CBIZ Risk & Advisory Services, LLC 1 Quality Assessments Lessons Learned/Best Practices Thomas A. Johnson, CIA November 13, 2007.

Slides:



Advertisements
Similar presentations
Organizational Governance
Advertisements

. . . key messages for CAEs, Senior Management and the Board
. . . a step-by-step guide to world-class internal auditing
External Quality Assessments Frequently Occurring Findings Observed by The IIA QA Teams.
PRESENTATION ON MONDAY 7 TH AUGUST, 2006 BY SUDHIR VARMA FCA; CIA(USA) FOR THE INSTITUTE OF INTERNAL AUDITORS – INDIA, DELHI CHAPTER.
A Consultative Approach to Auditing
IMFO Audit & Risk Indaba June 2012
Supervisory Committee Communications with Management and the Board
Internal Audit Awareness
QUALITY ASSURANCE AND IMPROVEMENT PROGRAM (QAIP)
Welcome! Internal Auditing CHAPTER 1. Definition Internal auditing is an independent, objective, assurance and consulting activity designed to add value.
Preparing for an External Quality Assessment of your Quality Assurance and Improvement Program Institute of Internal Auditors El Paso Chapter August 29,
Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
PwC Role of Internal Audit in Corporate Governance September 2010 Tumin Gültekin, Partner.
IS Audit Function Knowledge
Operational Auditing Fall 2006 Professor Bill O’ Brien.
Quality evaluation and improvement for Internal Audit
1 What is Internal Audit’s Role in Management’s Assertion The Institute of Internal Auditors May 11, 2004 Xenia Ley Parker, CIA, CISA, CFSA Principal XLP.
Operational Auditing Spring 2005 Professor Bill O’ Brien.
External Quality Assessments
Purpose of the Standards
Trinidad & Tobago Corporate Governance Code 2013
“The Impact of Sarbanes Oxley, An Evolving Best Practice” Ellen C. Wolf Senior Vice President & Chief Financial Officer American Water National Association.
Click to add text © 2010 IBM Corporation OpenPages Solution Overview Mark Dinning Principal Solutions Consultant.
Audit Committees in Local Government FinPro Professional Development Seminar Linda MacRae Local Solutions Pty Ltd 25 October
Auditing Standards IFTA\IRP Audit Guidance Government Auditing Standards (GAO) Generally Accepted Auditing Standards (GAAS) International Standards on.
Internal Auditing and Outsourcing
ACADEMIC PERFORMANCE AUDIT
DAA and GEP Orlando Audit & Compliance or Audit vs. Compliance.
Audits & Assessments: What are the Differences and How Do We Learn from the Results? Brown Bag March 12, 2009 Sal Rubano – Director, Office of the Vice.
D-1 McGraw-Hill/Irwin ©2005 by the McGraw-Hill Companies, Inc. All rights reserved. Module D Internal, Governmental, and Fraud Audits “I predict that audit.
C. P. Mansoor S. Ahmed M. Com, PGDBA.  Not confined to Independent Audit  Systematic Examination of  Records  Procedures  Systems  Operations.
Improving Corporate Governance in Malaysian Capital Markets – The Role of the Audit Committee Role of the Audit Committee in Assessing Audit Quality.
Session 3 & 4. Institute of Internal Auditors Inc (IIA) was created for internal auditors in 1941 Generally accepted criteria of a profession are: –Adopting.
UNM and Health System Internal Audit Departments Internal Audit Department Orientation Manu Patel, Internal Audit Director Purvi Mody, Executive Director,
Section Topics Establish a framework for assessing risk
Chapter 5 Internal Control over Financial Reporting
© 2013 Cengage Learning. All Rights Reserved. 1 Part Four: Implementing Business Ethics in a Global Economy Chapter 9: Managing and Controlling Ethics.
Scandals (in the public and private sector)  Enron  Worldcom  Livent  Nortel  HRDC  Sponsorship Scandal.
1 Today’s Presentation Sarbanes Oxley and Financial Reporting An NSTAR Perspective.
Taking the STANDARDS Seriously... what they are and why they are so critically important to internal audit professionalism.
The views expressed in this presentation do not necessarily reflect those of the Federal Reserve Bank of New York or the Federal Reserve System Association.
INTERNAL AUDIT AND INVESTIGATION SERVICES PRESENTATION TO THE PORTFOLIO COMMITTEE ON THE UNIT’S ACTIVITIES FOR THE YEAR ENDING 31 MARCH 2006 Z MXUNYELWA,
Bank Audit. Internal Audit Internal audit is an independent, objective assurance activity and can give valuable insight in providing assurance that major.
1 The Auditor’s Role in Governance: Emulate, Evaluate, Educate Lori Cox, CIA, CGAP IIA Tucson Chapter President Director – Internal Audit, Pima Community.
Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved.McGraw-Hill/Irwin.
A Guide for Management. Overview Benefits of entity-level controls Nature of entity-level controls Types of entity-level controls, control objectives,
Continual Service Improvement Methods & Techniques.
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
Scottish Local Authority Chief Internal Auditors Group Conference - June 2013.
1 Internal Audit’s Role in Enterprise Risk Management March 22, 2016 Chris Kalafatis, Manager, Risk Advisory Services.
“The Role of CPSB and CASB in the Transformation and Growth of Counties” By CS Peterson Mwangi.
Internal Audit Quality Assessment Guide
#327 – Legal and Regulatory Risk: Silent and Possibly Deadly Deborah Frazer, CPA CISA CISSP Senior Director, Internal Audit PalmSource, Inc.
AUDIT STAFF TRAINING WORKSHOP 13 TH – 14 TH NOVEMBER 2014, HILTON HOTEL NAIROBI AUDIT PLANNING 1.
SUNY Maritime Internal Control Program. New York State Internal Control Act of 1987 Establish and maintain guidelines for a system of internal controls.
Hans Nieuwlands CIA CGAP CCSA CEO IIA Netherlands
Getting to Know Internal Auditing
How to Survive an External Quality Assessment
Getting to Know Internal Auditing
Getting to Know Internal Auditing
Small Internal Audit Activity Challenges
Office of Internal Audits
. . . key messages for CAEs, Senior Management and the Board
Independent Internal Audit Quality Reviews
Getting to Know Internal Auditing
QUALITY ASSURANCE AND IMPROVEMENT PROGRAM
Taking the STANDARDS Seriously
Capacitate Internal Audit
An overview of Internal Controls Structure & Mechanism
Presentation transcript:

