Presentation is loading. Please wait.

Presentation is loading. Please wait.

Available free of charge:

Published byJulia Pedersen Modified over 6 years ago

Similar presentations

Presentation on theme: "Available free of charge:"— Presentation transcript:

1 Available free of charge:
Engaging Third Parties for Internal Audit Activities Strategies for Successful Relationships Dereck Barr-Pulliam PhD, CIA, CPA The IIARF encourages those who are presenting this slideshow to download the full report from The IIA Research Foundation and make it available to their audience. Available free of charge:

2 CBOK 2015 Practitioner Study
CBOK is the Global Internal Audit Common Body of Knowledge: The global practitioner survey is the largest ongoing study of internal audit professionals in the world. More than 25 free reports about practitioners and the profession will be released on a monthly basis through 2016. Download free reports from the CBOK Resource Exchange at The IIA website at any time (

3 CBOK 2015 Practitioner Survey
Practitioner Survey Results Survey completed April 1, 2015 14,518 usable survey responses Participation Levels 100% representation from IIA institutes Responses from 166 countries 23 languages

4 CBOK 2015 Practitioner Study
Global Regions are based on World Bank Categories. Percentages are the percentage of total survey responses from that region compared to all survey responses. North America: 19% Latin America & Caribbean: 14% Middle East & North Africa: 8% Sub-Saharan Africa: 6% Europe & Central Asia: 23% South Asia: 5% East Asia & Pacific: 25%

5 CBOK 2015 Practitioner Study
The speaker does not necessarily need to say this, but it’s important to remember that each pie chart is based only on those who answered that particular question (in other words, not all 14,518 survey respondents provided an answer to every question.) Below are the specific number of responses for each question shown on the slide. Age was obtained from 12,780 respondents; Organization Type was obtained from 13,032 respondents; Gender was obtained from 14,357 respondents; Staff Level was obtained from 12,716 respondents. Age was obtained from 12,780 respondents; Organization Type was obtained from 13,032 respondents; Gender was obtained from 14,357 respondents; Staff Level was obtained from 12,716 respondents.

6 Key Findings Organizations that currently use third parties
Amount of work performed by third parties Future expectations for third-party use Services third parties generally provide Establishing and maintaining third-party relationships The 10 imperatives give a global picture of how internal audit is developing and what auditors need to do today to meet the challenges of tomorrow We’ve grouped the imperatives into three parts – the first is about how well internal audit is placed within the organization to deliver cutting edge assurance that the business is meeting its goals and how well the CAE is supporting and interacting with the board The second addresses whether internal audit is using its skills, competencies and resources to support the business’ strategic mission – whether it is making the practical link between following the standards and going beyond them and fulfilling the expectations of its stakeholders. In short, is there a gap between what stakeholders expect and what internal audit delivers Finally, how well do individual auditors, CAEs prepare themselves, invest in themselves in terms of skills and training to be able to play the sort of central role they should be playing Today, we are going to look at how those trends and challenges are playing out in Asia Are CAEs and audit managers in Asia playing a leading role in their organizations? Are they anticipating the needs of stakeholders, auditing for the future of the business – instead of using historical data to tell the board what it already knows – keeping the audit committee up to speed on key risks on a regular basis, and do they have the courage of their convictions to tell the truth and stick to it when things don’t work out How well aligned are they to their business’s objectives, do they use their technology skills to identify, monitor and deal with emerging risks and to expand the reach, depth and value of their audits, and how many are even in conformance with the IIA’s Standards – never mind going beyond them? Finally, do they invest enough time, effort and resources in themselves and their teams to build world-class audit teams and people? Let’s find out

7 Current Use of Third Parties
As business partners in their organizations, CAEs must ensure that their internal audit departments have the capacity and skills to fulfill their roles. Many CAEs use third-party services to meet their long-term or short-term needs. Overall and by Region The findings of the 2015 CBOK suggest that A global average of 38% of CAEs say they use third parties for internal audit activity, with North America having a notably higher rate than other regions. More than half of North American CAEs report using third parties, compared to a range of 27% to 43% for CAEs in other regions of the world. By Type of Organization Though not reflected in the graphic, another important difference can be seen by looking at different organization types. Public sector and privately held organizations were less likely to use third parties for internal audit activity than the financial sector, publicly traded organizations, and not-for-profits. By Sufficiency of IA Budget Also, importantly CAEs who perceive their budget to be “not at all sufficient” report substantially lower use of third parties (27% of the time vs. 42% and 41% when budgets are somewhat or completely sufficient, respectively). Now let’s look at the extent to which these organizations rely on third parties.

