject Matter Experts Question: When is the right time to get subject matter experts involved? • During fieldwork when the team gets in a bind • During the report writing phase when a question leads to an area that should have been looked at more closely • Engagement-level planning and risk assessment

  17. Developing a Successful Integrated Audit Approach Integrating the audit approach and risk assessment

  18. Risk Assessment Enterprise-Level Risk Assessment • Process to determine the audit plan Integrated Audit Considerations Engagement-Level Risk Assessment • Process to determine the scope of a specific audit Integrated Audit Considerations Integrated Audit Considerations

  19. Enterprise-Level Risk Assessment Best Practice: Align coverage with corporate strategy Best Practice Enterprise-Level Risk Assessment

  20. Identify the Audit Universe • Auditable Entity: • A discrete unit or process • Horizontal coverage is more efficient • Level of aggregation is key Layers Where Controls Reside:

  21. Assess Risk Top-Down

  22. Assess Risk – Bottom Up • Traditional Quantitative Approach

  23. Assess Risk – Bottom Up • Qualitative Map to ERM

  24. Prioritize Audit Plan

  25. Engagement Level Risk Assessment • Aggregation of cumulative knowledge about the entity • Integrated view • Links to ERM • Don’t forget consideration of fraud risk I=Inherent Risk: Risk before consideration of controls. R=Residual Risk: Risk after consideration of controls, e.g. prior audit results and remediation or other issues identified.

  26. Source: The ACFE’s 2010 Report on Fraud to the Nations

  27. Takeaways • Ground integrated auditing in solid risk assessment from the beginning • Resolve the auditor SME communication barrier once and for all • Expect efficiencies • Leverage existing core auditor skills as place to start • Align with operations to drive the most value

  28. Developing a Successful Integrated Audit Approach Questions?

  29. Contact Information • Kim Furlin • 904 357 1611 • kim.furlin@fisglobal.com

More Related