Add to collection(s) Add to saved
  1. Arts & Humanities
  2. Communications
  3. Public Relations

Tumin Gültekin

Role of Internal Audit in Corporate
Governance
September 2010
Tumin Gültekin, Partner
PwC
Contents
Section
1. Determining the role of internal audit
Internal Audit transformation
PricewaterhouseCoopers
Page
3
2. Transforming the role regarding corporate governance
11
3. Questions
24
2
Determining the role of internal audit
Internal Audit transformation
PricewaterhouseCoopers
3
Overall structure
Board / Audit Committee
Executive Management
Risk Management
Function
Actuarial Function
ORSA
Risk Management System
ORSA
Process
PricewaterhouseCoopers
Internal
Model
Internal Control system
Compliance
function
Internal audit
Risk Committee (not required)
As companies move toward enterprise risk management, Internal
Audit must also evolve – or risk a diminished value proposition
20th Century Internal
Audit Model
Controls assurance based on
cyclical or routine audit plans
The Common Internal
Audit Model
Controls assurance based on
a risk-based internal audit plan
The Risk-Centric
Internal Audit Model
Risk and control assurance
based on the effectiveness
of risk and control processes
implemented by management
If the view (among stakeholders) grows that all Internal Audit does is test controls,
then resource levels will have to come down.
Chief Audit Executive, Financial Services Industry
Traditional internal auditing will probably diminish in value if the organization
moves towards formal risk management.
Senior Executive, Rating Agency
Source: Internal Audit 2012
Determining the role of internal audit
PricewaterhouseCoopers
5
Aligning Internal Audit activity to corporate risks; strategic
objectives; driving stakeholder value
•
Strategic, operational and business risks underlie 80% of the rapid declines in shareholder value.
•
Gaps exist between the current focus of many Internal Audit functions and the significant risks their organisations face.
•
Over the past five years, internal auditors have been concentrating on basic financial reporting and compliance risks.
60%
20%
15%
5%
Strategic & business
Operational
Financial
Compliance
Source: PwC, composite of various studies of US and UK markets
Determining the role of internal audit
PricewaterhouseCoopers
6
Internal Audit functions need to have a clear view of where
they want to be positioned
“Controls-focussed”
Determining the role of internal audit
PricewaterhouseCoopers
“Strategic/Operational
focus”
7
Some of the typical gaps in the role of internal audit
Gaps in coverage and inefficient processes are also driving a need for change
Gaps common to many internal audit functions
1
Risk assessment typically not aligned with drivers of shareholder value
2
Internal audit activities focus on low value activities and controls or replicates external audit procedures
3
Financial and human resource limitations and constraints
4
Use of technology tools is limited and they are not integrated
5
Audits are planned with overly broad objectives and scope
6
Routine audits do not fully leverage available data analytical tools
7
Assignment process and travel requirements create significant process inefficiencies
8
Communications (reports, etc) and ratings consume significant resources
9
Recommendations are not impactful
10
Process is weighted toward repetition vs. relevance
Determining the role of internal audit
PricewaterhouseCoopers
8
Transforming the role regarding corporate
governance
Internal Audit transformation
PricewaterhouseCoopers
9
How internal audit can add value
Organization
Strategy Implementation
•
Board expectations
•
Dynamic mission vs. static /
limited purpose
Shareholders value drivers
•
Organisational alignment
Risk management alignment
•
Flexibility
•
Enterprise strategy
•
Stakeholders’ expectations
•
•
Strategy
Organization
People
Technology
Technology
•
Effective utilisation
•
Enhance risk-based
approach
•
Leveraged to change
process
•
Substitute for labor
Transforming the role regarding corporate governance
PricewaterhouseCoopers
People
Process
Process
•
Process efficiency
•
Willingness to change
•
Effective communication
•
Stature across enterprise
•
Achieve mission/objectives
•
Attract and retain talent
•
Source of talent
•
Successful progression to
management roles in the
organisation
•
Potential leaders of departments
or business units
10
How internal audit can add value – Solvency II related
Assessment and improvement of...
