Internal Audit effectiveness
-
Upload
karan-puri -
Category
Economy & Finance
-
view
46 -
download
0
Transcript of Internal Audit effectiveness
Internal Audit Effectiveness Quality AssessmentSpeaker – CA Kartik Radia
Strictly Private and Confidential
December 2016
1
Section 1
What is Internal Audit Effectiveness and Quality Assessment (IAEQA)- Its need and importance
3
What is Internal Audit Effectiveness & Quality Assessment? The Internal Audit Effectiveness & Quality Assessment (IAEQA) is a process for evaluating the effectiveness, efficiency and quality of the internal audit function. Compliance with the Internal Audit Standards issued by The Institute of Internal Auditors, USA is a key component to evaluate the quality compliance of Internal Audit. Standard 1312 – External Assessment of International Standards for Professional Practice of Internal Auditing and other standards would be referred to for assessing the quality. Our framework uses balanced scorecard approach to evaluate the effectiveness and efficiency of internal audit function. Our framework also evaluates the maturity level of the internal audit function and its elements using IAEQA maturity model framework. The objectives of the effectiveness assessment are:
Assess the alignment of Internal Audit function to Business Objectives Assess the Internal Audit Planning and scope coverage Assess the Internal Audit Processes Develop an Internal Audit Score card Assess the alignment of Internal Audit Function to Governance initiatives Assess the compliance of Internal Audit Processes with the standards for professional
practice of Internal Auditing (International Professional Practice Framework)Key issues to be addressed:
1. How effective is my Internal Audit function? 2. What is Internal Audit effectiveness score? 3. What is the level of quality compliance with the Internal Audit Standards (including
External Quality Assessment)?
4
IAEQA – Need, importance and salient featuresExternal Quality Assessment Need – Practice Advisory 1312 (1&2): International Standards for Professional Practice of Internal Auditing:
“External Assessment should be conducted at least once every five years by a qualified independent reviewer or review team from outside the organization. The potential need for frequent external assessment as well as the qualifications and independence of the external reviewer or review team, including any potential conflict of interest, should be discussed by the chief audit executive with the Board. Such discussions should also consider the size, complexity and industry of the organization in relation to the experience of the reviewer or review team.” Standard 1312 – External Assessment.
Independent External Quality Assessment allows the Internal Auditors to state that “The Internal audit activities are conducted in accordance with the International Standards for Professional Practice of Internal Auditing”.
Two approaches for doing QA:
1.External Assessments (Practice Advisory 1312-1)
2.Self Assessment with Independent validation (Practice Advisory 1312-2)Other Salient features:
Benchmarks the IA activity against professional standardsIs conducted for the entire organization wideIs conducted by a Qualified Independent Reviewer(s)Is a part of larger Quality Assurance and Improvement Program (QAIP)
Section 2
IAEQA Overall Governing Methodology and Deliverables
6
IAEQA – Methodology & Deliverables
Internal Audit Process and Tactical Area Assessments
People Competence and Skills Assessment
IA Structural
Assessment
Cross Functional Engagemen
t of IA
Compliance with IIA Standards (IPPF)
Internal Audit Process and Tactical Area Assessments
Board Oversight Assessment Tone at the Top
Foundational
3 Essential Pillars
IAEQA is the process for evaluating the effectiveness and quality of Internal Audit Department. IAEQA is a holistic and scientific process involving review of 6 key components that are key for effectiveness of Internal Audit Function. Specific action plan after evaluation of each of the key components are provided to guide the improvement areas and initiatives.
7
IAEQA – Methodology & Deliverables Broad objectives of the engagement are as under:• Evaluate the overall effectiveness, efficiency and quality of the internal
audit function • Assess the alignment of Internal audit function to Business Objectives• Assess the adequacy of coverage of Internal Audit function• Assess the outcomes of Internal Audit function• Benchmark the Internal Audit Function with International Professional
Practice Framework (IPPF) for Internal Auditing
ApproachWe will conduct an onsite study of Internal Audit Function by conducting interviews (the Internal audit Management to the Junior most staff), examination, and onsite observation of Internal Audit processes and activities, examining the documents. The study involves a holistic evaluation of Internal Audit process, functional coverage, risk context coverage, quality of Internal Audit findings and observations, skills applied compliance with IIA Standards and in particular include the following:• Internal audit planning and scope coverage • Internal Audit process
8
IAEQA – Methodology & Deliverables
• Compliance with IPPF• Documentation, workflow, sampling methodology and evidence retention• Internal Audit reports and audit committee presentations• Interviewing the Head of Internal Audit, Internal Audit Managers and
Staff of Company
Each of the 6 key components are evaluated by using quantitative approach for evaluation to arrive at the Score Card. Scores are provided against each of the sub-components after considering their relative importance. Individually all the 6 key components are scored and action plans are arrived at against each of the component. Overall IA effectiveness score is arrived at after summing up the scores for all the 6 components.
