Add to collection(s) Add to saved
  1. Business

IIA QA Program Requirements

advertisement 
IIA QA Program Requirements
Presentation to
CAUBO Internal Audit Group
June 18, 2005
Ingrid Loewen, CA.CIA
Director, Internal Audit, Manitoba Liquor Control Commission
Mary Ann Mork, CA.CIA
Director, Audit Services, University of Manitoba
1
IIA QA Program Requirements
Presentation Overview
•
•
•
•
•
•
•
Background
IIA QA Attribute Standards (AS) - Overview
Reasons for QA Program
Internal QA Process
External QA Process
Common QA findings
Where to next?
2
IIA QA Program Requirements
Background
• US SOX / Canadian Bill 198
– Specific requirements for AC & IA
– CEO / CFO certifications
• IA to advise on certification process
• IA to issue opinion on IC
• Promote use of COSO framework as criteria
• Impact on University Environment
• Best practices
• Taxpayers want accountability
3
IIA QA Program Requirements
Attribute Standards:
1300 QA and Improvement Program
• CAE should develop & maintain
• Covers all aspects of IA activity & continuously
monitors its effectiveness
• Designed to add value, improve operations &
provide assurance of IA compliance with IIA stds
& COE
4
IIA QA Program Requirements
Attributes Standards: (con’t)
1310 Quality Program Assessments
• IA should adopt a process to monitor &
assess effectiveness of their program
• Including
– internal reviews
– External review
5
IIA QA Program Requirements
Attributes Standards: (con’t)
1311 Internal Assessments
Includes
• Ongoing performance reviews
• Periodic “self-assessments” or reviews by other
knowledgeable persons with in organization
6
IIA QA Program Requirements
Attributes Standards: (con’t)
1312 External Assessments
• At least once every 5 years
(1st due Dec 2006)
• By a qualified, independent reviewer / review
team from outside organization
• ***Independent verification of “periodic internal selfassessment” is most efficient and cost effective
method***
7
IIA QA Program Requirements
Attributes Standards:
(con’t)
1320 Reporting on Quality Program
• CAE communicates results of External
Assessment to Board (AC)
8
IIA QA Program Requirements
Attributes Standards: (con’t)
1330 Use of “Conducted in Accordance
with the IIA Standards”
– IA encouraged to use this phrase
– Use ONLY if assessments of the QA program
demonstrate the IA is in compliance with the
standards
9
IIA QA Program Requirements
Attributes Standards:
(con’t)
1340 Disclosure of Noncompliance
– When noncompliance impacts overall scope
or operation of IA activity disclosure should be
made to SM and AC
10
IIA QA Program Requirements
Reasons for QA program:
• To assess IA effectiveness & efficiency
• To assess IA conformance with IIA standards
• To identify opportunities for improvement
11
IIA QA Program Requirements
Ongoing Internal QA review process
• Most effective if built into IA system
–
–
–
–
–
Supervision, file reviews
Checklists, programs, plans
Stakeholder feedback
Performance measures
Time budgets
• Conclude on quality of ongoing performance
• Implement follow-up action to ensure
improvements
12
IIA QA Program Requirements
Ongoing Internal QA review process (con’t)
Balanced Scorecard Approach / Competency Model
•
•
•
•
•
•
Quantitative (# projects scheduled / completed, timeliness, training hrs)
Client (responsiveness, client expectations, relationship)
University knowledge (applying knowledge, emerging issues)
Skills development (mentoring, training, coaching, developing)
Technical development (audit, accounting, regulatory, technology)
Innovation (best practice promo, involvement in professional organization,
leadership,)
13
IIA QA Program Requirements
Periodic Internal QA Review Process
• Decision to perform formal internal assessment
(prepare for external, assess IIA standards conformity, E&E insight, best practice, value
added, improvement, )
• Internal Assessment team
(CAE, Direct report, AC chair/ member –
knowledgeable about IA & standards)
• Self Assessment (with Independent validation alternative to External
review, more in-depth, more focused, less costly)
• CAE questionnaire (E&E, conformity to standards, improvements)
• Surveys (audit customers & staff)
14
IIA QA Program Requirements
Periodic Internal QA review (Con’t)
• Review activities
(WP’s, balanced sample, document review)
• Interviews
(AC chair, SM, Mgmt – to obtain views on IA value &
professionalism, client expectations & suggested improvements)
• Evaluation (Summary of issues & degree of conformance with IIA standards)
• Reporting (agreed form & communication medium, CAE response,
internal only)
• Follow-up
(at least annually, documented & reported to report recipients)
15
IIA QA Program Requirements
External QA Review Process (12 points)
1. Select a QA team
•
•
•
O/S organization – University and other
Qualified, objective, experienced – accredited
in QA validation
Size – depends on scope of review, at least 2
for broad perspective
16
IIA QA Program Requirements
External QA Review
2. Prepare the self study for the team
•
Comprehensive questionnaire and
documentation in specific info about
organization & IA staff (org charts, policies, F/S,
stats, IA activity)
•
•
Prepared by or under supervision of CAE
External QA team reviews prior to on-site
work
17
IIA QA Program Requirements
External QA Review
3. External team leader makes a preliminary
visit to the organization
•
•
•
•
•
•
•
Confirm objectives
Identify survey recipients
Arrange IA staff survey / meetings
Discuss self study / assessment contents
Select interview candidates
Administrative details
Prepare brief summary
18
IIA QA Program Requirements
External QA Process
4. Send out customer and staff surveys
•
•
•
•
•
Excellent feedback
Before on-site work – send, completion,
return, analyze surveys
Use email / online methodology
Consider externally administered for complete
anonymity
IA staff – survey only if you can’t interview
them all!
19
IIA QA Program Requirements
External QA Review
5. Evaluate IA activity’s effectiveness at
remaining current and adding value through
interviews with:




Audit Committee Chairperson
Senior management
Operating managers
Internal audit staff
20
IIA QA Program Requirements
External QA Review
5. Interviews:
(con’t)
Used to elicit views on:
• Value of audits & consultations
• Client expectations
• Professionalism of audit staff
• Areas to improve IA activity
• Risk mgmt, organizational controls,
accountability & general mgmt of the
organization
21
IIA QA Program Requirements
External QA Process
6. QA team performs the on-site work
including:






Review of administrative policies and procedures
Consideration of enterprise risk
Evaluation of risk assessment in audit planning
Review of working papers and final reports for
selected engagements
Review of number and skills of internal audit staff
Evaluate adequacy of IT audit coverage
22
IIA QA Program Requirements
External QA Process
7. Evaluate coordination of internal audit work
with that of independent auditors and other
monitoring functions.
8. Evaluate internal audit activity’s conformance
with IIA Standards and other relevant
standards.
23
IIA QA Program Requirements
External QA Process
9. Review quality/process improvement
actions currently underway
10. Provide summary of issues and
recommendations, and hold closing
conference with the CAE and/or other
requestors.
24
IIA QA Program Requirements
External QA Process
11. Draft a report, obtain comments, and issue a
final report
•
Copies to CAE, Direct report, AC Chair
12. Hold a follow-up executive conference
(optional)
•
Presentation to AC & SM
25
IIA QA Program Requirements
Common QA Findings
•
•
•
Inappropriate CAE reporting relationships
Out-of-date charters for IA activity and/or audit committee
Lack of board approved policy on internal control responsibility
(outlines responsibilities for mgmt, IA and AC)
•
•
•
Client perception of inadequate audit staff knowledge
Lack of a formalized risk assessment process
Lack of understanding regarding:
–
–
•
•
Internal audit activity’s consulting responsibilities
Reflection of consulting in the mission and charter
Inadequate IT coverage or technical skills
Insufficient Training
26
IIA QA Program Requirements
Common QA Findings (con’t)
•
•
•
•
•
•
•
•
•
•
Risk Assessment Deficiencies
Audit Universe Deficiencies
Lack of Performance Measurements
Failure to Track Auditors’ Time
Poor Cycle Time
Inconsistent work papers
Non-electronic work papers
Audit Report Deficiencies, e.g., lack of Executive Summary, too long
No overall report conclusion
Findings aren’t ranked according to risk (high, med, low)
27
IIA QA Program Requirements
Where to next?
• Determine who has / is / plans to implement a
QA program at their University?
• Form QA oversight team? – mandate?
• Form teams to perform QA reviews
• Include University and O/S people
• Need some University IAs accredited for “Internal QA
Validations” by IIA
28
IIA QA Program Requirements
Thank you!
Questions?
29
Related documents
Research Methods
Research Methods
TECHNICAL MESSAGES OF THE IIA – UK AND IRELAND
TECHNICAL MESSAGES OF THE IIA – UK AND IRELAND
Bio-Joyce, Mike
Bio-Joyce, Mike
INSTITUTE OF INTERNAL AUDITORS - UK & IRELAND
INSTITUTE OF INTERNAL AUDITORS - UK & IRELAND
Course Description
Course Description
News from The IIA
News from The IIA
Download
advertisement