Presentation is loading. Please wait.

Presentation is loading. Please wait.

Driving Success in a Changing World: 10 Imperatives for Internal Audit

Published byΜαία Αναγνωστάκης Modified over 6 years ago

Similar presentations

Presentation on theme: "Driving Success in a Changing World: 10 Imperatives for Internal Audit"— Presentation transcript:

1 Driving Success in a Changing World: 10 Imperatives for Internal Audit
By Larry Harrington and Arthur Piper The IIARF encourages those who are presenting this slideshow to download the full report from The IIA Research Foundation and make it available to their audience. Available free of charge:

2 CBOK 2015 Practitioner Study
CBOK is the Global Internal Audit Common Body of Knowledge: The global practitioner survey is the largest ongoing study of internal audit professionals in the world. More than 25 free reports about practitioners and the profession will be released from July 2015 to July Download free reports from the CBOK Resource Exchange at The IIA website at any time (

3 CBOK 2015 Practitioner Survey
Practitioner Survey Results Survey completed April 1, 2015 14,518 usable survey responses Participation Levels 100% representation from IIA institutes Responses from 166 countries 23 languages

4 CBOK 2015 Practitioner Study
Global Regions are based on World Bank Categories. Percentages are the percentage of total survey responses from that region compared to all survey responses. North America: 19% Latin America & Caribbean: 14% Middle East & North Africa: 8% Sub-Saharan Africa: 6% Europe & Central Asia: 23% South Asia: 5% East Asia & Pacific: 25%

5 CBOK 2015 Practitioner Study
The speaker does not necessarily need to say this, but it’s important to remember that each pie chart is based only on those who answered that particular question (in other words, not all 14,518 survey respondents provided an answer to every question.) Below are the specific number of responses for each question shown on the slide. Age was obtained from 12,780 respondents; Organization Type was obtained from 13,032 respondents; Gender was obtained from 14,357 respondents; Staff Level was obtained from 12,716 respondents. Age was obtained from 12,780 respondents; Organization Type was obtained from 13,032 respondents; Gender was obtained from 14,357 respondents; Staff Level was obtained from 12,716 respondents.

6 Section 1: Play a Leading Role
Anticipate the needs of stakeholders. Develop forward-looking risk management practices. Continually advise the board and audit committee. 4. Be courageous. The first four imperatives can be taken as a group and speak to internal audit’s role, position, and way of communicating and helping key stakeholders, such as the audit committee and management.

7 1. Anticipate the Needs of Stakeholders
The needs of stakeholders are constantly changing. Internal audit must improve communication channels with stakeholders. Formal and informal channels are important for building rapport. How can internal audit anticipate the needs of stakeholders when those needs constantly shift in the light of new developments, when those needs may conflict between stakeholder groups, and when they may be poorly understood and communicated by the stakeholders themselves? The answer is better communication between internal audit and stakeholders. But the crux of the matter is that internal audit has to initiate and take responsibility for that process. While informal and formal communication channels should be nurtured, two areas stand out as needing more attention and formal structure: audit planning and stakeholder feedback on audit outcomes. Globally, about 3 out of 4 departments (73%) say they incorporate requests from management into their audit plans, but fewer than 2 out of 3 (62%) consult with divisional or business heads, and fewer yet (56%) consult with audit committees. Fewer take stakeholder views into account when it comes to assessing the value internal audit provides to its organization. (See exhibit 1 in the report.)

8 Measure of Internal Audit Value Against Stakeholder Expectations
[Note: Q90: What specific measures does your organization use to evaluate the performance of its internal audit activity? (Choose all that apply.) CAEs only. n = 2,605.] This chart shows the percentage of CAEs who say they measured the value that internal audit provided by specifically using expectations set by stakeholders. There are some regional differences. Responses ranged from about 1 in 4 CAEs in East Asia & Pacific to almost half in South Asia. But the global average is poor―about 1 out of 3. CBOK tells us that internal auditors are more likely to use measures that mean more to themselves, such as “Percentage of audit plan complete” (used by 66% of respondents, Q90).

