[Music]
[Music]
[Music]
so are you worried about
what
and how to report to the senior
management and the board
you know this is one of the essential
requirement of the chief audit executive
to report to the senior management
in an effective manner to communicate to
them on frequent basis
we are covering here standard 2060
on the reporting to the senior
management
the standard 2060 is one of the most
important standard
and what is the beauty of this standard
is
it covers and collects all the
requirements of reporting to the senior
management
and board
around all these internal auditing
standards
and club them together through this
standard
so whatever is the primary reporting
requirement for a chief audit executive
the cae should refer to this standard
and they will get the overall collective
information of how they can report
and communicate effectively
if you're new to my videos this is tosif
mushtaq
an audit strategist
control specialist
board advisor with over two decades of
experience in governance assurance
risk and controls fraud examinations and
forensic reviews
the objective of audit and assurance
series videos is to promote the internal
audit profession in its basic spirit
whereby the internal auditors
having a clear understanding of the
standards and in international
professional practices framework overall
so they can contribute to achieve the
mission of internal
the mission of internal audit is defined
by the institute of internal auditors
which is to enhance and protect
organizational value by providing risk
based and objective assurance advice and
insight
[Music]
so let's start by asking some
interesting questions from ourselves
relevant to this standard
who determine the frequency and content
of reporting
what information must include in chief
audit executives
reporting who determine the frequency
and form of reporting
the reporting schedule
and the importance and urgency urgency
of imported information
how to maintain and track
consistent and effective communication
so the basic requirement of standard
2060
reporting to senior management and the
board is that the chief audit executive
must report periodically to senior
management and the board
on the internal audit activities purpose
authority
responsibility
and performance relative to its plan
and its conformance with the code of
ethics and the standards
reporting must also include
significant risk and control issues
including fraud risk
governance issues and other matters that
require the attention of senior
management and the board
so who determine the frequency and
content of the reporting
the frequency and content of reporting
are determined collaboratively by the
chief audit executive senior management
and the board the frequency and content
of reporting depends
on the importance of the information to
be communicated
and the urgency of the related actions
to be taken by the senior management and
the board
what information must include in chief
audit executives reporting
the chief audit executive reporting and
communication to senior management and
board
must include information about the audit
charter
independence of the internal audit
activity which is one of the most
important area the audit plan and
progress against the plan
resource requirements results of audit
activities conformance with the code of
ethics and the standards
and action plans to address any
significant conformance issues
management responses to the risks that
in char and the chief audit executive's
judgment may be unacceptable to the
organization
this means that if there are some
findings which
the management is not agreeing to
the risk we are highlighting then
and and we think as an intern as an
internal auditor or as a chief audit
executive that this is a very important
risk and management should accept
uh to mitigate this risk then you may
report this directly to the chief audit
executive that these are those cases
uh which management doesn't agree with
us but this is something which it should
not be regular the internal auditor
needs to develop their ability to
convince management by highlighting a
proper risk
also all these
points which
are written there in the reporting are
very important and can give provide
guidance to the default executive to
prepare their dashboard
for the management or the board
so let's go into the details of how to
implement
this
standard in implant implementing the
standards related to communication
the chief audit executive will usually
want to understand the reporting related
expectations
of senior management and the board
which may be stated in the audit
committee charter
or the internal chief audit executive
may have
some meetings in between to get the
feedback and record those feedbacks the
three parties the chief audit executive
board and senior management typically
discuss and collaboratively determine
the frequency and form of internal audit
reporting and reporting schedule that is
most appropriate for the organization as
well as the importance and urgency of
various types of audit information
so how to determine an important and
urgent matter
it also may be helpful to agree in
advance on the protocols of
protocols for the chief audit executive
to report important and urgent risk and
control
events and the related actions to be
taken by senior management and the board
the chief audit executive may find it
helpful to establish
or review
number one the internal order charger
including the internal audit activities
purpose authority responsibility
the internal audit plan
and kpis to measure the internal audit
activities progress towards
accomplishing the plan
and number three quality assurance and
improvement program which gauges the
internal audit activities conformance
with the mandatory guidance of the ippf
and the processes for identifying
significant risk
and control issues
so what are the consideration for
implementation
standard 2060 allows flexibility in the
frequency and content
of reporting
nevertheless it notes
that these factors will depend on the
importance of the information and the
urgency with which
senior management and or the board might
need to act on the communications
additionally some standards have
specific requirements regarding
frequency
for instance items that must be
communicated at least annually
include the internal laundry activities
organizational independence which is
covered y standard triple 1 0 and the
results of ongoing monitoring of the
internal audit activities performance
which is which you can refer to standard
13 20.
