Presentation is loading. Please wait.

Presentation is loading. Please wait.

Following Up on Internal Audit Reports (non-financial corporates)

Published byKatherine Mathews Modified over 6 years ago

Similar presentations

Presentation on theme: "Following Up on Internal Audit Reports (non-financial corporates)"— Presentation transcript:

1 Following Up on Internal Audit Reports (non-financial corporates)
by Ingrid Azzopardi/Eugenio Privitelli

2 Practice Advisory 2500 - Ingrid Azzopardi/Eugenio Privitelli
INTERNAL AUDIT TOOLS Executive summaries Use of presentations Identify and communicate best practice Timely reporting Grading of audit reports Agree findings and action plan with auditee Follow up on recommendations Practice Advisory Ingrid Azzopardi/Eugenio Privitelli

3 INTERNAL AUDIT APPROACH
Constructive Appraisals: - Blanket criticism is not seen to have a role within IA. The long-term objective is to support management as far as possible by taking a reasonable view of their efforts and any constraints that they might face. Teamwork Approach: - The IA and management function as a team. This approach brings audit closer to a consultancy role.

4 The Group’s Internal Audit Charter states that Follow-ups will be conducted after a period from the date of the audit report which will vary according to the requirements of each particular audit. Follow-up to determine the stage reached in the implementation of the recommendations. management is responsible for deciding the appropriate action to be taken in response to reported audit findings. Internal Audit is responsible for assessing the management action and the timely resolution of the matters reported as audit findings. Depending on the degree of recommendations implemented, Internal Auditor will decide whether or not another follow-up is warranted.

5 Audit Reporting Draft report comprising the audit conclusions is discussed with the Auditee during the exit meeting. Auditee is invited to comment on the recommendations made and to give dates by when same recommendations will be implemented. Both the Auditee and the Chief Officer responsible for the audited area need to sign off the report.

6 Audit Reporting

7 Sample Reporting

8 Sample Reporting

9 Sample Reporting – Response Date

10 Audit Follow-Ups Carried out to determine the stage reached in the implementation of the recommendations after a period from the date of the audit report. Audit will assess the action taken by management to implement the recommendations contained in the audit report. Once Follow-up is conducted, depending on the degree of recommendations implemented, a decision is taken by Audit on whether or not another follow-up is warranted.

11 Auditee’s Responsibilities
In keeping with the commitment of the Group to optimize the benefits of Internal Audit, the following policy will apply: Managers in whose area of responsibilities shortcomings are revealed, are fully responsible to ensure that prompt corrective action is taken. Commitment to such corrective action will be included in the final audit reports so that the CEO and the Audit Committee can assess the adequacy of the corrective action taken or planned.

12 Sample Reporting – Auditee Response

13 Discussion of Recommendations
Should any shortcomings or observations come to light during the Audit Fieldwork immediate action is taken by the Auditor to draw the attention of the Auditee and to try and work out a better way of enhancing the controls in the area, or for coming up with recommendations to enhance the efficiency and effectiveness in the audited area. The element of surprise is eliminated Auditee is kept aware of the findings as the Audit proceeds Discussions are entered into to come up with the best recommendations to address the particular situations. Recommendations brought up by the Auditees themselves stand a better chance of getting implemented timely as the Auditees will own those recommendations.

14 At the Exit Meeting Report discussed with the Auditee and his superior. Recommendations need to be assigned an owner, and the latter needs to give his comments in relation to that recommendation. Auditee will also need to confirm if he agrees or not with that recommendation and if in the affirmative he needs to give a date by when that recommendation will be implemented. Depending on the committed implementation dates by the Auditee, the follow- up date is determined, but this is usually after six months.

15 Recommendations Ratings of Recommendations: Minor Medium Major
All recommendations are followed up at the time of the follow-up however In the case of major recommendations, these are considered as Key recommendations and are followed up on a monthly basis and reported upon, at the same frequency, to the Audit Committee.

16 Follow-Ups At the First Follow-up all recommendations which had been agreed upon at the Exit Meeting are followed up and checked to determine the stage reached in their implementation. Various types of testing may be performed to verify implementation. This depends on the recommendation itself. Auditee may be required to provide evidence to prove implementation of recommendation by showing documentation leading to the implementation of the recommendation. At times IT systems may need to be used to determine implementation and at other times data analytics. The important thing is that the Auditor is convinced through the audit evidence available that the recommendation has been implemented. It may however be the case that some of the recommendations are not found implemented. These may be found to be partially implemented, being addressed or not implemented at all. In other instances it may be the case that the Auditee has decided otherwise on a recommendation and may no longer agree with its implementation, in which case the Auditee will need to provide the necessary arguments which need to be documented in the Follow-up report to be issued.

