Internal Audit 301

Governance, Risk Management & Compliance
Our Vision
To be the lead advocate, trainer and practitioner in internal auditing in Africa by providing superior internal audit solutions to the private and public sectors as well as the third sector .
Our Mission
To engage internal audit leaders and their customers; government officials, corporate executives and senior management in a constant dialogue on the position, role and value of the internal audit activity.
Internal Audit 301: Audit Manager Seminar
Course Overview
Day One
Audit Manager Responsibilities Risk Assessment and Audit Plans Managing Audit Staff
Day Two
Managing your Management Audit File Review Finalizing Audit Reports Making an Impact at the Work place
Internal Auditing Defined

independent, objective assurance and consulting activity designed to 1add value and improve an organizations operations. It 2helps an organization accomplish its objectives by bringing a systematic, disciplined approach to 3evaluate and improve the effectiveness of risk management, control, and governance processes
Internal Auditing Defined
The what The why

The how
What are we doing?

1adding value and improving on organisations operations Making things better than when we met it.
Systems | Processes | Procedures

Why are we doing it?

2helping the organization accomplish its objectives How do you determine organisational objectives?
Gain a seat at the table

How are you doing it?

3evaluating and improving the effectiveness of risk management, control, and governance processes The triple magic wand
IIA Definition Logic

Helps the organization accomplish its objectives
Adding value and improving on organisations operations
Evaluating and improving on the effectiveness of GRC processes

Code of Ethics
Principles and Rules
Integrity Objectivity Confidentiality Competency
Code of Ethics Principles

Integrity
The integrity of internal auditors establishes trust and thus provides the basis for reliance on their judgment
Integrity Rules
Shall perform their work with honesty, diligence, and responsibility Shall observe the law and make disclosures expected by the law and the profession Shall not knowingly be a party to any illegal activity, or engage in acts that are discreditable to the profession of internal auditing or to the organization Shall respect and contribute to the legitimate and ethical objectives of the organization

Objectivity Internal auditors exhibit the highest level of professional objectivity in gathering, evaluating, and communicating information about the activity or process being examined.
Objectivity Rules
Shall not participate in any activity or relationship that may impair or be presumed to impair their unbiased assessment. Shall not accept anything that may impair or be presumed to impair their professional judgment. Shall disclose all material facts known to them that, if not disclosed, may distort the reporting of activities under review.

Confidentiality
Internal auditors respect the value and ownership of information they receive and do not disclose information without appropriate authority unless there is a legal or professional obligation to do so.
Confidentiality Rules
Shall be prudent in the use and protection of information acquired in the course of their duties. Shall not use information for any personal gain or in any manner that would be contrary to the law or detrimental to the legitimate and ethical objectives of the organization.

Competency
Internal auditors apply the knowledge, skills, and experience needed in the performance of internal audit services.
Competency Rules
Shall engage only in those services for which they have the necessary knowledge, skills, and experience. Shall perform internal audit services in accordance with the International Standards for the Professional Practice of Internal Auditing. Shall continually improve their proficiency and the effectiveness and quality of their services
Internal Auditing is the cornerstone for sustainable organisational success

The IIA Value Proposition
Role of Internal Auditors

Re- Corporate Governance Re- Risk Management Re- Fraud Re- Corporate Ethics Re- Internal Controls Re- Information Technology Re- Financial Reporting
The IIA Global Internal Audit Competency Framework - 2013
Module One
Audit Manager Responsibilities
The Audit Manager

Duties of the Audit Manager Attributes of the Audit Manager Audit Leadership Requirements
Duties of the Audit Manager

Work in partnership with management to improve the effectiveness of governance, risk management and control processes. Prepare a risk based annual audit plan that reflects the priorities of management Lead the Audit team to carry out risk based audit engagements Ensure continuous learning and development of staff
Attributes of the Audit Manager

7 Attributes of Highly Effective Internal Auditors.pdf Characteristic of Successful Internal Auditors.pdf
Audit Leadership Requirements

Why are Leadership Skills essential to the Audit Manager? What qualities are we looking for? Class discussion

Controlling group performance Setting the example Evaluating Effective teaching Representing the team

Build team spirit Motivate the team to stay on and complete the assignment Provide guidance on the work on a daily basis Encourage team to be professional Avoid passing the buck!!!!!!
Module Two
Risk Assessment and Audit Plans
Risk Assessment and Audit Plans Professional Requirements Building a Risk Assessment Factors and Conclusions Annual Audit Planning
Professional Requirements
From the ISPPIA
IPPF 2013 English.pdf
IPPF Summary
2010 Planning The chief audit executive must establish a risk-based plan to determine the priorities of the internal audit activity, consistent with the organizations goals
IPPF Summary
2010.A1 The internal audit activitys plan of engagements must be based on a documented risk assessment, undertaken at least annually. The input of senior management and the board must be considered in this process.
IPPF Summary
2020 Communication and Approval
The chief audit executive must communicate the internal audit activitys plans and resource requirements, including significant interim changes, to senior management and the board for review and approval. The chief audit executive must also communicate the impact of resource limitations
IPPF Summary
2030 Resource Management The chief audit executive must ensure that internal audit resources are appropriate, sufficient, and effectively deployed to achieve the approved plan.
Risk Assessment
A key technique in the internal auditors tools shop. Indispensable!!!
Building a risk assessment

1. Annual audit planning 2. Engagement audit planning
Annual Audit Planning

1. Risk Assessment
1. 2. 3. 4. Define the auditable units and establish the audit universe Determine risk criteria and assign weights Rate and Risk-rank the audit universe Segment the risk ranked audit universe and select auditable units
Annual Audit Planning

2. Resource Allocation
1. 2. 3. 4. Determine the man-days per auditable unit Determine man-days as per annual plan Prepare staff budget Compare man-days as per annual plan and man-days per staff budget
Engagement audit planning

