Presentation is loading. Please wait.

Presentation is loading. Please wait.

Internal Audit: Operating at the strategic level Strategic collaboration Auditing strategic risks Audit plan alignment Malcolm Zack – Director Zack Associates.

Published byTobias Rose Modified over 8 years ago

Similar presentations

Presentation on theme: "Internal Audit: Operating at the strategic level Strategic collaboration Auditing strategic risks Audit plan alignment Malcolm Zack – Director Zack Associates."— Presentation transcript:

1 Internal Audit: Operating at the strategic level Strategic collaboration Auditing strategic risks Audit plan alignment Malcolm Zack – Director Zack Associates Limited

2 Z ack Associates Limited Logos sourced from publically available internet sources Major retailer

3 Strategic risks are risks that affect or are created by an organization’s business strategy and strategic objectives – Deloitte. Exploring Strategic Risk - a global survey So… what do we mean by strategic risk? Poor Business Decisions Poor Execution Inadequate resource allocation Not responding to changes in the environment Poor Business Decisions Poor Execution Inadequate resource allocation Not responding to changes in the environment Risks identified in the strategic plans Financial Economic environment Political risks People Risks identified in the strategic plans Financial Economic environment Political risks People

4 Allianz Risk Barometer 2016 1.Business Interruption 2.Market (volatility, stagnation, competition 3.Cyber incidents 4.Natural Catastrophes 5.Changes in Legislation 6.Macro economic changes 7.Loss of Reputation/Brand Value 8.Fire Explosion 9.Political risks (war, terrorism) 10.Theft, fraud and corruption Allianz Risk Barometer 2016 1.Business Interruption 2.Market (volatility, stagnation, competition 3.Cyber incidents 4.Natural Catastrophes 5.Changes in Legislation 6.Macro economic changes 7.Loss of Reputation/Brand Value 8.Fire Explosion 9.Political risks (war, terrorism) 10.Theft, fraud and corruption Protiviti –Audit Committee Top Risks 2016 1.Regulatory Change/Scrutiny 2.Managing Cyber Threats 3.Economic conditions restrict growth 4.Succession and attracting talent 5.Privacy and information security 6.Resistance to change 7.Rapid speed of disruptive technology 8.Culture: - impact on risk management 9.Volatility in global financial markets 10.Sustaining customer loyalty Protiviti –Audit Committee Top Risks 2016 1.Regulatory Change/Scrutiny 2.Managing Cyber Threats 3.Economic conditions restrict growth 4.Succession and attracting talent 5.Privacy and information security 6.Resistance to change 7.Rapid speed of disruptive technology 8.Culture: - impact on risk management 9.Volatility in global financial markets 10.Sustaining customer loyalty KMPG Top Risk Management Issues 2016 1.Technology Risk Management 2.Third Party Risk Management 3.Fraud and Misconduct 4.Crisis Management 5.Data Security 6.Achieving Compliance 7.Risk Data – aggregation and Reporting KMPG Top Risk Management Issues 2016 1.Technology Risk Management 2.Third Party Risk Management 3.Fraud and Misconduct 4.Crisis Management 5.Data Security 6.Achieving Compliance 7.Risk Data – aggregation and Reporting KMPG Top Risks for Internal Audit – Capital and Markets 2016 1.Increased regulatory expectations 2.Culture and conduct 3.Regulatory reporting 4.Stress testing 5.Model risk management 6.Cyber security 7.Third-party relationships/vendor management 8.Continuous risk assessment 9.Use of data analytics and continuous auditing 10.Internal audit talent recruitment and retention KMPG Top Risks for Internal Audit – Capital and Markets 2016 1.Increased regulatory expectations 2.Culture and conduct 3.Regulatory reporting 4.Stress testing 5.Model risk management 6.Cyber security 7.Third-party relationships/vendor management 8.Continuous risk assessment 9.Use of data analytics and continuous auditing 10.Internal audit talent recruitment and retention Top sets of risks Differ from sector to sector Not all top risks are strategic Most appear operational, value preserving risks. I.e they could threaten achievement of business objectives/strategy So should we focus on risks or objectives?!

5 Wartsila – Risk Management Report 2010 EXAMPLES…. Source: Global Advantage

6 Achievement of the organization's strategic objectives. Reliability and integrity of financial and operational information. Effectiveness and efficiency of operations and programs. Safeguarding of assets. Compliance with laws, regulations, policies, procedures, and contracts. Organisation strategy should be a foundational element of plan Aligns IA with strategic priorities Helps allocate IA resources. Leverage management and other assurance providers Consider providing assurance Assess if strategic risks are being managed. Evaluate mitigation methods Opportunity to deliver advisory services that impact organisation evolution directly Assess skills and knowledge in team Consider other sources if necessary Executives responsible for risk management in persuit of strategic objectives Strategic opportunities and threats drive creation of short and longer term strategic initiatives/investments to deliver value. IIA standards - 2120 – 3 Internal audit coverage of risks to achieving strategic objectives. IA provide assurance IA skills IA evaluates IA focus on critical risks

7 IIA – Research Foundation More involved with strategic initiatives – Better connected Become business partner/risk advisor Greater value when involved early on in inititative Link ERM to strategic thinking IA Gains knowledge and insight Skills include strategic planning and consulting Increase demand for advisory work, reality checks Balance assurance and advising management The reasons and benefits for internal auditing are clear… but how do you go about getting your team involved?