CBIZ Risk & Advisory Services, LLC 1 Quality Assessments Lessons Learned/Best Practices Thomas A. Johnson, CIA November 13, 2007

CBIZ Risk & Advisory Services, LLP 2 Agenda  Requirement  Benefits  Attributes of a “World-Class” Internal Audit  Quality and Quality Assessment  Keys to an Effective QA  Common Observations  Leading Practices

CBIZ Risk & Advisory Services, LLP 3 Requirement  IIA Standard Requires an external assessment be performed by a competent and independent firm at least every 5 years.  Good ‘business practice” to provide an independent evaluation of internal audit as well as identifying potential ways to improve the process.  With Sarbanes-Oxley and other demands placed on Audit Committees and Internal Audit, a Quality Assurance Review serves to provide an assessment that the various Internal Audit responsibilities are being discharged effectively and efficiently.

CBIZ Risk & Advisory Services, LLP 4 Benefits  Current State of “Conformance to the Standards”.  Builds stakeholder confidence by showing management’s commitment to quality and leading practices.  Demonstrates that the Audit Committee and Internal Audit are concerned about the success of the organization’s internal controls, governance and risk management processes.

CBIZ Risk & Advisory Services, LLP Benefits  PCAOB Audit Standard 2 states “The external auditor may use the work of internal auditors particularly when internal auditors are in compliance with the Standards.”  Observations on benchmarking & identification of successful practices  Recommendations for improvement aimed at adding value to the organization. 5

CBIZ Risk & Advisory Services, LLP Benefits  Identify Expectation Gaps  Among key stakeholder expectations  Current state & desired state of performance  Recommendations aimed at adding value to the organization  Internal marketing tool strengthening credibility and promoting integrity 6

CBIZ Risk & Advisory Services, LLP Attributes of a “World-Class Internal Audit Activity  Empowered & Respected by Management and Board  Objective and Independent  Highly Talented  Risk Focused  Proactive  Technology Driven 7

CBIZ Risk & Advisory Services, LLP Empowered and Respected  Best Reporting Structure  Functionally – Audit Committee  Administratively- CEO  Respected at All Levels  Value-Added Business Advisors  “Out of the box” thinking  Provides effective resources and solutions to business challenges 8

CBIZ Risk & Advisory Services, LLP Objective and Independent  Seen as providing unbiased views of the organization.  Have no real or apparent conflicts of interest  Independent of the activities they audit  “No-No’s”  Designing and installing systems  Drafting of procedures 9

CBIZ Risk & Advisory Services, LLP Highly Talented  Highly talented professionals (certified) with unique combinations of skills & experiences  Hiring and Retention  Rotation in and out  Constantly adding value  Collectively possess the essential skills  Consideration for co-sourcing  Must commit to a program of continuous development 10

CBIZ Risk & Advisory Services, LLP Risk Focused  Allocates Time & Resources Based on Risk  Annual and Long Term Plans  Individual Engagements  Identifies critical risks & exposures before they become significant issues  Shares “lessons learned” across common business units and processes 11

CBIZ Risk & Advisory Services, LLP Proactive  Proactive, not only reactive  Right balance between protecting and enhancing shareholder value  Level of consultative support correlates with the organizations fluidity  E.g., a flat, decentralized organization likely requires significant support in analyzing business risks and transferring company-wide best practices then a highly centralized organization 12

CBIZ Risk & Advisory Services, LLP Technology & Process Driven  Utilizes “state-of-the-art” technology to:  Reduce Risks  Identify potential problems in nearly real time  Increase productivity  Continuously improve the control environment and communications  Be committed to a program of continuous improvement 13

