Add to collection(s) Add to saved
  1. Business
  2. Management
  3. Project Management

Agenda 1. Introduction 2. The Role of Internal Audit

advertisement 
IABC
WELCOME
Entering the World of
Internal Audit
IABC
Corruption At a Glance
Global Financial Integrity (GFI)
Top 5 Countries
(Highest measured cumulative illicit financial outflow)
2000 to 2009:
USD 2.74 Trillion
USD 504 Billion
USD 380 Billion
USD 501 Billion
USD 350 Billion
New IA Survival Boot Camp
Surviving the first 60 days
Main Programme
•
Introduction
•
Internal Audit Profession
•
Internal Auditor Toolset
–
–
–
–
–
Internal Auditor’s Skills Requirement
Business Evaluation Techniques
Business Environment Awareness
Audit Program Design & Planning
Project Management
IABC
Introduction
Facilitator- Jerry Lee, FCCA, CPA, CIA, CRMA
A Practitioner in Internal Audit/ Risk Management/ Business Operations
Review:
• 15 years, 3 MNCs
• 450 business operational reviews over 120 locations (Asia Pacific,
SEA, Europe, etc.)
• Multiple Industries (Chemical, Pharmaceuticals, FMCG, Home
Appliances)
• Project Management (Business restructuring, re-engineering, SOX
404)
• Generated RMB 7 million savings for business projects
My Travel
IABC
Getting to know You
Introduction
• Name
• Year (s) in Internal Audit
• Company & Industry
• What is your objective?
IABC
Learning Objectives
• Understanding the challenges of being an Internal Auditor
• Understanding the perceptions & opinions on internal
auditors
• Equip you with a set of practical skill
IABC
Perception of the Auditor
• Follow the book, Bloodhound
• Stubborn
• Not Practical, Do not know the business
• Living in their own world
• No Comments ………….
IABC
Perception of the Auditor
How did the auditor cross the road?
He looked at the P- file and followed last
year’s working papers.
IABC
Is the Auditor that bad?
IABC
The Auditor - Bloodhound?
IABC
The Auditor-Stubborn Detective ?
It’s in there somewhere, I just know
it!!!
IABC
Who Audit the Auditor?
Mgt.
Employees
Anybody
Auditor
Audit
Committee
Auditee
IABC
Introduction to Internal Auditing
• IIA & IPPF
• Definition of Internal Auditing
• International Professional Practices Framework (IPPF)
– Code of ethics (Rules of conduct)
– Attribute Standard (Practice Advisory)
– Performance Standard (Practice Advisory)
IABC
Definition of Internal Auditing
Internal Auditing is an independent, objective assurance and
consulting activity to add value and improve an organization's
operations.
It helps an organization accomplish its objectives by bringing a
systematic, disciplined approach to evaluate and improve the
effectiveness of risk management, control and governance
processes.
IABC
International Professional Practices Framework (IPPF)
IPPF
1.
Organize the Institute of Internal Auditors (IIA) authoritative guidance
for ready access on a timely basis
2.
Structural blueprint of knowledge and guidance , facilitates consistent
development, interpretation, and application of concept, methodologies
and techniques
3.
Assist practitioners and stakeholders throughout the world in being
responsive to expanding markets for high quality internal auditing.
IABC
Code of Ethics
Principles that are relevant to the profession
and practices of internal Auditing.
Rules of Conduct describe the behavior norms
expected of internal Auditors.
IABC
Code of Ethics
Principles & Rules:
Integrity ….
Objectivity ….
Confidentiality….
Competency ….
IABC
Attribute & Performance Standards
Attribute Standards – Purpose, Authority & Responsibility
Practice advisory – 1000-1 to 1321-1
Performance Standards- Managing the Internal Audit Activity
Practice Advisory- 2000 to 2600
IABC
Our Existence- Value Add
IABC
Internal Audit Department Set up
• Department Structure
• Mission/ Charter Statement
• Audit Manual
• Reporting & Work Procedures
• Audit Committee
IABC
Audit Organization
CAE
Assistant
Area
Director
Manager
Senior Auditor
Auditor
Area
Director
Manager
Senior Auditor
Auditor
Area
Director
Manager
Senior Auditor
Auditor
Area
Director
Manager
Senior Auditor
Auditor
Area
Director
Manager
Senior Auditor
Auditor
2
3
IABC
Mission & Charter
• To perform independent objective assurance and
consulting activities designed to add value and improve
the company’s operations.
• To help the company to accomplish its objectives by
bringing a systematic, disciplined approach to evaluate
and improve the effectiveness of the governance,
internal control and risk management processes.
IABC
Mission & Charter
Internal Audit
Based on risk assessment input, plan & roll out the audit strategy to fulfill Board objectives
in Operational, Financial & Compliance audits.