9 Action Points for Stakeholder Needs
Establish and maintain communication channels with all key stakeholders. Involve them in audit planning. Ask stakeholders what they think about the value of your work. Communication is at the heart of any relationship and must be worked at. [Go through action points] Don’t make the mistake of thinking that you can just set up the systems and everything will be alright―make sure you have proper and meaningful conversations and assessment methods in place. Here’s a quote from the report: “When you want to know how stakeholders rate your performance, you need to do more than send out a feedback survey. We ask an independent party to sit with our stakeholders for a focused conversation based on a questionnaire on how we are doing, which takes account of our charter and of whether or not we are meeting their needs,” says Robert Kella, senior vice president of internal audit for Emirates Group, Dubai, United Arab Emirates.

10 2. Develop Forward-Looking Risk Management Practices
Auditors must assess the likely impact of possible future events and their second- and third-order consequences. Historical audits are of limited value to stakeholders. It is crucial to harness the audit plan to the corporate strategy. While internal auditors can grasp the nature of such risks intellectually, many fail to see how those risks impact their businesses. For example, while respondents to a recent IIA Pulse survey said supply chain risk was high, few auditors seemed to appreciate that growing geopolitical instability might impact on those supply chains. If you add together all of the geopolitical, social, and environmental changes sweeping the globe, it’s a challenging task. It demands a change of focus―from the past, the traditional audit role―to the future. Internal audit is ideally placed to fulfill this role―it has a unique purview of the business. It can see how risks can impact each operation and how the effects of several small risks could escalate―just like in the financial crisis. But only if audit’s work is linked to the business’s strategy.

11 Internal Audit Aligned to Strategic Plan
[Note: Q57: To what extent do you believe your internal audit department is aligned with the strategic plan of your organization? CAEs only. n = 2,717.] The inability of many survey respondents to connect the dots between business strategy and risk assessment is reflected by the fact that only about half (57%) of respondents say their departments are either fully aligned or mostly aligned with the strategic plan of their business. This graphic shows those who are fully or almost fully aligned in blue, those who are somewhat aligned in dark gray, and those who are not aligned or minimally aligned in light gray. The reasons are plain to see. “The annual audit plan should be based on the organization’s strategic plan. Internal auditors should prioritize their engagements and reassess and update their plans regularly,” said Simon Nyazenga, who when the report was written was group director internal audit, Rift Valley Corporation, Harare, Zimbabwe.

12 Action Points for Risk Management
Understand the organization’s strategic, business, legal, and compliance risks. Develop in-depth knowledge of the business. Develop high levels of competence in technology tools (Imperatives 6 and 7). Hire and train for the skill sets to meet the demand for their services (Imperatives 9 and 10). Internal audit can’t afford to stand at a distance from the business. Yes, it must maintain its independence and objectivity, but that cannot be an excuse for not understanding the business and acquiring the right knowledge and skills that will serve the business in today’s fast-moving world.

13 3. Continually Advise the Board and Audit Committee
[Note: Q78: Is there an audit committee or equivalent in your organization? n = 11,085.] The rise of the audit committee model has provided internal audit with a great opportunity to develop a meaningful and valuable relationship with the board. We have a unique opportunity to be the leading source of information to the board on emerging risks, risk management, internal auditing, and The IIA’s Standards. Here are the figures―almost 8 out of 10 organizations globally have audit committees. We all know that audit committee chairs are busy people, so informing the audit committee of their ever-evolving responsibilities and the constantly changing compliance, regulatory, and risk environment is of great value to organizations because it helps them keep abreast of global developments. Note: There was a strong connection between the size of the organization and the likelihood of the existence of an audit committee, with 69% of the smallest businesses having one, compared to 92% of the largest (statistics confirmed by DP ).

14 Action Points for Advising
Communicate risks in the context of the business’s goals and objectives. Provide an overall opinion on how the business is managing itself. Advise the audit committee on a regular basis of the issues it should be most concerned about. Give an overview of the control environment and whether it is improving or becoming ineffective. The key to good communication is making the information you provide relevant, which takes us back to Imperative 1―anticipate the needs of your stakeholders by making sure you know what those needs are. In addition, those risks must be communicated in light of the organization’s strategic objectives―Imperative 2. And finally, internal audit should provide an overall opinion on how the business is managing itself and an overview of the control environment. Many internal auditors are not comfortable with this approach because they feel they are putting themselves out on a limb and overreaching the limits of their knowledge. But done properly, with the right caveats, such opinions are powerful tools for the board.

