1 / 43

Speaker:

Who Audits the Auditors? The value of Internal and External Quality Assessments. Speaker:. Speaker Background Information. Topics we will cover Today. Key Areas of Discussion Today. Quality Improvement & Assurance Program

aloha
Download Presentation

Speaker:

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Who Audits the Auditors? The value of Internal and External Quality Assessments Speaker:

  2. Speaker Background Information

  3. Topics we will cover Today

  4. Key Areas of Discussion Today • Quality Improvement & Assurance Program • External quality assessments and why your audit group should have one • What to expect from an external QA • How to get the most value from a QA How an Audit professional should prepare for a QA

  5. Some areas we will NOT talk about today • All of the Standards with which you need to comply to pass a QA • All of the components of an effective quality program There just isn’t enough time to do this and the IIA and other organizations have seminars, books and CDs covering these topics

  6. A Show of Hands How many Internal Audit Activities have a QA&IP in place today?

  7. A Show of Hands How many work for an organization that has had an external QA?

  8. A Show of Hands How many work for an organization that has not had an external QA? Is anyone planning to have one?

  9. A Show of Hands How many have been part of an external QA team?

  10. Does this look familiar? http://www.theiia.org/guidance/standards-and-practices/professional-practices-framework/

  11. Have you read the Quality Standards? Standard 1300Quality Assurance and Improvement Standard 1310Quality Program Assessments Standard 1311Internal Assessments Standard 1312External Assessments

  12. Standard 1300: Quality Assurance and Improvement Program (QA&IP) The chief audit executive must develop and maintain a quality assurance and improvement program that covers all aspects of the internal audit activity and continuously monitors its effectiveness. The program must be designed to help the internal auditing activity add value and improve the organization’s operations and to provide assurance that the internal audit activity is in conformity with the Standards and the Code of Ethics.

  13. Quality Assurance and Improvement Program Why is a Quality Assurance & Improvement Program necessary? As an Organization and its Internal Audit shops grow, its operations undergo refinement, and its internal processes change and evolve, its quality monitoring process must keep pace.

  14. Quality and Improvement Program What would be the elements of a Quality and Improvement Program? QA

  15. 1311: Internal Assessments Must include: • Ongoing reviews of the performance of the internal audit activity; and • Periodic reviews performed through self-assessment or by other persons within the organization, with knowledge of internal auditing practices and the Standards. • Person(s) conducting assessment can be part of internal audit activity or from another area in the company.

  16. Some Elements of a QA&IP • Staff Information (education, skills, certifications) • Audit Plan Budget to Actual • Audit Cycle Time • Issues and Recommendations Tracking • Customer Satisfaction Survey • Staff Meeting • Benchmarking to Best Practices • Training • Work Paper Review (ongoing) • QA Review Action Plan

  17. Board/Audit Committee • Expectations • Perspective on IA Roles • Satisfaction Surveys • Requests • Complaints MEASURES OBJECTIVES • Perspective on IA Roles • Satisfaction Surveys • Risk Concerns • CAE/AC Private Meetings Balanced Scorecard for Internal Auditing • List here. • List here. Internal Audit Processes Management/Audit Customers CORPORATESTRATEGY OBJECTIVES MEASURES OBJECTIVES MEASURES • List here. • List here. • List here. • List here. INTERNAL AUDITSTRATEGY • Importance Levels • Improvements • Findings • Repeat Findings • Savings • Quality Assessment • Experience • Education • Training • Certification • Reporting Relationships Innovation/Capabilities OBJECTIVES MEASURES • List here. • List here

  18. What is the Value of Quality to Internal Audit ABC Organization Executive Level At this level Internal Audit is not considered a valued resource to the Organization Internal Audit

  19. What is the Value of Quality to Internal Audit ABC Organization Executive Level Internal Audit As the Quality of Internal Audit increases the acceptance at the Executive Level gets Internal Audit closer

  20. What is the Value of Quality to Internal Audit ABC Organization Executive Level Internal Audit Once Quality is achieved Internal Audit is embraced by the Executive Level as a valuable resource within the Organization

  21. Who’s Responsible for the Quality of Internal Audit? • Organization • Chief Audit Executive (CAE) • Internal Audit Profession • IA Stakeholders (AC, BOD, Regulatory Body, Sr. Mgmt) • Internal Auditor specially CIA’s Who Will Benefit?

