CUSTOMER SATSIFACTION IN AUDITING - iiabg.orgiiabg.org/files/pres_07_4th_meeting.pdf · CUSTOMER...
Transcript of CUSTOMER SATSIFACTION IN AUDITING - iiabg.orgiiabg.org/files/pres_07_4th_meeting.pdf · CUSTOMER...
CUSTOMER SATSIFACTION IN
AUDITING
GIORGIO RAVIOLA
UCB CHIEF AUDIT EXECUTIVE
February 2011
2
CONTENTS
INTERNAL AUDIT’S VISION AND MISSION
GETTING BETTER
AUDIT FEEDBACK
3
Internal Audit Activity … What We Do
1310
17401614
1837
1527
1772
0
200
400
600
800
1000
1200
1400
1600
1800
2000
IIIQ 09 IVQ 09 IQ 10 IIQ 10 IIIQ 10 IVQ 10
AUDITS PERFORMED
685
788 773
877835 841
0
100
200
300
400
500
600
700
800
900
IIIQ 09 IVQ 09 IQ 10 IIQ 10 IIIQ 10 IVQ 10
CRITICAL FINDINGS OUTSTANDING
In UCG we have performed more than 6500 Audits…We identified 841opportunities to improve the
business
Tremendous Opportunity to Add Value to the Business
4
5
MACRO TRENDS
6
INTERNAL AUDIT TRENDS
7
Internal Audit’s Vision and Mission
8
Internal Audit’s Vision and Mission
9
IA Definition of Internal Auditing
10
IA Quality Assessment
11
Internal Audit Effectiveness
12
Internal Audit Values and Performance
13
Internal Audit … the Way We Work
14
CONTENTS
INTERNAL AUDIT’S VISION AND MISSION
GETTING BETTER
AUDIT FEEDBACK
15 15
GENERAL POINTS
… Business people are often impatient, busy and burden with information, therefore, our audit report should be based on the following simple rule:
K I S S
Keep it simple and straight-forward!
What does it mean:
Business oriented and tangible - send a simple and quick bottom-line
message to senior bank management about the extent to which the audited
entity is managing its risks. The main objective of the audit report is to inform,
add value and drive action.
16 16
GENERAL POINTS
Focused on risk – managers are operating in an increasingly complex and global
environment, and risk is a central element of corporate governance. By changing the
internal auditor’s focus and vocabulary from “control” to “risk”, several profound
changes take place:
- more immediate communication linkages; - less friction throughout the audit process; - richer audit planning, etc.
Follow a consistent reporting approach – need for application of the same
standards from bank to bank while still accommodating differences from country to
country.
Be reader-friendly - conserve your reader’s time and energy. Use simple, everyday
sentence structure and business vocabulary. In other words, “put yourself on the
shoes of the reader.”
Reduce the time and effort required to review and issue audit reports.
17
FINDINGS
FINDING = ISSUE + RISK + SUPPORT
The Finding consists of the following:
Issue - the statement within the finding that describes the control breakdown.
Risk – the statement within the finding that describes what could happen as a result of the issue.
Support – the sentences within the finding that help readers further understand the issue and the risk, and the need for action.
Example: Management does not always review manually entered finance charges [issue].
Therefore [result], the Bank could be over- or undercharging customers [risk statement].
It is up to the Bank to decide on the adoption and consistent application of a common presentation method, i.e. issue, risk, support and recommendation or issue, support, risk and recommendation, however, mind the Rule of the thumb:
“Always report the issue in the first sentence of the finding”
An issue is worth reporting as it results in residual risk, and that residual risk falls outside the risk tolerance/appetite, not just because there is an issue.
18
Practical tips for Findings
• Avoid audit jargon, redundancy and pompous language that cause misunderstandings and are hard to read.
• Avoid issues that focus on the word “control”.
• Avoid issues focusing on missing or insufficient reports, logs, etc. Reports and logs are tools.
