Presentation is loading. Please wait.

Presentation is loading. Please wait.

CBIZ Risk & Advisory Services, LLC 1 Quality Assessments Lessons Learned/Best Practices Thomas A. Johnson, CIA November 13, 2007.

Published byErick Watson Modified over 9 years ago

Similar presentations

Presentation on theme: "CBIZ Risk & Advisory Services, LLC 1 Quality Assessments Lessons Learned/Best Practices Thomas A. Johnson, CIA November 13, 2007."— Presentation transcript:

1 CBIZ Risk & Advisory Services, LLC 1 Quality Assessments Lessons Learned/Best Practices Thomas A. Johnson, CIA November 13, 2007

2 CBIZ Risk & Advisory Services, LLP 2 Agenda  Requirement  Benefits  Attributes of a “World-Class” Internal Audit  Quality and Quality Assessment  Keys to an Effective QA  Common Observations  Leading Practices

3 CBIZ Risk & Advisory Services, LLP 3 Requirement  IIA Standard 1312- Requires an external assessment be performed by a competent and independent firm at least every 5 years.  Good ‘business practice” to provide an independent evaluation of internal audit as well as identifying potential ways to improve the process.  With Sarbanes-Oxley and other demands placed on Audit Committees and Internal Audit, a Quality Assurance Review serves to provide an assessment that the various Internal Audit responsibilities are being discharged effectively and efficiently.

4 CBIZ Risk & Advisory Services, LLP 4 Benefits  Current State of “Conformance to the Standards”.  Builds stakeholder confidence by showing management’s commitment to quality and leading practices.  Demonstrates that the Audit Committee and Internal Audit are concerned about the success of the organization’s internal controls, governance and risk management processes.

5 CBIZ Risk & Advisory Services, LLP Benefits  PCAOB Audit Standard 2 states “The external auditor may use the work of internal auditors particularly when internal auditors are in compliance with the Standards.”  Observations on benchmarking & identification of successful practices  Recommendations for improvement aimed at adding value to the organization. 5

6 CBIZ Risk & Advisory Services, LLP Benefits  Identify Expectation Gaps  Among key stakeholder expectations  Current state & desired state of performance  Recommendations aimed at adding value to the organization  Internal marketing tool strengthening credibility and promoting integrity 6

7 CBIZ Risk & Advisory Services, LLP Attributes of a “World-Class Internal Audit Activity  Empowered & Respected by Management and Board  Objective and Independent  Highly Talented  Risk Focused  Proactive  Technology Driven 7

8 CBIZ Risk & Advisory Services, LLP Empowered and Respected  Best Reporting Structure  Functionally – Audit Committee  Administratively- CEO  Respected at All Levels  Value-Added Business Advisors  “Out of the box” thinking  Provides effective resources and solutions to business challenges 8

9 CBIZ Risk & Advisory Services, LLP Objective and Independent  Seen as providing unbiased views of the organization.  Have no real or apparent conflicts of interest  Independent of the activities they audit  “No-No’s”  Designing and installing systems  Drafting of procedures 9

10 CBIZ Risk & Advisory Services, LLP Highly Talented  Highly talented professionals (certified) with unique combinations of skills & experiences  Hiring and Retention  Rotation in and out  Constantly adding value  Collectively possess the essential skills  Consideration for co-sourcing  Must commit to a program of continuous development 10

11 CBIZ Risk & Advisory Services, LLP Risk Focused  Allocates Time & Resources Based on Risk  Annual and Long Term Plans  Individual Engagements  Identifies critical risks & exposures before they become significant issues  Shares “lessons learned” across common business units and processes 11

12 CBIZ Risk & Advisory Services, LLP Proactive  Proactive, not only reactive  Right balance between protecting and enhancing shareholder value  Level of consultative support correlates with the organizations fluidity  E.g., a flat, decentralized organization likely requires significant support in analyzing business risks and transferring company-wide best practices then a highly centralized organization 12

13 CBIZ Risk & Advisory Services, LLP Technology & Process Driven  Utilizes “state-of-the-art” technology to:  Reduce Risks  Identify potential problems in nearly real time  Increase productivity  Continuously improve the control environment and communications  Be committed to a program of continuous improvement 13