CBIZ Risk & Advisory Services, LLP Foundation of World-Class Audit Departments  The International Standards for the Professional Practice of Internal Auditing and the Code of Ethics are the foundation for all world- class functions. 14

CBIZ Risk & Advisory Services, LLP Quality Components  Adherence to the Code of Ethics  Practicing in accordance with the Standards  Continued Professional Development  Audit Practice is continuous improvement oriented 15

CBIZ Risk & Advisory Services, LLP Quality Assurance  To Evaluate Quality- Objectively measure internal audit process  To maintain Quality- Fully commit to professional growth and development  To ensure Quality- Maintain quality assurance and improvement program 16

CBIZ Risk & Advisory Services, LLP Quality Standards  Internal audit must establish a quality assurance program that includes both:  Ongoing and periodic internal QA’s  External QA a minimum of once every 5 years  Failure precludes IA from using the statement “conducted in accordance with the International Standards for the Professional Practice of Internal Auditing.” 17

CBIZ Risk & Advisory Services, LLP Keys to an Effective QA  Understanding the Professional Practices Framework  Awareness and Implementation of the Standards  Internal audit quality programs and initiatives  Leading practices in applying the Standards 18

CBIZ Risk & Advisory Services, LLP Professional Practices Framework  Definition of Internal Auditing  The Code of Ethics  The Standards  Practice Advisories  Topical Index to the Practice Advisories 19

CBIZ Risk & Advisory Services, LLP Purpose of a Quality Assessment  Assess conformance to the Standards  Assess the effectiveness and efficiency of the internal audit activity  Identify opportunities for improvement  Improving performance  Image of the department 20

CBIZ Risk & Advisory Services, LLP Scope of External Assessments  Conformance with the Standards & the Code of Ethics & the IA’s charter, plan, policies, procedures and applicable laws & regulatory requirements  The expectations of the IA as expressed by the board, executive management and operational management  The integration of the IA into the governance process, including the relationships between and among the key groups involved in the process 21

CBIZ Risk & Advisory Services, LLP Scope (Cont’d)  Tools and techniques  Mix of knowledge, experience and disciplines within the staff, including the focus on process improvement  Determination that the internal audit activity adds value and improves the organization’s operations 22

CBIZ Risk & Advisory Services, LLP Areas of Focus  The Mandate of the IA Activity  The Relationship between IA & the Audit Committee  IA Reporting Lines  Staffing of Internal Audit  Obtaining & Maintaining Competency  Coordination with External Audit  Developing the Internal Audit Plan  Reporting Findings & Recommendations 23

CBIZ Risk & Advisory Services, LLP Areas of Focus  Follow-Up of Corrective Action  Fraud  Internal Quality Program  Sufficiency of IA Resources  Support from Senior Management  Evaluation by the Audit Committee 24

CBIZ Risk & Advisory Services, LLP Common Findings  Charters not current, inadequate and/or misaligned  Lacking support or sponsorship by top management  Department structure issues  Reporting lines  Alignment with the organization  Insufficient business knowledge and/or technology capabilities  Lack of a defined and documented risk assessment 25

CBIZ Risk & Advisory Services, LLP Common Findings  Linkage of risk assessment to plan  Impact of Sar-Box  Lack of external input to risk assessment  Audit Universe Deficiencies  Ineffective resource planning, including training  Inadequate IT Coverage  Limited use of technology  Infrequent management interaction 26

CBIZ Risk & Advisory Services, LLP Common Findings  Lack of Performance Measurements  Failure to Track Auditors’ Time  Inconsistent/Incomplete Work Papers  Lack of a defined and documented Quality Assurance and Improvement Program  Insufficient reporting to the Audit Committee 27

CBIZ Risk & Advisory Services, LLP Leading Practices  Enterprise Risk Assessment  Rigorous and coordinated approach  Assessing all risks that affect the organizations strategic & financial objectives  Risk & Control Self Assessment  Using Control Frameworks (COSO)  Effectiveness & Efficiency of Operations  Reliability of Financial Reporting  Compliance with Laws & Regulations 28

CBIZ Risk & Advisory Services, LLP Leading Practices  Partnering with Management  Risk Assessment & Annual Audit Planning  Long Term Audit Plans  Usually three years  Higher risk areas should be reviewed more frequently within the 3 year plan  Frequent modifications to long term plan  Developing Staff  Goal of 80 hours of training  Stretch Objectives & Performance Measures  Certification 29

CBIZ Risk & Advisory Services, LLP Leading Practices  Communicating More Effectively  User friendly format  Executive summary, with clear concise information and opinion  Regular reporting of issues to the Audit committee  “Marketing” IA function Brochure Intranet 30

CBIZ Risk & Advisory Services, LLP Leading Practices  Using Technology  Data extraction and analysis  Fraud detection/prevention  Network security assessment  Automated work-papers  Audit administration tools  Benchmarking  Performance measurements 31

CBIZ Risk & Advisory Services, LLP Questions ?????????????? 32

CBIZ Risk & Advisory Services, LLP Follow-Up Tom Johnson

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.