Roman Pronyszyn MSc, CFIIA RP A G A

MSc Internal Audit and Management – CUBS CFIIA Internal Audit and Governance since 1985 RP

 Align the internal audit strategy to the organization’s overarching business strategy  Develop long term audit strategy that focuses on stakeholder expectations, coordinates risk functions and drives internal audit initiatives  Employ critical enablers throughout the internal audit life cycle, fit the organization’s culture, and an appropriate talent management program that ensures internal audit has the right people with the right skills in the right positions  Running internal audit like a business, drive enterprise efficiencies and results.

 More for less  Strategic, risk based audits, but not forgetting the basics  Additional assurance linked services  Why things go wrong as well as what has gone wrong  Outcome focus not output  Depth of service  Assurance on services provided by external bodies

 Outsourced – internal audit provided by external company (eg big 4)  Parent company provision – parent company provide internal audit to subsidiaries  Hosted service – services is hosted by one organisation with services provided to others (eg. NHS Audit Consortia)  Joint venture – limited company jointly owned by several bodies (eg. Veritau Ltd)  Informal network – informal agreements to share resources, use of Associates, etc (eg Wayside Network)

Pros  Depth of service  Professionalism  Additional services  Sharing good practice  Benchmarking Cons  Cost  Business specific knowledge  Visibility  Responsiveness  Sales

Pros  Understanding of strategic framework  Reflect corporate accountability  Cost  Business specific knowledge Cons  Visibility  Responsiveness  Depth of service  Professionalism  Additional services  Conflict of interest

Pros  Understanding of strategic framework  Cost  Greater depth of service provision  Flexibility and sustainability  Business specific knowledge Cons  Conflicting priorities  Accountability structures  Responsiveness  Depth of service  Professionalism  Additional services  Conflict of interest

Pros  Understanding of strategic framework  Cost  Greater depth of service provision  Flexibility and sustainability  Business specific knowledge  Clearer accountability Cons  Conflicting priorities  Customer/director conflict  Accountability structures  Responsiveness  Depth of service  Professionalism  Additional services

Pros  Exchange of good practice  Cost  Greater depth of service provision  Flexibility and sustainability  Business specific knowledge  Clearer accountability Cons  Conflicting priorities  Customer/director conflict  Accountability structures  Responsiveness  Depth of service  Professionalism  Additional services

 One dominant partner  Radically different expectations from IA  Lack of steer  Board dominated by main customers  Lack of customer focus  Unclear accountability structures  Cutbacks undermine ability to deliver  Non supportive board  Conflict amongst “owners”

 Risk Management  Information Governance/ Data Protection,  FoI system  Counter Fraud Services,  Financial Resilience checks prior to contract award,  Contract Compliance – third party assurance,  Business Case assurance  ISO reviews  Facilitated worshops  Joint reviews with others  Others??

 Conflicting priorities  Distraction - loss of focus on key assurance  Internal organisational structure  Credibility with clients  Sales

Roman Pronyszyn RPAGA Services