15 4. Be Courageous Internal audit must have the courage to tell stakeholders the unvarnished truth, whether they want to hear it or not. “The business has to know the audit function has teeth,” says Robert Kella, senior vice president of internal audit for Emirates Group, Dubai, United Arab Emirates. Be courageous is easy to say but hard to do. Yet, if internal audit wants to be relevant and effective, there are times when it must be prepared to escalate issues that it feels are important. Quote from Kella from the report. It is a question of credibility. But you have to create a culture in which this is possible. Of course, gaining the support of the audit committee and executive management is also critical, but there are other things you can do too. For example, Mr. Kella’s department has moved away from making audit recommendations to working with management on securing agreed actions. That has allowed his department to focus any debate with management on how best to improve the business’s response to managing risk. It also gives his team confidence that the issues they raise in fieldwork are taken seriously by the executive audit team. Being courageous isn’t easy and can depend largely on the culture of an organization. Part of that culture revolves on the pressure CAEs are under (next slide).

16 Internal Audit Under Pressure
[Note: Q77: During your internal audit career, have you experienced a situation where you were directed to suppress, or significantly modify, a valid internal audit finding or report? n = 10,823.] At all employee levels, almost 3 out of 10 respondents say that, during their internal audit careers, they have experienced a situation where they were directed to suppress, or significantly modify, a valid internal audit finding or report. For those CAEs who say they have experienced such pressure, the most likely source is the CEO (38%), operations management (26%), and the CFO (24%). For staff levels below CAE, respondents were most likely to report that the pressure came from within the internal audit department (see exhibit 10 in the report).

17 Questions to Consider About the Business Environment
How well has internal audit communicated its role and mission? What is the status of internal audit in the organization? Does the culture of the business encourage or punish finding faults with the control environment? It’s not easy to generalize about where and how pressure arises. Some organizations―thankfully in the minority―have poor leadership. Executive bullying at the energy company Enron in 2001 is a case in point. But has internal audit done enough to make its role and responsibility clear to management and the board? Does internal audit have the right reporting lines―to the audit committee and the board―that can encourage independence and objectivity? And is the culture of the business one that encourages management to find fault with the control environment? Nicola Rimmer, director in Barclay’s Internal Audit, London, UK, and past president of The IIA-UK & Ireland, says in the report that high levels of pressure from management to alter audit reports could mean that adverse audit findings affect the client’s pay and bonus. “You need a culture within the organization that encourages and rewards people to be proactive in finding issues and bringing them to light,” she says. She advises two ratings for management performance: one focused on the control environment and the other assessing management’s control approach (i.e., are they proactively identifying and addressing issues). Reports then clearly show where management is proactive (even if management is still on a journey of improvement), which lessens the risk of pressure to alter audit reports.

18 Section 2: Beat the Expectations Gap
Support the business’s objectives. 6. Identify, monitor, and deal with emerging technology risks. 7. Enhance audit findings through greater use of data analytics. 8. Go beyond The IIA’s Standards. The next grouping of imperatives seeks to examine and address the expectations gap between how stakeholders view internal audit’s performance and how internal auditors rate their own work. In particular, these four imperatives show where internal audit can more effectively meet expectations and make suggestions about how to improve.

19 5. Support the Business’s Objectives
More than half of survey respondents (57%) say their departments are fully or mostly aligned with their business’s strategic objectives. How can misaligned audit departments unambiguously demonstrate the value they add to their organizations’ strategies? Internal auditors must align their work to their organizations’ strategic objectives. If internal auditors are to close the expectations gap between themselves and key stakeholders, they must better align their work to the business’s strategic objectives. Without such alignment, risk-based auditing becomes impossible and audit departments struggle to add real value to their organizations by anticipating stakeholder needs (see Imperative 1). Gabriel Benavides Ramirez, director of internal control and anti-corruption auditing, General Audit Office of Mexico City, Mexico, says in the report, “Thoroughly understanding your client’s business objectives and identifying and managing the key risks facing such objectives are the two most powerful basic elements with which internal audit can help customers achieve their goals.” If we are serious about closing the expectations gap, internal audit must align its work to the organizations’ strategic objectives.