  22. Professionalism & Commitment • The Drive to be the Best • Success (individual & organization) • “Persistence with a Purpose” • Professional Development • The Pride to be an Internal Auditor

  23. By the way, what’s an external quality assessment (QA)? Professional standards require each internal audit function to obtain an external quality assessment at least once every five years(Standard 1312)

  24. What’s the focus of an external QA? • IIA Code of Ethics • International Standards for the Professional Practice of Internal Auditing • Audit committee & internal audit charters • Professional certification and education • Process improvement & best practices

  25. What happens in an external QA? • Interview & survey stakeholders • Assess compliance with the IIA Code of Ethics and the Standards • Assess charters, policies & procedures • Review staff experience & qualifications • Inspect workpapers

  26. What are the benefits of an external QA? • Expert advice & counsel from practitioners with decades of experience and broad exposure to the best IA functions • Sounding Board • Leverage for funding, authority, independence & training • Visibility • Pipeline to the audit committee & senior management

  27. Making a difference… • HBS or equivalent executive training program for CAE • Staffing increases • Training and certification support • Implementation of CAATs

  28. Why have an external QA? • Professional credibility • Organizational credibility • Legal liability • Compliance with Standards • Continuous improvement • Audit Committee oversight

  29. Why are some IA functions not in compliance? (The IIA Common Body of Knowledge survey reports 39% of IA functions have never had an external QA) • 28% of IA functions are less than 5 years old • Internal audit is not regulated • Unaware of the requirement • Unfazed by the penalty • Costs in money and time

  30. What problems are commonly found? • Inadequate Quality Assurance & Improvement Program • Consulting omitted from the mission and charter • Inadequate IT coverage or technical skills • Lack of performance measures

  31. What problems are commonly found? • Inappropriate CAE reporting relationships • Out-of-date charters • Client perception of inadequate audit staff knowledge • No formalized risk assessment process

  32. What Does It *Cost? *Source: IIARF Survey April 2007

  33. How long does an external QA take? A sample timeline… RFP 8/1 – 8/15 Prepare background info 9/1- 9/15 Stakeholder surveys 9/15 – 9/30 GAIN data input on IIA website 9/15 Preliminary meeting 10/15 On-site fieldwork 10/30 – 11/3 Issue draft report 11/15 Receive reply to draft report 11/22 Issue final report 11/29

  34. What is a self-assessment with independent validation (SAIV)? Perform your own internal assessment and then… Engage an independent party to review your work

  35. What’s the advantage of the SAIV? SAVE It costs less!

  36. What’s the trade-off for a SAIV? Requires IAA to budget more resources Diminished: • Independence • Outside perspective • Expertise • Board leverage • Senior management leverage • Oomph

  37. What should you do? If you can’t get the budget for an external QA, go the SAIV route to get into compliance Consider SAIV for your 1st QA and follow-up with an external QA in 2-3 years

  38. What about peer reviews? “Even if he is lucky, the best barber can count on no more than the 2nd best haircut” Issues: quality, independence, experience, industry knowledge, confidentiality, etc.

  39. How long does an SAIV take? A sample timeline… RFP 8/1 – 8/31 Prepare self-assessment 9/1- 9/30 Stakeholder surveys 9/15 – 9/30 GAIN data input on IIA website 9/15 Preliminary meeting 10/15 On-site validation 10/30 – 11/1 Issue draft report 11/15 Receive reply to draft report 11/22 Issue final report 11/29

  40. IIA Recognition Plaque Organizations that have an external quality assessment completed by The IIA with a “General Conformance” opinion will receive a recognition plaque

  41. Where to Find Quality Resources? • Free Web-Based Resources by IIA Inc. and IIA Affiliates (www.theiia.org /Quality) • QA training seminars by IIA Inc. and IIA Affiliates • Local Chapters and Study Groups • Quality Services by IIA Inc., Affiliates, and Other Service Providers

  42. Time for…. Questions???

  43. This presentation is fromThe Institute of Internal AuditorsGlobal Headquarterswww.theiia.orgContact us at Quality@theiia.org

More Related