• No results found

Accelerate Your Audit Maturity

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Accelerate Your Audit Maturity"

Copied!
28
0
0

Loading.... (view fulltext now)

Download now ( 28 Page )

Full text

(1)

Accelerate Your Audit Maturity

(2)

Speaker

Noah Gottesman

Director of Advisory & Innovation at Thomson Reuters Accelus

Noah Gottesman is part of Thomson Reuters Accelus focusing on our workflow solutions and services. Leveraging his background in internal audit and internal controls, he provides both industry thought leadership as well as real world client experiences and opportunities. Prior to Thomson Reuters Accelus, Noah was a Senior Manager with Ernst & Young, LLP (EY)’s Advisory Services Risk and IT Risk practices, where he spent the last thirteen years serving a variety of global clients on their internal audit and internal control needs. He performed risk-based financial, operational and compliance audits across multiple processes or cycles including: budget and planning, contract / subcontract, order-to-cash, collections and receivables, revenue recognition, supply chain, procure-to-pay, payroll and financial reporting.

The views and opinions expressed in this paper are those of the author and do not necessarily reflect the official policy or position of Thomson Reuters. Some of the situations that I mention may or may not be true and the identities of any parties involved have been disguised.

(3)

Up the Curve: Accelerate Your Audit

Maturity

“We thus make a fundamental distinction between

competence (the speaker-hearer's knowledge of his

language) and performance (the actual use of language in

concrete situations). “

~ASPECTS OF THE THEORY OF SYNTAX by Noam Chomsky, 1965, Chapter I – Methodological Preliminaries, Generative Grammars as Theories of Linguistic Competence, page 4. http://faculty.georgetown.edu/irvinem/theory/Chomsky-Aspects-excerpt.pdf

(4)

Perspective of Internal Audit

Objective: Up the Curve: Accelerate Your Audit Maturity

is

truly about focusing attention on the basics,

with a minimal

distinction in approach,

Data Collection

versus

(5)

Altering Internal Audit’s Approach

The order of words demonstrates a minimal distinction in the

approach for both the Internal Audit professional and the Internal

Audit subject, why?

The order of the words Data Collection is usually used to

discuss security and access,

The order of the words Collecting Data is more a part of a

(6)

Up the Curve: (Context)

Our opportunity involves the minimal distinction in our approach in

Collecting Data

, for example:

The above logos, trademarks, images, are owned by their respective corporations such as Facebook, Snapchat, Twitter, Foursquare, Evernote, 3M Post-It, Microsoft, Apple, and Google, and are used for the sole purpose of illustrating how written communication in many forms continues to increase.

-

Why collect?

-

Why collect this data?

-

How did we go about collecting?

-

What are we going to perform with this data?

-

Why are we going to perform those activities?

-

How are we going to perform those activities?

Current Events

focus on Data

(7)
(8)

Internal Audit’s Methodology

Risk

Assessment

Monitor,

Track, and

Update

Understand

the

business

Communicate

Results

Audit

Execution

(Fieldwork)

(9)

Internal Audit what goes wrong?

Lack of knowledge around strategic plan, operational objectives,

• Insufficient knowledge around Industry, Geography, and Economic trends impacting the business

• Cookie cutter questions, answers, and analysis that does not represent the current state of the organization

Audit Plan does not align with risks identified through Risk

Assessment

• Lack of supporting evidence, unsubstantiated findings, and no root cause analysis, (Criteria, Condition, Cause, Effect,

Lack of budgeting, status reporting, tracking of Internal Audit activity

progression,

Limited Internal Audit communication/coordination with the

(10)
(11)

Accelerate the Audit Maturity

If the solution is Internal Audit, then we

should be able to articulate why?

(12)

Using the 5 Whys

To borrow from Toyoda

(

now:

Toyota Industries Co.

)

Sakichi Toyoda, Japanese

inventor, industrialist, coin the

concept around the 5 Why

Statements,

Taiichi Ohno, Japanese

engineer, championed the use

of 5 Why Statements to identify

the root cause in the Toyota

Production System

http://www.toyotaglobal.com/company/toyota_traditions/quality/mar_apr_2006.html

(13)

Why Internal Audit?

