Evolving role of internal auditing function

Debashis Gupta

Evolving Role of Internal Auditing function

Debashis Gupta

Senior Vice President - Internal Audit Max Healthcare

� Positioning of Internal Audit in an organization

� Strategic partnership with business

� Benchmarking the internal audit function

� Risk-based audit approach

Governance Processes - Roles of stakeholders

Content

� Governance Processes - Roles of stakeholders






Content


Where is the internal auditor?

Source: IIA Global Pulse Report 2013

‘The internal audit function should be positioned so that the board (of directors) has confidence that the internal audit function will perform its duties with impartiality and not be unduly influenced by managers of day-to-day operations’.

- The Interagency Policy Statement on the Internal Audit Function and its Outsourcing

(issued jointly by the Federal Reserve, FDIC, OCC, and OTS)

4

IA positioning in the organization

Some indicators/enablers:

• Time spent at the Board meetings and Calls received from the CEO/ Chairman

of the Audit Committee

• Participation in new business activities/ projects/ validation of business plans

• IA reports are action oriented, identify internal best practices and risk rated • IA reports are action oriented, identify internal best practices and risk rated

• Quality of talent that the IA function carries

For IA leaders to win the proverbial “seat at the table” with other C Level

executives, it is critical for them to be aware of the strategic landscape within

their respective industries and how their organization’s strategy is set and

executed within that environment. Internal Audit’s role should encompass an

assessment of the organization strategy setting and execution processes. For

e.g. how does the organization deal with the risks of an uncertain business

environment?

5






Content


Role of Internal audit

Internal Audit should ideally act as a strategic partner to business, by providing quality assurance on various critical risks that are crucial to achieving organization goals. Does this happen (always)?

Some perspectives:

1. In organizations of a certain size and governance environment, basic controls are ‘built into DNA’.

In many organizations outside this circle, IA may not get ‘wind beneath 2. In many organizations outside this circle, IA may not get ‘wind beneath sails’ (or ‘seat at table’).

3. Managements today have a range of options to obtain value added ‘consulting’ part of IA role.

Traditional Internal Auditing

.

•Initially the objective of internal audit was to prepare the organization for external audits

.

•Auditors collect and analyze audit evidence and form opinions pertaining to internal controls as well as reliability of the information provided by management.

.•Focused only on transactions and fault finding.

Policing role

.

•Silo approach to audit , with only process being focused rather than having a wider management overview.

.•Manual vouching with standard tick and tie method being used.

.

•High costs and significant time delays associated with information collection, processing, and reporting.

Focus on financial audit

Manual work

papers

Modern Internal Auditing

.

•Internal auditing has changed from being transaction based to risk based.

.

•Ensure that Governance, risk management and compliance is an integral part of enterprise risk methodology

.

•Smarter use of technology in fields of continuous control monitoring , Audit management, Data analytics

Internal audit has changed from a Traditional auditing role, with a charter of protecting enterprise value, to that of an internal Focus on

Strategic function

.

•Move towards continuous auditing and continuous monitoring

.•Makes internal audit a strategic unit of business

.

•Challenge the status quo for business performance improvement

to that of an internal consultant, with increasing pressure for the organization toenhance shareholder value.

Focus on overall

business processes

Use of technology

Evolution of Internal audit…

Stakeholder expectations:

• Value protection/value destruction prevention (only 20% of value destruction in business is due to financial & compliance issues, 20% due to operational issues, and a full 60% is due to strategic/business issues*)

• *^Review of JV, M&A, BCM, prog./change mgt.

• Integrated assurance*, GRC & investigate fraud

• ‘Consumable’ reports*,stakeholder management

• Independence, insight & objectivity*

• Facilitate process strengthening e.g. CCM, CSA

* PwC study ^ KPMG survey

Future of Internal audit

Deliverables (focus on USP…)

• Audit ‘at the speed of business’ – CA/CRCA

• Economic realities*, trends*, sustainability^

• IT* (incl. cloud, mobile devices, social media)^

• Governance focus – assurance maturity scale

• Efficiency, effectiveness, performance review

• Environment, health & safety (EHS),‘green’ audit

• Deal with generational change (stakeholders)

* PwC study ^ KPMG survey # IIA survey

Future of Internal audit…

Communication (the message…)

• ‘Consumable’ reports*

• ‘Risk treatment’ vs. simple ‘Recommendations’

• Emerging issues and ‘control themes’ to mgt.

