Add to collection(s) Add to saved
  1. Business
  2. Management

Internal audit definition 10 years on

advertisement 
Heads of Internal Audit Service Benchmarking Report
Internal audit definition – 10 years on
Introduction.
This report contains an analysis of results for the survey entitled: IA Definition
10 years on. The survey asks heads of internal audit to comment on their
approach to applying the definition of internal audit ten years on from its
creation and seeks to recognise practical problems brought on by the current
recession.
The results include answers from 60 members of the Heads of Internal Audit
service who completed the survey in the 14-day period between Friday, 24
July and Friday, 7 August 2009.
One-third of the responses have come from internal auditors working in the
financial services sector with the remainder coming from a broad cross
section of private and public sector organisations. The size and turnover of
participating organisations is also broad. The largest grouping is organisations
with 500 to 1,000 staff, which represents 23% of respondents.
Governance, risk management and control.
We wanted to gauge the extent to which internal auditors apply the definition
in practice. Therefore, we asked members to tell us whether they evaluate
the effectiveness of governance, risk management and control processes. We
also asked whether they evaluate the effectiveness of governance, risk
management and control – in other words, the outcome of the processes –
since some internal auditors may consider this a step above and beyond the
definition.
The results show that the majority of heads of internal audit who responded
evaluate governance, risk management and control in some way – processes,
the outcomes of processes or both. The main focus of attention is on control,
where all of the respondents evaluated the area in some way.
It is interesting to note that most respondents do not just evaluate processes.
As can be seen in the table below, a clear majority of respondents evaluate
both processes and outcomes in all areas. However, the percentage just
evaluating processes is greater for risk management and for governance.
This may be because these are newer areas of focus for internal auditors and,
therefore, harder to evaluate – or just that they are harder to evaluate.
Governance
Percent
Yes, both
Risk
Percent
management
Control
Percent
90.0%
63.3%
Yes, both
70.0%
Yes, both
Yes,
governance
processes
20.0%
Yes, risk
management
processes
11.7%
Yes, control
3.3%
processes
Yes,
governance
10.0%
Yes, risk
management
10.0%
Yes, control 6.7%
No, neither
6.7%
No, neither
8.3%
No, neither
0%
Only 4 respondents provided a ‘No, neither’ answer to governance and 6 to
risk management from a total of 60. There were 2 respondents who were in
both groups and there were an equal number of public and private
organisations.
August 2009
Page 1
IIA- Informing, Inspiring, Assuring
Heads of Internal Audit Service Benchmarking Report – Title of topic
Formulating and expressing an internal
audit opinion.
It would appear that the high percentages do not fully translate to formulating
and expressing an internal audit opinion upon governance, risk management
and control. Once again control ranks the highest amongst the three
categories and is considerably higher than risk management and governance,
as shown in the chart. It is interesting to note that more heads of internal audit
express an opinion about governance at an organisation level than they do at
an individual engagement level.
There are 3 respondents who indicate that they do not provide any form of
opinion, 2 of whom operate within financial services. This is the case even
though all 3 responded to the questions before by saying that they evaluate
the effectiveness of governance, risk management and control, falling into the
category of ‘Yes both’ for all three subjects.
Percentage of respondents giving a micro or macro opinion on
governance, risk management or control
100%
Micro
90%
Micro Macro
80%
Macro
70%
60%
Macro
Micro
50%
40%
30%
20%
10%
0%
Governance
Internal audit resources.
Risk management
Control
Nearly 27% of respondents completing the survey have experienced a
reduction in internal audit resources. This includes private and public sector
organisations of different size and turnover. There is no discernable
relationship between the reduction in resources and either the size, turnover
or sector of the organisation.
In practice this has generally meant completing fewer assurance
engagements with more emphasis on the organisation’s high priority risks.
August 2009
Page 2
The IIA – Informing, Inspiring, Assuringt.
Heads of Internal Audit Service Benchmarking Report – Title of topic
Response
Assurance
engagements
(% of total
respondents)
Consultancy
engagements
(% of total
respondents)
We are doing fewer engagements in
total with more emphasis on the
organisation’s high risk areas
18.3%
6.7%
We are doing fewer engagements in
total while covering most operational
areas
11.7%
3.3%
We are doing the same number of
engagements, with the same scope,
in less time
3.3%
1.7%
We are doing the same number of
engagements, with a narrower scope,
in less time
1.7%
1.7%
The vast majority of internal audit functions, 85%, are making changes to the
way they work to combat the impact of the recession. This includes all of
those who indicated that the level of internal audit resources is reducing. The
key changes that are taking place are presented in the table below.
Response
Count
Percent
We are reviewing the way we do our
audits to make them more efficient and
effective
42
70.0%
We are working more closely with other
assurance providers
25
41.7%
We are reviewing the knowledge and
skills requirements of the team
21
35.0%
We are devoting more time to promoting
internal audit
13
21.7%
We are investing more in training and
development
13
21.7%
We are performing an external quality
and improvement review
11
18.3%
Other (please specify)
9
15.0%
We are investing less in training and
development
1
1.7%
Analysis of the results shows that approximately one-third of respondents are
making more than one of the changes listed in the table.
Changes that fall into the ‘other’ category generally refer to either ‘no changes
taking place’ or ‘changes in the size of the team’, both increases and
decreases.
August 2009
Page 3
The IIA – Informing, Inspiring, Assuringt.
Heads of Internal Audit Service Benchmarking Report – Title of topic
Conclusion
Heads of internal audit have provided positive affirmation that they are
evaluating the effectiveness governance, risk management and control. This
suggests that they are applying the full scope of the Definition of Internal
Auditing ten years on from its creation. However, some of their stakeholders
may be unaware of this since a sizeable minority do not provide an opinion
either at the engagement or organisational level.
As the recession continues one-third of internal audit teams are facing up to a
reduction in resources and overall 85% of internal audit functions are
responding to the challenging economic conditions by implementing changes
to the way they operate.
August 2009
Page 4
The IIA – Informing, Inspiring, Assuringt.
Heads of Internal Audit Service Benchmarking Report – IIA Definition – 10 years on
Copy of survey issued to Service members
IA Definition 10 years on
The definition of internal audit was updated by the IIA in 1999 and was unchanged in the January 2009
revision of the International Professional Practices Framework:
"Internal auditing is an independent, objective assurance and consulting activity designed to add value and
improve an organisation’s operations. It helps an organisation accomplish its objectives by bringing a
systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and
governance processes." The Definition of Internal Auditing, 1999, The Institute of Internal Auditors, Inc.
The definition of internal audit is about how internal audit helps an organisation to accomplish its objectives.
The key elements are: evaluate and improve the effectiveness of risk management, control and governance
processes. This short survey asks heads of internal audit to reflect on their approach to applying the
definition in the current economic climate and seeks to understand the route cause of any problems or
shortcomings during the current recession.
Demographics
1) What is your industry sector (choose one from this list):


