Section 3
IAEQA Components To Be Reviewed
10
Internal Audit Effectiveness and Quality Assessment components
1.Internal Audit Process and Tactical Area Assessments2.Compliance with IIA Standards (IPPF)3.People Competence and Skills Assessment4.IA Structural Assessment 5.Cross Functional Engagement of IA 6.Board Oversight Assessment
Section 3(a)
Internal Audit Process and Tactical Area Assessments
12
IAEQA components - Internal Audit Process and Tactical Area Assessments
People Competence and Skills Assessment
What We Do How We Do
Review of the Internal Audit scope and checklist by conducting walk through of the audit procedures and re-performance of Internal Audit Procedures by selecting tactical business areas
Conduct critical review of observations, analysis and probing conducted by Internal Audit Team
13
Internal Audit Process and Tactical Area Assessments (IAPTA)
What we did Areas we covered How we did
1. Inadequate coverage of scope
2. Inadequate identification of risks
3. Language clarity of checks in the Audit checklist
4. Specific analytics / annexure not stated as part of checks
1Inadequate Internal Audit Risk Context (Inadequate
checklist coverage) 2Assessment of Internal
Audit Procedures (Verifiability,
Documentation and sampling guidance)
3Assessment of Internal
Audit observations
Design 1. Risk Control Matrix (RCMS)
1. Absence of adequate documentation of working papers i.e. execution, team audit briefings, minutes of meetings etc.
2. Absence of Sample testing guidance on sample size and selection and sample trail
3. Positive assurance on checks performed and no findings are unverifiable
4. Nature of audit procedures not enumerated i.e. analytics, interview etc.
5. Time utilization of resources not maintained and monitored
1. Clarity and language issues in observations
2. Inadequate analytics information3. Root cause not clear and not stated
at many instances4. Recommendations not specific and
sufficient to resolve the observation
5. Action plan and Implementation timelines missing in reports
6. Follow-up audit not done periodically
IA Transformation1. Redefine IA Charter2. Redefine exhaustive Checklists3. Guidance on Audit Procedures
e.g.. Sampling Techniques
1. IA Ongoing Effectiveness Review2. Trainings Programs for Internal
Auditors
Reviewed the Internal Audit scope and checklist
Conducted critical review of observations, analysis and probing conducted by Internal Audit Team
Methodology and Approach
Findings
suggested Action Plan
Conducted walk through of the audit procedures and re-performed Internal Audit ProceduresSelected 4 tactical areas – Purchases, Inventory, Plantations and Out growers
Illustr
ative
14
Key Outcome # 2 Assessment of Audit performed for key Audit Areas
Score card of Audit performed for Procurement
Evaluation Parameters Score WeightsA) IA Risk Context 9 30Scope Coverage 5 15Checklist 4 15Internal Audit Procedures 5 30Verifiability-Documentation-Working Papers 2 15
Audit Techniques – e.g. Sampling 2 8
Time Monitoring 1 7Assessment of Audit findings 9 40
Analytics 2 20Completeness of report sections 2 5
Drafting , Clarity and Detailing 3 10
Follow-up 2 5Total 23 100
Score card of Audit performed for Inventory
Evaluation Parameters Score WeightsA) IA Risk Context 12 30Scope Coverage 5 15
Checklist 7 15
Internal Audit Procedures 7 30
Verifiability-Documentation-Working Papers 3 15
Audit Techniques – e.g. Sampling 3 8
Time Monitoring 1 7Assessment of Audit findings 12 40
Analytics 4 20Completeness of report sections 3 5
Drafting , Clarity and Detailing 3 10
Follow-up 2 5Total 31 100
Illustr
ative
15
Key Outcome# 2 IAPTA Central Zone - Procurement Audit
Illustr
ative
16
Key Outcome# 2 IAPTA Central Zone - Procurement AuditInternal Audit Procedures – Verifiability-Documentation-Working Papers, Sampling, Time utilization
Sr. No. Current Inadequate Internal Audit Procedures. Recommendations
1
Inadequate working papers:
Absence of checklist point-wise adequate working papers for positive assurance and for demonstrating completing the items in checklist.
e.g.1 Supplier ledgers reconciled and no audit findings but the same is not recorded in the working paperse.g.2 PR and PO approval were checked and no audit findings were there is this area but the same is not recorded in the working paperse.g.. 3 Audit Test check basis the compliance of P4, project procurement policy etc.