20 Initial Steps to Support Business Objectives
Develop performance measures for each area of the strategic plan. Link performance and pay to the plan. Educate internal auditors about the business. Internal auditors should acquire industry-specific certifications. Where internal audit is not fully aligned to the strategic plan, it can take some first steps to close the gap. 1. It can develop performance measures to help it see whether the business is moving toward or away from achieving its strategic objectives. 2. It can also help to better align the compensation of staff with the contribution they make toward helping the business achieve its goals. Remember, in the financial crisis, many banks were later criticized because the compensation of staff was structured in a way that helped magnify the risk associated with risky mortgage products. In effect, they were rewarded for increasing the risk to the banks. 3. and 4. As we will see, not enough internal auditors understand the organizations in which they work. These are both failings of internal audit departments and of individual internal auditors, as we will see in Imperatives 9 and 10.

21 6. Identify, Monitor, and Deal with Emerging Technology Risks
Technology risks are extremely difficult to manage because they are constantly evolving. Internal auditors need to respond proactively by helping organizations identify, monitor, and deal with such emerging IT risks and advising their boards on how best to do so. IT risk is obviously at the top of many corporate worry lists―almost all of the recent surveys conducted on the issue support this view. In a notable percentage of organizations, the extent of internal audit activity on some critical, nonroutine IT issues is surprisingly low, particularly for cybersecurity risk and risks associated with employee use of social media.

22 Time Spent Auditing Cybersecurity and Social Media Risk
[Note: Q92: For information technology (IT) security in particular, what is the extent of the activity for your internal audit department related to the following areas: employee use of social media, cybersecurity of electronic information. The exhibit shows the percentage of respondents who chose “extensive.” n = 9,941 for cybersecurity; n = 9,747 for social media.] Here is the percentage of departments that spend significant time auditing these risks. Almost 1 out of 5 respondents (17%) say internal audit spends no time auditing cybersecurity at their organization. More than 1 out of 4 (27%) say they spend no time on social media audits, despite the obvious reputational risk and cyberthreats from these areas. Respondents expect audit activity in cybersecurity and social media to increase over the next 2 to 3 years, 74% and 54%, respectively.

23 Action Points for Technology Risks
Start looking at IT risk from a high level, examining policies, project plans, and business issues. Network with peers and IIA special interest groups. Increase technical knowledge by investing in your own expertise. Increase IT skills within the team. Why don’t auditors look into this area more―an area that is at the top of the corporate worry list? According to Theresa Grafenstine, inspector general, U.S. House of Representatives, Washington, DC, “Auditors often don’t deal with IT risk because they are afraid―they don’t understand it. But it’s too big a risk to ignore.” It’s imperative that auditors find a way of engaging more with IT risk if they are going to meet the needs of stakeholders. You don’t have to be an IT expert to look at the high-level issues―internal auditors can start there. They can use IIA tools and networking opportunities to understand the strategic issues and how those relate to their organizations. They can increase their own knowledge of the technical IT issues and increase IT skills in their teams. Only 14% of CAEs say they are recruiting or building skills in their functions in cybersecurity specifically. Is that really enough? [This statistic comes from exhibit 19 of the report.]

24 7. Enhance Audit Findings Through Greater Use of Data Analytics
Internal auditors must continue to improve their data analysis skills and techniques to enhance audit findings. Such technologies enable internal auditors to improve efficiency and audit data-rich areas in more sophisticated ways. Just over half (55%) of auditors consider themselves to have advanced or expert-level skills in data analysis to reach meaningful conclusions. This means that approximately half of respondents do not consider themselves to have strong data analysis skills, and technology is not being used to full advantage by some individuals and organizations.

25 Ways Data Mining Is Used
Q96: Does your internal audit department use data mining or data analytics for the following activities? (Choose all that apply.) For each option―fraud identification, regulatory compliance, and so on―fewer than half of respondents use data mining in their processes. Similarly, fewer than half of respondents (44%) report extensive or moderate activity for continuous/real-time auditing techniques―the kind of approach that will help internal audit anticipate the needs of its stakeholders by focusing on upcoming risks. (statistics verified by DP )

26 Action Points for Data Analytics
Create separate, but related, plans for internal audit’s data analytics resource. Train management in data analysis skills. Team up with business lines to help internal audit move into a more independent, continuous monitoring role. Many auditors allow the audit plan to run their use of analytics, but it is better to think of the two areas as related but separate. For example, why not consider reserving a quarter or third of the analytics resource to developing partnerships with those parts of the business interested in developing their capacity to control and monitor their own risk? Another underused area is training management in data analysis. This can free up audit time and put the function in a more strategic, independent monitoring role. Finally, those business lines that want to improve their own monitoring and analytics may be prepared to share the costs of the project with internal audit. Regarding continuous/real-time auditing, a little less than half of respondents report moderate or extensive activity (44%).

