Presentation is loading. Please wait.

Presentation is loading. Please wait.

Internal Audit It’s Time to Talk About Risk and Control.

Similar presentations


Presentation on theme: "Internal Audit It’s Time to Talk About Risk and Control."— Presentation transcript:

1 Internal Audit It’s Time to Talk About Risk and Control

2 Demands/Expectations of Internal Audit’s Stakeholders Have Changed The Audit Committee and Board: Execution of a comprehensive “risk based audit plan” Expertise and assurance on risks and controls Assistance in executing governance responsibilities Resident “eyes and ears” within the enterprise A “trusted advisor” Management: Expertise and assurance on internal controls Insight, advice, and assurance on enterprise risks Timely and relevant information to facilitate risk management and business decisions Additional financial related coverage External Auditors: Insight into the adequacy of financial controls Execution of a “risk-based audit plan” addressing financial risks – including relevant IT controls The Audit Committee and Board: Execution of a comprehensive “risk based audit plan” Expertise and assurance on risks and controls Assistance in executing governance responsibilities Resident “eyes and ears” within the enterprise A “trusted advisor”

3 Demands/Expectations of Internal Audit’s Stakeholders Have Changed The Audit Committee and Board: Execution of a comprehensive “risk based audit plan” Expertise and assurance on risks and controls Assistance in executing governance responsibilities Resident “eyes and ears” within the enterprise A “trusted advisor” External Auditors: Insight into the adequacy of financial controls Execution of a “risk-based audit plan” addressing financial risks – including relevant IT controls Management: Expertise and assurance on internal controls Insight, advice, and assurance on enterprise risks Timely and relevant information to facilitate risk management and business decisions Additional financial related coverage

4 Demands/Expectations of Internal Audit’s Stakeholders Have Changed External Auditors: Insight into the adequacy of financial controls Execution of a “risk-based audit plan” addressing financial risks – including relevant IT controls The Audit Committee and Board: Execution of a comprehensive “risk based audit plan” Expertise and assurance on risks and controls Assistance in executing governance responsibilities Resident “eyes and ears” within the enterprise A “trusted advisor” Management: Expertise and assurance on internal controls Insight, advice, and assurance on enterprise risks Timely and relevant information to facilitate risk management and business decisions Additional financial related coverage External Auditors: Insight into the adequacy of financial controls Execution of a “risk-based audit plan” addressing financial risks – including relevant IT controls

5 1.Prominent Stature of Internal Audit Within the Organization 2.A Formal Strategic Plan for Internal Audit 3.Continuous Communications with Key Stakeholders 4.An HR Strategy Focused on Stakeholder and Enterprise Needs 5.A Risk Assessment Process that Produces Current Risk Profiles 6.Integrated IT Audit Coverage as a Component of an Overall IT Audit Strategy 7.Integration of Technology Solutions Into Multiple Aspects of Internal Audit Operations 8.A Knowledge Management Strategy 9.A Comprehensive Quality Assurance and Improvement Program 10.Performance Measures Linked to Strategic Goals Attributes of High Performing Internal Audit Functions: “The Top 10”

6 Governance Internal auditing provides assurance to management and the audit committee that risks are understood and managed properly.

7 Internal Auditing’s Role in ERM © The Institute of Internal Auditors at

8 Internal auditors identify all auditable activities and relevant risk factors, and assess their significance. – Investigating – Evaluating – Identifying potential trouble spots – Communicating – Anticipating emerging issues – Identifying opportunities Risk Management

9 Risk management, control, & governance processes – Financial analysts – Risk evaluators – Improving operations – Supplying analyses, suggestions, & recommendations – Adding Value Internal Auditors’ Roles

10 Beyond an annual risk assessment process – risk assessment should have a continuous component Continuous risk assessment process is formalized within internal audit and aligned with business units Risk assessments are transparent and interactive – involving senior management, external auditors, and the audit committee Emerging risks are identified and addressed through flexible internal audit coverage A Risk Assessment Process that Produces Current Risk Profiles

11 Internal auditing reviews the reliability and integrity of information, compliance with policies and regulations, the safeguarding of assets, the economical and efficient use of resources, and established operational goals and objectives. Internal audits encompass financial activities and operations including systems, production, engineering, marketing, and human resources. Can you afford to be without it? Essential Services

12 IPPF – Standards Mandatory Guidance 2120-Risk Management The internal audit activity must evaluate the effectiveness and contribute to the improvement of risk management processes. Interpretation: Determining whether risk management processes are effective is a judgment resulting from the internal auditor's assessment that: Organizational objectives support and align with the organization's mission; Significant risks are identified and assessed; Appropriate risk responses are selected that align risks with the organization's risk appetite; and Relevant risk information is captured and communicated in a timely manner across the organization, enabling staff, management, and the board to carry out their responsibilities. The internal audit activity may gather the information to support this assessment during multiple engagements. The results of these engagements, when viewed together, provide an understanding of the organization’s risk management processes and their effectiveness. Risk management processes are monitored through ongoing management activities, separate evaluations, or both.

13 Outsourced Internal Audit Perform Risk Assessment Interview key management Identify & evaluate risks Develop internal Audit plan Review results with management Present to the Audit Committee Internal Audits Plan individual internal audits Execute each internal audit No surprises approach Findings, rationale and recommendations Final reporting Audit Committee Continuous feedback Reports for all audits Follow up and feedback

14 VACO Can Help You For additional information, please contact Heriot Prentice Director, Governance Risk and Compliance Vaco Orlando, LLC 485 N. Keller Road, Suite 451 Maitland, FL (407) Office


Download ppt "Internal Audit It’s Time to Talk About Risk and Control."

Similar presentations


Ads by Google