•
Risk management strategy
•
Stakeholders’ expectations
•
Policies
•
ORSA
•
System of governance
• Investment
Strategy
• Reinsurance
Organization
• Risk etc
Technology
•
Data requirements
•
IT systems and architecture
•
Data quality and consistency
• Model
• Technical provisions
•
Systems security and controls
People
Process
•
•
Internal control system
•
Risk management
system
•
Solvency II project
•
Policy and procedures,
documentation
•
Responsibilities
•
Proper resource and expertise
Reporting
• Management
• Internal
• External
Transforming the role regarding corporate governance
PricewaterhouseCoopers
11
An approach to transforming internal audit
Strategy & Risk
People
Process
Technology
Strategic Objectives
Capabilities Assessment
Audit Cycle Improvements
Optimisation of Technology
•
•
Inventory of existing skills
•
•
•
Conduct gap analysis
Align Internal Audit with
organisation’s strategic
objectives
Reduce the labor content of
audits by increasing the
effectiveness of lower-risk audits
•
Determine adequacy of
resources to respond to all key
risks
•
Reduce audit cycle time by
conducting more targeted audits
•
Provide real time monitoring of
significant risks
•
Increase value derived from
focus on higher-risk areas
•
•
Improve communication to
stakeholders through concise,
impactful reports
Explore areas where technology
can streamline or standardise a
process
•
Test entire data populations
electronically
Understand what the strategic
objectives of the organisation are
Stakeholder Value
•
Understand what drives/devalues
stakeholder value within the
organisation
Strategic Risks
•
Understand what the strategic
risks of the organisation are
Transforming the role regarding corporate governance
PricewaterhouseCoopers
Talent Management
•
•
Use of internal and external
resources
Consider implementing a
rotational staffing model to attract
and retain talent
12
Value enhancement and efficiency
This approach is focused on aligning the IA strategy with the value-producing processes and activities of
the organisation, while streamlining the IA operations to drive efficiency
Company Strategy / Shareholder Value Drivers/ Strategic Risks
Value Enhancement Focus
Internal Audit Strategy
Organisation
Operating StrategyPeople
Process
Technology
Transforming the role regarding corporate governance
PricewaterhouseCoopers
Process
Improving Inefficiencies
& Managing Costs
Technology
13
Transformed vs. traditional risk assessment approach
Identify Stakeholder Value Creating Activities
Stakeholder Value Based Approach
“Top-down” approach where coverage is driven
by issues that directly impact shareholder value,
with clear and explicit linkage to strategic issues
of the organisation.
Understanding Enterprise Risks
(Strategic, Financial, Operations, Compliance)
Evaluate Impact to Shareholder Value
Audit plan
Traditional Approach
Traditional “bottom-up” approach
based on stakeholder interviews and
analysis. Focus is on coverage of
identified risk areas, geography and
business operations.
Evaluate Impact of Risks within Audit Universe
Identify Risks (financial operations, compliance)
Define Audit Universe (eg geography, business unit)
Transforming the role regarding corporate governance
PricewaterhouseCoopers
14
Some strategies for strengthening the role of internal audit
in corporate governance
What would be the greatest strategic value internal audit could and should contribute?
How could do the companies manage the risks to shareholder value?
Strategies
1
Identify stakeholder expectations of internal audit; ask what management, the board, and the audit
committee value
2
Assess overall governance structure, policies, corporate culture and ethics
3
Assess risk management structure and activities
4
Link the company’s strategic objectives and shareholder value drivers to internal audit’s scope
5
Consider how previously unaudited areas might be audited, then align auditable risks to the audit plan
6
Eliminate routine, low-value audits
7
Assess financial governance and reporting processes; and fraud control and communications process
8
Identify inefficient processes, develop implementation plans for process efficiencies
9
Review updated internal audit plan, along with cost-reduction ideas, with key stakeholders to gain support
10
Implement (add measurement, feedback and adjustment processes for continuous improvement)
Transforming the role regarding corporate governance
PricewaterhouseCoopers
15
Questions
Internal Audit transformation
PricewaterhouseCoopers
16
PwC – enhancing the value
delivered by internal audit
© 2009 PricewaterhouseCoopers. All rights reserved. “PricewaterhouseCoopers” refers to the network of member firms of PricewaterhouseCoopers International Limited, each
Internal
transformation
of whichAudit
is a separate
and independent legal entity. *connectedthinking is a trademark of PricewaterhouseCoopers LLP (US).
PricewaterhouseCoopers
17
Related documents
Evolution of an Automated Internal Audit Management System
Evolution of an Automated Internal Audit Management System
Audit Poster - BSG Colonoscopy Audit
Audit Poster - BSG Colonoscopy Audit
Big Data As Complementary Audit Evidence
Big Data As Complementary Audit Evidence
Lutz Internal Audit Director 10 22 2015
Lutz Internal Audit Director 10 22 2015
LGFMA Presentation - Internal Audit Program Model
LGFMA Presentation - Internal Audit Program Model
Title: Audit
Title: Audit
CIS 349 – Information Technology Audit and Control
CIS 349 – Information Technology Audit and Control
Download