17 Additional Follow-Ups
Why? Who Decides? When? Is there a need to re-assess recommendations found implemented in previous follow-ups? How many Follow-ups are required? What if a key recommendation remains pending?

18 Following Up on Internal Audit Reports (Banks)
by Anna Camilleri/Jackie Aquilina

19 Standard 2500 considerations
Bank A Bank B The types of observations monitored Observations rated as High or Medium risk are reported formally as findings to management. Management is informed of low risk findings outside of the audit report. Agreed actions to address High and Medium risk observations are monitored. Findings are assigned a Low, Medium or High Risk in the report drawn up to Management and to the members of the Audit and Risk Committee, to ensure that all recommendations are implemented. How and with what frequency the status of outstanding corrective actions is determined Each agreed action with management is set a target date for implementation. Internal Audit monitors the status of outstanding corrective action on an ongoing basis. The entity is given 6 weeks for implementation of recommendations put forward. If any issue is still outstanding, a dispensation is sought from the CEO with a target date when this is expected to be finalised.

20 Standard 2500 considerations
Bank A Bank B The level of automation and detail The internal audit process is fully automated through the use of the MetricStream tool. Automation also covers the audit findings reporting process and the monitoring of implementation of agreed action points. The process is not automated but closely monitored by the Internal Audit department. When internal audit independently confirms the effectiveness of corrective actions Internal Audit confirms the effectiveness of corrective actions once implemented. Confirmation of implementation is recorded by management on the automated tool. Management also attaches evidence supporting implementation of action on the tool. Internal audit sample tests the effectiveness of the enhanced controls implemented The Head of Department/Manager of entity confirms that all findings have been implemented. Internal Audit then carries out sample checks on findings raised to ensure that these had in fact been done. In rare cases, should these have not been effected these are in turn reported to Senior Management/Audit and Risk Committee.

21 Integrated internal audit management tool that enables:
The conversion of audit reports into audit findings and management action plans for tracking Automated tracking of due actions through the sending of reminders ( s) to management and internal audit Status of action at periodical intervals is recorded by management Allows for the upload of information and documentation supporting the implementation of corrective action taken Action status is tracked – open, closed by management, closed by audit etc. Facilitates the generation of status reports for tracking purposes

22 Standard 2500 considerations
Bank A Bank B The frequency, style and level of reporting performed Internal Audit formally reports on status to a risk management committee. The status of corrective actions is also reported quarterly to the Audit Committee, with particular emphasis on any overdue actions. Reporting typically includes an analysis of actions that are within their target implementation dates and those which are overdue, as well as status of corrective action. Every two months Internal audit reports to the Audit and Risk Committee, progress re audits which have not yet been closed together with outstanding dispensations. Any overdue actions are examined and if a reasonable explanation given for the delay, a further extension is obtained from the CEO, for implementation. Information tracked and captured for outstanding observations Observation communicated to management and its risk rating Agreed corrective actions and target date Owner of each action point Status of corrective action – on plan, overdue, closed by management, at audit for validation, closed by audit These are regularly monitored and tracked by the Internal Audit with respective dates for implementation. Updates are relayed to the Audit and Risk Committee every 2 months.

23 Following Up on Internal Audit Reports (INTERNAL AUDIT & INVESTIGATIONS DEPARTMENT (IAID) )
by Kenneth A. Farrugia

24 Chapter 461 – Laws of Malta Internal Audit & Financial Investigations Act
Article14(1): The Director shall, as soon as may be, after concluding a financial investigation or an internal audit, transmit a report thereof to the Permanent Secretary under whose supervision the auditee falls. The Director may also transmit a copy of such report to the auditee. Article 14(2): Within one month of receipt of such report, the Permanent Secretary shall give such instructions to the auditee as may be necessary to remedy any shortcomings, and shall inform the Director accordingly.

25 Chapter 461 – Laws of Malta Internal Audit & Financial Investigations Act
Article15: The Director shall conduct such follow-up reviews as may be necessary after an internal audit and financial investigation.

26 Chapter 461 – Laws of Malta Internal Audit & Financial Investigations Act
Follow up reviews are included in the Yearly Internal Audit Plans. The plans are approved by the Internal Audit & Investigations Board. Follow up reviews are carried out in order to determine the extent to which recommendations put forward in audit reports were implemented by Management. The Follow up review report will highlight actions not implemented and any other observations noticed during the follow up review.