8 Risk (what could happen?) Risk Factors (what contributes to the risk?) Impact What outcomes if the risk is realised? Business Objectives affected Key ControlsAssurance/audits Risk that….. a.. b.. c.. Xxxxxx, yyyy Growth Customer Experience  Mgt..  Review.. High level view of audit area Risk Operational Excellence Risk Growth Customers Shareholder value Risk Operational Excellence StategicFinancialOperationalRegulatory Link strategic risks to the business objectives most impacted and identify sources of assurance and audit potential. Helps board audit committee understand where assurances over key strategic risks come from and any gap

9 Risk and Opportunity Matrix Risk Opportunity – how much is business moved forward? Top Strategic projects Significant change New products/businesses “pushing the envelope” Projects /initiatives providing high benefit to the business but lower risk.e.g. rolling out new stores/locations Complex operational areas. E.g. BCP, IT Security, Treasury Map audit plan candidates…… Value Creation Value Preservation [Audit functions] “often fail to provide assurance on strategy creation and execution, management's value creation work”. – “Why firms should audit strategic risk” – Business Week July 2010 Important areas needing some audit review but less frequent

10 So what could internal audit do? Sales Development New Products Going into new markets Diversification New locations Expansion/Merger/takeover/demerger Transformation Programmes Reviewing the strategic plan itself risk assessment assumptions and drivers, Information obtained, Scenarios planning and stress testing, softer areas (strong personalities and committment), alternatives rejected, Major Systems Strategic Programme Office Benefits Realisation

11

12

13 Where I have succeeded more Focusing audit team capabilities on initiatives that are important/critical to achieving the strategic goals. E.g. major projects, transformations, significant acquisitions. “why isn’t IA on this call?” Attempts to review the strategy itself – Helping management pull out risks with the strategy and risks arising because of the strategy that has been agreed has added more value. PLANNING RISK < EXECUTION RISK

14 Are YOU strategic enough? A place to start your thinking…… What is your Internal Audit Strategy for the next 3-5 years? Where is it now, Where does it need to go, and how will it get there? How often do you review it? And… what are the risks to your strategy? Involve your Audit Committee…. Are YOU strategic enough? A place to start your thinking…… What is your Internal Audit Strategy for the next 3-5 years? Where is it now, Where does it need to go, and how will it get there? How often do you review it? And… what are the risks to your strategy? Involve your Audit Committee…. Work on strategic initiatives Well connected Recognised business partner/risk advisor Involved early Linkd ERM to strategic thinking IA sought for knowledge and insight Stratiegic Skills Demand for advisory work, Balanced assurance and advising management Development route for management

15 Obstacles and assumptions View of IA capability Its difficult Its “confidential” Where do you start? Obstacles and assumptions View of IA capability Its difficult Its “confidential” Where do you start? Strategic risk is just a category like the others… but projects do lend themselves. Needs a different approach to auditing and reporting More advisory than assurance More upfront and ongoing involvement and challenge Dynamic reporting Needs audit team to be able to think strategically and have commercial understanding Look at the backgrounds – do you have the right mix? Strategic risk is just a category like the others… but projects do lend themselves. Needs a different approach to auditing and reporting More advisory than assurance More upfront and ongoing involvement and challenge Dynamic reporting Needs audit team to be able to think strategically and have commercial understanding Look at the backgrounds – do you have the right mix?

16 Internal Audit and Strategic Risk Strategic collaboration - Essential Auditing strategic risks – Be selective Audit plan alignment – back to basics But……. Risk Opportunity – how much is business moved forward? Top Strategic projects Significant change New products/businesses “pushing the envelope” Projects /initiatives providing high benefit to the business but lower risk.e.g. rolling out new stores/locations Complex operational areas. E.g. BCP, IT Security, Treasury Value Creation Value Preservation [Audit functions] “often fail to provide assurance on strategy creation and execution, management's value creation work”. – “Why firms should audit strategic risk” – Business Week July 2010

17 Remember Which business objectives are impacted or benefited from the results of your audit work? Link findings from audits back to the top risks and business objectives. Remember Which business objectives are impacted or benefited from the results of your audit work? Link findings from audits back to the top risks and business objectives. Achievement of the organization's strategic objectives. Reliability and integrity of financial and operational information. Effectiveness and efficiency of operations and programs. Safeguarding of assets. Compliance with laws, regulations, policies, procedures, and contracts. Achievement of the organization's strategic objectives. Reliability and integrity of financial and operational information. Effectiveness and efficiency of operations and programs. Safeguarding of assets. Compliance with laws, regulations, policies, procedures, and contracts. IA evaluates Remember to kick the tyres……

18 We still have to kick the tyres If the tyre’s flat, your strategy is going nowhere…

Download ppt "Internal Audit: Operating at the strategic level Strategic collaboration Auditing strategic risks Audit plan alignment Malcolm Zack – Director Zack Associates."