Each and every check mentioned in the Checklist should be demonstrable and verifiable (that it has been performed).
Positive Assurance to be given on the points where there are no audit findings.
Trail for samples selected should be retained as working papers evidence.
Working paper file – hard copy as well as electronic copy should be retained for future review.Ill
ustrati
ve
17
Key Outcome# 2 IAPTA Central Zone - Procurement Audit
Inadequate / deficient audit findings
Internal Audit team has not been adequately drafted and concluded audit observations. Sufficient analysis of the audit issues is not carried out. Sufficient probing is not carried out by Internal Audit Team.
Illustration 1 – Audit checklist - To verify the list of rejected material and its accountability in ERP and also finance ledgers.
Company Observation
We performed audit of items / materials from the point delivery to inspection and verification of items by the end users and identified items amounting to Ugx.75,276,956/= were rejected for the period of January to September 2014.
Company Recommendation
1. Penalties should be in force to items supplied not as per the POs specifications.
2. Company can advertise in the news papers for such rejected items to be disposed off.
3. Monthly reconciliations should be done in relation to rejected items by materials department and reports sent to Accounts, and Audit can always verify the reconciliation of rejected items on a quarterly basis.
Assessment of Internal Audit Observations
Illustr
ative
18
Key Outcome# 2 IAPTA Central Zone - Procurement Audit
1.Audit Team should have probed into the reasons for rejection in individual cases.
2. Reasons for this rejection should have been obtained and issue source should be identified i.e. poor quality sent by vendor, incorrect materials ordered by procurement team, or damage in transit etc.
3. Audit should have checked and commented whether refund of payment made to vendor is received by Company, if the payment was made earlier. Or Debit note is raised on the Vendor.
4. Audit Team should have checked the Ageing of rejected items and commented on aged rejected items still lying in factory
5. Audit Team should have reviewed and commented if there is any defined Turn-Around-Time (TAT) for returning materials and for receiving the payment refund from the vendor and if not then, Audit should have recommended for defining TAT.
6. Audit should have reviewed if rejection is for critical or insurance stores, whether the delay in availability resulting from rejection causes any delay or break-down in production or has a potential to cause any delay or break-down.
7. Audit Team should have recommended performance evaluation of vendors to be undertaken on timely basis with key parameters being delayed delivery, rejections, poor quality etc.
Assessment of Internal Audit Observations
Illustr
ative
19
Key Outcome # 2 Assessment of Audit performed for key Audit Areas
Score card of Audit performed for OutGrower
Evaluation Parameters Score WeightsA) IA Risk Context 13 30Scope Coverage 6 15
Checklist 7 15
Internal Audit Procedures 8 30
Verifiability-Documentation-Working Papers 5 15
Audit Techniques – e.g. Sampling 2 8
Time monitoring 1 7Assessment of Audit findings 14 40
Analytics 7 20Completeness of report sections 3 5
Drafting , Clarity and Detailing 2 10
Follow-up 2 5Total 35 100
Score card of Audit performed for Plantation
Evaluation Parameters Score WeightsA) IA Risk Context 21 30Scope Coverage 11 15
Checklist 10 15
Internal Audit Procedures 20 30
Verifiability-Documentation-Working Papers 11 15
Audit Techniques – e.g. Sampling 4 8
Time monitoring 5 7Assessment of Audit findings 21 40
Analytics 7 20Completeness of report sections 4 5
Drafting , Clarity and Detailing 6 10
Follow-up 4 5Total 62 100
Illustr
ative
20
k
Benchmarking with ProfilerQAR is designed to help the internal audit function as well as the management meet the defined expectations. The review is designed to assist the Audit Committee and Senior Management in assessing the effectiveness of their internal audit function by benchmarking their procedures and work practices against similar functions across the industry, as well as against professional standards issued by the Institute of Internal Auditors (IIA), Florida.Our QAR centers around 5 areas linked to the attributes of high
performance
Our proprietary benchmarking tool - ProfilerTM
Benefits to You
Benchmarking of IA function with its peers
Assurance over working practices and compliance to IIA standards
Understanding stakeholders expectations and assessing current gap
Evaluation of efficiency and effectiveness of IA processes
Assessment of skills and competencies of IA staff
Review of fitment of IA function in organization structure
Section 3(b)
Compliance With IIA Standards
22
IAEQA components –Compliance with IIA Standards
People Competence and Skills Assessment
What We Do How We Do
Review of the IA function to analyze:
Whether the internal audit function complies with the Internal Audit Standard issued by the Institute of Internal Auditors (Standards for Professional Practice of Internal Auditing – including Practice Advisory 1312 (1&2)?
