Internal Audit effectiveness

Internal Audit Effectiveness Quality AssessmentSpeaker – CA Kartik Radia

Strictly Private and Confidential

December 2016

1

Section 1

What is Internal Audit Effectiveness and Quality Assessment (IAEQA)- Its need and importance

3

What is Internal Audit Effectiveness & Quality Assessment? The Internal Audit Effectiveness & Quality Assessment (IAEQA) is a process for evaluating the effectiveness, efficiency and quality of the internal audit function. Compliance with the Internal Audit Standards issued by The Institute of Internal Auditors, USA is a key component to evaluate the quality compliance of Internal Audit. Standard 1312 – External Assessment of International Standards for Professional Practice of Internal Auditing and other standards would be referred to for assessing the quality. Our framework uses balanced scorecard approach to evaluate the effectiveness and efficiency of internal audit function. Our framework also evaluates the maturity level of the internal audit function and its elements using IAEQA maturity model framework. The objectives of the effectiveness assessment are:

Assess the alignment of Internal Audit function to Business Objectives Assess the Internal Audit Planning and scope coverage Assess the Internal Audit Processes Develop an Internal Audit Score card Assess the alignment of Internal Audit Function to Governance initiatives Assess the compliance of Internal Audit Processes with the standards for professional

practice of Internal Auditing (International Professional Practice Framework)Key issues to be addressed:

1. How effective is my Internal Audit function? 2. What is Internal Audit effectiveness score? 3. What is the level of quality compliance with the Internal Audit Standards (including

External Quality Assessment)?

4

IAEQA – Need, importance and salient featuresExternal Quality Assessment Need – Practice Advisory 1312 (1&2): International Standards for Professional Practice of Internal Auditing:

“External Assessment should be conducted at least once every five years by a qualified independent reviewer or review team from outside the organization. The potential need for frequent external assessment as well as the qualifications and independence of the external reviewer or review team, including any potential conflict of interest, should be discussed by the chief audit executive with the Board. Such discussions should also consider the size, complexity and industry of the organization in relation to the experience of the reviewer or review team.” Standard 1312 – External Assessment.

Independent External Quality Assessment allows the Internal Auditors to state that “The Internal audit activities are conducted in accordance with the International Standards for Professional Practice of Internal Auditing”.

Two approaches for doing QA:

1.External Assessments (Practice Advisory 1312-1)

2.Self Assessment with Independent validation (Practice Advisory 1312-2)Other Salient features:

Benchmarks the IA activity against professional standardsIs conducted for the entire organization wideIs conducted by a Qualified Independent Reviewer(s)Is a part of larger Quality Assurance and Improvement Program (QAIP)

Section 2

IAEQA Overall Governing Methodology and Deliverables

6

IAEQA – Methodology & Deliverables

Internal Audit Process and Tactical Area Assessments

People Competence and Skills Assessment

IA Structural

Assessment

Cross Functional Engagemen

t of IA

Compliance with IIA Standards (IPPF)


Board Oversight Assessment Tone at the Top

Foundational

3 Essential Pillars

IAEQA is the process for evaluating the effectiveness and quality of Internal Audit Department. IAEQA is a holistic and scientific process involving review of 6 key components that are key for effectiveness of Internal Audit Function. Specific action plan after evaluation of each of the key components are provided to guide the improvement areas and initiatives.

7

IAEQA – Methodology & Deliverables Broad objectives of the engagement are as under:• Evaluate the overall effectiveness, efficiency and quality of the internal

audit function • Assess the alignment of Internal audit function to Business Objectives• Assess the adequacy of coverage of Internal Audit function• Assess the outcomes of Internal Audit function• Benchmark the Internal Audit Function with International Professional

Practice Framework (IPPF) for Internal Auditing

ApproachWe will conduct an onsite study of Internal Audit Function by conducting interviews (the Internal audit Management to the Junior most staff), examination, and onsite observation of Internal Audit processes and activities, examining the documents. The study involves a holistic evaluation of Internal Audit process, functional coverage, risk context coverage, quality of Internal Audit findings and observations, skills applied compliance with IIA Standards and in particular include the following:• Internal audit planning and scope coverage • Internal Audit process

8

IAEQA – Methodology & Deliverables

• Compliance with IPPF• Documentation, workflow, sampling methodology and evidence retention• Internal Audit reports and audit committee presentations• Interviewing the Head of Internal Audit, Internal Audit Managers and

Staff of Company

Each of the 6 key components are evaluated by using quantitative approach for evaluation to arrive at the Score Card. Scores are provided against each of the sub-components after considering their relative importance. Individually all the 6 key components are scored and action plans are arrived at against each of the component. Overall IA effectiveness score is arrived at after summing up the scores for all the 6 components.