27 Chapter 461 – Laws of Malta Internal Audit & Financial Investigations Act
As from Year 2016, the Internal Audit & Investigations Department (IAID) commenced to conduct a follow up review on all recommendations emanating from the NAO Annual Report – Public Accounts. The Internal Audit & Investigations Board approved that such follow up review is conducted on an annual basis.

28 Thank You

Download ppt "Following Up on Internal Audit Reports (non-financial corporates)"

Similar presentations

PRESENTATION ON MONDAY 7 TH AUGUST, 2006 BY SUDHIR VARMA FCA; CIA(USA) FOR THE INSTITUTE OF INTERNAL AUDITORS – INDIA, DELHI CHAPTER.

PRESENTATION ON MONDAY 7 TH AUGUST, 2006 BY SUDHIR VARMA FCA; CIA(USA) FOR THE INSTITUTE OF INTERNAL AUDITORS – INDIA, DELHI CHAPTER.
Auditing, Assurance and Governance in Local Government

Auditing, Assurance and Governance in Local Government
The key steps in an annual cycle Produce the annual work programme Create an annual Internal Audit plan for approval by the Audit Committee, typically.

The key steps in an annual cycle Produce the annual work programme Create an annual Internal Audit plan for approval by the Audit Committee, typically.
S17: Field work. Session Objectives  To explain the manner in which field audit is carried out.  To explain the nature of evidence and the different.

S17: Field work. Session Objectives  To explain the manner in which field audit is carried out.  To explain the nature of evidence and the different.
IS Audit Function Knowledge

IS Audit Function Knowledge
Purpose of the Standards

Purpose of the Standards
Chapter 11: Follow-up Reviews and Audit Evaluation ACCT620 Internal Auditing Otto Chang Professor of Accounting.

Chapter 11: Follow-up Reviews and Audit Evaluation ACCT620 Internal Auditing Otto Chang Professor of Accounting.
Quality Representative Training Version 1.0 2014.

Quality Representative Training Version
1 Portfolio Committee on Home Affairs Presentation on Internal Audit 19 April 2013 Building a New Home Affairs.

1 Portfolio Committee on Home Affairs Presentation on Internal Audit 19 April 2013 Building a New Home Affairs.
Conducting the IT Audit

Conducting the IT Audit
REVIEW AND QUALITY CONTROL

REVIEW AND QUALITY CONTROL
1 Operational Plan: 2009/10 Audit Outcomes in Municipalities Presentation to Select Committee on Cogta 16 August 2011.

1 Operational Plan: 2009/10 Audit Outcomes in Municipalities Presentation to Select Committee on Cogta 16 August 2011.
The Audit Process PRESENTED BY:.

The Audit Process PRESENTED BY:.
© OECD A joint initiative of the OECD and the European Union, principally financed by the EU. Quality Assurance José Viegas Ribeiro IGF, Portugal SIGMA.

© OECD A joint initiative of the OECD and the European Union, principally financed by the EU. Quality Assurance José Viegas Ribeiro IGF, Portugal SIGMA.
RTI, MUMBAI / CH 61 REPORTING PROCESS DAY 6 SESSION NO.3 (THEORY) BASED ON CHAPTER 6 PERFORMANCE AUDITING GUIDELINES.

RTI, MUMBAI / CH 61 REPORTING PROCESS DAY 6 SESSION NO.3 (THEORY) BASED ON CHAPTER 6 PERFORMANCE AUDITING GUIDELINES.
1 Internal Audit. 2 Definition Is an independent activity established by management to examine and evaluate the organization’s risk management processes.

1 Internal Audit. 2 Definition Is an independent activity established by management to examine and evaluate the organization’s risk management processes.
S15: Supervision and review. Objective of supervision and review  To ensure that the audit is done efficiently and effectively so that the audit opinion.

S15: Supervision and review. Objective of supervision and review  To ensure that the audit is done efficiently and effectively so that the audit opinion.
Risk Management & Corporate Governance 1. What is Risk?  Risk arises from uncertainty; but all uncertainties do not carry risk.  Possibility of an unfavorable.

Risk Management & Corporate Governance 1. What is Risk?  Risk arises from uncertainty; but all uncertainties do not carry risk.  Possibility of an unfavorable.
Chartered Accountants Audit Conference Application of Complex Auditing Standards charteredaccountants.com.au Christin Schaller FCA Principal Red Square.

Chartered Accountants Audit Conference Application of Complex Auditing Standards charteredaccountants.com.au Christin Schaller FCA Principal Red Square.
 Definition of a quality Audit  Types of audit  Qualifications of quality auditors  The audit process.

 Definition of a quality Audit  Types of audit  Qualifications of quality auditors  The audit process.

Similar presentations

Ads by Google