14 CBIZ Risk & Advisory Services, LLP Foundation of World-Class Audit Departments  The International Standards for the Professional Practice of Internal Auditing and the Code of Ethics are the foundation for all world- class functions. 14

15 CBIZ Risk & Advisory Services, LLP Quality Components  Adherence to the Code of Ethics  Practicing in accordance with the Standards  Continued Professional Development  Audit Practice is continuous improvement oriented 15

16 CBIZ Risk & Advisory Services, LLP Quality Assurance  To Evaluate Quality- Objectively measure internal audit process  To maintain Quality- Fully commit to professional growth and development  To ensure Quality- Maintain quality assurance and improvement program 16

17 CBIZ Risk & Advisory Services, LLP Quality Standards  Internal audit must establish a quality assurance program that includes both:  Ongoing and periodic internal QA’s  External QA a minimum of once every 5 years  Failure precludes IA from using the statement “conducted in accordance with the International Standards for the Professional Practice of Internal Auditing.” 17

18 CBIZ Risk & Advisory Services, LLP Keys to an Effective QA  Understanding the Professional Practices Framework  Awareness and Implementation of the Standards  Internal audit quality programs and initiatives  Leading practices in applying the Standards 18

19 CBIZ Risk & Advisory Services, LLP Professional Practices Framework  Definition of Internal Auditing  The Code of Ethics  The Standards  Practice Advisories  Topical Index to the Practice Advisories 19

20 CBIZ Risk & Advisory Services, LLP Purpose of a Quality Assessment  Assess conformance to the Standards  Assess the effectiveness and efficiency of the internal audit activity  Identify opportunities for improvement  Improving performance  Image of the department 20

21 CBIZ Risk & Advisory Services, LLP Scope of External Assessments  Conformance with the Standards & the Code of Ethics & the IA’s charter, plan, policies, procedures and applicable laws & regulatory requirements  The expectations of the IA as expressed by the board, executive management and operational management  The integration of the IA into the governance process, including the relationships between and among the key groups involved in the process 21

22 CBIZ Risk & Advisory Services, LLP Scope (Cont’d)  Tools and techniques  Mix of knowledge, experience and disciplines within the staff, including the focus on process improvement  Determination that the internal audit activity adds value and improves the organization’s operations 22

23 CBIZ Risk & Advisory Services, LLP Areas of Focus  The Mandate of the IA Activity  The Relationship between IA & the Audit Committee  IA Reporting Lines  Staffing of Internal Audit  Obtaining & Maintaining Competency  Coordination with External Audit  Developing the Internal Audit Plan  Reporting Findings & Recommendations 23

24 CBIZ Risk & Advisory Services, LLP Areas of Focus  Follow-Up of Corrective Action  Fraud  Internal Quality Program  Sufficiency of IA Resources  Support from Senior Management  Evaluation by the Audit Committee 24

25 CBIZ Risk & Advisory Services, LLP Common Findings  Charters not current, inadequate and/or misaligned  Lacking support or sponsorship by top management  Department structure issues  Reporting lines  Alignment with the organization  Insufficient business knowledge and/or technology capabilities  Lack of a defined and documented risk assessment 25

26 CBIZ Risk & Advisory Services, LLP Common Findings  Linkage of risk assessment to plan  Impact of Sar-Box  Lack of external input to risk assessment  Audit Universe Deficiencies  Ineffective resource planning, including training  Inadequate IT Coverage  Limited use of technology  Infrequent management interaction 26

27 CBIZ Risk & Advisory Services, LLP Common Findings  Lack of Performance Measurements  Failure to Track Auditors’ Time  Inconsistent/Incomplete Work Papers  Lack of a defined and documented Quality Assurance and Improvement Program  Insufficient reporting to the Audit Committee 27

28 CBIZ Risk & Advisory Services, LLP Leading Practices  Enterprise Risk Assessment  Rigorous and coordinated approach  Assessing all risks that affect the organizations strategic & financial objectives  Risk & Control Self Assessment  Using Control Frameworks (COSO)  Effectiveness & Efficiency of Operations  Reliability of Financial Reporting  Compliance with Laws & Regulations 28

