Hans Nieuwlands CIA CGAP CCSA CEO IIA Netherlands Quality Assurance in the Netherlands: Experiences from 35 Organizations Hans Nieuwlands CIA CGAP CCSA CEO IIA Netherlands Brussels, 20 November, 2014
Quality Assessments in the Netherlands Outline Introduction Definition of Quality Guidance from The IIA QAIP Framework Common improvement areas Conclusion The International Standards for the Professional Practice of Internal Auditing support this definition of internal auditing. Quality Assessments in the Netherlands
Quality is not an act, it is a habit. What is Quality? Quality is not an act, it is a habit. Aristotle The International Standards for the Professional Practice of Internal Auditing support this definition of internal auditing.
Quality means doing it right when nobody is watching. What is Quality? Quality means doing it right when nobody is watching. Henry Ford The International Standards for the Professional Practice of Internal Auditing support this definition of internal auditing.
What is Quality? Quality in a product or service is not what the supplier puts in. It is what the customer gets out and is willing to pay for. Peter F. Drucker
What is Quality? Quality in internal audit is guided by both an obligation to meet customer expectations as well as professional responsibilities inherent in conforming to the Standards. Practice Guide The International Standards for the Professional Practice of Internal Auditing support this definition of internal auditing.
Professional Guidance The International Standards for the Professional Practice of Internal Auditing support this definition of internal auditing.
Standards 1300 – Quality Assurance and Improvement Program The chief audit executive must develop and maintain a quality assurance and improvement program that covers all aspects of the internal audit activity. Internal auditing is a true profession, guided by Standards and a Code of Ethics, and clearly defined.
Standards Interpretation 1300: A quality assurance and improvement program is designed to enable an evaluation of the internal audit activity’s conformance with the Definition of Internal Auditing and the Standards and an evaluation of whether internal auditors apply the Code of Ethics. The program also assesses the efficiency and effectiveness of the internal audit activity and identifies opportunities for improvement.
Standards 1310 – Requirements of the Quality Assurance and Improvement Program The quality assurance and improvement program must include both internal and external assessments.
Standards 1311 – Internal Assessments Internal assessments must include: Ongoing monitoring of the performance of the internal audit activity; and Periodic self-assessments or assessments by other persons within the organization with sufficient knowledge of internal audit practices. Internal auditing is a true profession, guided by Standards and a Code of Ethics, and clearly defined.
Standards Interpretation 1311: Ongoing monitoring is an integral part of the day-to-day supervision, review, and measurement of the internal audit activity. Ongoing monitoring is incorporated into the routine policies and practices used to manage the internal audit activity and uses processes, tools, and information considered necessary to evaluate conformance with the Definition of Internal Auditing, the Code of Ethics, and the Standards… Internal auditing is a true profession, guided by Standards and a Code of Ethics, and clearly defined.
Standards 1320 – Reporting on the Quality Assurance and Improvement Program The chief audit executive must communicate the results of the quality assurance and improvement program to senior management and the board. Internal auditing is a true profession, guided by Standards and a Code of Ethics, and clearly defined.
Practice Guides Internal auditing is a true profession, guided by Standards and a Code of Ethics, and clearly defined.
QAIP Framework Internal auditing is a true profession, guided by Standards and a Code of Ethics, and clearly defined.
QAIP Components Internal auditing is a true profession, guided by Standards and a Code of Ethics, and clearly defined.
QAIP Assessment
The Value of a QAIP
Assessments Standard 1311 – Internal Assessments Standard 1312 – External Assessments Internal auditing is a true profession, guided by Standards and a Code of Ethics, and clearly defined.
Common improvement areas Definition - Discuss with (Supervisory) Board - Include in Charter Code of Ethics - Include in manual - Include in job descriptions - All staff should acknowledge compliance annually
Attribute Standards 1000: Purpose, Authority and Responsibility 1100: Independence and Objectivity - Define reporting line to CEO and Audit Committee (AC) - Define attendance at AC meetings - Include hiring/firing of the CAE
Attribute Standards 1200: Proficiency and Due Professional Care - Stimulate Professional Certification - Create Personal Development plan - Take into account external developments - Develop new competencies and skills(e.g. soft controls) - Utilize opportunities created by the employer
Attribute Standards 1300: Quality Assessment and Improvement Program (QAIP) - Do the self assessment frequently - Include Quality aspects in operational processes - Check periodically if the manual needs an update - Communicate results of quality assessments to the CEO and AC
Performance Standards 2000: Managing the Internal Audit Function - Ensure audit universe is complete up to date and accurate - Describe the risk assessment methodology used - Document the trail from universe to audit plan - Document the reasons for dropped audits
Performance Standards 2100: Nature of Work Include in every audit: - Governance aspects - Risk Management processes Advice on these matters in the report
Performance Standards 2200: Engagement Planning - Substantiate the Planning Memorandum, including interviews - Document red flags used to identify potential fraud - Align the audit program with the specific risk assessment made - Document manager’s approval of the audit program, prior to fieldwork
Performance Standards 2300: Performing the Engagement - Document field work done - Substantiate sampling method used - Ensure complete cross references - Document supervision of fieldwork - Create a trail from findings to report and vice versa - Finalize all supervision before issuance of draft report
Performance Standards 2400: Communicating Results Ask stakeholders for feedback on the reports, e.g.: - Overall quality of report - Extend to what risks are addressed - Level of detail - Clarity of audit opinion - Readability
Performance Standards 2500: Monitoring Progress - Communicate frequently follow up activities on audit recommendations to appropriate levels of management - Report periodically on high risk and overdue issues to CEO and AC
Performance Standards 2600: Communicating the Acceptance of Risks - Include the escalation procedure to be used when senior management and the CAE disagree on the acceptance if business risks in the Audit Charter - Include this disagreement in the audit report
Good luck with the External Quality Assessment
Thank you for your attention!