Financial Diligence
Perform and coordinate financial due diligence activities in acquisition and divestment
situations.
Internal Control
Formulate action plans to improve governance, internal controls and risk management
processes, e.g. SOX Programme
Consulting
Perform consulting activities designed to improve the company’s operations.
IABC
Audit Manual
Planning
Execution
Completion
Operational Audit
Financial Audit
Risk Theme Audit
Special Projects
Scheduling
&
confirmation
26
Audit Visit
Letter
Audit work
Preparation
program
Audit Open
Meeting
Field
work
Audit Close
Meeting
Draft Audit
Report
Mgt.
Response
Finalize
Report
Post
Audit
Internal Audit
IABC
vs.
IA vs. EA
External
Audit
Internal Audit – Risk Management + Control Design
Impact + Financial Impact + Financial Standards
Compliance + Environmental Impact
External Audit- Materiality Level + Financial Standards
Compliance + Environmental Impact
IABC
IA vs. EA
Internal Audit
External Audit
• WP regulated by IIA
• WP regulated
• Mostly Regional focused
• Mostly Local focused
IABC
IA vs. EA
Internal Audit
• IIA, IPPF & COSO
Framework
External Audit
• FRS, GAAP, etc.
• Regulation (with exceptions)
• Need & Regulation (For
Listed)
• A set of Programs
• A set of Programs
• Financial Compliance
inclined
• Operations Inclined
• Detailed business
knowledge required
• Detailed business
knowledge limited to audit
IABC
Fieldwork
Internal Audit
• Sample (often judgmental)
External Audit
• Sample (follow a basis)
• Flowcharts
• Flowcharts
• Detailed business
knowledge limited to audit
• Weaknesses Focused
– Design
– Operating
• Recommendations &
Follow up
• Management Letter & Audit
Report
IABC
Fieldwork
Internal Audit
External Audit
• View- Complete Process
• View- Restricted
• Interaction Multiple Levels
• Interaction Restricted
• Assignments & Projects
• Assignments
• Often very challenging
situations
• Supported by law
IABC
Internal & External Auditors
Internal
• Financial related basic
Training
External
• Financial related basic
Training
• Financial & Business
Knowledge
• Financial & Business
(limited) knowledge
• Thought Process- Risk
• Thought processCompliance
IABC
IA Work Flow Process
• Planning Discussion & Audit Announcement
• On-Site Opening Meeting
• Field Work
• On-Site Closing Meeting
• Issue Draft Report
• Issue Final Report
• Follow up on audit report on pre-determined deadline
33
IABC
The Real Internal Auditor?
IABC
Internal Auditor’s Skill Requirement
Auditor’s Credo
• Integrity (honest, diligent & responsible)
• Objectivity (unbiased assessment)
• Confidentiality (protection of information)
• Competency (seek help if necessary)
• Consistency (Principle applications)
IABC
Internal Auditor’s Skill Requirement
Composure Mechanism
1. Be open to constructive criticism
2. Engage only after you have taken a step back, do not react
immediately
3. Never get personal
4. Deal with the emotion not the person
5. Argue on fact, never “ass-u-me”
6. Maintain a cool composure under fire
IABC
Internal Auditor’s Skill Requirement
Profession Skill
1. Interviewing Techniques
2. Presentation skills
3. Body Language Observations
4. Report Writing
5. Closing Meeting Etiquette
IABC
Operation Evaluation Technique
Evaluating the business- Eagle Technique
• Relate the sub-sections to the whole
• Read about the business and its recent development
• Review information collected during discussion
• Retain Objective in sight
IABC
Operation Evaluation Technique
Evaluating Controls - Path Finder Technique
• What can go wrong ?
• Where can I find it ?
• Who is doing it ?
• When can it happen ?
• Why did it happen ?
• How to prevent ?
IABC
Operation Evaluation Technique
• Operations
• Processes
• Procedures
Risk Management
What Can Go Wrong !!!
IABC
Operation Evaluation Technique
Operations
Risk Management
What Can Go Wrong
Procedures
Processes
IABC
Operation Evaluation Technique
Weakness/ Risk
• Design Control Weakness
– Inadequate knowledge
• Operating Control Weakness
– Over-ride or errors not detected
• Inherent/ Environment
– Countries with weak regulations
– Excessive Manual workaround
– Segregation of Duties (Lean operations)
IABC
Operation Evaluation Technique
Quantifiable cost of weak controls or
the lack of it:
RMB 5 Million…….
Not Quantifiable…..????
43
IABC
Operation Evaluation Technique
Factors to consider when assessing the severity of an issue.
• Design Control Weakness
• Operating Control Weakness
• Inherent Weakness
IABC
Operation Evaluation Technique
4R methodology of good controls
• Robust controls (design & operating) & review
• Regular review on processes & procedures
• Revise Delegation of Authority in line with changes
• Who is authorized to sign
• What is the amount authorized
• What are the types
• Regulate granting of system access rights
IABC
Playtime
IABC
Be The Auditor
Task:
1. Complete this fact finding issue with a recommendation for
a closing meeting conducted at the end of an audit week.