Do the Internal Audit activities and practices confirm compliance with definition of internal auditing, code of ethics, use of successful practices and efficiency and effectiveness of internal audit activity.
Review the activities carried out against the attribute standards and performance standards and Score card preparation.
23
Key Outcome # 2 – Compliance with IIA Standards (IPPF)
Attribute Standards (25%)
Components Score Weights
Managing the Internal Audit Activity (effectively and efficiently)
8 25
Nature of work (Governance, Risk Management & Controls)
2 10
Engagement Planning (Engagement plan, scope, resource allocation, work program)
3 10
Engagement Performance (Information, Analytics, documentation, Supervision – Quality Review)
4 15
Communicating the results (Reports and Presentations) 3 15
Total Performance Score 20 75
Performance Standards (75%)
Total score = 28/ 100
Components Score Weights
Purpose, Authority and Responsibility 4 7
Independence and Objectivity 2 5
Proficiency and Due Professional Care 2 9
Quality Assurance and Improvement Program (QAIP) 0 4
Total Attributes Score 8 25
Illustr
ative
24
Key Outcome # 2 – Action Plan for IIA Standards (IPPF) Compliance
1. Internal Audit Charter to be redesigned and should be approved by the Board – Internal Audit Charter should define the following
A. Constitutional position of the Internal Audit Department with respect to the Organization – Empowerment and Positioning of Internal Audit Department
B. Role of Internal Audit Department – KRAs and KPIs of Internal Audit Department
C. Outcome of the Internal Audit Department to be used for Performance Appraisal of the HODs and Functional Managers. Engagement with IA by way of support and co-operation as well No. of High, Medium and Low Findings to be used for Performance Appraisal of HODs / Functional Managers.
D. Board and Audit Committee Reporting by Internal Audit Department and review of progress (by reviewing Progress Reports to be submitted by IA Department), performance and QAIP of Internal Audit Department by the Board / Audit Committee
E. Internal Audit Methodology to be followed by Internal Audit Department
F. Value Addition Role to be played by Internal Audit Department for Internal Controls Framework, Enterprise Risk Management, Governance Framework and Fraud Risk Mitigation (Anti-fraud Controls)
Illustr
ative
25
Key Outcome # 2 – Action Plan for IIA Standards (IPPF) Compliance
2. Enhance the quality of Internal Audit Report by improving:A. Clarity of issue communication (language of the Audit Report) and clarity of Risk
Context
B. Quality of analysis and sufficiency of details
Illustr
ative
26
Key Outcome # 2 – Action Plan for IIA Standards (IPPF) Compliance
3. Internal Audit Transformation Project to be carried out covering:A. Designing of Risk and Controls Matrix (through Systematic Risk assessment)
B. Scope enhancements (IT Audits, ERP Audit (including Business Application Audit), Succession Planning Audit, Quality Department, Scrap Management, Marketing, Management Information System, Preventive Maintenance (Equipment-wise), Contract Agreement Management, Human Resource Function, Statutory Compliance with respect to Labour Law, Plantation Laws, Efficiency of Logistics Operations, Cost of Production.
C. Sampling methodology guidance
D. Analytics – Key items of Data Analytics for Internal Audit
E. Verifiability: documentation trail and detailed working papers,
F. Quality review by Supervisors, Internal Audit Managers and Internal Audit Head
G. Mechanisms for Follow-up Audit (Implementation Effectiveness Review),
H. Quality Assurance and Improvement Plan (QAIP) for Internal Audit Department
I. Time monitoring mechanisms – assignment wise Time monitoring and utilization review
J. Training and Continuing Professional Education of Internal Audit staff – On-the-job: Risk context, business understanding, probing skills, documentation and working papers, drafting of audit reports , IFRS and Soft-skills (interviewing and communication).