From the ISPPIA
The ORC Relationship

Illustration
Objective Risk
Control
Consider the following

Changes in
Management and leadership Key staff Organisational structure Policies and procedures
Fraud Information technology/systems

Fraud and Technology Concerns

IT impacts auditors in two ways
The audit environment The audit tools and methodology
Information Technology
Technology-based Audit Techniques
Any automated audit tool, such as generalized audit software, test data generators, computerized audit programs, specialized audit utilities, and computer-assisted audit techniques (CAATs).
Fraud
Fraud Auditing
Fraud auditing is a proactive audit approach designed to respond to the risk of fraud
Fraud Auditing
The application of audit procedures designed to increase the chances of detecting fraud in core business systems. It is the process of responding to fraud within the context of an audit. May be conducted as part of an audit or the entire audit may be focused on detecting fraud.
Some Questions to ask

Who commits fraud, and how? What type of fraud are we looking for? Should fraud be viewed as an inherent risk? What is the relationship between internal controls and fraud opportunity? How is fraud concealed? How can we incorporate the fraud theory into our audit approach? What are the ways fraud auditing can be used to detect fraud?
Engagement audit planning

Individual exercise
Identify one departmental or functional objective at your work place Identify the effect(s) of uncertainty on the objective Determine the controls that you would expect to see embedded in the procedures and process
Module Three
Managing People
Managing Audit Staff Varying Personality Styles Generation Y Emotional Intelligence Dealing with Conflict Ethical Leadership
Success!!
You can Become Successful By Understanding Peoples Personalities
Varying Personality Styles

Basic personality types
The four temperaments
Sanguine | Choleric | Phlegmatic Melancholic
The four Ps
Playful | Peaceful | Powerful | Precises
Generation X and Y
Generation X
Are the characteristics applicable to us and our team members?
Generation Y
Are the characteristics applicable to us and our team members?
What are the implications?

Emotional Intelligence
Five areas
Self awareness Managing your emotions Motivation Empathy Social skills
Dealing with Conflict

Define acceptable behavior Hit Conflict Head-on Understanding the WIIFM Factor The Importance Factor View Conflict as Opportunity
Ethical Leadership
Its all about having in place the right code to prescribe the
Module Four
Managing your Management
Managing your Management Managing Expectations Involving Management in Audits Dealing with Management Requests Obtaining Resources
Managing Expectations
The expectations gap.
How do we deal with it?
1. The Internal audit charter 2. Involving Management in Audits 3. The audit committee
Involving Management in Audits Annual Audit Plan Audit Engagement

Opening meeting Exit meeting Share results with management on the go (culture of no surprises)
Audit reporting policy
Dealing with Management Requests Internal Audit Charter Provide for them during Annual Audit planning Consult or refer to the Audit committee
Obtaining Resources
Adopt risk based audit planning Prepare a budget to go with the annual audit plan and obtain approval from the audit committee. Communicate the impact of resource limitations to the Board You must know how to lobby management.
Module Five
File Review
File Review
A key part of the supervisory role of the Audit Manager It is for quality assurance Ensures that the internal audit engagement meets the expectations of audit leadership
Professional Requirement
From the ISPPIA
File Review Planning stage

Was the risk assessment completed? Was the Internal Audit Planning Memorandum signed?
Internal-Audit-Planning-MemorandumTemplate-.doc
Was the Audit Planning and Scoping checklist completed

Audit Planning and Scoping Checklist.doc
File Review Execution Stage

Was the audit program completed and referenced to the current audit file? Are all working papers indexed/referenced and cross referenced? Do all working papers show results of tests? Are these tests referenced to the engagement audit program?
File Review Reporting Stage

Is the draft audit report referenced to the working papers?
The background Are the conditions the results of audit work? Are the criteria sound? Will management accept them?
Always assume that you are management and ask questions

Module Six
Finalizing Audit Reports
Communicating Audit Results Professional Requirements Identifying audit concerns Selling audit concerns Dealing with Client reactions Requirements of Effective Reporting
Professional Requirements
From the ISPPIA
Identifying Audit concerns

Look out for the following:
Non-compliance with laid down policy Unusual events Budget overruns System abuse Sub-optimal performance
Selling audit concerns

Be factual
Sufficient and appropriate facts to support your claim Your condition must be able to withstand management challenge
Be mindful of language
Verbal utterances Body language
Dealing with Client reactions Do not enter an argument with the client Do not try to prove that you are right Present your facts and leave the rest to the recipient of the reports to come to their own conclusions
Requirements of Effective Reporting Address the 5 Cs Criteria | Condition | Cause Consequence | Corrective Action| Optimizing the report
The 5 Cs
Cause
Criterion
Corrective action
condition
Consequence
In a nutshell
What should be? What is? Why the deviation from the what should be occurred? What happened or could happen because the what is differed from the what should be? What is needed to correct the condition and improve operations?
Optimizing the Audit Report

Accuracy Objectivity Clarity Conciseness Constructiveness Completeness Timeliness
Module Seven
Making an Impact at the Workplace
Making an Impact at the Workplace
Maintaining Professionalism Audit Reporting Senior Management Meetings
The End
Thank you for your time

Internal Audit 301

Enviado por

Dados do documento

Direitos autorais

Formatos disponíveis

Compartilhar este documento

Compartilhar ou incorporar documento

Opções de compartilhamento

Você considera este documento útil?

Este conteúdo é inapropriado?

Direitos autorais:

Formatos disponíveis

Internal Audit 301

Enviado por

Direitos autorais:

Formatos disponíveis

Governance, Risk Management & Compliance

Governance, Risk Management & Compliance

Governance, Risk Management & Compliance

Governance, Risk Management & Compliance