Section 3

IAEQA Components To Be Reviewed

10

Internal Audit Effectiveness and Quality Assessment components

1.Internal Audit Process and Tactical Area Assessments2.Compliance with IIA Standards (IPPF)3.People Competence and Skills Assessment4.IA Structural Assessment 5.Cross Functional Engagement of IA 6.Board Oversight Assessment

Section 3(a)


12

IAEQA components - Internal Audit Process and Tactical Area Assessments


What We Do How We Do

Review of the Internal Audit scope and checklist by conducting walk through of the audit procedures and re-performance of Internal Audit Procedures by selecting tactical business areas

Conduct critical review of observations, analysis and probing conducted by Internal Audit Team

13

Internal Audit Process and Tactical Area Assessments (IAPTA)

What we did Areas we covered How we did

1. Inadequate coverage of scope

2. Inadequate identification of risks

3. Language clarity of checks in the Audit checklist

4. Specific analytics / annexure not stated as part of checks

1Inadequate Internal Audit Risk Context (Inadequate

checklist coverage) 2Assessment of Internal

Audit Procedures (Verifiability,

Documentation and sampling guidance)

3Assessment of Internal

Audit observations

Design 1. Risk Control Matrix (RCMS)

1. Absence of adequate documentation of working papers i.e. execution, team audit briefings, minutes of meetings etc.

2. Absence of Sample testing guidance on sample size and selection and sample trail

3. Positive assurance on checks performed and no findings are unverifiable

4. Nature of audit procedures not enumerated i.e. analytics, interview etc.

5. Time utilization of resources not maintained and monitored

1. Clarity and language issues in observations

2. Inadequate analytics information3. Root cause not clear and not stated

at many instances4. Recommendations not specific and

sufficient to resolve the observation

5. Action plan and Implementation timelines missing in reports

6. Follow-up audit not done periodically

IA Transformation1. Redefine IA Charter2. Redefine exhaustive Checklists3. Guidance on Audit Procedures

e.g.. Sampling Techniques

1. IA Ongoing Effectiveness Review2. Trainings Programs for Internal

Auditors

Reviewed the Internal Audit scope and checklist

Conducted critical review of observations, analysis and probing conducted by Internal Audit Team

Methodology and Approach

Findings

suggested Action Plan

Conducted walk through of the audit procedures and re-performed Internal Audit ProceduresSelected 4 tactical areas – Purchases, Inventory, Plantations and Out growers

Illustr

ative

14

Key Outcome # 2 Assessment of Audit performed for key Audit Areas

Score card of Audit performed for Procurement

Evaluation Parameters Score WeightsA) IA Risk Context 9 30Scope Coverage 5 15Checklist 4 15Internal Audit Procedures 5 30Verifiability-Documentation-Working Papers 2 15

Audit Techniques – e.g. Sampling 2 8

Time Monitoring 1 7Assessment of Audit findings 9 40

Analytics 2 20Completeness of report sections 2 5

Drafting , Clarity and Detailing 3 10

Follow-up 2 5Total 23 100

Score card of Audit performed for Inventory

Evaluation Parameters Score WeightsA) IA Risk Context 12 30Scope Coverage 5 15

Checklist 7 15

Internal Audit Procedures 7 30

Verifiability-Documentation-Working Papers 3 15


Time Monitoring 1 7Assessment of Audit findings 12 40




Illustr

ative

15

Key Outcome# 2 IAPTA Central Zone - Procurement Audit

Illustr

ative

16

Key Outcome# 2 IAPTA Central Zone - Procurement AuditInternal Audit Procedures – Verifiability-Documentation-Working Papers, Sampling, Time utilization

Sr. No. Current Inadequate Internal Audit Procedures. Recommendations

1

Inadequate working papers:

Absence of checklist point-wise adequate working papers for positive assurance and for demonstrating completing the items in checklist.

e.g.1 Supplier ledgers reconciled and no audit findings but the same is not recorded in the working paperse.g.2 PR and PO approval were checked and no audit findings were there is this area but the same is not recorded in the working paperse.g.. 3 Audit Test check basis the compliance of P4, project procurement policy etc.