Illustr
ative
Section 3(c)
People Competence And Skills Assessment (PCSA)
28
IAEQA components - People Competence and Skills Assessment (PCSA)
People Competence and Skills Assessment
What We Do How We Do
We interview the IA Head about the role played by him and evaluate the contribution made by him/her Specific inquiries and observations are made about the following:1) Quality Review of Engagement and
Reports2) Value addition done by him/her - Changes
suggested3) Management discussion and Engagement
process4) Organizational positioning –
Empowerment, Positioning, Authority and Responsibility
5) Conflict resolution with process owners/ Escalation process
6) People development agenda a. Interaction with the team and skip
level meetingsb. Formal mentoringc. KRAs and (PIP) Personal
Improvement Plan of IA Team members
7) Usage of technology in IA (analytics)
We create parameters for evaluation of GM – Internal Audit and evaluate him against each of the parameters using a balanced scorecard approach.
29
IAEQA components - People Competence and Skills Assessment (Cont..)
People Competence and Skills Assessment
What We Do How We Do
Interview the IA Managers about the role played by them and evaluated the contribution made by them. Specific inquiries and observations are made about the following:1) Knowledge of Risk Context2) Auditing skills and experience3) Nature of Audit procedures performed4) Quality of work performed and
documented5) Quality Review of work done by juniors6) Value addition done7) People Management – guidance,
motivation, interactions and feedback8) Engagement with Process Owners
We create the parameters for evaluation of IA Managers and evaluate each of the IA Managers against each of the parameters using a balanced scorecard approach
30
Key Outcome # 3 – People Competencies and Skills Assessment
How we did? We created parameters for evaluation of GM – Internal Audit and evaluated him against each of the parameters using a balanced scorecard approach.
Score card of GM Internal AuditEvaluation Parameters Score WeightsA) Tactical Areas 19 80IA transformation – Risk Assessment / scoping & signoff /calendar/RCMs/ checklist/ sample guidance/documentation
8 30
People Development 5 10Usage of technology 0 10IA Outcomes (Report ) 2 10Value Addition role 2 10Building competencies - SME 2 10
B) Structure & Governance 3 20
Focus on governance – Risk Management, Fraud Risk
0 5
IA Charter - Empowerment, Authority and Responsibility
3 10
QAIP 0 5Total 22 100
What we did? Interviewed the IA Head about the role played by him and evaluated the contribution made by him. Specific inquiries and observations were made about the following:1) Quality Review of Engagement and Reports2) Value addition done by him - Changes
suggested3) Management discussion and Engagement
process4) Organizational positioning – Empowerment,
Positioning, Authority and Responsibility5) Conflict resolution with process owners/
Escalation process6) People development agenda
1) Interaction with the team and skip level meetings
2) Formal mentoring3) KRAs and (PIP) Personal Improvement
Plan of IA Team members7) Usage of technology in IA (analytics)
Illustr
ative
31
Key Outcome # 3 – People Competencies and Skills Assessment
How we did? We created the parameters for evaluation of IA Managers and evaluated each of the IA Managers against each of the parameters using a balanced scorecard approach.
Score cards of Internal Audit Managers
Evaluation Parameters Weights
Jackson
Manas
Knowledge of Risk Context 20 8 12
Challenge the work done by juniors / Audit procedures/ checklist review
20 4 12
Report quality review 20 8 12
Timeliness monitoring 10 2 6
People Management 10 6 6
Engagement with Process owners 10 4 6
IIA Standards compliance 10 2 4
Total Scores 100 26 58
What we did? Interviewed the IA Managers about the role played by them and evaluated the contribution made by them. Specific inquiries and observations were done about the following:1) Knowledge of Risk Context2) Auditing skills and experience3) Nature of Audit procedures performed4) Quality of work performed and
documented5) Quality Review of work done by juniors6) Value addition done7) People Management – guidance,
motivation, interactions and feedback8) Engagement with Process Owners
Note: Both managers have good potential and can be groomed to become future leaders
Illustr
ative
32
Key Outcome # 3 – Action Plan for People Competencies and Skills Assessment
4. Performance Management System for Internal Audit staff to be designed and approved by the Board – Internal Audit Charter should define the following
A. KRAs (Key Result Areas) of IA Head, IA Managers and IA Staff should be defined scientifically,
B. Operational KPIs (Key Performance Indicators) for IA Processes should be determined,
C. Performance Appraisal of the IA Head, IA Managers and IA Staff should be done regularly based on achievement of specific KRAs and delivery of KPIs. Regular Appraisals (Quarterly, as well as Annually) should be done for IA Head, IA Managers and IA Staff,
D. Assignment-wise Performance Review should be done for each scope assignment carried out by IA Staff. Quarterly Appraisals would be an addition of Assignment-wise ratings,
E. Talent Recognition should be done for recognizing performance of IA Staff. Quarterly stars should be recognized for each quarter,
F. Monetary Performance incentives – quarterly basis should be provided to Internal Audit Staff and variable pay (performance linked) structure should be designed for IA Managers and above
G. Formal Mentoring program for grooming the IA Managers and StaffIllustr
ative
33
5. Formal Training and Continuing Education Program to include following as per IA Transformation – Action Plan #3 (Key Outcome # 2) for IIA Standards compliance:
A. On-the-job: Risk context, business understanding, probing skills, documentation and working papers, drafting of audit reports, IFRS; and
