Скачать презентацию Who Audits the Auditors The value of Internal Скачать презентацию Who Audits the Auditors The value of Internal

e63d13b06915cc8626d1aec5aeaba439.ppt

  • Количество слайдов: 43

Who Audits the Auditors? The value of Internal and External Quality Assessments Speaker: www. Who Audits the Auditors? The value of Internal and External Quality Assessments Speaker: www. theiia. org/Quality

Speaker Background Information www. theiia. org/Quality Speaker Background Information www. theiia. org/Quality

Topics we will cover Today www. theiia. org/Quality Topics we will cover Today www. theiia. org/Quality

Key Areas of Discussion Today üQuality Improvement & Assurance Program üExternal quality assessments and Key Areas of Discussion Today üQuality Improvement & Assurance Program üExternal quality assessments and why your audit group should have one üWhat to expect from an external QA üHow to get the most value from a QA How an Audit professional should prepare for a QA www. theiia. org/Quality

Some areas we will NOT talk about today üAll of the Standards with which Some areas we will NOT talk about today üAll of the Standards with which you need to comply to pass a QA üAll of the components of an effective quality program There just isn’t enough time to do this and the IIA and other organizations have seminars, books and CDs covering these topics www. theiia. org/Quality

A Show of Hands How many Internal Audit Activities have a QA&IP in place A Show of Hands How many Internal Audit Activities have a QA&IP in place today? www. theiia. org/Quality

A Show of Hands How many work for an organization that has had an A Show of Hands How many work for an organization that has had an external QA? www. theiia. org/Quality

A Show of Hands How many work for an organization that has not had A Show of Hands How many work for an organization that has not had an external QA? Is anyone planning to have one? www. theiia. org/Quality

A Show of Hands How many have been part of an external QA team? A Show of Hands How many have been part of an external QA team? www. theiia. org/Quality

Does this look familiar? http: //www. theiia. org/guidance/standards-and-practices/professional-practices-framework/ www. theiia. org/Quality Does this look familiar? http: //www. theiia. org/guidance/standards-and-practices/professional-practices-framework/ www. theiia. org/Quality

Have you read the Quality Standards? Standard 1300 Quality Assurance and Improvement Standard 1310 Have you read the Quality Standards? Standard 1300 Quality Assurance and Improvement Standard 1310 Quality Program Assessments Standard 1311 Internal Assessments Standard 1312 External Assessments www. theiia. org/Quality

Standard 1300: Quality Assurance and Improvement Program (QA&IP) The chief audit executive must develop Standard 1300: Quality Assurance and Improvement Program (QA&IP) The chief audit executive must develop and maintain a quality assurance and improvement program that covers all aspects of the internal audit activity and continuously monitors its effectiveness. The program must be designed to help the internal auditing activity add value and improve the organization’s operations and to provide assurance that the internal audit activity is in conformity with the Standards and the Code of Ethics. www. theiia. org/Quality

Quality Assurance and Improvement Program Why is a Quality Assurance & Improvement Program necessary? Quality Assurance and Improvement Program Why is a Quality Assurance & Improvement Program necessary? As an Organization and its Internal Audit shops grow, its operations undergo refinement, and its internal processes change and evolve, its quality monitoring process must keep pace. www. theiia. org/Quality

Quality and Improvement Program What would be the elements of a Quality and Improvement Quality and Improvement Program What would be the elements of a Quality and Improvement Program? QA www. theiia. org/Quality

1311: Internal Assessments Must include: • Ongoing reviews of the performance of the internal 1311: Internal Assessments Must include: • Ongoing reviews of the performance of the internal audit activity; and • Periodic reviews performed through selfassessment or by other persons within the organization, with knowledge of internal auditing practices and the Standards. • Person(s) conducting assessment can be part of internal audit activity or from another area in the company. www. theiia. org/Quality

Some Elements of a QA&IP • Staff Information (education, skills, certifications) • Audit Plan Some Elements of a QA&IP • Staff Information (education, skills, certifications) • Audit Plan Budget to Actual • Audit Cycle Time • Issues and Recommendations Tracking • Customer Satisfaction Survey • Staff Meeting • Benchmarking to Best Practices • Training • Work Paper Review (ongoing) • QA Review Action Plan www. theiia. org/Quality