Banks and building societies
Insurance
Other financial services
Food and drink
Manufacturing and engineering
Media and leisure
Retail
Telecommunications
Utilities
High technology
Other private sector
Voluntary/charity
Education
Central government
Local government
Health
Other public sector
None of the above
2) What is the total number of employees in your organisation? (if your organisation is
international or has multiple divisions, your answer should cover only that part of the
organisation which your internal audit services cover)










August 2008
Page 5
less than 101
101 to 200
201 to 500
501 to 1,000
1,001 to 2,500
2,501 to 5,000
5,001 to 10,000
10,001 to 25,000
25,001 to 50,000
over 50,000
The IIA – Informing, Inspiring, Assuring.
Heads of Internal Audit Service Benchmarking Report – IIA Definition – 10 years on
Copy of survey issued to Service members
3) What is the turnover or gross revenue spend (in £ sterling, please) of your organisation?
(include only that part of the organisation which your internal audit services cover)









up to £50 million or €55 million
£51m - 100m or €56m - 110m
£101m - 200m or €111m - 220m
£201m - 350m or €221m - 385m
£351m - 500m or €386m - 550m
£501m - 1bn or €551m - 1.1bn
£1bn - 5bn or €1.1n - 5.5
£5bn - 10bn or €5.n - 11n
Over £10bn or €11n
Governance, risk management and control
4) Do you evaluate the effectiveness of governance processes or the effectiveness of
governance in your organisation?




Yes, governance
Yes, governance processes
Yes, both
No, neither
5) Do you evaluate effectiveness of risk management processes or the effectiveness of risk
management in your organisation?




Yes, risk management
Yes, risk management processes
Yes, both
No, neither
6) Do you evaluate effectiveness of control processes or the effectiveness of control in your
organisation?




Yes, control
Yes, control processes
Yes, both
No, neither
Expressing and formulating an opinion
7) Do you provide an internal audit opinion at the micro or individual engagement level in
relation to governance, risk management and control?
Yes
No


Risk management 

Control

Governance
August 2008
Page 6

The IIA – Informing, Inspiring, Assuring.
Heads of Internal Audit Service Benchmarking Report – IIA Definition – 10 years on
Copy of survey issued to Service members
8) Do you provide an internal audit opinion at the macro or organisational level in relation to
governance, risk management and control?
Yes
No


Risk management 

Control

Governance

Internal audit resources
9) Have you experienced a reduction in Internal Audit Resources in the last year?
 Yes
 No
10) What has been your response to fewer resources?
Assurance
engagements
Consultancy
engagements
We are doing fewer engagements in total with more emphasis on
the organisation’s high risk areas