Each and every check mentioned in the Checklist should be demonstrable and verifiable (that it has been performed).

Positive Assurance to be given on the points where there are no audit findings.

Trail for samples selected should be retained as working papers evidence.

Working paper file – hard copy as well as electronic copy should be retained for future review.Ill

ustrati

ve

17


Inadequate / deficient audit findings

Internal Audit team has not been adequately drafted and concluded audit observations. Sufficient analysis of the audit issues is not carried out. Sufficient probing is not carried out by Internal Audit Team.

Illustration 1 – Audit checklist - To verify the list of rejected material and its accountability in ERP and also finance ledgers.

Company Observation

We performed audit of items / materials from the point delivery to inspection and verification of items by the end users and identified items amounting to Ugx.75,276,956/= were rejected for the period of January to September 2014.

Company Recommendation

1. Penalties should be in force to items supplied not as per the POs specifications.

2. Company can advertise in the news papers for such rejected items to be disposed off.

3. Monthly reconciliations should be done in relation to rejected items by materials department and reports sent to Accounts, and Audit can always verify the reconciliation of rejected items on a quarterly basis.

Assessment of Internal Audit Observations

Illustr

ative

18


1.Audit Team should have probed into the reasons for rejection in individual cases.

2. Reasons for this rejection should have been obtained and issue source should be identified i.e. poor quality sent by vendor, incorrect materials ordered by procurement team, or damage in transit etc.

3. Audit should have checked and commented whether refund of payment made to vendor is received by Company, if the payment was made earlier. Or Debit note is raised on the Vendor.

4. Audit Team should have checked the Ageing of rejected items and commented on aged rejected items still lying in factory

5. Audit Team should have reviewed and commented if there is any defined Turn-Around-Time (TAT) for returning materials and for receiving the payment refund from the vendor and if not then, Audit should have recommended for defining TAT.

6. Audit should have reviewed if rejection is for critical or insurance stores, whether the delay in availability resulting from rejection causes any delay or break-down in production or has a potential to cause any delay or break-down.

7. Audit Team should have recommended performance evaluation of vendors to be undertaken on timely basis with key parameters being delayed delivery, rejections, poor quality etc.

Assessment of Internal Audit Observations

Illustr

ative

19

Key Outcome # 2 Assessment of Audit performed for key Audit Areas

Score card of Audit performed for OutGrower


Checklist 7 15




Time monitoring 1 7Assessment of Audit findings 14 40




Score card of Audit performed for Plantation


Checklist 10 15




Time monitoring 5 7Assessment of Audit findings 21 40




Illustr

ative

20

k

Benchmarking with ProfilerQAR is designed to help the internal audit function as well as the management meet the defined expectations. The review is designed to assist the Audit Committee and Senior Management in assessing the effectiveness of their internal audit function by benchmarking their procedures and work practices against similar functions across the industry, as well as against professional standards issued by the Institute of Internal Auditors (IIA), Florida.Our QAR centers around 5 areas linked to the attributes of high

performance

Our proprietary benchmarking tool - ProfilerTM

Benefits to You

Benchmarking of IA function with its peers

Assurance over working practices and compliance to IIA standards

Understanding stakeholders expectations and assessing current gap

Evaluation of efficiency and effectiveness of IA processes

Assessment of skills and competencies of IA staff

Review of fitment of IA function in organization structure

Section 3(b)

Compliance With IIA Standards

22

IAEQA components –Compliance with IIA Standards



Review of the IA function to analyze:

Whether the internal audit function complies with the Internal Audit Standard issued by the Institute of Internal Auditors (Standards for Professional Practice of Internal Auditing – including Practice Advisory 1312 (1&2)?

Do the Internal Audit activities and practices confirm compliance with definition of internal auditing, code of ethics, use of successful practices and efficiency and effectiveness of internal audit activity.