27 8. Go Beyond The IIA’s Standards
[Note: Q98: Does your organization use the International Standards for the Professional Practice of Internal Auditing (Standards)? Only CAE responses were included in this exhibit. Due to rounding, some totals may not equal 100%. n = 2,478.] Standards usage varies a great deal between regions. For use of all the Standards, North America, Europe & Central Asia, and Sub-Saharan Africa had the highest percentages (between 58% and 68%). The IIA wants internal auditors to follow the Standards because it provides the best benchmark for quality auditing there is. As Gabriel Benavides Ramirez, director of internal control and anti-corruption auditing, General Audit Office of Mexico City, Mexico, says in the report, “The board can be confident in internal audit’s objective insights into the business because the Standards provides a specialized and systematic approach to providing such assurance.”

28 Establish The IIA’s Standards as the Framework for Quality Assessment
Inform the audit committee about the value of the Standards. Establish a robust QAIP as required by the Standards. Perform an annual self-assessment to ensure conformance to the Standards and have an external quality review conducted at least every five years. Inform the audit committee of the external review and quality program results. Ensure that the audit team is certified; require certification for team members if they hold certain levels of responsibility. Let’s go through two sets of action points for this imperative: the first is about establishing The IIA’s Standards as the foundation for quality auditing; the second is about going beyond the Standards to deliver specific, high-value activities for your organization. First then, establishing The IIA’s Standards as the foundation for quality auditing: In Imperative 3, we talked about informing the board of its responsibilities and about risk. Internal auditors should also inform the audit committee about the Standards and, in particular, the standards covering quality, to demonstrate internal audit’s professionalism and commitment to quality. This will help enhance internal audit’s credibility. Second, internal audit should put in place both quality assurance and improvement programs and annual self-assessments and external quality review programs. These are required by the Standards and will ensure internal audit is performing well. Globally, 67% say they have periodic or ongoing internal assessments as required in Standard 1311 (Q100). But only 45% conduct an external assessment at least once every 5 years, as required by the Standards (Standard 1312). [DP verified statistic ] Third, tell the audit committee about the results of these assessments. If they need improvement, that may take courage. But it will help focus attention on where improvements must be made and help the CAE ask for additional resources, if necessary. Audit committees have a right to know how good their departments are, so this exercise could help close the expectations gap by shedding clear light on internal audit’s performance. Only 46% report on the quality assessment progam to the board at least annually (Standard 1320) [DP verified statistic ] Make sure staff are properly qualified to hold the levels of responsibility they enjoy. This will help boost the department’s performance.

29 Go Beyond the Standards to Deliver High-Value Activities
Discuss what “high-value internal audit activity” means for the audit committee and executive management. Agree with the audit committee and executive management on specific activities internal audit can focus on to meet expectations for quality and value. Periodically report to the audit committee and executive management on internal audit’s performance re: agreed- upon specific expectations. To go beyond the Standards, we need to embrace Imperative 1―understanding the needs of internal audit’s stakeholders so that we can anticipate those needs in our work. Go through points (these are self-explanatory). Internal audit needs to get close to its stakeholders, communicate effectively with them, align with its strategic objectives, understand the business, and deliver quality work that meets their expectations for quality and value. That approach is going to beat the expectations gap and make internal audit an indispensable resource to its organization, but it also requires a high level of personal commitment, which brings us to the last group of imperatives.

30 So far…. Internal auditors need to play a leading role to conquer the expectations gap: Communicate effectively. Align with strategic objectives. Understand the business. Deliver quality. Internal audit needs to get close to its stakeholders (audit committees and executive management): communicate effectively with them; align with their strategic objectives; understand the business; and deliver quality work that meets their expectations for quality and value. That approach is going to beat the expectations gap and make internal audit an indispensable resource to its organization, but it also requires a high level of personal commitment, which brings us to the last group of imperatives―invest in excellence.

