Risk & Assurance. Tailored to your needs. Internal audit solutions

Transcription

1 Risk & Assurance Tailored to your needs Internal audit solutions

2 Internal audit solutions The need for internal audit has never been as urgent as it is today. Unmanaged risks can literally cause the demise of a business. Dealing with such problems diverts managers from developing the business and driving it forward. Boards and audit committees need to ensure that their internal audit is up to the challenge. A complete range of internal audit services, advice and software for business. A successful audit service will give management an objective assessment of the risks facing the organisation and how well they are being managed. It will receive recognition for the value it adds by constructive, timely advice to management as well as positive assurances on control. Horwath Clark Whitehill, the UK member of Horwath International, offers a complete range of risk and audit solutions for all organisations, tailored to their size, business sector, geographical spread and regulatory requirements. Our audit service focuses on delivering the assurances you need in a way that fits in with your organisational culture and finding ways in which your business can become more efficient. Whether you have an established internal audit department or are looking for a bought-in solution, the experience of our Risk & Assurance specialists in risk management, audit strategy, audit delivery and the provision of software can help you enhance the effectiveness of your control systems, allowing you to concentrate on the main objectives of your business.

3 Audit Experienced auditors to provide the assurances that you need about the effectiveness of your controls Advice In-depth knowledge of methodologies, tools and audit standards based on best practice in a wide range of sectors Automation The market-leading integrated system of risk and audit management tools, combined with computer assisted audit techniques

4 Value adding Process Our audit methodology brings together the streams of Risk Based Internal Audit, Key Controls testing and Thematic Reviews. These three approaches to audit testing ensure that the review programme is always relevant to management concerns. With quality assurance built in to every stage of the process you can be confident in the reliability of the audit. Knowledge The effectiveness and efficiency of individuals is enhanced by access to the knowledge base contained in our extensive Audit Resource Management System. This contains sample audit procedures for a wide range of environments and enables our staff to focus quickly on the procedures that need to be present in a well controlled business.

5 elements of audit People The Horwath service is built upon the quality of the individuals involved in its delivery. We recruit audit staff with an impressive blend of technical and personal skills and invest in their continuing training and development. Our risk management consultants are specialists in their fields, dedicated to excellence in the advice they provide. Technology Our market-leading risk and audit management software is used by major commercial, government and financial institutions both within the UK and across the world. We will use the Galileo audit system to manage and document all of our audit work. We can also design an integrated service that gives you access to the Magique system for recording and managing your risks.

6 Risk Based Internal Auditing For organisations that believe taking calculated risks is an essential part of success in business, a risk-based approach to internal control makes good sense. This involves embedding risk management at the heart of every activity. Such organisations need to establish a record of how business units deal with their most important risks and establish a method of confirming that the related controls are operating as intended. Risk assessment Our Risk & Assurance group can analyse your requirements and provide a tailored version of the Magique software to manage your risks. The system is available to authorised users over the internet, using conventional browser software. The principal features of the risk management system include: organisation of risks following corporate structure identification and assessment of risks according to an agreed methodology tracking of required actions where risks are not acceptable full accountability through allocation of ownership of risks and controls review intervals to allow regular updating of risks at manageable volumes comprehensive reporting facilities, including key item reports, heat-maps and trend monitoring. Assessments are made of the risks facing the business before and after taking account of the controls that are in place. Actions are agreed for unacceptable residual risks, responsibilities are allocated for those actions and a monitoring process is put in place to ensure that the actions are followed through. Gaining assurance about controls The effectiveness of internal controls is regularly reviewed, in part by reports submitted through the risk management system and in part by internal audits. Audit reviews are scheduled to achieve the most efficient coverage of key risks and the related controls. This may be by business unit, department or any other convenient category. Audits focus on: controls that contribute most towards risk reduction controls that have been identified as essential for every business unit specific areas of interest to management where risk indicators show that more controls may be required or that expected controls may not be working effectively. After each audit reports are produced highlighting recommendations for improvement in control and summarising those controls that appear to working effectively.

7 At the end of the year, the Head of Internal Audit or our internal audit partner will give an opinion on the robustness of the risk management process and summarise the results of audits carried out during the year. This report supports the Audit Committee s report to the Board on Internal Control, which in turn informs the statement made in the annual report. Benefits of Risk Based Internal Auditing When a risk management system and an internal audit programme is established as part of the management processes within an organisation: information about risks and controls is immediately available to managers throughout the group actions required to improve controls are linked to individuals and target dates, enabling them to be tracked through to implementation representations by control owners about their effectiveness introduces a new level of accountability relevance of internal audits is improved as they are planned in advance, based on the criticality of controls, suspected problems or organisation-wide themes information about the structure of controls is available to external auditors, giving greater efficiency in planning, auditing and reporting.