Review the activities carried out against the attribute standards and performance standards and Score card preparation.

23

Key Outcome # 2 – Compliance with IIA Standards (IPPF)

Attribute Standards (25%)

Components Score Weights

Managing the Internal Audit Activity (effectively and efficiently)

8 25

Nature of work (Governance, Risk Management & Controls)

2 10

Engagement Planning (Engagement plan, scope, resource allocation, work program)

3 10

Engagement Performance (Information, Analytics, documentation, Supervision – Quality Review)

4 15

Communicating the results (Reports and Presentations) 3 15

Total Performance Score 20 75

Performance Standards (75%)

Total score = 28/ 100

Components Score Weights

Purpose, Authority and Responsibility 4 7

Independence and Objectivity 2 5

Proficiency and Due Professional Care 2 9

Quality Assurance and Improvement Program (QAIP) 0 4

Total Attributes Score 8 25

Illustr

ative

24

Key Outcome # 2 – Action Plan for IIA Standards (IPPF) Compliance

1. Internal Audit Charter to be redesigned and should be approved by the Board – Internal Audit Charter should define the following

A. Constitutional position of the Internal Audit Department with respect to the Organization – Empowerment and Positioning of Internal Audit Department

B. Role of Internal Audit Department – KRAs and KPIs of Internal Audit Department

C. Outcome of the Internal Audit Department to be used for Performance Appraisal of the HODs and Functional Managers. Engagement with IA by way of support and co-operation as well No. of High, Medium and Low Findings to be used for Performance Appraisal of HODs / Functional Managers.

D. Board and Audit Committee Reporting by Internal Audit Department and review of progress (by reviewing Progress Reports to be submitted by IA Department), performance and QAIP of Internal Audit Department by the Board / Audit Committee

E. Internal Audit Methodology to be followed by Internal Audit Department

F. Value Addition Role to be played by Internal Audit Department for Internal Controls Framework, Enterprise Risk Management, Governance Framework and Fraud Risk Mitigation (Anti-fraud Controls)

Illustr

ative

25


2. Enhance the quality of Internal Audit Report by improving:A. Clarity of issue communication (language of the Audit Report) and clarity of Risk

Context

B. Quality of analysis and sufficiency of details

Illustr

ative

26


3. Internal Audit Transformation Project to be carried out covering:A. Designing of Risk and Controls Matrix (through Systematic Risk assessment)

B. Scope enhancements (IT Audits, ERP Audit (including Business Application Audit), Succession Planning Audit, Quality Department, Scrap Management, Marketing, Management Information System, Preventive Maintenance (Equipment-wise), Contract Agreement Management, Human Resource Function, Statutory Compliance with respect to Labour Law, Plantation Laws, Efficiency of Logistics Operations, Cost of Production.

C. Sampling methodology guidance

D. Analytics – Key items of Data Analytics for Internal Audit

E. Verifiability: documentation trail and detailed working papers,

F. Quality review by Supervisors, Internal Audit Managers and Internal Audit Head

G. Mechanisms for Follow-up Audit (Implementation Effectiveness Review),

H. Quality Assurance and Improvement Plan (QAIP) for Internal Audit Department

I. Time monitoring mechanisms – assignment wise Time monitoring and utilization review

J. Training and Continuing Professional Education of Internal Audit staff – On-the-job: Risk context, business understanding, probing skills, documentation and working papers, drafting of audit reports , IFRS and Soft-skills (interviewing and communication).

Illustr

ative

Section 3(c)

People Competence And Skills Assessment (PCSA)

28

IAEQA components - People Competence and Skills Assessment (PCSA)



We interview the IA Head about the role played by him and evaluate the contribution made by him/her Specific inquiries and observations are made about the following:1) Quality Review of Engagement and

Reports2) Value addition done by him/her - Changes

suggested3) Management discussion and Engagement

process4) Organizational positioning –

Empowerment, Positioning, Authority and Responsibility

5) Conflict resolution with process owners/ Escalation process

6) People development agenda a. Interaction with the team and skip

level meetingsb. Formal mentoringc. KRAs and (PIP) Personal

Improvement Plan of IA Team members

7) Usage of technology in IA (analytics)

We create parameters for evaluation of GM – Internal Audit and evaluate him against each of the parameters using a balanced scorecard approach.