31 Section 3: Invest in Excellence
Invest in yourself. 10. Recruit, motivate, and retain great team members. There are just two parts to the final group of imperatives, but they are at the foundation of everything else. Individual internal auditors need to accept responsibility for their own professional development. And internal audit departments need to do everything they can to recruit, motivate, and retain great team members.

32 9. Invest in Yourself There has never been a better time to be an internal auditor. But internal audit departments often do not have well-developed staff training. 4 out of 10 respondents reported fewer than 40 hours of training per year. There has never been a better time to be an internal auditor. For those with the right skills and personal attributes, the financial and professional rewards have never been higher. Auditors in progressive departments that do all the things we have been talking about can make a real difference to their organizations and get paid very well for doing so. The skills shortage in the profession has triggered fierce competition for the best-qualified auditors. The maturity of training programs varies greatly, depending on the size of the internal audit department. In the smallest departments, about 3 out of 10 have a structured or documented training program, compared to 7 out of 10 of the largest departments. In addition, 4 out of 10 respondents reported fewer than 40 hours a year in professional training and development (see exhibit in the following slide). If you really buy in to the fact that the world is changing at light speed and that huge business change occurs faster than ever, how can internal auditors get by on the same level of training as they did 10 years ago?

33 Hours of Training Per Year
Note: Q14: How many hours of formal training related to internal audit do you receive per year? n = 13,106.

34 Training Program Elements
[Note: Q46: What is included in the training program for internal audit? (Choose all that apply.) CAEs only. n = 3,099.] Highly skilled individuals are at a premium, making the financial and personal returns on self-investment short term. Let’s take a look at where internal audit training programs let their people down. The question asked: What is included in the training program for internal audit? (Choose all that apply.) The biggest emphasis is on internal audit skills with business knowledge―something we have identified as essential to delivering quality audits―only offered by half of CAEs polled. Critical thinking and leadership were offered by fewer than 1 out of 3. When CAEs were asked to choose the skills they were focused on recruiting, the top pick was analytical/critical thinking (64%). [This information is illustrated in exhibit 19 in the report.] Yet a much lower percentage offer it in their training programs—only 30%, as shown on this slide [exhibit 17]. For internal auditors who want to get ahead, these soft skills are an obvious place to concentrate their effort―communication skills, critical thinking, leadership, and motivation. For example, spend time learning about the industry in which they work and read business books on motivation and leadership skills. To be a successful internal auditor, you cannot simply rely on the training provided by your department. Seek and identify the training you need to meet the organization’s needs, then ask for it.

35 10. Recruit, Motivate, and Retain Great Team Members
Internal audit departments need to cast their recruitment nets wider. The internal audit profession of the future will be more evenly balanced between men and women. Training and development programs need to be aligned to the future needs of the business. Internal audit departments need to cast their net wider to attract, retain, and motivate team members who are able to understand and anticipate the rapidly changing business environment. This is crucial if internal audit functions are to better understand the businesses and functions within the organizations they serve. Only in North America is the gender split almost even (48% female, 52% male) and in the years of age category where the divide is more equal (55% male, 45% female). The academic majors recruited into the profession are still dominated by accounting, auditing, and finance. This relatively narrow focus threatens to restrict the skills available to CAEs and could, ultimately, blindside the profession.

36 What Skills Are You Recruiting or Building Most in Your Department?
[Note: Q30: What skills are you recruiting or building the most in your internal audit department? (Choose up to five.) CAEs only. n = 3,304.] From what we have learned about the profession from this survey, it is clear that CAEs are still not building skills in industry-specific knowledge and IT to meet the needs of their stakeholders and make the audits relevant to the business’s strategy. CAEs need to invest more in these areas and explicitly link what their staff learns and its relevance to the objectives and needs of their organizations.