• Respect Committee/Sr. Mgt. time constraints

• Responsiveness to ‘hot buttons’

• Partnership (with mgt.) & ownership (of issues)

• Build ‘circles of influence’ (e.g. focus groups)

* PwC study

Future of Internal audit…

Enablers (what will get us there…)

• IT and analytical tools & skills, workflow/process automation* –enhance coverage & quality stds.

• Constant risk focus, objectivity

Right mix of internal & co-sourced/specialists*• Right mix of internal & co-sourced/specialists*

• Diversified resource base (+ domain & soft skills)

• Active team management (spl. focus – Gen. Y)

• Knowledge management, 360o, metrics, QAR

* PwC study

� Cloud computing

� Social Media

� Cyber security

Emerging Technology related risks – A snapshot

� Mobile devices & BYOD ( Bring your own device )






Content


Benchmarking the Internal Audit function

Context: characteristics of a modern Internal Audit function:

• Global perspective

• Business acumen

• Risk-based orientation

• Governance expertise

• Technologically adept (CAATS, Flowcharting, Risk Mapping Tools, ...)• Technologically adept (CAATS, Flowcharting, Risk Mapping Tools, ...)

• Creative thinking and problem solving

• Strong ethical compass

• Outstanding recruiter, manager and developer of talent

• Superb communicator (Written & Oral communication, Presentation)

• Relationship expert (Interpersonal skills)

• Unquestioned leadership ability

• Impactful presence

• Collaborative

Benchmarking Internal Audit

USING IIA GUIDELINES






Content


Evolution of Internal audit

• Compliance-focus to Control-focus

• Control-focus to Risk based audit (RBA)

• RBA to objective-centric (risk cumulative), enterprise-wide focus

• Risk/objective-based to Performance-centric

• Ideal path – along the maturity scale as per IIA:

Internal auditing is an independent, objective assurance andconsulting activity designed to add value and improve anorganisation’s operations. It helps an organisation accomplishits objectives by bringing a systematic, disciplined approach toevaluate and improve the effectiveness of risk management,control, and governance processes.

The Institute of Internal Auditors

Shifting Focus of Internal Audit

20th Century Internal audit model

Controls assurance based on cyclical

Today’s typicalinternal audit model

Controls assurance based on

The risk-centricinternal audit model of tomorrow

Assurance on the effectivenessof risk management in

based on cyclical or routine audit plans

onrisk-based internal audit plan

management in additionto controls assurance

Risk convergence today

Internal Audit Compliance Risk Management

Internal Audits

Cost

New regulation

Anti

New Product development

Cost efficiency

Anti Fraud

Privacy

Business

• Lack of co-ordination

• Competition for attention

• Risks falling through cracks

• Duplication of efforts

• Using a standard framework

How this is being overcome by organizations

Internal Audit Compliance Risk Management

Objective setting Risk ID Control IDDeficiency

managementmanagement

Business

• Creating structure across/within functions, businesses and regulatory requirements

• Aligning with regulatory expectations

• Choose the right place to start: new and developing functions, union of similar silos, areas ripe with duplication, integrated/related environments






Content


Governance – Role of diverse stakeholders

The inter-relationship of Internal Audit with the Governance

processes touches the roles of a wide variety of stakeholders –

Board, Audit Committee, CEO, CFO and other members of top

management.management.

Governance – Role of diverse stakeholders

Governance

Role of Internal Audit in Corporate Governance

(IIA-RMIT Univ. study)

• Establish & maintain direct reporting by CAE to board or AC.

• Facilitation process for CAEs to work with NEDs & audit committee

• Internal audit should have a clear set of published audit objectives

• Specific benchmarks & standards for governance processes

• Ongoing communication amongst CEO, AC, CFO and CAE

Governance

Audit of Corporate Governance needs to address:

• activities of the Board and its committees,

• timeliness and quality of information they receive;

• organization structure and staffing of the enterprise;

• process for establishing, communicating and cascading • process for establishing, communicating and cascading organizational strategies throughout the organization

THANK YOU

Date post:	14-Aug-2015
Category:	Economy & Finance
Upload:	debashis-gupta
View:	84 times
Download:	2 times

Evolving role of internal auditing function

Economy & Finance