29

IAEQA components - People Competence and Skills Assessment (Cont..)



Interview the IA Managers about the role played by them and evaluated the contribution made by them. Specific inquiries and observations are made about the following:1) Knowledge of Risk Context2) Auditing skills and experience3) Nature of Audit procedures performed4) Quality of work performed and

documented5) Quality Review of work done by juniors6) Value addition done7) People Management – guidance,

motivation, interactions and feedback8) Engagement with Process Owners

We create the parameters for evaluation of IA Managers and evaluate each of the IA Managers against each of the parameters using a balanced scorecard approach

30

Key Outcome # 3 – People Competencies and Skills Assessment

How we did? We created parameters for evaluation of GM – Internal Audit and evaluated him against each of the parameters using a balanced scorecard approach.

Score card of GM Internal AuditEvaluation Parameters Score WeightsA) Tactical Areas 19 80IA transformation – Risk Assessment / scoping & signoff /calendar/RCMs/ checklist/ sample guidance/documentation

8 30

People Development 5 10Usage of technology 0 10IA Outcomes (Report ) 2 10Value Addition role 2 10Building competencies - SME 2 10

B) Structure & Governance 3 20

Focus on governance – Risk Management, Fraud Risk

0 5

IA Charter - Empowerment, Authority and Responsibility

3 10

QAIP 0 5Total 22 100

What we did? Interviewed the IA Head about the role played by him and evaluated the contribution made by him. Specific inquiries and observations were made about the following:1) Quality Review of Engagement and Reports2) Value addition done by him - Changes

suggested3) Management discussion and Engagement

process4) Organizational positioning – Empowerment,

Positioning, Authority and Responsibility5) Conflict resolution with process owners/

Escalation process6) People development agenda

1) Interaction with the team and skip level meetings

2) Formal mentoring3) KRAs and (PIP) Personal Improvement

Plan of IA Team members7) Usage of technology in IA (analytics)

Illustr

ative

31

Key Outcome # 3 – People Competencies and Skills Assessment

How we did? We created the parameters for evaluation of IA Managers and evaluated each of the IA Managers against each of the parameters using a balanced scorecard approach.

Score cards of Internal Audit Managers

Evaluation Parameters Weights

Jackson

Manas

Knowledge of Risk Context 20 8 12

Challenge the work done by juniors / Audit procedures/ checklist review

20 4 12

Report quality review 20 8 12

Timeliness monitoring 10 2 6

People Management 10 6 6

Engagement with Process owners 10 4 6

IIA Standards compliance 10 2 4

Total Scores 100 26 58

What we did? Interviewed the IA Managers about the role played by them and evaluated the contribution made by them. Specific inquiries and observations were done about the following:1) Knowledge of Risk Context2) Auditing skills and experience3) Nature of Audit procedures performed4) Quality of work performed and

documented5) Quality Review of work done by juniors6) Value addition done7) People Management – guidance,

motivation, interactions and feedback8) Engagement with Process Owners

Note: Both managers have good potential and can be groomed to become future leaders

Illustr

ative

32

Key Outcome # 3 – Action Plan for People Competencies and Skills Assessment

4. Performance Management System for Internal Audit staff to be designed and approved by the Board – Internal Audit Charter should define the following

A. KRAs (Key Result Areas) of IA Head, IA Managers and IA Staff should be defined scientifically,

B. Operational KPIs (Key Performance Indicators) for IA Processes should be determined,

C. Performance Appraisal of the IA Head, IA Managers and IA Staff should be done regularly based on achievement of specific KRAs and delivery of KPIs. Regular Appraisals (Quarterly, as well as Annually) should be done for IA Head, IA Managers and IA Staff,

D. Assignment-wise Performance Review should be done for each scope assignment carried out by IA Staff. Quarterly Appraisals would be an addition of Assignment-wise ratings,

E. Talent Recognition should be done for recognizing performance of IA Staff. Quarterly stars should be recognized for each quarter,

F. Monetary Performance incentives – quarterly basis should be provided to Internal Audit Staff and variable pay (performance linked) structure should be designed for IA Managers and above

G. Formal Mentoring program for grooming the IA Managers and StaffIllustr

ative

33

5. Formal Training and Continuing Education Program to include following as per IA Transformation – Action Plan #3 (Key Outcome # 2) for IIA Standards compliance:

A. On-the-job: Risk context, business understanding, probing skills, documentation and working papers, drafting of audit reports, IFRS; and

B. Soft-skills (interviewing and communication).

6. Enhance internal interactions within IA Team: Establish and Internal Audit Circle for formulating Department vision and plan and to discuss departmental issues:

A. Formal Monthly IA internal meeting to be chaired by IA Head to share the insights and issues on audit and general knowledge sharing,

B. Skip-level meetings within IA Department (for e.g.. skip level between IA Head and Assistant Managers),

C. Knowledge sharing on important and emerging topics

Key Outcome # 3 – Action Plan for People Competencies and Skills Assessment

Illustr

ative

Section 3(d)

Board Oversight Assessment

35

IAEQA components - Board Oversight Assessment


We review the role played by the Board in overseeing the Internal Audit Function by reviewing:1. Constitutional empowerment to Internal

Audit Function,2. Board’s involvement in Internal Audit Plan3. Board Reporting and review of Internal

Audit Reports, quarterly presentations and QAIP

4. Conflict resolution5. Board’s involvement in Performance

Appraisal of Internal Audit Function

We create the parameters for evaluation of Board oversight for Internal Audit Function and evaluate each of the parameters of Board oversight using a scorecard approach.

36

Key Outcome # 4 – Board Oversight AssessmentEvaluation Parameters Score Weight

sInternal Audit Empowerment – Positioning, Authority and Responsibility

10 20

Board Involvement in Internal Audit Plan:• Approval by Board of Internal

Audit Plan,• Involvement by Board in Internal

Audit Scoping and Plan and• Suggestion by the Board on

Internal Audit special projects

8 15

Board Reporting – review of Internal Audit Reports, Quarterly Internal Audit Presentations and QAIP

15 25

Conflict Resolution – Resolving conflicts with the HODs / Process Owners

4 15

Performance Appraisal of IA Function by the Board: IA Progress, IA Team KRAs – IA Head and IA

Managers KRAs, Performance Appraisal of

Internal Audit Head / Department / Staff

0 25

Total 37 100

How we did? We created the parameters for evaluation of Board oversight for Internal Audit Function and evaluated each of the parameters of Board oversight using a scorecard approach.

What we did? We reviewed the role played by the Board in overseeing the Internal Audit Function by reviewing:1) Constitutional empowerment to

Internal Audit Function,2) Board’s involvement in Internal

Audit Plan3) Board Reporting and review of

Internal Audit Reports, quarterly presentations and QAIP

4) Conflict resolution5) Board’s involvement in Performance

Appraisal of Internal Audit Function

Illustr

ative

37

Key Outcome # 4 – Action Plan for Board oversight assessment

1. As per Action Plan # 1, Internal Audit Charter to be redesigned and should be approved by the Board – Internal Audit Charter should define the following


B. Role of Internal Audit Department – KRAs and KPIs of Internal Audit Department. Board should define the KRAs of Internal Audit Head and Managers.

C. Board to review on a quarterly basis, the Internal Audit Presentation s/ Internal Audit Reports and Internal Audit Progress Reports as well as QAIP

D. Board to do Performance Appraisal of the Internal Audit Head and Review the Performance Appraisal of the IA Managers as done by the IA Head

2. Board to review and resolve conflicts, if any, on a regular basis

3. Board to suggest inclusions to Internal Audit Plan and approve the Internal Audit Plan, after discussion

Illustr

ative

Section 3(e)

Internal Audit Structural Assessment

39

IAEQA components - Internal Audit Structural Assessment


We evaluate structural foundation for Internal Audit Function considering the following: reviewed the role played by the Board in overseeing the Internal Audit Function by reviewing:1. Empowerment to IA – positioning,

authority and responsibility2. Investments in IA Function3. Control Self Assessment methodology

deployed by Management4. IA Involvement in Ex-Co meetings5. Role of IA in Governance, ERM, Internal

Controls and Fraud prevention

We create the parameters for evaluation of IA Structural Foundation and evaluated each of these parameters using a balanced scorecard approach