Similar presentations

Options appraisal, the business case & procurement

Options appraisal, the business case & procurement
World Bank Financial Management Sector September 2010.

World Bank Financial Management Sector September 2010.
IMFO Audit & Risk Indaba June 2012

IMFO Audit & Risk Indaba June 2012
An Intro to Professionalizing Procurement & Strategic Sourcing

An Intro to Professionalizing Procurement & Strategic Sourcing
The “New” New Normal: Global Mobility as a Strategic Advisor.

The “New” New Normal: Global Mobility as a Strategic Advisor.
It’s Time to Talk About Risk and Control

It’s Time to Talk About Risk and Control
“High Performing Financial Institutions and the Keys to Success in an Uncertain Environment”

“High Performing Financial Institutions and the Keys to Success in an Uncertain Environment”
Welcome! Internal Auditing CHAPTER 1. Definition Internal auditing is an independent, objective, assurance and consulting activity designed to add value.

Welcome! Internal Auditing CHAPTER 1. Definition Internal auditing is an independent, objective, assurance and consulting activity designed to add value.
CBIZ Risk & Advisory Services, LLC 1 Quality Assessments Lessons Learned/Best Practices Thomas A. Johnson, CIA November 13, 2007.

CBIZ Risk & Advisory Services, LLC 1 Quality Assessments Lessons Learned/Best Practices Thomas A. Johnson, CIA November 13, 2007.
Eliot M. Stenzel, CPA,CIA IIA Instructor for many years. 220-3198 Risk Based Auditing.

Eliot M. Stenzel, CPA,CIA IIA Instructor for many years Risk Based Auditing.
AUDIT COMMITTEE FORUM TM ACF Roundtable IT Governance – what does it mean to you as an audit committee member July 2010 The AUDIT COMMITTEE FORUM TM is.

AUDIT COMMITTEE FORUM TM ACF Roundtable IT Governance – what does it mean to you as an audit committee member July 2010 The AUDIT COMMITTEE FORUM TM is.
MODELING CORPORATE RISK AT FORD Freeman Wood Director Global Risk Management.

MODELING CORPORATE RISK AT FORD Freeman Wood Director Global Risk Management.
PwC Role of Internal Audit in Corporate Governance September 2010 Tumin Gültekin, Partner.

PwC Role of Internal Audit in Corporate Governance September 2010 Tumin Gültekin, Partner.
Aust. AM Collaborative Group (AAMCOG) An introduction to ISO 55000 “What to do” guide 20th October 2014.

Aust. AM Collaborative Group (AAMCOG) An introduction to ISO “What to do” guide 20th October 2014.
USING ANALYTICS What to Take Away?

USING ANALYTICS What to Take Away?
COBIT Framework Introduction. Problems with IT? – Increasing pressure to leverage technology in business strategies – Growing complexity of IT environments.

COBIT Framework Introduction. Problems with IT? – Increasing pressure to leverage technology in business strategies – Growing complexity of IT environments.
© 2012 McGladrey LLP. All Rights Reserved.© 2014 McGladrey LLP. All Rights Reserved. © 2012 McGladrey LLP. All Rights Reserved. © 2013 McGladrey LLP. All.

© 2012 McGladrey LLP. All Rights Reserved.© 2014 McGladrey LLP. All Rights Reserved. © 2012 McGladrey LLP. All Rights Reserved. © 2013 McGladrey LLP. All.
CORPORATE RISK MANAGEMENT & INSURANCE BY R P BLAH D.G.M. INCHARGE THE ORIENTAL INSURANCE COMPANY LIMITED REGIONAL OFFICE BHUBANESWAR.

CORPORATE RISK MANAGEMENT & INSURANCE BY R P BLAH D.G.M. INCHARGE THE ORIENTAL INSURANCE COMPANY LIMITED REGIONAL OFFICE BHUBANESWAR.
The global body for professional accountants Overcoming the challenges of implementing IPSASs & audit landscape Chris Ridley (ACCA Public Sector Global.

The global body for professional accountants Overcoming the challenges of implementing IPSASs & audit landscape Chris Ridley (ACCA Public Sector Global.
Total Quality, Competitive Advantage, and Strategic Management

Total Quality, Competitive Advantage, and Strategic Management

Similar presentations

Ads by Google