8 Average Use of Third Parties
Survey respondents who indicated that they use third parties for internal audit activity were also asked about the percentage of their organizations’ IA activities that were performed by 3rd parties during the prior year. Overall On average these organizations use third parties for about 23% of their internal audit activity (see the global average in the graph above). The highest percentage of activity is in South Asia and Middle East & North Africa (both with more than 35%). The lowest is in Europe (17%). By Type of Organization As discussed in the previous section, responses were also compared between different organization types. Survey responses indicate that the financial sector, at 17%, is lower than the global average (23%) for amount of activity performed by the third parties. The highest percentage use was reported by the public sector (including government and government-owned agencies) at 27%, followed by non-financial sector privately-held and public organizations, both above the global average at 24%. What is the expected future use of 3rd parties?

9 Expected Future Use of Third Parties
The CBOK 2015 practitioner survey also explored future use of third parties by asking CAEs how they anticipate their budget for third party internal audit resources to change in the next year. Overall and by Region Among survey respondents, the regions that are the most likely to expect an increase in their third-party budgets next year are South Asia and Middle East & North Africa (see the graphic on this slide). These regions also have the highest percentage of internal audit activities performed by third (these frequencies are examined in Exhibits 4 compared to Exhibit 6 in the report). While Sub-Saharan Africa has a substantial percentage who expect an increase in their third-party budgets (42%), it also has the highest percentage who expect a decrease (20%). Finally, for the rest of the world, the majority of respondents expect their 3rd party budgets to stay the same. By Size of the Internal Audit Department The survey responses suggest an interest association between the size of an internal audit department and the use of 3rd parties. Specifically, 32% of CAEs (representing the smallest departments – those with 1 – 3 employees) use 3rd parties, compared to a range of 41% to 56% for medium to large groups (those with between 4 and 299 employees). Their future expected use of third parties follows a similar path. However, in contrast, the largest internal audit departments (those with over 300 employees) report very low use of third parties currently (only 28%) but expect more use in the future (37%). As indicated in interviews with key stakeholders, it is likely that these large departments have the breadth and depth of skills in-house and require only highly specialized or seasonal assistance from 3rd party service providers.

10 Types of Services Performed
Co-Sourcing Specialized tasks using skills or services not available in the internal audit department Seasonal work to address staff shortages Staff augmentation around tight deadlines Coverage of remote business locations (especially when there are language barriers) Special or ad hoc projects Complete outsourcing of the internal audit function As it currently stands, the CBOK does not ask respondents about the array of service provided by 3rd parties. Consequently, the report’s author conducted interviews with key stakeholders (e.g., CAEs, audit committee members, and other internal audit personnel) to ascertain the types of services and the conditions under which CAEs engage a 3rd party. As this list suggest, the type of usage differs according to the characteristics of the organization. To illustrate, the report includes a comparison of third-party use between a Swiss financial services organization and a Middle East oil company. Partial Outsourcing Klaas Westerling, group head of internal audit and risk at Intertrust Group (Geneva, Switzerland) has one audit manager and one staff auditor. Because he has a small staff, he uses third parties for a large portion of his activity. Internal service providers assist with about 40% of the assurance and consulting engagements in the audit plan. (For example, employees from the finance department cover the finance areas within the scope of an audit.) He also engages external third parties approximately once each year to complete another 10% of the audit plan. Aley Raza, who is chief ethics and compliance officer and director of internal audits at Emirates National Oil Company (ENOC) (United Arab Emirates), has two managers and 16 staff members. Because he has a larger staff, he doesn’t need as much support from internal service providers; however, he needs third parties to provide language skills and other specialized oil and gas industry expertise. He uses Big Four audit firms or other service providers to complete approximately 10% of the audit plan. Complete Outsourcing Some organizations, for a multitude of reasons, may not be able to hire fulltime internal auditors in-house and may outsource all of its internal audit activity. Some may operate similar to the Swiss company example previously described whereas others may outsource the entire function. In these cases, The IIA maintains that “oversight and responsibility for the internal audit activity cannot be outsourced.” In other words, an individual who is internal to the company should retain responsibility and oversight of the internal audit activity, even if all of the work is performed by a third party. This individual could be the CEO, CFO, or some other party with sufficient influence in the organization to support the outsourced department. See The IIA Position Paper, The Role of Internal Auditing in Resourcing the Internal Audit Activity (January 2009) for more on expectations and proper execution. This report concludes by offering tips and best practices on engaging and maintaining relationships with 3rd party service providers.