We are doing fewer engagements in total while covering most
operational areas


We are doing the same number of engagements, with the same
scope, in less time


We are doing the same number of engagements, with a narrower
scope, in less time


11) What changes are you making to the management of the internal audit team during the
recession? (tick all that apply)








We are reviewing the knowledge and skills requirements of the team
We are reviewing the way we do our audits to make them more efficient and effective
We are performing an external quality and improvement review
We are working more closely with other assurance providers
We are devoting more time to promoting internal audit
We are investing more in training and development
We are investing less in training and development
Other (please specify)
If you selected other, please specify
______________________________________________________________________
August 2008
Page 7
The IIA – Informing, Inspiring, Assuring.
Heads of Internal Audit Service Benchmarking Report – IIA Definition – 10 years on
Copy of survey issued to Service members
12) To what extent do you agree with the following statements?
Strongly Agree Neither agree Disagree Strongly
or disagree
Disagree
Agree
Internal auditors in my organisation have sufficient skills
& experience to provide assurance on governance and
governance processes?





Internal auditors in my organisation have sufficient skills
& experience to provide assurance on risk management
and risk management processes?





Internal auditors in my organisation devote enough time
to the responses to risks, on which the audit committee
and senior management want assurance?





There is sufficient flexibility and contingency time in our
internal audit plan to look at the management of new
risks as they arise?





Data Protection Notice
Thank you for completing the survey, your views and opinions are very important.
Completed questionnaires will be processed only by the Institute of Internal Auditors - UK and Ireland (IIA) using Vovici
EFM Continuum software and will not be disclosed to any other third parties. By submitting this questionnaire you
consent to our processing of your sensitive personal data for these purposes.
August 2008
Page 8
The IIA – Informing, Inspiring, Assuring.
Heads of Internal Audit Service Benchmarking Report – Title of topic
The Institute of Internal Auditors – UK and Ireland
The IIA is the only body focused exclusively on internal auditing and we are
passionate about supporting, promoting and training the professionals who
work in it. We have been leading the profession of internal auditing for over 60
years.
The IIA plays an active role in the public arena, building awareness of internal
auditing, promoting members’ interests and challenging organisations to reach
the highest standards of corporate governance
Our International Standards and Code of Ethics unite a global community of
160,000 internal auditors in 165 countries.
We are committed to enhancing the recognition and professionalism of internal
audit in the UK and Ireland, through:

Dynamic leadership of the profession which maximises the reputation
and influence of our members, both individually and collectively

Setting performance benchmarks and promoting professional integrity
through our International Standards and Code of Ethics

Continually developing our qualifications so that their high quality and
reputation is maintained,

Providing technical resources, networking opportunities and support to
our members throughout their careers

Maintaining our position as the market leader in internal audit training
Informing. Inspiring. Assuring.
About Heads of Internal Audit Service
benchmarking reports
The IIA recognises that heads of internal audit need specialist information and
support to help them respond to the demands of a competitive and increasingly
regulated business climate.
The Heads of Internal Audit Service is an exclusive service designed
specifically for the leaders of the profession to keep them up to date, provide
networking opportunities with like-minded professionals and to discuss
successes and concerns in confidence with their peers. Other services include
access to technical updates, a monthly e-bulletin, a programme of forum
meetings and specifically commissioned research.
The benchmarking reports are designed to help members make the most of
the Service’s networking opportunities. Service members can pose a question
to other members to help them identify best practice on a particular issue.
Questions for consideration can be emailed to chris.baker@iia.org.uk or
technical@iia.org.uk
Disclaimer
This material is not intended to provide a definitive answer taddressing specific
individual circumstances and as such is intended to be used only as a guide.
The IIA recommends that you always seek independent expert advice relating
directly to any specific situation. The IIA accepts no responsibility for anyone
placing sole reliance on this guidance.
www.iia.org.uk
The Institute of Internal Auditors – UK and Ireland Ltd
13 Abbeville Mews, 88 Clapham Park Road, London SW4 7BX
Tel 020 7498 0101 Fax 020 7978 2492 Email technical@iia.org.uk
Registered in England and Wales, no. 1474735
Information can be made available in other formats
© July 2009
Related documents
Evolution of an Automated Internal Audit Management System
Evolution of an Automated Internal Audit Management System
Risk management strategy - Leicestershire County Council
Risk management strategy - Leicestershire County Council
Stand Up and Be Counted
Stand Up and Be Counted
Audit Poster - BSG Colonoscopy Audit
Audit Poster - BSG Colonoscopy Audit
REVIEW ENGAGEMENT REPORT
REVIEW ENGAGEMENT REPORT
Recent Changes to IIA Standards
Recent Changes to IIA Standards
Sample environmental sustainability audit - CPSISC E
Sample environmental sustainability audit - CPSISC E
Download
advertisement