37 Action Points for Building Talent
Recruit from a wider pool of candidates. Build formal audit rotation programs. Invest time in training. Link the audit process to the needs of the individual. Use bonuses to motivate and reward. If internal audit executives built their teams from a wider, more diverse pool of people, it would hugely increase the perspective on the business that their department could offer. Formal audit rotation programs are a great way to build links with the business. Enabling non-audit staff to spend time in the internal audit department as a route for helping to train those staff for management can boost industry knowledge within internal audit and create a better understanding of the department throughout the business. Internal audit staff can also benefit from secondment into the business. Internal audit departments also need to help their staff spend the time to develop skills and knowledge by giving them time to study and take courses. Most departments have individual development plans for each staff member, but these are less frequently linked to the audit process. Audit departments could create a better link between the on-the-job experience it can provide by assigning staff to audits where they are developing skills. Bonuses are becoming a popular method of motivation and retention―67% say they have the opportunity to receive a bonus at present. These payments are tied most commonly to personal performance (78%) or company performance (74%). [(Q34a) statistics checked by DP]

38 The 10 Imperatives Play a Leading Role
Anticipate the needs of stakeholders. Develop forward-looking risk management practices. Continually advise the board and audit committee. Be courageous. Beat the Expectations Gap 5. Support the business’s objectives. 6. Identify, monitor, and deal with emerging technology risks. 7. Enhance audit findings through greater use of data analytics. Go beyond The IIA’s Standards. Invest in Excellence 9. Invest in yourself. 10. Recruit, motivate, and retain great team members. To recap then: To play a leading role, internal audit must anticipate the needs of stakeholders, develop forward-looking risk management practices (including by aligning its work with the strategic objectives of the business), and be the primary source of information on risk and control to the board. We either occupy that position or surrender it to others. We must have the courage to stand by our findings while making sure that we have helped create the culture in the business where internal audit’s work will be best received.

39 CBOK 2015: What’s Coming Jul. 2015 Aug. 2015 Sept. 2015 Oct. 2015
IIA International Conference Governance, Risk, and Control Conference South Africa Conference IIA Financial Services Exchange ECIIA Conference All Star Conference Southern Regional Conference ACIIA Conference IIA Midyear Committee Meetings Jul. 2015 Aug. 2015 Sept. 2015 Oct. 2015 Nov. 2015 Dec. 2015 Driving Success in a Changing World: 10 Imperatives for Internal Audit Auditing Technology Risks Use of Technology for Internal Audit Processes Financial Services Outlook Who Owns Risk? Internal Audit’s Changing Role Combined Assurance and the Three Lines of Defense Fraud Risk: Detection and Prevention Measuring Internal Audit Value and Performance Public Sector Outlook Core Competency Levels for Internal Auditors Interacting with Audit Committees 8

40 CBOK 2015: What’s Coming GAM Conference SoPac Conference
Leadership Conference IIA International Conference Jan. 2016 Feb. 2016 Mar. 2016 Apr. 2016 May 2016 Jun. 2016 The Skills Most Desired by IA Managers for Their Staffs Use of Third Parties by Internal Audit CAE Career Path Women in IA: Representation and Trends Maturity Levels for IA Dept. Around the World How to Evaluate and Motivate Your Staff Certifications Held by Internal Auditors Ethical Pressures Faced by Internal Auditors IIA Standards: Conformance and Trends Quality Assurance and Improvement Program Trends Integrated Reporting Organizational Governance: Internal Audit's Role 9

41 YOUR DONATION DOLLARS AT WORK
FREE thanks to generous contributions from individuals, organizations, and IIA chapters and institutes around the world. Download your FREE copy today at the CBOK Resource Exchange. The IIARF encourages those who are presenting this slideshow to download the full report from The IIA Research Foundation and make it available to their audience. This report was generously sponsored by

42 About The IIA Research Foundation
CBOK is administered through The IIA Research Foundation (IIARF), which has provided groundbreaking research for the internal audit profession for the past four decades. Through initiatives that explore current issues, emerging trends, and future needs, The IIARF has been a driving force behind the evolution and advancement of the profession. For more information, visit:

43 Copyright and Disclaimer
The IIARF publishes this document for information and educational purposes only. IIARF does not provide legal or accounting advice and makes no warranty as to any legal or accounting results through its publication of this document. When legal or accounting issues arise, professional assistance should be sought and retained. Copyright © 2015 by The Institute of Internal Auditors Research Foundation (IIARF). All rights reserved. For permission to reproduce or quote, please contact

Download ppt "Driving Success in a Changing World: 10 Imperatives for Internal Audit"

Similar presentations

. . . a step-by-step guide to world-class internal auditing

. . . a step-by-step guide to world-class internal auditing
HR Manager – HR Business Partners Role Description

HR Manager – HR Business Partners Role Description
1 ACI Annual Audit Committee Survey - Global M A R K E T I N G & C O M M U N I C A T I O N S R E S E A R C H Charles Garbowski Research February 21, 2006.