11 Best Practices for Maintaining Relationships with Third Parties
The best practices listed here are not intended to be an exhaustive list, but are an excellent starting point. This list is based on insights from interviews conducted with a variety of CAEs, third-party service providers, and audit committee members. Ensuring successful management of third-party relationships is of utmost importance. While third parties may interface with management and/or the audit committee, the CAE is ultimately responsible for third-party effectiveness. The key considerations for any CAE are to: have a sufficient understanding of the objectives the service provider will fulfill; communicate and sufficiently document these objectives during the engagement process; and provide adequate supervision to the service provider to ensure the objectives are met. 4 Real World Scenarios When it comes to engaging third parties for internal audit activity, experience is an effective teacher. Here are four recommendations from internal audit leaders who offer insight from their careers. Proactively evaluate the need for third parties to assist on emerging issues. Stakeholders expect CAEs to continuously evaluate whether they need to engage third parties, says David Landsittel, former chair of the Committee of Sponsoring Organizations of the Treadway Commission (COSO), and corporate audit committee chair (United States). “Audit committees value the business acumen and soft skills that CAEs possess. The CAE should be proactive in developing these skills within his or her team, addressing emerging business needs, and delivering value through the use of third parties in areas where skills do not currently exist.” Set clear performance expectations in the 3rd party agreement. You can greatly improve your relationship with third-party providers by establishing clear performance expectations, says Tania Stegemann, audit executive manager, CIMIC Group Ltd. (Melbourne, Australia). She shared that “In one of her previous roles as audit quality manager, they revised their approach to engaging third parties after a long-term relationship with a provider, to which they fully outsourced internal audit, and that no longer met their expectations. In the revised approach, they developed a strict protocol for how the work would be conducted, and key performance indicators focused on quality, timeliness, and value-added activities. This resulted in significant improvement in the relationship with the subsequent provider.” Agree on responsibility for remediation and follow-up. A particularly important aspect of the service provider agreement is a common understanding of which party is responsible for remediation and follow up, says Dick Anderson, retired PricewaterhouseCoopers partner and former CAE for a global bank (United States). “It is critical that both the CAE and the third-party service provider have an understanding of the remediation and follow-up process for issues noted in the third party’s report. Whether the client (e.g., CAE) or the third party is responsible should be agreed upon and included in the engagement letter to minimize conflicts between the client and the third party.” Take advantage of knowledge transfer. Third-party service providers can be a welcome source of new ideas or knowledge, says Justin Pawlowski, audit manager, KPMG (Germany). “One important benefit of engaging a third party is potential knowledge transfer from the third party to the internal audit staff. Engagements where the third party and internal audit staff work collaboratively on one team often facilitate this transfer of knowledge.” Conclusion The CBOK 2015 Global Internal Audit Survey provides a valuable snapshot about the use of internal or external third-party services to augment the skills or capacity of an internal audit department. This report provides a survey of current, type of, and future use of 3rd parties as well as a guide for sustaining a good relationship with the service provider. Next, we discuss a few notes on what is coming next with CBOK

