Quality Assessment - The Road to Professionalism

advertisement
External Quality
Assessments
www.theiia.org
Session Overview
• Quality Standards
• Internal Quality Assessments
• External Quality Assessments
• Peer Reviews
• Common Problems Observed
• Online Resources Available
www.theiia.org
Professional Practices
Framework
• International Standards for the Professional
Practice of Internal Auditing (Standards)
– Mandatory Guidance
• Attribute
• Performance
• Implementation
– Assurance
– Consulting
• Practice Advisories
• Development and Practice Aids
www.theiia.org
Quality Standards
• 1300 - Quality Assurance and Improvement Program
• 1310 - Quality Program Assessments
• 1311 - Internal Assessments
• 1312 - External Assessments
• 1320 - Reporting on the Quality Program
• 1321 - Use of “Conducted in Accordance with the
Standards”
• 1322 - Disclosure of Noncompliance
www.theiia.org
Standard 1311
Internal Quality Assessments
• Ongoing
•
•
•
•
•
Work Paper Reviews
Performance Evaluations
Actual vs. Budgeted Analysis
Various Monitoring Metrics
Customer Surveys
• Periodic
• Self-Assessment
– Annually – Covering all Standards over 5 years
– Quarterly/Semi-Annual – Portions of Standards each
year
– Assess compliance with IA Activity Charter
www.theiia.org
Standard 1312
External Quality Assessments
• Required every 5 years
• Standard enacted January 1, 2002
• Two methods:
– External Quality Assessment with the
review and report by an independent team
– Self Assessment with report validation by
an Independent Validator
www.theiia.org
Objectives of External
Reviews
• Provide an opinion on the internal audit
activity’s conformance to the spirit and intent
of the Standards.
• Assess the efficiency and effectiveness of the
internal audit activity in light of:
– Its charter
– Expectations of the board, executive management,
and the CAE
• Identify opportunities and offer ideas and
counsel to the CAE and staff for:
– Improving their performance
– Increasing the value they add to the enterprise
www.theiia.org
Why Conduct an External
Quality Assessment?
To provide independent analyses:
– Do we meet professional standards?
– Can things be done better?
– Should more be done?
– Is maximum value being received for each
dollar of expense?
– Can we add more value to management
and the audit committee?
– Can we enhance our image, perceptions,
and credibility within the organization?
www.theiia.org
Standard 1321
Use of "Conforms with the
Standards"
• Internal auditors are encouraged to
report that activities are in conformance
with the Standards
• However, internal auditors may use the
statement only if assessments of the
quality assurance and improvement
program demonstrates conformance
with Standards.
www.theiia.org
External Quality Assessment
• Contract with outside provider to perform
review, write the report and determine the
compliance with the Standards:
– Regional accounting firms
– Outsource providers
– Independent consultants
– Independent Peers
www.theiia.org
Self Assessment with
Independent Validation
• Internal Audit Activity conducts their own Self
assessment, determines compliance with the
Standards and writes the report
• Internal Audit Activity then engages an
independent Validator to review documentation
and perform limited testing
• Validator concurs with report or disagrees and
issues own report (opinion)
• Validator can be an external service provider or
from a peer pool
www.theiia.org
Peer Reviews
• Peer reviews between three or more
organizations does meet the requirements of
an external quality assessment.
• Reciprocal peer reviews between two
organizations would not pass the
independence test.
• Contract between three (3) or more
companies within the same industry or other
affinity group, regional association, or other
group of organizations.
www.theiia.org
Competence of Assessors
and Validators
• Practice Advisory 1312-1 recommends:
– Be a competent, certified audit professional.
– Be well versed in the best practices of the
profession.
– Have at least three years of recent experience in the
practice of internal auditing at a management level.
– Have additional competence gained from working
previously as a team member on an external quality
assessment.
www.theiia.org
Independence of Assessors
and Validators
• Practice Advisory 1312-1 recommends:
– “be free from any obligation to, or interest
in, the organization whose internal audit
activity is the subject of the assessment …”
www.theiia.org
A 12-Point Process
1.
2.
3.
4.
5.
Select and train a QA team
Have the CAE complete the QA self-study
Make a preliminary visit to the organization
Use customer and staff surveys
Perform the on-site work including:
–
–
–
–
–
–
Review of administrative policies and procedures
Consideration of enterprise risk’
Evaluation of risk assessment in audit planning
Review of working papers and final reports for selected
engagements
Review of number and skills of internal audit staff
Evaluate adequacy of IT audit coverage
www.theiia.org
A 12-Point Process
6. Evaluate the internal audit activity’s effectiveness at
remaining current and adding value through interviews
with:
– Selected members of the board
– Executive management
– Operating managers
– Internal audit staff
7. Consider other monitoring functions, and evaluate
coordination of internal audit work with that of
independent auditors.
8. Evaluate the internal audit activity’s conformance with
IIA Standards and other relevant standards.
www.theiia.org
A 12-Point Process
9.
Review quality/process improvement actions currently
underway
10. Provide a summary of issues and recommendations,
and hold a closing conference with the CAE and/or
other requestors.
11. Draft a report, obtain comments, and issue a final
report
12. Hold a follow-up executive conference (optional)
www.theiia.org
Common Problems Observed by
IIA External Assessment Teams
• Inappropriate CAE reporting relationships
• Out-of-date charters for internal audit activity
• Lack of board approved policy on internal control
responsibility
• Client perception of inadequate audit staff knowledge
• Lack of a formalized risk assessment process
• Lack of understanding regarding:
– Internal audit activity’s consulting responsibilities
– Reflection of consulting in the mission and charter
• Inadequate IT coverage or technical skills
www.theiia.org
Quality Assessment
Resources at
www.theiia.org/quality
• Frequently Asked Questions about Quality
• Providers of External Quality Assessments
• List of Organizations with Completed
External Quality Assessments
• Becoming a QA Volunteer
www.theiia.org
Quality Assessment
Resources at
www.theiia.org/quality
•
•
•
•
•
•
Sample request for a quality assessment proposal
Quality Assessment Advanced Preparation
Audit Customer (Client) Survey
Internal Audit Staff Survey
Self-Assessment Guide
Models
–
–
–
–
Model
Model
Model
Model
Audit Committee Charter
Internal Audit Activity Charter
Management Control Policy
Quality Assurance and Improvement Program
www.theiia.org
Questions?
www.theiia.org
IIA Contact
247 Maitland Avenue
Altamonte Spring, Florida 32701-4201
USA
Tel + 1.407.937.1399
Fax +1.407.937.1101
E-mail: quality@theiia.org
www.theiia.org
Download