Presentation is loading. Please wait.

Presentation is loading. Please wait.

ISMMMO, Antalya 25-29 April Internal Audit, Best Practices Özlem Aykaç, CIA,CCSA CAE Coca-Cola İçecek.

Similar presentations

Presentation on theme: "ISMMMO, Antalya 25-29 April Internal Audit, Best Practices Özlem Aykaç, CIA,CCSA CAE Coca-Cola İçecek."— Presentation transcript:

1 ISMMMO, Antalya 25-29 April Internal Audit, Best Practices Özlem Aykaç, CIA,CCSA CAE Coca-Cola İçecek

2 2 What I share with you today  When management perceive IA value  Elements to Enhance IA Functions  Best Practices in these Elements  Performance Measures

3 3 When management perceive IA value  As management seeks to meet business objectives; especially relates to the objectives of internal control: - Efficiency and effectiveness of operations - Reliability of financial reporting - Compliance with applicable laws and regulations - Safeguarding of assets  As management (as well as the Board or Audit Committee) sees IA resources being utilized/ leveraged as a part to achieve strong, and effective risk management, internal control and corporate governance process

4 4 Elements to Enhance IA Functions IA Function CustomersPeopleProcessTechnologyCommunication

5 5 Best Practices - Customers  Identify your customers  Develop relationship to understand their needs  Establish business partner relationship with audit customers  Include customers in the risk assessment/planning process Sharing Story………..Risk Assessment in CCİ

6 6 Best Practices - People  Blend of audit and operational expertise  Market a career in the Company rather than just within IA  Establish training requirements  Create an environment for innovation  Obtain high performance personnel from within as well as from outside Sharing Story ……… Utilizing Co-sourcing

7 7 Best Practices - Process  Understand and align with Management’s overall objectives and business strategies  Organize the department along business lines  Evaluate and document risk management of product/ service / initiatives.  Broaden the definition of “risk” to improve process performance  Train customers on internal control  Use self-assessment to gather valuable information prior to the Audit  Build flexibility into your audit plan Sharing Story ……… Control Self-Assessment

8 8 CONTROL SELF-ASSESSMENT (CSA) CSA is a formal, documented process facilitated by IAD which designed to allow management and work teams made up of individuals from business units, functions to collaboratively: Identify risks and exposures. Assess the control process that mitigate or manage those risks. Develop action plans to reduce risks to acceptable levels. Determine the likelihood of achieving the business objectives. Potential Outcomes: Employees at all levels better understand and assume responsibility and accountability for effective control and risk management. Corrective action can be more effective because participants “own” the results. Provides a broader coverage on important issues because the experts quickly focus on risks and controls. Improves communication at all levels; increase employee satisfaction. Teaches participants how to analyze and report on internal control, thus increase the control conciousness. Reduce risk of fraud and noncompliance with laws and regulations CCI IAD Policy:  Implement self-assessment in areas like Finance and BSG to promote internal controls and to enhance audit resources.

9 9 Best Practices - Communication  Listen to different customers’ voices regularly  Help educate the organization through various communication forums (publications, newsletters, business book summaries,training sessions)  Become a repository for best practices/ benchmarking information and share with the organization  Reduce reporting cycle time and maximize action Sharing Story – Activity Reporting

10 10 Best Practices - Technology  Link Management objectives/ strategies to supporting IT infrastructure  Integrate systems risk analysis into each audit – define from a “business” not a technical perspective  Utilize technology in the audit process – timely coverage – Computer assisted audit techniques (CATT) – Self-Assessment & facilitation tools Sharing Story ………CMS

11 11 CONTINOUS MONITORING SYSTEM (CMS) CMS is a management-driven process used for monitoring high risk areas and exceptions. Management is responsible for reviewing exceptions and taking necessary actions to diminish the risks. Internal Audit has to ensure that exceptions are reviewed and necessary actions are taken by management to reduce the risks. Advantages: Independent Control Mechanism which helps us to: Assure Internal Controls Complaince Reduce Operational Risks Mitigate the risk of Fraud CCI IAD Policy:  Implement Continuos Monitoring System(CMS) in high risk areas which will help us to assure internal controls complaince, reduce operational risks and mitigate the risk of fraud.

12 12 Performance Review (QAR)  International Standards require of a independent Quality Assurance Review every 5 years,  Should be more – Audit Committee, management and internal audit customers  Use of smart KPI’s as a benchmark for performance World Class – Internal audit should actively seek performance reviews from numerous sources. Periodic independent review, regular internal audit customers, management and the Audit Committee formalised feedback and use of KPI’s

13 13 Performance Measures Performance measures enable the internal audit team to: – Gauge its success in meeting or exceeding client service expectations – Measure how well the audit process is managed and achieves its objectives Select the measures which reflect your needs and values. Select a few and commit to tracking/reporting

14 14 Performance Measures - Customers  Results of customer/stakeholder surveys vs. predetermined level of satisfaction goals. (Audit timeliness, Taking account of business concern, Professionalism, etc.)  Number of recommendations implemented.  Number of management requests (for assistance,consultation, special audits, etc.).  Number of committees and task forces audit is involved in or is asked to be involved in.

15 15 Survey

16 16 Performance Measures - People  Percentage of function personnel with various types of experience.  Number of individuals with certifications - CIA, CCSA, CISA, CPA,...  Employee satisfaction survey results.  Attainment of annual goals for staff training.  Average years of audit experience for managers, in charge, and staff.  Number of individuals promoted into the organization

17 17 Performance Measures - Communication  Percentage of recommendations implemented within the time period agreed to by audit customers.  Number of surprises at closing meeting.  Report cycle time (Total - end of field work to report delivery).  Cycle time between various key milestones in the audit reporting process.  Number of audit findings agreed & recommendations implemented.

18 18 QAR – Measurement Criteria

19 19 What we expect to see in the Future  More interaction with the Board or Audit Committee.  Consideration of IT risks, internal controls in all engagements  Increased leverage of technology tools  Evolving 'ownership' of internal controls at the field level  More defined Consulting engagements for internal audit  Ongoing training role of internal audit on internal controls, fraud prevention, ethics  ….and others

20 ISMMMO, Antalya 25-29 April QUESTIONS ??? Internal Audit, BEST PRACTICES Özlem Aykaç, CIA,CCSA CAE, Coca-Cola İçecek

Download ppt "ISMMMO, Antalya 25-29 April Internal Audit, Best Practices Özlem Aykaç, CIA,CCSA CAE Coca-Cola İçecek."

Similar presentations

Ads by Google