Presentation is loading. Please wait.

Presentation is loading. Please wait.

The challenging role of internal audit

Published byVeronica Barnett Modified over 6 years ago

Similar presentations

Presentation on theme: "The challenging role of internal audit"— Presentation transcript:

1 The challenging role of internal audit
Kiril Traykov, CISA,CISM, CISSP

2 Agenda IT audit hot topics Rising expectations The challenge
Audit what matters

3 IT audit hot topics

4 6th IT Audit Best Practices Survey

5 2018 Audit Plan – Hot Spots Data Privacy Cloud Vulnerabilities
Information Security Behaviours Corporate Culture Fraud CEB Audit Leadership Council

6 IT Internal Audit Hot Topics 2012-2017
Deloitte: Storming ahead | 2017 Hot Topics for IT Internal Audit in Financial Services

7 Rising expectations

8 “… expectations have risen, and all internal audit functions need to rise to this new floor: providing assurance on a broader range of critical risks and clearly communicating deeper insights.”

9 Global Chief Audit Executive Survey 2016 (Deloitte)
Deloitte’s 2016 Global Chief Audit Executive (CAE) survey revealed that only 28 percent of CAEs believe their functions have strong impact and influence within their organizations. This raises a question: Where can internal audit have the most positive impact and influence? Though the answers differ for each Internal Audit group, generally impact and influence increase when Internal Audit attends to areas of greatest risk, importance, and concern to key stakeholders.

10 Risk Risk: “effect of uncertainty on objectives”. (ISO 31000/ISO Guide 73:2002)

11 IT risk and audit “There is no such thing as ‘IT risk’” (quote Jay Taylor – IT Audit at GM) There is only technology-related business risk Its not a loss of availability; it’s the inability to bill customers and record revenue* Its not a failure to secure IP; it’s the loss of future revenue* Its not privacy; its customer reputation damage and effect on revenue & losses from lawsuits* Source: Auditing that matters – Norman Marks

12 The role of internal audit
The Global Institute of Internal Auditors (The IIA) Internal Auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.

13 The tree lines of defence
Functions that own and manage risks Functions that oversee risks Function that provides independent assurance Source: IIA Position Paper: THE THREE LINES OF DEFENSE IN EFFECTIVE RISK MANAGEMENT AND CONTROL – January 2013 Adapted from ECIIA/FERMA Guidance on the 8th EU Company Law Directive, article 41

14 Risk based internal auditing (RBIA)
What is Risk Based Internal Auditing?* The objective of RBIA is to provide independent assurance to the board that: The risk management processes which management has put in place within the organization (covering all risk management processes at corporate, divisional, business unit, business process level, etc.) are operating as intended. These risk management processes are of sound design. The responses which management has made to risks which they wish to treat are both adequate and effective in reducing those risks to a level acceptable to the board. And a sound framework of controls is in place to sufficiently mitigate those risks which management wishes to treat. RBIA starts with the business objectives and then focuses on those risks that have been identified by management that may hinder theirachievement. The role of internal audit is to assess the extent to which a robust risk management approach is adopted and applied, as planned, by management across the organization to reduce risks to a level that is acceptable to the board (the risk appetite). Risk based internal auditing (RBIA) *The IIA UK Position Statement on Risk Based Internal Auditing, 2003

15 Is the organisation ready?
RBIA seeks at every stage to reinforce the responsibilities of management and the board for managing risk. If the risk management framework is not very strong or does not exist, the organization is not ready for RBIA. More importantly, it means that the organization's system of internal control is poor. Internal auditors in such an organization should promote good risk management practice to improve the system of internal control.

16 The challenge

17 The challenge

18 Audit what matters

19 The role of internal audit
Internal Auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes. Assurance = peace of mind Consulting = make a difference

20 Is this Peace of Mind? Metric Achievement
Percentage of audit plan completed 98% Number of audit findings Up 10% Recommendations accepted and implemented 90% Auditee survey results (average from 0 to 5) 4.3 Cost savings (duplicate payments, vendor overcharges) € 3,000,000 Internal audit budget 2% below budget IIA Quality Assurance Review Generally complies

21 This is Peace of Mind To: Chair, Audit Committee From: Head of Internal Audit Annual Internal Audit Report We have completed the internal audit plan, which was designed to address the more significant risks to the organization…. In our opinion, based on the work performed, the systems of governance, risk management, and internal controls system provide reasonable assurance that the more significant risks are managed within organizational tolerances.