29 CBIZ Risk & Advisory Services, LLP Leading Practices  Partnering with Management  Risk Assessment & Annual Audit Planning  Long Term Audit Plans  Usually three years  Higher risk areas should be reviewed more frequently within the 3 year plan  Frequent modifications to long term plan  Developing Staff  Goal of 80 hours of training  Stretch Objectives & Performance Measures  Certification 29

30 CBIZ Risk & Advisory Services, LLP Leading Practices  Communicating More Effectively  User friendly format  Executive summary, with clear concise information and opinion  Regular reporting of issues to the Audit committee  “Marketing” IA function Brochure Intranet 30

31 CBIZ Risk & Advisory Services, LLP Leading Practices  Using Technology  Data extraction and analysis  Fraud detection/prevention  Network security assessment  Automated work-papers  Audit administration tools  Benchmarking  Performance measurements 31

32 CBIZ Risk & Advisory Services, LLP Questions ?????????????? 32

33 CBIZ Risk & Advisory Services, LLP Follow-Up Tom Johnson tomjohnson11@msn.com 330-759-0046 33

Download ppt "CBIZ Risk & Advisory Services, LLC 1 Quality Assessments Lessons Learned/Best Practices Thomas A. Johnson, CIA November 13, 2007."

Similar presentations

Organizational Governance

Organizational Governance
. . . key messages for CAEs, Senior Management and the Board

. . . key messages for CAEs, Senior Management and the Board
. . . a step-by-step guide to world-class internal auditing

. . . a step-by-step guide to world-class internal auditing
Www.theiia.org External Quality Assessments Frequently Occurring Findings Observed by The IIA QA Teams.

External Quality Assessments Frequently Occurring Findings Observed by The IIA QA Teams.
PRESENTATION ON MONDAY 7 TH AUGUST, 2006 BY SUDHIR VARMA FCA; CIA(USA) FOR THE INSTITUTE OF INTERNAL AUDITORS – INDIA, DELHI CHAPTER.

PRESENTATION ON MONDAY 7 TH AUGUST, 2006 BY SUDHIR VARMA FCA; CIA(USA) FOR THE INSTITUTE OF INTERNAL AUDITORS – INDIA, DELHI CHAPTER.
A Consultative Approach to Auditing

A Consultative Approach to Auditing
IMFO Audit & Risk Indaba June 2012

IMFO Audit & Risk Indaba June 2012
Supervisory Committee Communications with Management and the Board

Supervisory Committee Communications with Management and the Board
Internal Audit Awareness

Internal Audit Awareness
QUALITY ASSURANCE AND IMPROVEMENT PROGRAM (QAIP)

QUALITY ASSURANCE AND IMPROVEMENT PROGRAM (QAIP)
Welcome! Internal Auditing CHAPTER 1. Definition Internal auditing is an independent, objective, assurance and consulting activity designed to add value.

Welcome! Internal Auditing CHAPTER 1. Definition Internal auditing is an independent, objective, assurance and consulting activity designed to add value.
Preparing for an External Quality Assessment of your Quality Assurance and Improvement Program Institute of Internal Auditors El Paso Chapter August 29,

Preparing for an External Quality Assessment of your Quality Assurance and Improvement Program Institute of Internal Auditors El Paso Chapter August 29,
Chapter 5 5-1 © 2009 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
PwC Role of Internal Audit in Corporate Governance September 2010 Tumin Gültekin, Partner.

PwC Role of Internal Audit in Corporate Governance September 2010 Tumin Gültekin, Partner.
IS Audit Function Knowledge

IS Audit Function Knowledge
Operational Auditing Fall 2006 Professor Bill O’ Brien.

Operational Auditing Fall 2006 Professor Bill O’ Brien.
Quality evaluation and improvement for Internal Audit

Quality evaluation and improvement for Internal Audit
1 What is Internal Audit’s Role in Management’s Assertion The Institute of Internal Auditors May 11, 2004 Xenia Ley Parker, CIA, CISA, CFSA Principal XLP.

1 What is Internal Audit’s Role in Management’s Assertion The Institute of Internal Auditors May 11, 2004 Xenia Ley Parker, CIA, CISA, CFSA Principal XLP.
Operational Auditing Spring 2005 Professor Bill O’ Brien.

Operational Auditing Spring 2005 Professor Bill O’ Brien.
External Quality Assessments

External Quality Assessments

Similar presentations

Ads by Google