1 / 28

Maximizing Internal Audit Effectiveness: Following Up on Audit Reports in Non-Financial Corporates

This article discusses best practices for following up on internal audit reports in non-financial corporates, including executive summaries, timely reporting, grading of reports, and agreed action plans. It emphasizes the importance of a constructive and teamwork approach in internal audit, as well as the responsibilities of auditees in implementing recommendations.

maritzaw
Download Presentation

Maximizing Internal Audit Effectiveness: Following Up on Audit Reports in Non-Financial Corporates

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Following Up on Internal Audit Reports(non-financial corporates) by Ingrid Azzopardi/Eugenio Privitelli

  2. INTERNAL AUDIT TOOLS • Executive summaries • Use of presentations • Identify and communicate best practice • Timely reporting • Grading of audit reports • Agree findings and action plan with auditee • Follow up on recommendations Practice Advisory 2500 - Ingrid Azzopardi/Eugenio Privitelli

  3. INTERNAL AUDIT APPROACH • Constructive Appraisals: - Blanket criticism is not seen to have a role within IA. The long-term objective is to support management as far as possible by taking a reasonable view of their efforts and any constraints that they might face. • Teamwork Approach: - The IA and management function as a team. This approach brings audit closer to a consultancy role.

  4. The Group’s Internal Audit Charter states that Follow-ups will be conducted after a period from the date of the audit report which will vary according to the requirements of each particular audit. Follow-up to determine the stage reached in the implementation of the recommendations. management is responsible for deciding the appropriate action to be taken in response to reported audit findings. Internal Audit is responsible for assessing the management action and the timely resolution of the matters reported as audit findings. Depending on the degree of recommendations implemented, Internal Auditor will decide whether or not another follow-up is warranted.

  5. Audit Reporting • Draft report comprising the audit conclusions is discussed with the Auditee during the exit meeting. • Auditee is invited to comment on the recommendations made and to give dates by when same recommendations will be implemented. • Both the Auditee and the Chief Officer responsible for the audited area need to sign off the report.

  6. Audit Reporting

  7. Sample Reporting

  8. Sample Reporting

  9. Sample Reporting – Response Date

  10. Audit Follow-Ups • Carried out to determine the stage reached in the implementation of the recommendations after a period from the date of the audit report. • Audit will assess the action taken by management to implement the recommendations contained in the audit report. • Once Follow-up is conducted, depending on the degree of recommendations implemented, a decision is taken by Audit on whether or not another follow-up is warranted.

  11. Auditee’s Responsibilities • In keeping with the commitment of the Group to optimize the benefits of Internal Audit, the following policy will apply: • Managers in whose area of responsibilities shortcomings are revealed, are fully responsible to ensure that prompt corrective action is taken. • Commitment to such corrective action will be included in the final audit reports so that the CEO and the Audit Committee can assess the adequacy of the corrective action taken or planned.

  12. Sample Reporting – Auditee Response

  13. Discussion of Recommendations • Should any shortcomings or observations come to light during the Audit Fieldwork immediate action is taken by the Auditor to draw the attention of the Auditee and to try and work out a better way of enhancing the controls in the area, or for coming up with recommendations to enhance the efficiency and effectiveness in the audited area. • The element of surprise is eliminated • Auditee is kept aware of the findings as the Audit proceeds • Discussions are entered into to come up with the best recommendations to address the particular situations. • Recommendations brought up by the Auditees themselves stand a better chance of getting implemented timely as the Auditees will own those recommendations.

  14. At the Exit Meeting • Report discussed with the Auditee and his superior. • Recommendations need to be assigned an owner, and the latter needs to give his comments in relation to that recommendation. • Auditee will also need to confirm if he agrees or not with that recommendation and if in the affirmative he needs to give a date by when that recommendation will be implemented. • Depending on the committed implementation dates by the Auditee, the follow-up date is determined, but this is usually after six months.

  15. Recommendations • Ratings of Recommendations: • Minor • Medium • Major • All recommendations are followed up at the time of the follow-up however • In the case of major recommendations, these are considered as Key recommendations and are followed up on a monthly basis and reported upon, at the same frequency, to the Audit Committee.

  16. Follow-Ups At the First Follow-up all recommendations which had been agreed upon at the Exit Meeting are followed up and checked to determine the stage reached in their implementation. Various types of testing may be performed to verify implementation. This depends on the recommendation itself. Auditee may be required to provide evidence to prove implementation of recommendation by showing documentation leading to the implementation of the recommendation. At times IT systems may need to be used to determine implementation and at other times data analytics. The important thing is that the Auditor is convinced through the audit evidence available that the recommendation has been implemented. It may however be the case that some of the recommendations are not found implemented. These may be found to be partially implemented, being addressed or not implemented at all. In other instances it may be the case that the Auditee has decided otherwise on a recommendation and may no longer agree with its implementation, in which case the Auditee will need to provide the necessary arguments which need to be documented in the Follow-up report to be issued.

  17. Additional Follow-Ups • Why? • Who Decides? • When? • Is there a need to re-assess recommendations found implemented in previous follow-ups? • How many Follow-ups are required? • What if a key recommendation remains pending?

  18. Following Up on Internal Audit Reports(Banks) by Anna Camilleri/Jackie Aquilina

  19. Integrated internal audit management tool that enables: • The conversion of audit reports into audit findings and management action plans for tracking • Automated tracking of due actions through the sending of reminders (emails) to management and internal audit • Status of action at periodical intervals is recorded by management • Allows for the upload of information and documentation supporting the implementation of corrective action taken • Action status is tracked – open, closed by management, closed by audit etc. • Facilitates the generation of status reports for tracking purposes

  20. Following Up on Internal Audit Reports(INTERNAL AUDIT & INVESTIGATIONS DEPARTMENT (IAID) ) by Kenneth A. Farrugia

  21. Chapter 461 – Laws of MaltaInternal Audit & Financial Investigations Act Article14(1): The Director shall, as soon as may be, after concluding a financial investigation or an internal audit, transmit a report thereof to the Permanent Secretary under whose supervision the auditee falls. The Director may also transmit a copy of such report to the auditee. Article 14(2): Within one month of receipt of such report, the Permanent Secretary shall give such instructions to the auditee as may be necessary to remedy any shortcomings, and shall inform the Director accordingly.

  22. Chapter 461 – Laws of MaltaInternal Audit & Financial Investigations Act Article15: The Director shall conduct such follow-up reviews as may be necessary after an internal audit and financial investigation.

  23. Chapter 461 – Laws of MaltaInternal Audit & Financial Investigations Act Follow up reviews are included in the Yearly Internal Audit Plans. The plans are approved by the Internal Audit & Investigations Board. Follow up reviews are carried out in order to determine the extent to which recommendations put forward in audit reports were implemented by Management. The Follow up review report will highlight actions not implemented and any other observations noticed during the follow up review.

  24. Chapter 461 – Laws of MaltaInternal Audit & Financial Investigations Act As from Year 2016, the Internal Audit & Investigations Department (IAID) commenced to conduct a follow up review on all recommendations emanating from the NAO Annual Report – Public Accounts. The Internal Audit & Investigations Board approved that such follow up review is conducted on an annual basis. https://opm.gov.mt/en/PublicService/Documents/Action%20on%20the%20NAOs%20Annual%20Report%202014.pdf

  25. Thank You

More Related