Balanced Scorecard for Internal Auditing Board/Audit Committee • Expectations OBJECTIVES • Perspective on IA Balanced Scorecard for Internal Auditing Board/Audit Committee • Expectations OBJECTIVES • Perspective on IA Roles • Satisfaction Surveys • List here. MEASURES • Perspective on IA Roles • List here. • Satisfaction Surveys • Requests • Risk Concerns • Complaints • CAE/AC Private Meetings Management/Audit Customers OBJECTIVES • List here. CORPORATE STRATEGY MEASURES INTERNAL AUDIT STRATEGY • Experience • Reporting Relationships MEASURES • List here. • Importance Levels • Improvements • Education • Certification OBJECTIVES • List here. • Training Internal Audit Processes Innovation/Capabilities OBJECTIVES • List here. MEASURES • List here • Findings • Repeat Findings • Savings • Quality Assessment www. theiia. org/Quality

What is the Value of Quality to Internal Audit ABC Organization Executive Level Internal What is the Value of Quality to Internal Audit ABC Organization Executive Level Internal Audit At this level Internal Audit is not considered a valued resource to the Organization www. theiia. org/Quality

What is the Value of Quality to Internal Audit ABC Organization Executive Level Internal What is the Value of Quality to Internal Audit ABC Organization Executive Level Internal Audit As the Quality of Internal Audit increases the acceptance at the Executive Level gets Internal Audit closer www. theiia. org/Quality

What is the Value of Quality to Internal Audit ABC Organization Executive Level Internal What is the Value of Quality to Internal Audit ABC Organization Executive Level Internal Audit Once Quality is achieved Internal Audit is embraced by the Executive Level as a valuable resource within the Organization www. theiia. org/Quality

Who’s Responsible for the Quality of Internal Audit? • Organization • Chief Audit Executive Who’s Responsible for the Quality of Internal Audit? • Organization • Chief Audit Executive (CAE) Who Will Benefit? • Internal Audit Profession • IA Stakeholders (AC, BOD, Regulatory Body, Sr. Mgmt) • Internal Auditor specially CIA’s www. theiia. org/Quality

Professionalism & Commitment • The Drive to be the Best • Success (individual & Professionalism & Commitment • The Drive to be the Best • Success (individual & organization) • “Persistence with a Purpose” • Professional Development • The Pride to be an Internal Auditor www. theiia. org/Quality

By the way, what’s an external quality assessment (QA)? Professional standards require each internal By the way, what’s an external quality assessment (QA)? Professional standards require each internal audit function to obtain an external quality assessment at least once every five years (Standard 1312) www. theiia. org/Quality

What’s the focus of an external QA? üIIA Code of Ethics üInternational Standards for What’s the focus of an external QA? üIIA Code of Ethics üInternational Standards for the Professional Practice of Internal Auditing üAudit committee & internal audit charters üProfessional certification and education üProcess improvement & best practices www. theiia. org/Quality

What happens in an external QA? üInterview & survey stakeholders üAssess compliance with the What happens in an external QA? üInterview & survey stakeholders üAssess compliance with the IIA Code of Ethics and the Standards üAssess charters, policies & procedures üReview staff experience & qualifications üInspect workpapers www. theiia. org/Quality

What are the benefits of an external QA? üExpert advice & counsel from practitioners What are the benefits of an external QA? üExpert advice & counsel from practitioners with decades of experience and broad exposure to the best IA functions üSounding Board üLeverage for funding, authority, independence & training üVisibility üPipeline to the audit committee & senior management www. theiia. org/Quality

Making a difference… üHBS or equivalent executive training program for CAE üStaffing increases üTraining Making a difference… üHBS or equivalent executive training program for CAE üStaffing increases üTraining and certification support üImplementation of CAATs www. theiia. org/Quality

Why have an external QA? üProfessional credibility üOrganizational credibility üLegal liability üCompliance with Standards Why have an external QA? üProfessional credibility üOrganizational credibility üLegal liability üCompliance with Standards üContinuous improvement üAudit Committee oversight www. theiia. org/Quality

Why are some IA functions not in compliance? (The IIA Common Body of Knowledge Why are some IA functions not in compliance? (The IIA Common Body of Knowledge survey reports 39% of IA functions have never had an external QA) ü 28% of IA functions are less than 5 years old üInternal audit is not regulated üUnaware of the requirement üUnfazed by the penalty üCosts in money and time www. theiia. org/Quality