40

Key Outcome # 5 – IA Structural Assessment Evaluation Parameters Score Weight

sEmpowerment , positioning, authority and responsibility 8 40

IA Charter 4 15 Board Reporting 4 10 Performance appraisals of

HODs and Functional Managers to include IA Engagement and Findings

0 15

Investment in Internal Audit Function – People, Tools and External Expertise Co-sourcing

10 20

Control Self Assessment as a Management Responsibility 1st Line of Defence*

0 15

Involvement of Internal Audit in Business review meetings 0 10

IA role in Governance Framework, Internal Controls Framework, Enterprise Risk Management, Anti-Fraud Controls

0 15

Total 18 100*Internal Audit should be a 3rd Line of Defence (COSO 2013 – Internal Controls Framework)

How we did? We created the parameters for evaluation of IA Structural Foundation and evaluated each of these parameters using a balanced scorecard approach.

What we did? We evaluated structural foundation for Internal Audit Function considering the following: reviewed the role played by the Board in overseeing the Internal Audit Function by reviewing:1) Empowerment to IA – positioning,

authority and responsibility2) Investments in IA Function3) Control Self Assessment methodology

deployed by Management4) IA Involvement in Ex-Co meetings5) Role of IA in Governance, ERM,

Internal Controls and Fraud prevention

Illustr

ative

41

Key Outcome # 5 – Action Plan for IA Structural Enhancement

1. As per Action Plan # 1, Internal Audit Charter to include the following:


B. Role of Internal Audit Department – KRAs and KPIs of Internal Audit Department. Board should define the KRAs of Internal Audit Head and Managers.

C. Board to review on a quarterly basis, the Internal Audit Presentation s/ Internal Audit Reports and Internal Audit Progress Reports as well as QAIP

D. Board to do Performance Appraisal of the Internal Audit Head and Review the Performance Appraisal of the IA Managers as done by the IA Head

E. Outcome of the Internal Audit Department to be used for Performance Appraisal of the HODs and Functional Managers. Engagement with IA by way of support and co-operation as well No. of High, Medium and Low Findings to be used for Performance Appraisal of HODs / Functional Managers.

F. Value Addition Role to be played by Internal Audit Department for Internal Controls Framework, Enterprise Risk Management, Governance Framework and Fraud Risk Mitigation (Anti-fraud Controls)

Illustr

ative

42

Key Outcome # 5 – Action Plan for IA Structural Enhancement

2. Board and Management to institutionalize Controls Self Assessment (CSA) Framework whereby Critical and Key Controls are defined for self assessment by HOD on a quarterly basis.

3. IA Head and Managers to be involved in Ex-Co (key management review) meetings in order for them to comprehend key business issues that require Internal Audit attention as a result of emerging and changing risk scenarios

4. Enhance the investments in Internal Audit Function (about 194000 USD):1. Additional People to deployed for Internal Audit of Plantations and Outgrowing

Function

2. Additional Transportation Tools for Internal Auditors of Plantations

3. Additional Computers for Internal Auditors of Plantations

4. External Co-sourced Expertise for ongoing effectiveness of Internal Audit Function.

Illustr

ative

43

Investments in Internal Audit function

Particulars Amount in USD Additional Computers for Internal Auditors 7,000

Additional Transportation Tools for Internal Auditors of Plantations 7,000

External Co-sourced Expertise for ongoing effectiveness of Internal Audit Function 150,000

Total 1,64,000Particulars Amount in USD

Additional People to deployed for Internal Audit of Plantations and Outgrowing Function

30,000

Total 30,000

Grand Total 194,000

Illustr

ative

Section 3(f)

Cross Functional Engagement of IA

45

Key Outcome # 6 – Cross Functional Engagement of IA

Evaluation Parameters Score Weights

IA Involvement in monthly business review meetings 0 20

Participation of IA Head along with respective IA Manager in exit meetings

18 25

Involvement of Functional HODs and Managers in IA annual plan & scope

6 20

Role of Internal Audit in Internal Controls Advocacy / Governance Advocacy /Risk Management Advocacy / Anti-fraud Controls

0 25

Management request for inclusion of special audit areas in scope

4 10

Total 28 100

How we did? We created the parameters for evaluation of Cross Functional Engagement of Internal Audit and evaluated each of these parameters using a balanced scorecard approach.