8 Effective Internal Audit Process Audit Committee approved Outcome oriented Risk aligned Geared to positive reporting Aligned with recognised standards Knowledge Audit Resources Management System Sector knowledge bases Updating procedures Audit Committee briefings Knowledge transfer

9 People Specialist internal auditors Motivated professionals Client focused Ongoing training Sector specialisms Technology Market leading software Integrated risk and audit Planning flexibility Real-time review Online access to key issues

10 Specialist services In addition to the core internal audit services, we provide a range of specialist services which are relevant to internal audit departments and to organisations without an established internal audit function. Our services are supported by the market-leading Magique and Galileo software. Governance reviews Risk management, internal control and internal audit are integral elements of a sound system of corporate governance. A review of corporate governance is useful as a precursor to making decisions about the detailed arrangements for risk management and audit. We are familiar with the governance requirements of the major regulators in the UK and overseas. Internal Audit establishment Our experience in helping many organisations develop and update their audit methodologies, combined with our own practical experience of internal audit, makes us an ideal choice to assist in setting up internal audit departments, or to advise on restructuring. We undertake audit needs assessments, initial staff interviews, preparation of audit documentation standards, methodology guides and interim audit management.

11 Outsourced service reviews Organisations that provide an outsourced service, such as payment systems, accounting services or pensions administration often need to satisfy their customers and their auditors that effective controls are in place. We undertake reviews of such services to satisfy the requirements of ISA 402, SAS 70 and AAF 1/06. IT Audit IT specialists are available to carry out IT audit procedures as part of a fully outsourced internal audit programme or as a resource to in-house internal audit departments that do not have their own IT audit resource. Typical areas for review include IT strategic planning, complex application control frameworks, information security, data management, IT project management, operational integrity, disaster recovery and IT governance. Business data analysis Auditors frequently find instances of transactions that are invalid, but may not have the necessary resources to be able to determine how many similar instances are present in the audit population. Our specialists use advanced data interrogation tools to review total audit populations for potentially invalid transactions, such as duplicate payments or invalid salary payments. External Quality Assessments To comply with s 1312 of the IIA standards each internal audit function is required to have an external quality assessment performed by an independent assessor at least once every five years. Horwath Clark Whitehill have experienced assessors with the objectivity to appraise the function and provide value adding suggestions relating to effectiveness and efficiency. Sarbanes Oxley reviews Horwath International member firms have frequently assisted US listed companies to meet the compliance requirements of the Sarbanes-Oxley Act as they relate to financial accounting. Similar requirements apply in other jurisdictions. Business Continuity Planning Business continuity is high on many of our clients priority lists. As such, it is a frequent audit topic. Additionally, we offer specific consulting assistance to develop and implement Business Continuity Plans, with the emphasis on controlled continuing operations during the recovery period.

12 Risk Management Software Magique is a flexible, integrated web-based system to assist organisations to record, quantify, assess and control risks. It has an extensive range of functionality to grow and evolve with your users and requirements. In addition to the register, the software includes a questionnaire system for Control Self Assessment, a Loss Events and Incident Management system and an Action Tracking system for recording and tracking additional remedial actions. The system supports a wide range of standard and custom reporting options to ensure your exact reporting requirements are met. Heat-maps by Business Unit, Category, Objective, Process and other key areas help manage risks within your appetite and provide drill-down functionality to investigate areas of concern. Exports to MS Word and MS Excel are available throughout the system. The powerful and easy-to-use Magique/Galileo Flex-Reporting tool is also available for end-user reporting. The system helps create a framework within which to achieve business objectives, ensures compliance with laws and regulations and reduces the overall cost of risk in the organisation. When integrated with the Galileo Audit Management System, it provides a full risk-based auditing methodology. Audit Management System Galileo is a fully integrated audit management, documentation and reporting system which can be tailored to suit the precise needs of an internal audit, investigations, compliance or other project oriented department. It covers: strategic and annual planning which ensures targeting of high risk areas whilst maintaining coverage activity monitoring and tracking ensuring problems and delays are identified and attended at the earliest time resource management, scheduling and time recording to ensure effective use of resources a working papers system with an extensive range of working paper types, review processes and automatic report production an issues tracking system which is optionally shared by the business users post audit surveys to gain feedback on the audit process. The OffLine Galileo module supports mobile auditors where connectivity is not available. The system provides a wide range of standard and custom multi-dimensional reporting options to ensure your exact needs are met.

13 Internal audit solutions Risk & Assurance Horwath Clark Whitehill LLP St Bride s House 10 Salisbury Square London EC4Y 8EH

14 Contact details For more information about Internal audit solutions, please contact: Risk & Assurance Horwath Clark Whitehill LLP Tel +44 (0)