2. Construct a short paragraph to be included as part of the
Executive Summary:
1. Title (representing the issue)
2. Problem
3. Impact
4. Management actions (presume management has
agreed)
3. From your group, role play and present the issue in a closing
meeting scenario
IABC
Business Environment Awareness
IABC
Business Environment Awareness
Before Getting There
1. Flight - Timing
2. Hotel - Distance
3. Living Environment – Duration, Comfort
4. Transport & Traffic – Distance
5. Audit Preparation- Work Review
IABC
Business Environment Awareness
1. The People
1.
2.
3.
4.
General Manager
Financial Controller
Finance Manager
The Office
2. The Culture
1.
2.
3.
4.
SEA
Asia Pacific
European
Americas
3. The Country
IABC
Business Environment Awareness
Auditing & Fraud
PA 1220-1 Due Professional Care
Internal auditors must apply care and skills expected of
a reasonably prudent and competent internal
auditor……. Exercising due professional care involves
being alert to the possibility of fraud…………
IABC
Business Environment Awareness
What is the average percentage of revenues of
reported losses through fraud?
6%
IABC
Business Environment Awareness
Corporate Fraud
• Criminals have become multinational
• Technology changes the way criminals operates
• Companies are easy targets
• Less risky than an armed bank robbery
IABC
Business Environment Awareness
IABC
Business Environment Awareness
Broad Classification
1.
Employee Fraud
2. Management Fraud
3.
55
Third Party Fraud (against company)
IABC
Business Environment Awareness
Theft of any company property through deception or abuse of power
Destruction or removal of records
Falsifying expense claims
Use of company assets for personal use
Personal gain through conflicts of interest
Forgery or alteration of any document
Acceptance of inappropriate gifts and entertaining
Personal gain through use of confidential or inside information
Disclosing confidential information to outside parties without authority
56
IABC
Business Environment Awareness
How fraud starts for “Normal Employee”
• Motivated
• Can see an opportunity
• Do not expect to get caught
57
IABC
Defence Against Non-Compliance
Detecting fraud is not easy, But neither is it
Finding a needle in a the Ocean.
IABC
Handling the Fraud
4 Aspects to Examine
1. Intention
2. Methodology
3. Person Involved/ Responsible
4. Quantifying & Qualifying the Impact
(Financial & Non-Financial)
IABC
Business Environment Awareness
Tone at the top
1. Code of Ethics
2. Policy on countering bribe and corruption
3. Conflict of interest policy
4. Insider policy
5. Antitrust & Anti Fraud Policy
60
IABC
Business Environment Awareness
3 Line- Defence Framework
1. Create a culture of honesty and ethics
2. Establish Anti- Fraud Processes & Controls
3. Develop an Appropriate Oversight Process
How makes a good fraud handling Process
1.
61
Consistent, Transparent, Professional
IABC
Audit Program Design & Planning
62
IABC
Audit Program Design & Planning
Planning Process
– Set Audit Scope & Identify Risks
– Detailed Discussion with Business Sub Process Owners to obtain
information
– Where necessary, perform research for extra resources to enhance
other operational aspects in the program
– Audit team members brainstorm and share ideas
63
IABC
Audit Program Design & Planning
Program Design Process
• Build Overall audit program framework by applying the business
information
• Where necessary, draw Process Map as a visual guideline and later for use
in the field as a check point for audit team.
• Add other desired audit controls
 Access Rights Review
 Item Master Control
 Log reports Requirement
• Build detailed audit steps, tests & procedures keeping overall flows in
mind
64
IABC
Audit Program Design & Planning
Final Design Step
– Go through audit program again with audit team & challenge its logic,
controls & flow to ensure risks identified & scope set are covered.
– Final Review with Audit team/ Manager/Director to ensure audit
program has been properly designed to:
• Provide an adequate assessment on the design of controls in the
processes
• Provide overall view & covers risks identified
• Detailed audit steps, procedure and tests are workable
65
PTP Cycle
IABC
Q&A
67
Related documents
IABC London Award This $500 award was established by IABC
IABC London Award This $500 award was established by IABC
Taking the Wheel - Jim Shaffer Group
Taking the Wheel - Jim Shaffer Group
Evolution of an Automated Internal Audit Management System
Evolution of an Automated Internal Audit Management System
Marketing Plan Rubric
Marketing Plan Rubric
As the 2nd largest business support solutions (BSS) provider, CSG
As the 2nd largest business support solutions (BSS) provider, CSG
Case
Case
Internal Auditor Job Description
Internal Auditor Job Description
Download
advertisement