What we did? We evaluated structural the Cross Functional Engagement of Internal Audit with other Functions by considering the following:1) Involvement of IA Head and IA Managers

in Ex-Co Management Meetings to enable the IA to business contextualize their IA Program and focus on business relevant issues

2) Participation of IA Head along with respective IA Manager in the exit meetings

3) Involvement of HOD and Functional Managers in IA Planning and Scope

4) Role of Internal Audit in Internal Controls Advocacy / Risk Management Advocacy / Anti Fraud Controls

Illustr

ative

46

Key Outcome # 6 – Action Plan for Cross Functional Engagement of IA

1. As per Action Plan # 10, IA Head and Managers to be involved in Ex-Co (key management review) meetings in order for them to comprehend key business issues that require Internal Audit attention as a result of emerging and changing risk scenarios

2. IA should involve HODs and Functional Managers in Annual Internal Audit Planning and Scoping exercise and consult them for audit of any special areas to be conducted, if any

3. IA Head should participate in all exit (closure) meetings along with the respective IA Manager, in order to increase the level of cross functional engagement with other functions

4. IA should initiate the process of On-going IA Effectiveness Review as a part of QAIP of IA Department

5. As per Action Plan # 1, Internal Audit should add value by playing a role of Internal Controls Advocacy, Risk Management Advocacy, Governance Advocacy and Anti-fraud controls specialist. IA should add value by assisting in implementing the above Frameworks. IA Charter to include this role as per Action Plan # 1 Ill

ustrati

ve

47

IAEQA components - Cross Functional Engagement of IA


We evaluate the structure of the Cross Functional Engagement of Internal Audit with other Functions by considering the following:1. Involvement of IA Head and IA Managers


2. Participation of IA Head along with respective IA Manager in the exit meetings

3. Involvement of HOD and Functional Managers in IA Planning and Scope

4. Role of Internal Audit in Internal Controls Advocacy / Risk Management Advocacy / Anti Fraud Controls

We create the parameters for evaluation of Cross Functional Engagement of Internal Audit and evaluated each of these parameters using a balanced scorecard approach.

48

Key Outcome # 6 – Cross Functional Engagement of IA

Evaluation Parameters Score Weights

IA Involvement in monthly business review meetings 0 20

Participation of IA Head along with respective IA Manager in exit meetings

18 25

Involvement of Functional HODs and Managers in IA annual plan & scope

6 20

Role of Internal Audit in Internal Controls Advocacy / Governance Advocacy /Risk Management Advocacy / Anti-fraud Controls

0 25

Management request for inclusion of special audit areas in scope

4 10

Total 28 100

How we did? We created the parameters for evaluation of Cross Functional Engagement of Internal Audit and evaluated each of these parameters using a balanced scorecard approach.

What we did? We evaluated the structure of the Cross Functional Engagement of Internal Audit with other Functions by considering the following:1) Involvement of IA Head and IA Managers


2) Participation of IA Head along with respective IA Manager in the exit meetings

3) Involvement of HOD and Functional Managers in IA Planning and Scope

4) Role of Internal Audit in Internal Controls Advocacy / Risk Management Advocacy / Anti Fraud Controls

Illustr

ative

49

Key Outcome # 6 – Action Plan for Cross Functional Engagement of IA

1. As per Action Plan # 10, IA Head and Managers to be involved in Ex-Co (key management review) meetings in order for them to comprehend key business issues that require Internal Audit attention as a result of emerging and changing risk scenarios

2. IA should involve HODs and Functional Managers in Annual Internal Audit Planning and Scoping exercise and consult them for audit of any special areas to be conducted, if any

3. IA Head should participate in all exit (closure) meetings along with the respective IA Manager, in order to increase the level of cross functional engagement with other functions

4. IA should initiate the process of On-going IA Effectiveness Review as a part of QAIP of IA Department

5. As per Action Plan # 1, Internal Audit should add value by playing a role of Internal Controls Advocacy, Risk Management Advocacy, Governance Advocacy and Anti-fraud controls specialist. IA should add value by assisting in implementing the above Frameworks. IA Charter to include this role as per Action Plan # 1Ill

ustrati

ve

Thank you

Internal Audit effectiveness

Economy & Finance

Transcript of Internal Audit effectiveness