(1 of 5)

Why?

To provide an independent, objective assurance and

consulting activity designed to add value and improve an

organization's

operations.

It

helps

an

organization

accomplish

its

objectives

by

bringing

a

systematic,

disciplined

approach

to

evaluate

and

improve

the

effectiveness of risk management, control, and governance

processes.

Note: Only some of the U.S. (New York Stock Exchange) and country stock exchanges

require publicly traded companies to have an internal audit activity to provide

assessment of internal controls and risk management. Many private companies, though not required to do so, also are establishing internal auditing. – excerpt from the IIA website…

Note: Consideration of the French law (Section L. 225–37 of the French Commercial

Code),

As defined by The Institute of Internal Auditors (IIA) (http://www.theiia.org), a global organization setup and aligned with other Accounting, Finance, Risk, and Compliance associations. https://na.theiia.org/standards-guidance/mandatory-guidance/Pages/Definition-of-Internal-Auditing.aspx

(14)

Why Internal Audit?

(2 of 5)

To provide an alternative perspective about the governance,

risk, and control structure to the opinions of the External

Auditor and Management…

(15)

Why Internal Audit?

(3 of 5)

To

champion

organization

initiatives,

continuous

performance, and continuous improvement throughout the

organization; to evolve the overall culture of transparency

and accountability,

(16)

Why Internal Audit?

(4 of 5)

To coach, develop, and mentor future business leaders that

embody the organizational culture, understand the control

environment, and understand the impact of Internal Audit on

the organization,

(17)

Why Internal Audit?

(5 of 5)

Why?

This was intentionally left blank…..

As Internal Audit professionals, our opportunity is to answer

the 5 Whys for our own organization….

Now, that is the definition of a mature Internal Audit Department,

Are the answers to the ‘5 Whys’ clearly defined and communicated to:

The Audit Committee,

Executive Management,

Senior Management,

Your colleagues,

(18)

UP THE CURVE

How to mature..

(19)

Internal Audit Maturity:

Protocols

Audit Committee Charter,

Internal Audit Charter,

Internal Audit Professional

Practices Framework,

Quality Assurance and

Improvement Program,

(20)

Internal Audit Maturity:

Protocols

• Require new hires to Internal Audit to review the Audit Committee Charter,

• Develop ongoing definitions of Internal Audit activities that include the types of Assurance and Advisory services,

• Develop budgeting standards that align with the rest of the organization,

• Track each Internal Audit Activity as if the Internal Audit was a cost center,

• Review how your Internal Audit Department adheres with the Internal Auditors Professional Practices Framework (IPPF), think about the transparency, accountability, and performance

• Review the frequency and type of interactions between the Audit Committee, Executive Management, External Auditor, to discuss expectations and alignment of Internal Audit Plan of Activities, these sessions should occur outside of regular Audit Committee meetings,

• Create an ongoing communication plan that includes the many annual Internal Audit touch-points with Executive Management and Senior Management,

(21)

Internal Audit Maturity:

Resources

Competency and Annual

Goals, aligned to Schedule,

Formal / Informal Coaching,

Training

Roles, Responsibilities,

Ongoing Performance

Reviews,

(22)

Internal Audit Maturity:

Resources

• Develop career plans with all levels of Internal Audit professionals, whether they are inside the department, company, etc.,

• Coordinate and scheduled Internal Audit professionals based on past performance and career plans,

• Develop both team and individual performance feedback loops as part of each Internal Audit activity ( over 40 hours),

• Challenge “negative” performance feedback as opportunities for coaching/mentoring, similar to the overall organization policy and procedures,

• Provide multiple training opportunities that are either self-lead or lead by peers within the department or company,

• Require ongoing knowledge sharing per Internal Audit activity, “take a coin, give a coin,”

• Recognize individual and team performance both inside and outside of the department,

(23)

Internal Audit Maturity:

Methodology

Formal Methodology

Access to Strategic Plan,

ERM Plan,

Computer Assisted Auditing

Techniques (CAATs),

Department Metrics and

Measures,

Standards, Frameworks, and

Industry requirements,

(24)

Internal Audit Maturity:

Methodology

• Develop formal documentation that answers the 5 Whys for

• Internal Audit,

• Annual / Ongoing Risk Assessment,

• Internal Audit Plan and Coverage,

• Issues, Actions, and Remediation,

• Benchmark your Internal Audit Methodology, Policies, and

Procedures,

outside of External Quality Assessment Review,

• Map/cross-reference each Internal Audit to the strategic plan,

objectives, and / or ERM/ORM activities,

• Map/cross-reference findings and recommendations to the

strategic plan, annual objectives, or key initiatives,

• Coordinate and champion a unified approach to Internal

Controls and Risk Management,

(25)

Internal Audit Maturity:

Technology

Knowledge of IT environment,

IT Principles, Standards,

Frameworks,

Collaboration with CTO, CISO,

CIO,

(26)

Internal Audit Maturity:

Technology

• Challenge current Internal Audit professionals to be experts in

data governance,

• Establish performance goals that incorporate certifications, IT

systems, IT frameworks, and IT standards,

• Incorporate IT Governance, IT systems, IT frameworks, and IT

standards into

all aspects of the Methodology and Knowledge

Management,

• Develop a formal and informal working relationship with the

CIO, CTO, CISO, and IT/IS professionals,

• Seek IT professionals and train them on Internal Audit, the

organization, etc.,

Understanding a Process is about learning how people interact

with all types of Technology,

(27)
(28)

Further Reading

• Organization for Economic Co-operation and

Development (OECD)

Corporate governance and the Financial Crisis

• http://www.oecd.org/corporate/ca/corporategovernanceprinciples/42670210. pdf

http://www.oecd.org/daf/ca/risk-management-corporate-governance.pdf

http://www.oecd.org/daf/ca/SupervisionandEnforcementinCorporateGov

http://faculty.georgetown.edu/irvinem/theory/Chomsky-Aspects-excerpt.pdf http://www.theiia.org • http://www.oecd.org/corporate/ca/corporategovernanceprinciples/42670210.pdf –http://www.oecd.org/daf/ca/risk-management-corporate-governance.pdf –http://www.oecd.org/daf/ca/SupervisionandEnforcementinCorporateGov

References

Download now ( PDF - 28 Page - 878.20 KB )

Related documents

Educational leadership for international partnerships between New Zealand and east Asian Chinese higher education institutions

be identified as the author of the thesis, and due acknowledgement will be made to the author where appropriate.  You will obtain the author’s permission before publishing

Quality management systems

Document change request Master quality record index Internal audit schedule, Internal audit plan,. Internal audit assignment, Internal audit gap analysis, Internal

Cost-benefit analysis of vaccination: a comparative analysis of eight approaches for valuing changes to mortality and morbidity risks.

Methods: To understand the implications of different CBA approaches for capturing and monetising benefits and their potential impact on public health decision-making, we conducted a

Neuspesno reformiranje hrvaskega visokega solstva

enjoy wide regulatory autonomy in the higher education sector, and that the closure of relevant chapters confirms national higher education policy, will be challenged: while

Methylome-wide Sequencing Detects DNA Hypermethylation Distinguishing Indolent from Aggressive Prostate Cancer

Of the patterns of differentially methylated regions (DMRs) we detected, hypermethylation specific to high-grade (high grade DMRs) and hypermethylation shared by low and high

Lilium longiflorum and molecular floral development: the ABCDE model

A D function was added to the early ABC model as a result of studies of homeotic MADS-box genes involved in Petunia ovule development (Angenent et al., 1995; Angenent and

Security Evaluation And Planning

Value added to information security evaluation planning and whatnot in to plan, supplement ccs and who manage or initiative made for you will be applied to evaluate the

HUMAN SERVICE AGREEMENTS MANUAL

Before an exempt human service funding agreement can be finalized and awarded to the vendor, sign-off must be secured from the Director, Office of Contract Policy, Management