QAIP - AGA Austin Chapter

advertisement
QUALITY ASSURANCE AND
IMPROVEMENT PROGRAM
(QAIP)
AGA Austin CPE Luncheon
February 13, 2014
Presented by:
Paul Morris, CIA, CPA
Priscilla Suggs, MBA
Presentation Objectives
o Quality Assurance - what is it and why do we
need a program?
o Understanding the Quality Assurance
requirements per Red Book and Yellow Book
standards
o Review an example of an Internal Audit QAIP
process - DFPS
Audit Standards and GAGAS
Standards (Red Book)
1300 – Quality Assurance and Improvement Program
(QAIP)
o 1310 – Requirements of the QAIP
o 1311 – Internal Assessments
o 1312 – External Assessments
o 1320 – Reporting on the QAIP
GAGAS (Yellow Book)
Standards 3.82 through 3.107 - ‘Quality Control and
Assurance’
Why do we need a QAIP?
To ensure the Internal Audit Director (IAD) has
established an internal audit activity “whose scope of
work includes activities found in the Standards and in
the Definition of Internal Auditing.”
IPPF, Practice Advisory 1300-1
Why do we need a QAIP?
“Each audit organization performing audits
in accordance with GAGAS must:
a. establish and maintain a system of quality control that is
designed to provide the audit organization with reasonable
assurance that the organization and its personnel comply with
professional standards and applicable legal and regulatory
requirements, and
b. have an external peer review performed by reviewers
independent of the audit organization being reviewed at least
once every 3 years.”
GAGAS, Standard 3.82
A QAIP can improve processes.
The QAIP Objective (Red Book)
To provide reasonable assurance to our stakeholders
that Internal Audit:
o
o
o
Performs in accordance with the internal audit
Charter
Operates in an effective and efficient manner, and
Is perceived by stakeholders as adding value and
improving the organization’s operations
IPPF, Practice Advisory 1300-1
The QAIP Objective (Red Book)
o It is an evaluation of the division’s processes
o It is comprehensive and covers all aspects of
the operation and management of the
internal audit activity, and
o It is performed by or under the direct
supervision of the IAD
IPPF, Practice Advisory 1300-1
The QAIP Objective (Red Book)
o The QAIP is not an attempt to reinvent the
wheel but rather to ensure that Internal Audit
consistently provides quality and valueadded services to its stakeholders.
o Begins with instituting policies, procedures
and practices that are consistent with the
Standards
Requirements of QAIP
The quality assurance and improvement program
must include both internal and external assessments
IPPF, Standard 1310; Practice Advisory 1310-1
Internal Assessments
Must include:
o Ongoing monitoring of the performance of
the internal audit activity; and
o Periodic reviews performed through selfassessment or by other persons within the
organization with sufficient knowledge of
internal audit practices.
IPPF, Standard 1311; Practice Advisory 1311-1
Internal Assessments –
Ongoing Monitoring
o Supervision of audits, regular, documented reviews of
work papers;
o IA checklists and policies/procedures to ensure
compliance with applicable standards;
o Feedback from customers (surveys) and other
stakeholders;
o Selective workpaper peer reviews;
o Management tools: time budgets, time tracking
systems, measuring audit plan completion
o Analysis of performance metrics.
Internal Assessments –
Periodic Reviews
o Stakeholder surveys and interviews;
o Can be performed by members of the IA activity;
o Can be performed by CIAs currently assigned
elsewhere in the organization;
o Can include combination of self-assessment and
preparation of materials for others to review;
o Benchmarking IA’s practice and performance
against relevant best practices of the profession
Internal Assessments –
GAGAS
“Audit organizations should establish policies and
procedures for monitoring of quality in the audit
organization. Monitoring of quality is an ongoing,
periodic assessment of work completed on audits
designed to provide management of the audit
organization with reasonable assurance that the
policies and procedures related to the system of
quality control are suitably designed and
operating effectively in practice.”
GAGAS, Standard 3.93
External Assessments
o Must be conducted at least once every five years by
a qualified, independent reviewer or review team
from outside the organization.
o The reviewer or review team should be qualified,
independent and from outside the agency.
IPPF, Standard 1312; Practice Advisory 1312-1
External Assessments
“The audit organization should obtain an external
peer review at least once every 3 years that is
sufficient in scope to provide a reasonable basis for
determining whether, for the period under review,
the reviewed audit organization’s system of quality
control was suitably designed and whether the
audit organization is complying with its quality
control system in order to provide the audit
organization with reasonable assurance of
conforming with applicable professional
standards.”
GAGAS, Standard 3.96
Considerations for External Review
The qualifications of external reviewers as noted
in The IIA’s Practice Advisory 1312-1 should be
considered when contracting with an outside
party to conduct the assessment.
Scope of the External Assessment
o Conformance with the Standards, Definition of
Internal Auditing, the Code of Ethics, and internal
audit’s Charter, plans policies, procedures,
practices, and any applicable legislative and
regulatory requirements.
o Expectations of Internal Audit as expressed by the
Governance and Management (Executive
Team)
o Integration of the Internal Audit activity into
DFPS’s governance process, including the audit
relationship between and among the key groups
involved in the process.
Scope of the External Assessment
o Tools and techniques used by Internal Audit.
o The mix of knowledge, experiences, and
disciplines within the staff, including staff focus
on process improvement.
o A determination whether Internal Audit adds
value and improves DFPS’s operations.
IPPF Practice Advisory 1312-1
Reporting on the QAIP
Internal Assessment Reporting
oResults of internal assessments will be reported
to the Audit Committee and to senior
management at least annually.
IPPF, Standard 1320 and Interpretation
External Assessment Reporting
oResults which include the reviewer’s or review
team ’ s assessment of conformance, is
communicated to senior management upon
completion.
Implementing Corrective Action
If there are any recommendations, the IAD
should implement appropriate follow-up
actions to ensure action plans are developed
and implemented in a reasonable timeframe.
Example –
Internal Monitoring Process
DFPs Internal Audit uses a team approach to the
annual internal monitoring approach. Each team
member is assigned a portion of the QAIP,
conducts review, and reports results to the
Internal Audit Director.
The Director consolidates results and reports
annually to the Commissioner and DFPS Executive
Leadership Team.
Copies of the DFPS QAIP policy/procedure,
assignments and final report are included for
discussion.
Questions?
Download