What problems are commonly found? üInadequate Quality Assurance & Improvement Program üConsulting omitted from What problems are commonly found? üInadequate Quality Assurance & Improvement Program üConsulting omitted from the mission and charter üInadequate IT coverage or technical skills üLack of performance measures www. theiia. org/Quality

What problems are commonly found? üInappropriate CAE reporting relationships üOut-of-date charters üClient perception of What problems are commonly found? üInappropriate CAE reporting relationships üOut-of-date charters üClient perception of inadequate audit staff knowledge üNo formalized risk assessment process www. theiia. org/Quality

What Does It *Cost? Number of Internal Audit Staff Average Size of External QA What Does It *Cost? Number of Internal Audit Staff Average Size of External QA Team Average IA Staff Preparation (Hours) Avg IA Staff Support of QA Team (Hrs) 1 to 2 2 200 33. 5 6. 6 $13, 000 3 to 6 3 110 40 4. 2 $15, 000 7 to 15 4 100 60 5 $22, 000 16 to 20 3 90 70 9. 2 $35, 000 21 to 30 6 135 60 9 $42, 000 31 to 50 5 N/A 10. 5 51 to 70 6 80 50 13 $75, 000 71 to 100 3 200 120 20 $80, 000 Average Time to Complete QA (Days) *Source: IIARF Survey April 2007 Average Cost N/A www. theiia. org/Quality

How long does an external QA take? A sample timeline… RFP 8/1 – 8/15 How long does an external QA take? A sample timeline… RFP 8/1 – 8/15 Prepare background info 9/1 - 9/15 Stakeholder surveys 9/15 – 9/30 GAIN data input on IIA website 9/15 Preliminary meeting 10/15 On-site fieldwork 10/30 – 11/3 Issue draft report 11/15 Receive reply to draft report 11/22 Issue final report 11/29 www. theiia. org/Quality

What is a self-assessment with independent validation (SAIV)? Perform your own internal assessment and What is a self-assessment with independent validation (SAIV)? Perform your own internal assessment and then… Engage an independent party to review your work www. theiia. org/Quality

What’s the advantage of the SAIV? It costs less! www. theiia. org/Quality What’s the advantage of the SAIV? It costs less! www. theiia. org/Quality

What’s the trade-off for a SAIV? Requires IAA to budget more resources Diminished: ü What’s the trade-off for a SAIV? Requires IAA to budget more resources Diminished: ü Independence ü Outside perspective ü Expertise ü Board leverage ü Senior management leverage ü Oomph www. theiia. org/Quality

What should you do? If you can’t get the budget for an external QA, What should you do? If you can’t get the budget for an external QA, go the SAIV route to get into compliance Consider SAIV for your 1 st QA and follow-up with an external QA in 2 -3 years www. theiia. org/Quality

What about peer reviews? “Even if he is lucky, the best barber can count What about peer reviews? “Even if he is lucky, the best barber can count on no more than the 2 nd best haircut” Issues: quality, independence, experience, industry knowledge, confidentiality, etc. www. theiia. org/Quality

How long does an SAIV take? A sample timeline… RFP 8/1 – 8/31 Prepare How long does an SAIV take? A sample timeline… RFP 8/1 – 8/31 Prepare self-assessment 9/1 - 9/30 Stakeholder surveys 9/15 – 9/30 GAIN data input on IIA website 9/15 Preliminary meeting 10/15 On-site validation 10/30 – 11/1 Issue draft report 11/15 Receive reply to draft report 11/22 Issue final report 11/29 www. theiia. org/Quality

IIA Recognition Plaque Organizations that have an external quality assessment completed by The IIA IIA Recognition Plaque Organizations that have an external quality assessment completed by The IIA with a “General Conformance” opinion will receive a recognition plaque www. theiia. org/Quality

Where to Find Quality Resources? • Free Web-Based Resources by IIA Inc. and IIA Where to Find Quality Resources? • Free Web-Based Resources by IIA Inc. and IIA Affiliates (www. theiia. org /Quality) • QA training seminars by IIA Inc. and IIA Affiliates • Local Chapters and Study Groups • Quality Services by IIA Inc. , Affiliates, and Other Service Providers www. theiia. org/Quality

Time for…. Questions? ? ? www. theiia. org/Quality Time for…. Questions? ? ? www. theiia. org/Quality

This presentation is from The Institute of Internal Auditors Global Headquarters www. theiia. org This presentation is from The Institute of Internal Auditors Global Headquarters www. theiia. org Contact us at Quality@theiia. org www. theiia. org/Quality