12 CBOK 2015 Releases Jul. 2015 Aug. 2015 Sept. 2015 Oct. 2015 Nov. 2015
IIA International Conference Governance, Risk, and Control Conference South Africa Conference IIA Financial Services Exchange ECIIA Conference All Star Conference Southern Regional Conference ACIIA Conference IIA Midyear Committee Meetings Jul. 2015 Aug. 2015 Sept. 2015 Oct. 2015 Nov. 2015 Dec. 2015 Driving Success in a Changing World: 10 Imperatives for Internal Audit Navigating Technology’s Top 10 Risks: Internal Audit’s Role Staying a Step Ahead: Internal Audit’s Use of Technology A Global View of Financial Services Audits: Challenges, Opportunities, and the Future Who Owns Risk? A Look at Internal Audit’s Changing Role Combined Assurance: One Language, One Voice, One View Responding to Fraud: Exploring Where Internal Auditing Stands Auditing the Public Sector: Managing Expectations, Delivering Results Delivering the Promise: Measuring Internal Audit Value and Performance Mapping Your Career: Competencies Necessary for Internal Audit Excellence Please share information about the publication of upcoming CBOK reports and where to go for the free download.

13 CBOK 2016 Releases GAM Conference SoPac Conference
Leadership Conference IIA International Conference Jan. 2016 Feb. 2016 Mar. 2016 Apr. 2016 May 2016 Jun. 2016 Engaging Third Parties for Internal Audit Activities: Strategies for Successful Relationships Interacting with Audit Committees: The Way Forward for Internal Audit CAE Career Path G.R.E.A.T Ways to Motivate Your Staff Maturity Levels for Internal Audit Departments Around the World The Skills Most Desired by IA Managers for Their Staffs Certifications Held by Internal Auditors Ethical Pressures Faced by Internal Auditors IIA Standards: Conformance and Trends Quality Assurance and Improvement Program Trends Regional Reflections: Africa Integrated Reporting Organizational Governance: Internal Audit's Role Women in IA: Representation and Trends Additional reports that will be available for a free download..

14 YOUR DONATION DOLLARS AT WORK
FREE thanks to generous contributions from individuals, organizations, IIA chapters, and IIA institutes around the world. Download your FREE copy today at The CBOK Resource Exchange. This report was generously sponsored by: The IIARF encourages those who are presenting this slideshow to download the full report from The IIA Research Foundation and make it available to their audience.

15 About The IIA Research Foundation
CBOK is administered through The IIA Research Foundation (IIARF), which has provided groundbreaking research for the internal audit profession for nearly four decades. Through initiatives that explore current issues, emerging trends, and future needs, The IIARF has been a driving force behind the evolution and advancement of the profession. For more information, visit:

16 Copyright and Disclaimer
The IIARF publishes this document for information and educational purposes only. IIARF does not provide legal or accounting advice and makes no warranty as to any legal or accounting results through its publication of this document. When legal or accounting issues arise, professional assistance should be sought and retained. Copyright © 2016 by The Institute of Internal Auditors Research Foundation (IIARF). All rights reserved. For permission to reproduce or quote, please contact

Download ppt "Available free of charge:"

Similar presentations

. . . a step-by-step guide to world-class internal auditing

. . . a step-by-step guide to world-class internal auditing
1 ACI Annual Audit Committee Survey - Global M A R K E T I N G & C O M M U N I C A T I O N S R E S E A R C H Charles Garbowski Research February 21, 2006.

1 ACI Annual Audit Committee Survey - Global M A R K E T I N G & C O M M U N I C A T I O N S R E S E A R C H Charles Garbowski Research February 21, 2006.
Corporate Governance Chapter 2.