B. Soft-skills (interviewing and communication).
6. Enhance internal interactions within IA Team: Establish and Internal Audit Circle for formulating Department vision and plan and to discuss departmental issues:
A. Formal Monthly IA internal meeting to be chaired by IA Head to share the insights and issues on audit and general knowledge sharing,
B. Skip-level meetings within IA Department (for e.g.. skip level between IA Head and Assistant Managers),
C. Knowledge sharing on important and emerging topics
Key Outcome # 3 – Action Plan for People Competencies and Skills Assessment
Illustr
ative
Section 3(d)
Board Oversight Assessment
35
IAEQA components - Board Oversight Assessment
What We Do How We Do
We review the role played by the Board in overseeing the Internal Audit Function by reviewing:1. Constitutional empowerment to Internal
Audit Function,2. Board’s involvement in Internal Audit Plan3. Board Reporting and review of Internal
Audit Reports, quarterly presentations and QAIP
4. Conflict resolution5. Board’s involvement in Performance
Appraisal of Internal Audit Function
We create the parameters for evaluation of Board oversight for Internal Audit Function and evaluate each of the parameters of Board oversight using a scorecard approach.
36
Key Outcome # 4 – Board Oversight AssessmentEvaluation Parameters Score Weight
sInternal Audit Empowerment – Positioning, Authority and Responsibility
10 20
Board Involvement in Internal Audit Plan:• Approval by Board of Internal
Audit Plan,• Involvement by Board in Internal
Audit Scoping and Plan and• Suggestion by the Board on
Internal Audit special projects
8 15
Board Reporting – review of Internal Audit Reports, Quarterly Internal Audit Presentations and QAIP
15 25
Conflict Resolution – Resolving conflicts with the HODs / Process Owners
4 15
Performance Appraisal of IA Function by the Board: IA Progress, IA Team KRAs – IA Head and IA
Managers KRAs, Performance Appraisal of
Internal Audit Head / Department / Staff
0 25
Total 37 100
How we did? We created the parameters for evaluation of Board oversight for Internal Audit Function and evaluated each of the parameters of Board oversight using a scorecard approach.
What we did? We reviewed the role played by the Board in overseeing the Internal Audit Function by reviewing:1) Constitutional empowerment to
Internal Audit Function,2) Board’s involvement in Internal
Audit Plan3) Board Reporting and review of
Internal Audit Reports, quarterly presentations and QAIP
4) Conflict resolution5) Board’s involvement in Performance
Appraisal of Internal Audit Function
Illustr
ative
37
Key Outcome # 4 – Action Plan for Board oversight assessment
1. As per Action Plan # 1, Internal Audit Charter to be redesigned and should be approved by the Board – Internal Audit Charter should define the following
A. Constitutional position of the Internal Audit Department with respect to the Organization – Empowerment and Positioning of Internal Audit Department
B. Role of Internal Audit Department – KRAs and KPIs of Internal Audit Department. Board should define the KRAs of Internal Audit Head and Managers.