1 ACI Annual Audit Committee Survey - Global M A R K E T I N G & C O M M U N I C A T I O N S R E S E A R C H Charles Garbowski Research February 21, 2006.
Www.globaliia.org The Internal Audit Leader of the Future IIA Israel Conference, Tel Aviv 2 February 2012.

The Internal Audit Leader of the Future IIA Israel Conference, Tel Aviv 2 February 2012.
Preparing for an External Quality Assessment of your Quality Assurance and Improvement Program Institute of Internal Auditors El Paso Chapter August 29,

Preparing for an External Quality Assessment of your Quality Assurance and Improvement Program Institute of Internal Auditors El Paso Chapter August 29,
Quality evaluation and improvement for Internal Audit

Quality evaluation and improvement for Internal Audit
Views of Value and Competency How Stakeholder and Internal Auditor Perspectives Compare.

Views of Value and Competency How Stakeholder and Internal Auditor Perspectives Compare.
MGT-555 PERFORMANCE AND CAREER MANAGEMENT

MGT-555 PERFORMANCE AND CAREER MANAGEMENT
Internal Auditing and Outsourcing

Internal Auditing and Outsourcing
Internal auditing for credit unions Nuala Comerford, Chair IIA Irish Region Committee Pamela McDonald Council Member IIA Credit Union Summer School Thursday,

Internal auditing for credit unions Nuala Comerford, Chair IIA Irish Region Committee Pamela McDonald Council Member IIA Credit Union Summer School Thursday,
© 2013 Cengage Learning. All Rights Reserved. 1 Part Four: Implementing Business Ethics in a Global Economy Chapter 9: Managing and Controlling Ethics.

© 2013 Cengage Learning. All Rights Reserved. 1 Part Four: Implementing Business Ethics in a Global Economy Chapter 9: Managing and Controlling Ethics.
E q Is Your Audit Plan Keeping Pace With Your Business? Duncan Edwards Liam McCaul – Partner, Risk Advisory Services E Q Internal Audit — Adding Value.

E q Is Your Audit Plan Keeping Pace With Your Business? Duncan Edwards Liam McCaul – Partner, Risk Advisory Services E Q Internal Audit — Adding Value.
Staying a Step Ahead Internal Audit’s Use of Technology By Michael P. Cangemi Coauthor – Managing the Audit Function; former CAE, CFO, CEO, and AC Chair.

Staying a Step Ahead Internal Audit’s Use of Technology By Michael P. Cangemi Coauthor – Managing the Audit Function; former CAE, CFO, CEO, and AC Chair.
Kerry Cleary An evaluation of the impact of Values Based Interviewing at the OUH Values Based Conversations and wider engagement strategies.

Kerry Cleary An evaluation of the impact of Values Based Interviewing at the OUH Values Based Conversations and wider engagement strategies.
Globaliia.org From Dubai to Beijing (How we use your GC input) Anton van Wyk, Chairman of the Board.

Globaliia.org From Dubai to Beijing (How we use your GC input) Anton van Wyk, Chairman of the Board.
Governance, Risk and Ethics. 2 Section A: Governance and responsibility Section B: Internal control and review Section C: Identifying and assessing risk.

Governance, Risk and Ethics. 2 Section A: Governance and responsibility Section B: Internal control and review Section C: Identifying and assessing risk.
© 2015 ASPCA ®. All Rights Reserved. Succession Planning & People Development Practical Tools for Managers Cheryl Bucci - Vice President, Human Resources.

© 2015 ASPCA ®. All Rights Reserved. Succession Planning & People Development Practical Tools for Managers Cheryl Bucci - Vice President, Human Resources.
Alford Strategy Management LLC | Bruce G. Alford | 1 (847) 708-5703 | Alford Strategy Management Sales Presentation “I love it when a.

Alford Strategy Management LLC | Bruce G. Alford | 1 (847) | Alford Strategy Management Sales Presentation “I love it when a.
JMFIP Financial Management Conference

JMFIP Financial Management Conference
How to create great SMART Goals

How to create great SMART Goals

Similar presentations

Ads by Google