• Put the offender, victim or affected business item in the subject and the risk in the verb phrase.
• Most of the time use present tense.
• Keep the risk in a separate sentence from the issue.
Last, but not least………………………
“REMEMBER, YOU DON’T HAVE TO TELL
THE READER EVERYTHING YOU KNOW,
JUST WHAT THE READER NEEDS TO
KNOW!”
19
Practical tips for Recommendations
Recommendation – the action audit recommends to remediate exceptions, resolve the root cause
and resolve the issue so that the risk is managed within UniCredit’s risk appetite.
The recommendations should be:
S M A R T
S–pecific (Identify who is responsible and what control must be implemented or reinforced. Consider interim controls.)
M–easurable (Provide and auditable recommendation or action. In other words, you need to be able to inspect what you expect.)
A–chievable (Make the recommendation or action practical, reasonable and worth implementing considering the risk. Ensure that the potential control design does not cost more than the risk itself. The control procedures need to be developed so that they decrease risk to a level where management can accept the exposure to that risk.)
R-eliable (Resolve the issue and manage the risk over time so that it remains within tolerance.)
T–ime-bound (Include a target implementation date.)
20
Practical tips for Recommendations
It is normal between 5 – 10% of the audit reports to end up with no Action Plan.
If the findings fall within the risk appetite, they could just be mentioned in the detailed part without necessarily putting them in the Action Plan, respectively
tracking them, unless the nature of the auditee is such, that presupposes further aggravation.
…Important
21
Executive Report Strategies
Try to use Inverted Pyramid Structure –presents the conclusion (the point) before the descriptive sentences (the support). The objective is to lure the readers into the material and continue to engage them.
Avoid all audit and systems jargon, especially early in the Executive Report
Use simple business language and keep the first sentence of a paragraph short
Avoid presenting information that tells readers what they already know.
The Lift Ride – technique to help you find the bottom-line message
“If you and an executive got on a lift in the lobby and he was getting off on the third floor, what would you tell him about the audit results?”
22
CONTENTS
INTERNAL AUDIT’S VISION AND MISSION
GETTING BETTER
AUDIT FEEDBACK
23 23
AUDIT EFFECTIVENESS AND CUSTOMER SATISFACTION
Questions to ask ourselves…
How do we know we are delivering it to our customers?
How could it be done?
WHY? Internal Audit is under the spotlight of
Greater Expectations
Regulators/Investors
Higher demand about
risk management and
relevant internal control
system is increasing
demand on IA
Cost/value added
Pressure for efficiency
and improve
operational processes
to be managed against
tighter operating
metrics
Environment
Increasing complexity
in terms of structures,
processes and markets
represent new risk IA
has to understand and
deal with
24
CUSTOMER SATISFACTION - MAIN RATIONALES
WHY a Customer
satisfaction?
WHEN Customer
satisfaction?
To get specific feedback on
efficiency/effectiveness of audit activity
To understand macro-phenomena on
efficiency/effectiveness of audit activity
On-going
Yearly
FIRST
BENEFICIARY? Local Internal Auditor
25 25
DEFINITION AND MAIN STRENGTHS
The “Customer Satisfaction Process” defines criteria and methods to measure and monitor the level of Customer
Satisfaction of internal audit stakeholders and auditees
It consists of two surveys:
On-going Survey: performed throughout the calendar year in form of questionnaire released to the Auditees
Yearly Survey: performed once a year in form of questionnaire released to the Management Board,
Supervisory Board and Audit Committee.
Customer Satisfaction definition
Understanding of customers’ perception and view
Being a support to CAE highlighting customer opinion/perception about IA performance and fostering development in
order to improve practices and added value to audit processes.
Diagnostics of strengths and weakness, in order to identify areas for improvement.
Being a powerful internal marketing tool for enhancing IA visibility and stature
Main strengths
26
THANK YOU FOR YOUR ATTENTION!