C. Board to review on a quarterly basis, the Internal Audit Presentation s/ Internal Audit Reports and Internal Audit Progress Reports as well as QAIP
D. Board to do Performance Appraisal of the Internal Audit Head and Review the Performance Appraisal of the IA Managers as done by the IA Head
2. Board to review and resolve conflicts, if any, on a regular basis
3. Board to suggest inclusions to Internal Audit Plan and approve the Internal Audit Plan, after discussion
Illustr
ative
Section 3(e)
Internal Audit Structural Assessment
39
IAEQA components - Internal Audit Structural Assessment
What We Do How We Do
We evaluate structural foundation for Internal Audit Function considering the following: reviewed the role played by the Board in overseeing the Internal Audit Function by reviewing:1. Empowerment to IA – positioning,
authority and responsibility2. Investments in IA Function3. Control Self Assessment methodology
deployed by Management4. IA Involvement in Ex-Co meetings5. Role of IA in Governance, ERM, Internal
Controls and Fraud prevention
We create the parameters for evaluation of IA Structural Foundation and evaluated each of these parameters using a balanced scorecard approach
40
Key Outcome # 5 – IA Structural Assessment Evaluation Parameters Score Weight
sEmpowerment , positioning, authority and responsibility 8 40
IA Charter 4 15 Board Reporting 4 10 Performance appraisals of
HODs and Functional Managers to include IA Engagement and Findings
0 15
Investment in Internal Audit Function – People, Tools and External Expertise Co-sourcing
10 20
Control Self Assessment as a Management Responsibility 1st Line of Defence*
0 15
Involvement of Internal Audit in Business review meetings 0 10
IA role in Governance Framework, Internal Controls Framework, Enterprise Risk Management, Anti-Fraud Controls
0 15
Total 18 100*Internal Audit should be a 3rd Line of Defence (COSO 2013 – Internal Controls Framework)
How we did? We created the parameters for evaluation of IA Structural Foundation and evaluated each of these parameters using a balanced scorecard approach.
What we did? We evaluated structural foundation for Internal Audit Function considering the following: reviewed the role played by the Board in overseeing the Internal Audit Function by reviewing:1) Empowerment to IA – positioning,
authority and responsibility2) Investments in IA Function3) Control Self Assessment methodology
deployed by Management4) IA Involvement in Ex-Co meetings5) Role of IA in Governance, ERM,
Internal Controls and Fraud prevention
Illustr
ative
41
Key Outcome # 5 – Action Plan for IA Structural Enhancement
1. As per Action Plan # 1, Internal Audit Charter to include the following:
A. Constitutional position of the Internal Audit Department with respect to the Organization – Empowerment and Positioning of Internal Audit Department
B. Role of Internal Audit Department – KRAs and KPIs of Internal Audit Department. Board should define the KRAs of Internal Audit Head and Managers.
C. Board to review on a quarterly basis, the Internal Audit Presentation s/ Internal Audit Reports and Internal Audit Progress Reports as well as QAIP
D. Board to do Performance Appraisal of the Internal Audit Head and Review the Performance Appraisal of the IA Managers as done by the IA Head
E. Outcome of the Internal Audit Department to be used for Performance Appraisal of the HODs and Functional Managers. Engagement with IA by way of support and co-operation as well No. of High, Medium and Low Findings to be used for Performance Appraisal of HODs / Functional Managers.
F. Value Addition Role to be played by Internal Audit Department for Internal Controls Framework, Enterprise Risk Management, Governance Framework and Fraud Risk Mitigation (Anti-fraud Controls)
Illustr
ative
42
Key Outcome # 5 – Action Plan for IA Structural Enhancement
2. Board and Management to institutionalize Controls Self Assessment (CSA) Framework whereby Critical and Key Controls are defined for self assessment by HOD on a quarterly basis.
3. IA Head and Managers to be involved in Ex-Co (key management review) meetings in order for them to comprehend key business issues that require Internal Audit attention as a result of emerging and changing risk scenarios
4. Enhance the investments in Internal Audit Function (about 194000 USD):1. Additional People to deployed for Internal Audit of Plantations and Outgrowing
Function
2. Additional Transportation Tools for Internal Auditors of Plantations
3. Additional Computers for Internal Auditors of Plantations
4. External Co-sourced Expertise for ongoing effectiveness of Internal Audit Function.
Illustr
ative
43
Investments in Internal Audit function
Particulars Amount in USD Additional Computers for Internal Auditors 7,000
Additional Transportation Tools for Internal Auditors of Plantations 7,000
External Co-sourced Expertise for ongoing effectiveness of Internal Audit Function 150,000
Total 1,64,000Particulars Amount in USD
Additional People to deployed for Internal Audit of Plantations and Outgrowing Function
30,000
Total 30,000
Grand Total 194,000
Illustr
ative
Section 3(f)
Cross Functional Engagement of IA
45
Key Outcome # 6 – Cross Functional Engagement of IA
Evaluation Parameters Score Weights
IA Involvement in monthly business review meetings 0 20
Participation of IA Head along with respective IA Manager in exit meetings
18 25
Involvement of Functional HODs and Managers in IA annual plan & scope
6 20
Role of Internal Audit in Internal Controls Advocacy / Governance Advocacy /Risk Management Advocacy / Anti-fraud Controls
0 25
Management request for inclusion of special audit areas in scope
4 10
Total 28 100
How we did? We created the parameters for evaluation of Cross Functional Engagement of Internal Audit and evaluated each of these parameters using a balanced scorecard approach.
