Internal auditing for credit unions Nuala Comerford, Chair IIA Irish Region Committee Pamela McDonald Council Member IIA Credit Union Summer School Thursday, 23 rd May, 2013

Presentation The role of internal audit How the institute supports the internal audit profession The Profession and the institute in Ireland

“Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organisation's operations. It helps an organisation accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, internal control, and governance processes.” The Chartered Institute of Internal Auditors The role of internal audit

Internal audit is the management function responsible for evaluating and improving the effectiveness of risk management, control and governance processes. It is therefore one of the four cornerstones of good corporate governance: A cornerstone of good governance

Control Environment- Key Issues Corporate Governance Control Environment Control Framework

Corporate Governance Manner by which Organisations are directed & controlled as administered by management Structures and processes in place to direct, manage & monitor the activities towards achievement of objectives Principles –Openness –Transparency –Accountability

Control Environment Attitudes of Management / Board regarding the significance of control in the Organisation Management’s philosophy & operating style Integrity & ethical values Control environment sets the discipline for the achievement of the primary objectives of the system of internal control

Control Framework Internal Control Objectives / Why? Control Activities / How? Risk Assessment / Best practice form of management

Control Objectives / Why? Achievement of Objectives Compliance with statutory requirements Reliability of financial & other information Effectiveness & Efficiency of operations Safeguarding of Assets

8 Key areas of Control Activities How? Segregation of duties Organisation’s structures Authorisation & Approval HR policies Management controls Arithmetic & Accounting Physical controls Supervision Physical

Types of Controls Preventive Detective Corrective Anticipatory Directive

Managing risk …Is part of good management and good governance –Risk management is of value to organisations because it increases the chances of achieving objectives. …is a foundation for control –risk management is central to good internal control –A sound system of internal control is defined as one where the risks facing an organisation are managed as all stakeholders expect or want – within its risk appetite.

What does it Mean for the Credit Union? Identify relevant control / Set of actions, Is control sufficient / helps achieve objectives Guard against negative consequences of risk Must be cost effective Procedure Manuals are best format for documenting Controls and ensuring compliance

Activities of Internal Audit Evaluating controls & advise managers at all levels Evaluating Risks Analysing operations and confirm information Review compliance

A critical friend An Internal auditor is a “critical friend” to the organisation, someone who can: Challenge the business on risk management and internal controls Champion best practice in risk management Act as a Catalyst for change and improvement in risk management The Internal Auditor should be well positioned in the organisation in order to influence management and effect change

Options for Internal Audit Services In house Shared Service Outsourced Co-outsourced Collaboration

Internal auditors are distinct from external auditors: They occupy a unique position of independence and objectivity Their remit goes beyond evaluation of financial controls They have in-depth knowledge of the organisation as a whole The core activities of an internal auditor are: Evaluating key risks arising from the current and future activities Evaluating specific controls and advising managers at all levels on their effectiveness Reviewing compliance with laws, rules, policies, Codes of Practice, Guidelines Reporting findings to all levels of management but crucially the Board, usually via the Audit Committee External audit and internal audit?

Other assurance providers Measuring and Monitoring Control Framework Operation Control Framework Design Risk Strategy and Policy Setting ASSURANCEASSURANCE

Three lines of defence

Value for the audit committee Confidence in risk management processes Confidence in management’s assurances Regulatory compliance enabled

Value for management Confirmation of effective operation of controls Confidence in own management of risk Challenge & support for better management of risks Confidence for regulatory reporting Enabling safe risk-taking – opportunity management

About the Institute Established Professional body for internal auditors across all sectors in the UK and Ireland Affiliated to Global IIA, 180,000 members in 190 countries. Part of the European Confederation of Institutes of Internal Audit (ECIIA), which represents 40,000 members in 33 countries 8,000 members in the UK/ Ireland, including 700 Heads of Internal Audit. 9 Regional Groups, including Scotland, Wales, Ireland 70 % representation in the FTSE 100. Two qualifications: Diploma and Advanced Diploma Qualifications, leading to Chartered status (accredited by the Open University) Offers extensive programme of training courses and support services, including on-line learning tools, technical guidance All members globally work to the International Standards and are bound by a Code of Ethics.

Definition A standard for the profession Code of Ethics Behaviours for individuals International Standards Standards for what to do: setting up a function; completing audit work; reporting lines International Professional Practices Framework (IPPF)

Working to improve the management of risk and develop the profession The Institute contributes to the debates on governance and the management of risk, through relationships with key government departments and regulators and collaboration with other professional bodies International Standards form the basis of the Irish Government and UK Government’s standards for public sector internal audit. Invited by the UK financial regulator to create sector specific guidance on internal audit (due for publication in 2013) The regulator’s expectations : Robust guidance, agreed by the industry, which provide principles that firms can assert they comply with; and supervisors can measure and monitor IA effectiveness.

The internal audit profession in Ireland The institute has 764 members in Ireland – over 300 in the financial services sector Over 200 of our members hold the Institute's qualifications, including over 120 Chartered Internal Auditors (35 of whom work in the financial services sector) The Institute’s Irish region network embraces members in the North and South and runs a number of events each year. An annual conference takes place in the Spring. Regional Chair’s contact details: Nuala Comerford Tel :

Questions ?