Corporate Governance Chapter 2.
Preparing for an External Quality Assessment of your Quality Assurance and Improvement Program Institute of Internal Auditors El Paso Chapter August 29,

Preparing for an External Quality Assessment of your Quality Assurance and Improvement Program Institute of Internal Auditors El Paso Chapter August 29,
Quality evaluation and improvement for Internal Audit

Quality evaluation and improvement for Internal Audit
Purpose of the Standards

Purpose of the Standards
Internal Auditing and Outsourcing

Internal Auditing and Outsourcing
WHERE WE ARE 22 member associations in 20 countries Over 4300 individual members who are responsible for risk management and/or insurance in their organisations.

WHERE WE ARE 22 member associations in 20 countries Over 4300 individual members who are responsible for risk management and/or insurance in their organisations.
1 Charles Garbowski Senior Director Research March 16, 2007 R E S E A R C H K P M G L L P ACI Second Annual Global Audit Committee Survey.

1 Charles Garbowski Senior Director Research March 16, 2007 R E S E A R C H K P M G L L P ACI Second Annual Global Audit Committee Survey.
Challenges Faced in Developing Audit Plans and Programs 21 st March, 2013.

Challenges Faced in Developing Audit Plans and Programs 21 st March, 2013.
Presentation to the Chinese Institute of Certified Public Accountants Beijing September 2012 Supporting International Development by China’s Corporate.

Presentation to the Chinese Institute of Certified Public Accountants Beijing September 2012 Supporting International Development by China’s Corporate.
The Institute of Internal Auditors

The Institute of Internal Auditors
12.00.012.08.9 7.18 9.20 8.60 6.40 6.20 6.40 6.80 6.20 5.00 Page 1 20-Sep-15 Copyright © Infineon Technologies 2006. All rights reserved. Siliconindia.

Page 1 20-Sep-15 Copyright © Infineon Technologies All rights reserved. Siliconindia.
Trends in Corporate Governance Dr. Sandra B. Richtermeyer, CMA, CPA President, Institute of Management Accountants (IMA) June 21, 2011.

Trends in Corporate Governance Dr. Sandra B. Richtermeyer, CMA, CPA President, Institute of Management Accountants (IMA) June 21, 2011.
Staying a Step Ahead Internal Audit’s Use of Technology By Michael P. Cangemi Coauthor – Managing the Audit Function; former CAE, CFO, CEO, and AC Chair.

Staying a Step Ahead Internal Audit’s Use of Technology By Michael P. Cangemi Coauthor – Managing the Audit Function; former CAE, CFO, CEO, and AC Chair.
INTERNAL AUDIT AND INVESTIGATION SERVICES PRESENTATION TO THE PORTFOLIO COMMITTEE ON THE UNIT’S ACTIVITIES FOR THE YEAR ENDING 31 MARCH 2006 Z MXUNYELWA,

INTERNAL AUDIT AND INVESTIGATION SERVICES PRESENTATION TO THE PORTFOLIO COMMITTEE ON THE UNIT’S ACTIVITIES FOR THE YEAR ENDING 31 MARCH 2006 Z MXUNYELWA,
INSIGHT – Delivering Value to Stakeholders San Francisco Chapter of the IIA Tuesday, September 11, 2012 Patricia K. Miller Former IIA Chairman of the Board.

INSIGHT – Delivering Value to Stakeholders San Francisco Chapter of the IIA Tuesday, September 11, 2012 Patricia K. Miller Former IIA Chairman of the Board.
Other Strategies for Planning. Outsourcing strategies This strategy includes: Using external individuals or organizations to complete some tasks This.

Other Strategies for Planning. Outsourcing strategies This strategy includes: Using external individuals or organizations to complete some tasks This.
AITA Conference AFP Institute Board Development Joey Wallace RESNA/NATTAP January 24, 2007.

AITA Conference AFP Institute Board Development Joey Wallace RESNA/NATTAP January 24, 2007.
Copyright © 2007 Pearson Education Canada 9-1 Chapter 9: Internal Controls and Control Risk.

Copyright © 2007 Pearson Education Canada 9-1 Chapter 9: Internal Controls and Control Risk.

Similar presentations

Ads by Google