how to maintain and track consistent and
effective communication
the chief audit executive may consider
using a checklist of all reporting
requirements
referenced throughout the standards
this may include following subjects
internal audit charter organizational
independence of the internal audit
activity internal audit plans resource
requirements and performance
results of audit engagements
quality assurance and improvement
program conformance with the code of
ethics and standards and significant
risk and control issues and management
acceptance of risk
this is a good checklist to understand
uh how in what standards are linked with
these checklists
such a checklist may include a schedule
of communications and reminders about
any approval requirements establishing a
standing item on the board meeting
agenda secures an opportunity for the
chief audit executive to communicate
regularly so double click let's double
click all the requirements which are
giving in the checklist one by one
first is the internal audit charter so
according to standard 1000 purpose
authority and responsibility the
internal audit activities purpose
authority and responsibility must be
formally defined in the under nordic
charter
the chief audit executive is responsible
for periodically reviewing the charter
and presenting it to the senior
management and board for approval
the mission of internal audit and the
mandate mandatory elements of the ippf
which are acknowledged in the charter
should also be discussed
according to the standard
1010 which is recognizing mandatory
guidance in the internal audit the
second point in the checklist is the
organizational independence of the
internal audit activity
the organizational independence of the
internal audit activity must be
confirmed to the board annually
according to standard triple 1 0
organizational independence
in case of any interference in
determining the scope of internal
auditing performing work or
communicating results as well as the
implications of such interferences
must be disclosed to the board
you may refer to standard triple 1 0 a1
an independent reporting relationship is
essential to facilitate the chief audit
executive's ability to communicate
directly with the board as required in
standard double 1 double one direct
interaction with the boot checklist also
includes internal audit plans resource
requirement and performance
standard 2020 communication approval of
and the reload and the related
implementation guidance
provides the explanation of
and the details of communicating the
internal activities plans
and resource requirements so you need to
compare both the things like what are
your annual plans
how many resources are available and if
there is any gap how you propose to fill
that gap by outsourcing or co-sourcing
or by put
by putting a request for extra or
additional hiring standard 2016 that
adds a requirement to report the
internal audit activities performance
relative to its plan
this is an opportunity for the chief
audit executive to illustrate the value
enhanced and protected by the internal
audit activity and the implementation of
its internal office recommendations
to quantify the level of performance
many chief audit executives use uses
kpis
such as the percentage awarded plan
completed percentage of audit
recommendations that have been accepted
or implemented
status of management's corrective
actions or average time taken to issue
reports
in addition updates on any special
request made by the board senior
management may be discussed during board
meetings and normally these special
requests or write-off assignments uh
normally some mandates 10 or 20 percent
of the annual
available mandates are kept as a set
aside
to spend time on these
the next item on the checklist is
results of the audit engagement
the 2400 series of standards
covers the requirement of communic for
communicating the results of audit
engagements including the information
that engagement communications must
contain the quality of that information
and the protocols in case of error or
omission
or non-conformance for the code of
ethics or standards that affects the
specific engagement
that means that if for example an
auditor has conducted an audit or an
assignment but didn't disclose
uh the the lack of skills to conduct
that assignment and the results are and
the deliverables are not achieved that
means that in that those mandates have
been have been wasted or lost and
you need to redo the work so that thing
has to be disclosed again or discussed
with the senior management and the board
standard two four four zero
disseminating results discusses the
chief audit executive responsibilities
related to the final engagement
communication
and standard two four five zero over our
opinions describe this criteria for
issuing an overall opinion so next item
in the chat list is my favorite subject
which is quality assurance and
improvement program
the 1300 series of standards cover
the chief audit executive's
responsibility for developing and
maintaining a quality assurance and
