ias conference adding value through internal audit · adding value through internal audit ......
TRANSCRIPT
22/09/2014 1
www.eciia.eu
“Enhancing governance through internal audit “
IAS Conference Adding Value through Internal Audit
• Internal Auditors:
• The Good?
• the Bad?
• the Ugly?
1
That’s the question!
22/09/2014 2
www.eciia.eu
“Enhancing governance through internal audit “
www.eciia.eu
“Enhancing governance through internal audit “
RISK
Audit Committee & Board
Senior Management
Management and employees
Risk Management
Financial reporting review
teams
Environmental, Health
and Safety Auditors
Compliance
Quality assurance
Internal auditors
External auditors
Other External assurance
providers
The Stakeholders' relationship Identify assurance providers
2
22/09/2014 3
www.eciia.eu
“Enhancing governance through internal audit “
www.eciia.eu
“Enhancing governance through internal audit “ 3
• Keys to success for Internal Audit:
• Multi-dimension approach
• Stakeholder expectations alignment
• Governance effectiveness
• Assurance provider maturity
• Assurance map: concept of the 3 lines of defence
• CAE engagement
The Stakeholders' relationship Good practices
22/09/2014 4
www.eciia.eu
“Enhancing governance through internal audit “
Interaction and cooperation with External Audit
• Why cooperate?
• Help Board to obtain more comprehensive view of operations and risks
• Avoid duplication of audit
• Coordination of activities and recommendations, coordinated benefit for management
• If external audit, to build on internal audit regulated by ISA 610
• Scope of risk examination
• External audit gathers risk information limited to financial reporting risks
• Internal audit looks at strategic, business and compliance risks
4
22/09/2014 5
www.eciia.eu
“Enhancing governance through internal audit “
www.eciia.eu
“Enhancing governance through internal audit “
Business partner relationship
• Instil the concept of customer service throughout the
audit process : act as if you had competition and your
audit customer had a choice of provider
• Do not plan in silos, include all relevant parties, as
appropriate in the initiating and planning phases of
internal audit engagements
• Run each engagement as a project
5
22/09/2014 6
www.eciia.eu
“Enhancing governance through internal audit “
www.eciia.eu
“Enhancing governance through internal audit “
Do
• Identify all stakeholders
• Ask for feedback from the different stakeholders
• Listen to stakeholders' expectations
• Organize regular meetings with stakeholders
• Understand the business
• Make forward-looking recommendations
• Focus on results and not on tasks
• Invest in personal development
• Have fun on assignments
• Keep the discussion and dialogues open
• Work in silos
• Duplicate the work of others and vice- versa
• Only mention bad things
• Work with no goal
• Reject changes
• Follow one stakeholder rather than others in conflicts
• Forget about ethics
• Be too technical
• Escape the trust of others
• Be paralyzed by the fear of failure
Do not Do !
6
22/09/2014 7
www.eciia.eu
“Enhancing governance through internal audit “
Five imperatives to address challenges and opportunities in the year ahead
• Assess/address emerging stakeholder expectation gaps on focus and capabilities
• Develop and implement knowledge and talent acquisition strategies
• Develop/enhance continuous methodologies for assessing risks
• Assume a leadership role in coordinating / aligning the 2nd and 3rd lines of defence
• Seek out innovative solutions to enhance internal audit efficiency
7
22/09/2014 8
www.eciia.eu
“Enhancing governance through internal audit “
www.eciia.eu
“Enhancing governance through internal audit “
Making the most of the Internal Audit Function: Recommendations for Directors and Board Committees
• Evaluating the need for establishing an internal audit function when such
function does not exist
• Assessing and approving the internal audit charter
• Ensuring effective communication lines between the Chief Audit Executive
and the Board
• Evaluating the internal audit plan
• Assessing the staffing of the internal audit function
• Gaining assurance regarding the quality of the internal audit function’s work
• Overseeing the relationship between the internal audit function and the
organization's centralized risk monitoring function
• Coordinating the internal audit function with the work of external audit
• Assessing internal audit reporting
• Monitoring management follow-up of internal audit recommendations.
8
22/09/2014 9
www.eciia.eu
“Enhancing governance through internal audit “
www.eciia.eu
“Enhancing governance through internal audit “
Adding Value through Internal Audit
Appendix: About ECIIA
9
22/09/2014 10
www.eciia.eu
“Enhancing governance through internal audit “
European Confederation of Institutes
of Internal Auditing (ECIIA)
The ECIIA represents the beacon of the Internal Audit
profession in the wider geographic area of Europe and the
Mediterranean basin:
35 countries
40.000 members
Primary objective of furthering the development of corporate
governance and internal audit through knowledge sharing,
key relationships and regulatory environment oversight
Our mission is to promote the Internal Audit
profession at the European Level
10
22/09/2014 11
www.eciia.eu
“Enhancing governance through internal audit “
ECIIA publications
• Guidance on the 8th EU Company Law Directive Article 41 (with FERMA) Parts 1 & 2
• Reinforcing audit committee oversight over global assurance and internal audit
• Corporate Governance Codes on Internal Audit
• Making the most of the internal audit function (with Ecoda)
• The role of internal audit under Solvency II
• Improving cooperation between external and internal audit
11
22/09/2014 12
www.eciia.eu
“Enhancing governance through internal audit “
www.eciia.eu
“Enhancing governance through internal audit “
ECIIA promotes the 3 LOD
12
The Three Lines of Defence Model for risk assurance mapping
22/09/2014 13
www.eciia.eu
“Enhancing governance through internal audit “
www.eciia.eu
“Enhancing governance through internal audit “
Internal Audit Positioning Application of the 3 Lines of Defence model
To ensure clarity of roles and responsibilities in organizational governance, the “3 lines of Defence” model defines three levels of control:
1ST
LIN
E
Operational management
has ownership, responsibility and accountability for assessing, controlling and mitigating risks
2N
D L
INE Internal governance
functions (Group support and control functions)
monitors and facilitates the implementation of effective risk management practices by the 1st line and assists risk owners in reporting adequate risk-related information throughout the organization
3R
D L
INE
Internal Audit
provides assurance to the Group governing body and senior management on the organization’s effectiveness in assessing and managing its risks and related internal control systems, including the manner in which the 1st and 2nd lines operate
| 13 13
22/09/2014 14
www.eciia.eu
“Enhancing governance through internal audit “
Internal Audit Positioning
• The Three Lines of Defence model has helped articulate internal audit’s role / value
• Encroachment between 2nd and 3rd lines of defence is occurring
• Audit / oversight fatigue presents challenges and opportunities
• Internal audit can be a leader in coordinating key players
14