What we did? We evaluated structural the Cross Functional Engagement of Internal Audit with other Functions by considering the following:1) Involvement of IA Head and IA Managers
in Ex-Co Management Meetings to enable the IA to business contextualize their IA Program and focus on business relevant issues
2) Participation of IA Head along with respective IA Manager in the exit meetings
3) Involvement of HOD and Functional Managers in IA Planning and Scope
4) Role of Internal Audit in Internal Controls Advocacy / Risk Management Advocacy / Anti Fraud Controls
Illustr
ative
46
Key Outcome # 6 – Action Plan for Cross Functional Engagement of IA
1. As per Action Plan # 10, IA Head and Managers to be involved in Ex-Co (key management review) meetings in order for them to comprehend key business issues that require Internal Audit attention as a result of emerging and changing risk scenarios
2. IA should involve HODs and Functional Managers in Annual Internal Audit Planning and Scoping exercise and consult them for audit of any special areas to be conducted, if any
3. IA Head should participate in all exit (closure) meetings along with the respective IA Manager, in order to increase the level of cross functional engagement with other functions
4. IA should initiate the process of On-going IA Effectiveness Review as a part of QAIP of IA Department
5. As per Action Plan # 1, Internal Audit should add value by playing a role of Internal Controls Advocacy, Risk Management Advocacy, Governance Advocacy and Anti-fraud controls specialist. IA should add value by assisting in implementing the above Frameworks. IA Charter to include this role as per Action Plan # 1 Ill
ustrati
ve
47
IAEQA components - Cross Functional Engagement of IA
What We Do How We Do
We evaluate the structure of the Cross Functional Engagement of Internal Audit with other Functions by considering the following:1. Involvement of IA Head and IA Managers
in Ex-Co Management Meetings to enable the IA to business contextualize their IA Program and focus on business relevant issues
2. Participation of IA Head along with respective IA Manager in the exit meetings
3. Involvement of HOD and Functional Managers in IA Planning and Scope
4. Role of Internal Audit in Internal Controls Advocacy / Risk Management Advocacy / Anti Fraud Controls
We create the parameters for evaluation of Cross Functional Engagement of Internal Audit and evaluated each of these parameters using a balanced scorecard approach.
48
Key Outcome # 6 – Cross Functional Engagement of IA
Evaluation Parameters Score Weights
IA Involvement in monthly business review meetings 0 20
Participation of IA Head along with respective IA Manager in exit meetings
18 25
Involvement of Functional HODs and Managers in IA annual plan & scope
6 20
Role of Internal Audit in Internal Controls Advocacy / Governance Advocacy /Risk Management Advocacy / Anti-fraud Controls
0 25
Management request for inclusion of special audit areas in scope
4 10
Total 28 100
How we did? We created the parameters for evaluation of Cross Functional Engagement of Internal Audit and evaluated each of these parameters using a balanced scorecard approach.
What we did? We evaluated the structure of the Cross Functional Engagement of Internal Audit with other Functions by considering the following:1) Involvement of IA Head and IA Managers
in Ex-Co Management Meetings to enable the IA to business contextualize their IA Program and focus on business relevant issues
2) Participation of IA Head along with respective IA Manager in the exit meetings
3) Involvement of HOD and Functional Managers in IA Planning and Scope
4) Role of Internal Audit in Internal Controls Advocacy / Risk Management Advocacy / Anti Fraud Controls
Illustr
ative
49
Key Outcome # 6 – Action Plan for Cross Functional Engagement of IA
1. As per Action Plan # 10, IA Head and Managers to be involved in Ex-Co (key management review) meetings in order for them to comprehend key business issues that require Internal Audit attention as a result of emerging and changing risk scenarios
2. IA should involve HODs and Functional Managers in Annual Internal Audit Planning and Scoping exercise and consult them for audit of any special areas to be conducted, if any
3. IA Head should participate in all exit (closure) meetings along with the respective IA Manager, in order to increase the level of cross functional engagement with other functions
4. IA should initiate the process of On-going IA Effectiveness Review as a part of QAIP of IA Department
5. As per Action Plan # 1, Internal Audit should add value by playing a role of Internal Controls Advocacy, Risk Management Advocacy, Governance Advocacy and Anti-fraud controls specialist. IA should add value by assisting in implementing the above Frameworks. IA Charter to include this role as per Action Plan # 1Ill
ustrati
ve
Thank you