improvement improvement program
that includes internal and external
assessments
standard 1320 reporting on the quality
assurance and improvement program lists
the requirement of chief audit
executives communication to the senior
management and board including that this
reporting must occur
as the assessments are completed
however the results of ongoing
monitoring of the internal audit
activities performance
which is part of the internal assessment
process must be reported at least
annually
with regard to the external assessment
of the internal audit activity which
must be conducted at least once every
five years
standard 13-12
external assessments requires that the
chief order executives to discuss with
the board the qualifications
and independence of the external
assessor or assessment team including
any potential conflict of interest the
chief audit executive should encourage
board oversight in the external
assessment to reduce perceived or
potential conflict of interest
conformance with the code of ethics and
standards
the next item in the checklist
covers code of ethics and standards
standard 1320 reporting on the quality
assurance and improvement program and
its implementation guidance also
describes
the detail of reporting on the internal
audit activities conformance with the
code of ethics and standards
standard 1322 disclosure of
non-conformance states
when non-conformance with the code of
ethics or the standards impacts the
overall score operation of the internal
audit activity the chief audit executive
must disclose the non-conformance and
the impact to the senior management and
board
standard 1322 also describes
consideration for reporting
non-conformance
another standard on the engagement
disclosure of non-conformance that is
2431
stipulates the information that must be
disclosed when non-conformance re
impacts a specific engagement
2060 calls for the chief audit executive
to communicate action plans
to address any significant
issues related to conformance
so we will explain next item in the
checklist which is significant risk and
controls issues and the management
responses
of risk
the primary purpose of chief audit
executive reporting is to provide
assurance and advice to senior
management and the board regarding the
organization's governance which is
covered under standard 2110
risk management which is 2120
and controls 2130
an in-depth understanding of these
processes can be obtained by
implementing 2100 series of standards
standard 2060 identifies the chief audit
executive's responsibility to report
significant risk and control issues that
could adversely affect the organization
and its ability to achieve its
objectives
significant issues are those that would
require the attention of senior
management and the vote
which may include conflicts of interest
control weaknesses errors fraud illegal
acts
inefficient and in efficiency
ineffectiveness and inefficiency
if the chief audit executive believes
that senior management has accepted a
level of risk that organization would
consider unacceptable the chief audit
executive should first discuss the
matter with senior management
if the chief audit executive and senior
management cannot resolve the matter
standard 2600
directs the chief audit executive to
communicate the matter to the board
if such issues are too urgent to wait
until it's scheduled board meeting for
example a major fraud is there or a
major risk we are exposed to then the
chief audit executive will be well
advised to make engage arrangements to
communicate sooner so how to demonstrate
conformist to standard 2016.
the chief audit executive discussion
with senior management and the board
regarding the contents of the charter
the internal audit activities
performance related relative to its
audit plan
and significant risk exposures or
control issues
may be documented in agendas minutes of
the meetings
with the board and senior management
discussions among these parties may also
be documented in reports and
presentations
uh with attached distribution list
minutes from adopt meetings and
documentation of reports and other
communications sent electronic
electronically may also demonstrate the
conformance with this standard
board
and senior management survey results
and chief audit executives performance
evaluations may contain feedback that
indicates the quality and effectiveness
of
the chief audit executives communication
related to this standard
the cae may also maintain a
communication checklist that documents
the frequency of reporting and approval
requirements
so that completes our review of standard
2060 a very
important standard
and i would advise all of you to go
through this
comprehensively spend time on this and
understand what is the best way to
report
please share my videos to others so that
others can also get benefit from these
like my videos subscribe the channel
and please give your suggestions in the
comments so i can improve
the way i am sharing
these contents and all the data the way
i am sharing it
thank you so much
[Music]
you
Audit & Assuranc