Add to collection(s) Add to saved
  1. Business
  2. Management

The Audit Committee and Board

advertisement 
Internal Audit
It’s Time to Talk About Risk and Control
Demands/Expectations of Internal Audit’s
Stakeholders Have Changed
The Audit Committee and Board:
The Audit Committee and Board:
Execution of a comprehensive “risk based
Execution
audit
plan” of a comprehensive “risk based
audit
plan”
Expertise
and assurance on risks and controls
Expertise
assurance
on risks and controls
Assistance inand
executing
governance
Assistance in executing governance
responsibilities
responsibilities
Resident
“eyes and ears” within the enterprise
Resident
“eyes and ears” within the enterprise
A “trusted advisor”
A “trusted advisor”
Management:
Expertise and assurance on
internal controls
Insight, advice, and assurance on
enterprise risks
Timely and relevant information to
facilitate risk management and
business decisions
Additional financial related
coverage
External Auditors:
Insight into the adequacy of
financial controls
Execution of a “risk-based audit plan”
addressing financial risks –
including relevant IT controls
Demands/Expectations of Internal Audit’s
Stakeholders Have Changed
The Audit Committee
and Board:
Execution of a comprehensive
“risk based audit plan”
Expertise and assurance on risks
and controls
Assistance in executing
governance responsibilities
Resident “eyes and ears” within
the enterprise
A “trusted advisor”
Management:
Expertise and assurance on internal
controls
Insight, advice, and assurance on
enterprise risks
Timely and relevant information to
facilitate risk management and
business decisions
Additional financial related coverage
External Auditors:
Insight into the adequacy of
financial controls
Execution of a “risk-based audit plan”
addressing financial risks –
including relevant IT controls
Demands/Expectations of Internal Audit’s
Stakeholders Have Changed
The Audit Committee
and Board:
Execution of a comprehensive
“risk based audit plan”
Expertise and assurance on risks
and controls
Assistance in executing
governance responsibilities
Resident “eyes and ears” within
the enterprise
A “trusted advisor”
Management:
Expertise and assurance on internal
controls
Insight, advice, and assurance on
enterprise risks
Timely and relevant information to
facilitate risk management and
business decisions
Additional financial related coverage
External Auditors:
Insight into the adequacy of
financial controls
External Auditors:
Execution of a “risk-based audit plan”
Insight into
the adequacy
addressing
financial
risks – of
financialrelevant
controlsIT controls
including
Execution of a “risk-based audit plan”
addressing financial risks –
including relevant IT controls
Attributes of High Performing Internal
Audit Functions:
“The Top 10”
1.
2.
3.
4.
5.
6.
7.
Prominent Stature of Internal Audit Within the Organization
A Formal Strategic Plan for Internal Audit
Continuous Communications with Key Stakeholders
An HR Strategy Focused on Stakeholder and Enterprise Needs
A Risk Assessment Process that Produces Current Risk Profiles
Integrated IT Audit Coverage as a Component of an Overall IT Audit Strategy
Integration of Technology Solutions Into Multiple Aspects of Internal Audit
Operations
8. A Knowledge Management Strategy
9. A Comprehensive Quality Assurance and Improvement Program
10. Performance Measures Linked to Strategic Goals
Governance
• Internal auditing provides assurance to management and the
audit committee that risks are understood and managed
properly.
Internal Auditing’s Role in ERM
© The Institute of Internal Auditors at guidance@theiia.org
Risk Management
• Internal auditors identify all auditable activities and
relevant risk factors, and assess their significance.
– Investigating
– Evaluating
– Identifying potential trouble spots
– Communicating
– Anticipating emerging issues
– Identifying opportunities
Internal Auditors’ Roles
•
Risk management, control, & governance
– Financial analysts
– Risk evaluators
– Improving operations
– Supplying analyses, suggestions, &
recommendations
– Adding Value
processes
A Risk Assessment Process that Produces
Current Risk Profiles
•
•
•
•
Beyond an annual risk assessment process – risk
assessment should have a continuous component
Continuous risk assessment process is formalized within
internal audit and aligned with business units
Risk assessments are transparent and interactive –
involving senior management, external auditors, and
the audit committee
Emerging risks are identified and addressed through
flexible internal audit coverage
Essential Services
• Internal auditing reviews the reliability and integrity of
information, compliance with policies and regulations, the
safeguarding of assets, the economical and efficient use of
resources, and established operational goals and
objectives. Internal audits encompass financial activities
and operations including systems, production,
engineering, marketing, and human resources. Can you
afford to be without it?
IPPF – Standards
Mandatory Guidance
2120-Risk Management
The internal audit activity must evaluate the effectiveness and contribute to the improvement
of risk management processes.
Interpretation:
Determining whether risk management processes are effective is a judgment resulting from the
internal auditor's assessment that:
Organizational objectives support and align with the organization's mission;
Significant risks are identified and assessed;
Appropriate risk responses are selected that align risks with the organization's risk appetite; and
Relevant risk information is captured and communicated in a timely manner across the
organization, enabling staff, management, and the board to carry out their responsibilities.
The internal audit activity may gather the information to support this assessment during
multiple engagements. The results of these engagements, when viewed together, provide an
understanding of the organization’s risk management processes and their effectiveness.
Risk management processes are monitored through ongoing management activities, separate
evaluations, or both.
Outsourced Internal Audit
Perform Risk Assessment
Interview key management
Identify & evaluate risks
Develop internal Audit plan
Review results with management
Present to the Audit Committee
Internal Audits
Audit Committee
Plan individual internal audits
Continuous feedback
Execute each internal audit
Reports for all audits
No surprises approach
Follow up and feedback
Findings, rationale and
recommendations
Final reporting
VACO Can Help You
For additional information, please contact
Heriot Prentice
Director, Governance Risk and Compliance
Vaco Orlando, LLC
485 N. Keller Road, Suite 451
Maitland, FL 32751
www.vaco.com
(407) 712-7878 Office
hprentice@vaco.com
Related documents
Audit Poster - BSG Colonoscopy Audit
Audit Poster - BSG Colonoscopy Audit
Self-Audit
Self-Audit
IA-IS-Relationship-Discussion_Grabski
IA-IS-Relationship-Discussion_Grabski
6. WLMHT Presentation - Mental Health & Learning Disability Nurse
6. WLMHT Presentation - Mental Health & Learning Disability Nurse
Technology audit - We-een
Technology audit - We-een
Auditing
Auditing
Dawn Nortman (Kent Community Health NHS Trust)
Dawn Nortman (Kent Community Health NHS Trust)
project: energy audit services reporting period: 01/08/13
project: energy audit services reporting period: 01/08/13
Download
advertisement