22 Focus on risks that matters to the board and top management; risks to successful delivery of value to the stakeholders, the achievement of objectives set by the board Provide assurance that is readily consumable, relevant, actionable and timely – helping the board and executives make informed decisions that lead the organisation to success The form - formal opinion by CAE on whether the system of internal control and risk management provide reasonable assurance that significant risks are managed at desired level Provide objective insight on any area critical to the achievement of success Communicate what its stakeholders need to know, when they need to know and in a form that is easily consumed, relevant and actionable Work effectively with management to assist them upgrade their processes, systems, organisational structure, controls and people as needed Audit what matters Source: Auditing that matters – Norman Marks

23 but that it is too low and we reach it.”
“The greatest danger for most of us is not that our aim is too high and we miss it, but that it is too low and we reach it.” Michelangelo

24 Q&A Sources: 6th-Annual-IT-Audit-Benchmarking-Survey-ISACA-Protiviti
The IIA UK: IIA UK - Position Statement - Risk Based Internal Auditing Deloitte: Storming ahead: 2017 Hot Topics for IT Internal Audit in Financial Services Deloitte: Internal audit insights - High-impact areas of focus Evolution or irrelevance? Internal Audit at a crossroads, Deloitte’s Global Chief Audit Executive Survey, Deloitte, 2016 CEB-Audit-2018-Hot-Spots-Excerpt Norman Marks: Auditing that matters, 2016 Norman Marks: World-Class Internal Audit- Tales from my Journey

Download ppt "The challenging role of internal audit"

Similar presentations

Organizational Governance

Organizational Governance
. . . a step-by-step guide to world-class internal auditing

. . . a step-by-step guide to world-class internal auditing
Getting to Know Internal Auditing

Getting to Know Internal Auditing
FINANCIAL AUDIT METHODOLOGY PETER CARLILL UK NATIONAL AUDIT OFFICE.

FINANCIAL AUDIT METHODOLOGY PETER CARLILL UK NATIONAL AUDIT OFFICE.
Auditing, Assurance and Governance in Local Government

Auditing, Assurance and Governance in Local Government
A Consultative Approach to Auditing

A Consultative Approach to Auditing
IMFO Audit & Risk Indaba June 2012

IMFO Audit & Risk Indaba June 2012
Core principles in the ASX CGC document. Which one do you think is the most important and least important? Presented by Casey Chan Ethics Governance &

Core principles in the ASX CGC document. Which one do you think is the most important and least important? Presented by Casey Chan Ethics Governance &
Risk Management and Internal Controls ASSAL 20 November 2014 Annick Teubner Chair, IAIS Governance Working Group.

Risk Management and Internal Controls ASSAL 20 November 2014 Annick Teubner Chair, IAIS Governance Working Group.
The Corporate Laws Amendment Bill, B6/2006. © 2006 Deloitte Touche Tohmatsu Corporate Laws Amendment Bill, B6/2006 – 29 May 2006 Introduction Presenting.

The Corporate Laws Amendment Bill, B6/2006. © 2006 Deloitte Touche Tohmatsu Corporate Laws Amendment Bill, B6/2006 – 29 May 2006 Introduction Presenting.
Supervisory Committee Communications with Management and the Board

Supervisory Committee Communications with Management and the Board
Welcome! Internal Auditing CHAPTER 1. Definition Internal auditing is an independent, objective, assurance and consulting activity designed to add value.

Welcome! Internal Auditing CHAPTER 1. Definition Internal auditing is an independent, objective, assurance and consulting activity designed to add value.
Institute of Municipal Finance Officers & Related Professions

Institute of Municipal Finance Officers & Related Professions
Internal Audit Practices A consolidation of suggested and applied models Punta del Este, Uruguay 28 October 2005.

Internal Audit Practices A consolidation of suggested and applied models Punta del Este, Uruguay 28 October 2005.
Quality evaluation and improvement for Internal Audit

Quality evaluation and improvement for Internal Audit
Purpose of the Standards

Purpose of the Standards
Improving internal audit performance through quality assurance Dr Ian Peters, Chief Executive IIA Scotland Annual Conference Thursday, 1 st November, 2012.

Improving internal audit performance through quality assurance Dr Ian Peters, Chief Executive IIA Scotland Annual Conference Thursday, 1 st November, 2012.
Internal Auditing and Outsourcing

Internal Auditing and Outsourcing
Internal auditing for credit unions Nuala Comerford, Chair IIA Irish Region Committee Pamela McDonald Council Member IIA Credit Union Summer School Thursday,

Internal auditing for credit unions Nuala Comerford, Chair IIA Irish Region Committee Pamela McDonald Council Member IIA Credit Union Summer School Thursday,
WHERE WE ARE 22 member associations in 20 countries Over 4300 individual members who are responsible for risk management and/or insurance in their organisations.

WHERE WE ARE 22 member associations in 20 countries Over 4300 individual members who are responsible for risk management and/or insurance in their organisations.

Similar presentations

Ads by Google