MAKING INTERNAL AUDIT MORE CREDIBLE AND RELEVANT AUGUST 2011

Similar documents
DEVELOPING AN EFFECTIVE INTERNAL AUDIT TECHNOLOGY STRATEGY

The Institute of Internal Auditors 247 Maitland Avenue Altamonte Springs, FL USA

ENHANCING VALUE THROUGH COLLABORATION: A CALL TO ACTION GLOBAL REPORT JULY 2014

Standards for the Professional Practice of Internal Auditing

THE 2013 INTERNAL AUDIT COMPENSATION STUDY EXECUTIVE SUMMARY SEPTEMBER 2013

Internal Auditing Guidelines

ACL Audit Management Software Helps Demonstrate Audit Value to Leadership Team

Practice Guide COORDINATING RISK MANAGEMENT AND ASSURANCE

Establishing a Quality Assurance and Improvement Program

Internal Audit Practice Guide

DEFINING OUR ROLE IN A CHANGING LANDSCAPE

Metrics by design A practical approach to measuring internal audit performance

The IIA Global Internal Audit Competency Framework

LEVERAGING COSO ACROSS THE THREE LINES OF DEFENSE

INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING (STANDARDS)

INTERNAL AUDITING S ROLE IN SECTIONS 302 AND 404

B o a r d of Governors of the Federal Reserve System. Supplemental Policy Statement on the. Internal Audit Function and Its Outsourcing

Superior Sales Management

Internal Auditing s Role in Risk Management

Healthcare Internal Audit: In a Time of Transition

Internal Audit Capability Model (IA-CM)

INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING (STANDARDS)

Office of the Auditor General AUDIT OF IT GOVERNANCE. Tabled at Audit Committee March 12, 2015

RESEARCH REPORT. Internal Audit Capabilities and Performance Levels in the Public Sector

Quality Assurance Checklist

Talent Management Recruiting, Developing, Motivating, and Retaining Great Team Members

Practice guide. quality assurance and IMProVeMeNt PrograM

PwC Advisory Internal Audit. PricewaterhouseCoopers State of the internal audit profession study: internal audit post Sarbanes-Oxley*

Effective Internal Audit in the Financial Services Sector

The Framework for Quality Assurance

Audit of the Test of Design of Entity-Level Controls

A Look at the Varied Responsibilities of Internal Auditors. internal auditing: All in a days work

Professionalism does not occur overnight. Rather, it is a process that evolves out of focused commitment and dedication, ongoing study and

Internal Audit Standards

Internal Auditing: Assurance, Insight, and Objectivity

GREAT PLAINS ENERGY INCORPORATED BOARD OF DIRECTORS CORPORATE GOVERNANCE GUIDELINES. Amended: December 9, 2014

Board Governance Principles Amended September 29, 2012 Tyco International Ltd.

How quality assurance reviews can strengthen the strategic value of internal auditing*

INTERNAL AUDIT MANUAL

strategic workforce planning: building blocks to success

Internal Audit. Audit of HRIS: A Human Resources Management Enabler

The eight attributes. Delivering internal audit excellence as stakeholders expect more

Building a Strategic Internal Audit Function

Credit Suisse Portfolio Solutions. Personalized strategies to help you grow, preserve, and use your wealth

The Role of Internal Audit in Risk Governance

PRACTICE ADVISORIES FOR INTERNAL AUDIT

IIA POSITION PAPER: THE ROLE OF INTERNAL AUDITING IN ENTERPRISE-WIDE RISK MANAGEMENT

Enhancing Audit Technology Effectiveness Key Insights from TeamMate s 2014 Global Technology Survey

Getting to strong Leading Practices for value-enhancing internal audit By Richard Reynolds and Abhinav Aggarwal - PricewaterhouseCoopers LLP

Qualification in Internal Audit Leadership (QIAL ) Exam Syllabus

IPPF Practice guide. MeasurINg INterNal audit effectiveness and efficiency

Close Brothers Graduate Programme

Quick Guide: Meeting ISO Requirements for Asset Management

DATA ANALYSIS: THE CORNERSTONE OF EFFECTIVE INTERNAL AUDITING. A CaseWare IDEA Research Report

Revised Body of Knowledge And Required Professional Capabilities (RPCs)

PMO Director. PMO Director

Internal Audit Division

IT Risk Closing the Gap

RSA ARCHER AUDIT MANAGEMENT

Human Resource Strategic Plan

Internal Audit Reporting Relationships: Serving Two Masters. The IIA Research Foundation

Your asset is your business. The more challenging the economy, the more valuable the asset becomes. Decisions are magnified. Risk is amplified.

Chief Risk Officers in the Mutual Fund Industry: Who Are They and What Is Their Role Within the Organization?

IIA POSITION PAPER: THE ROLE OF INTERNAL AUDITING

Building a Strategic Internal Audit Function. A 10-Step Framework

SECTION B DEFINITION, PURPOSE, INDEPENDENCE AND NATURE OF WORK OF INTERNAL AUDIT

Public Sector Pension Investment Board

An Effective Approach to Transition from Risk Assessment to Enterprise Risk Management

Data Analysis: The Cornerstone of Effective Internal Auditing. A CaseWare Analytics Research Report

NORTH CAROLINA DEPARTMENT OF STATE TREASURER INVESTMENT MANAGEMENT DIVISION. External Investment Manager and Vehicle Selection Policy and Procedures

Human Resources Professionals in Canada: Revised Body of Knowledge and Required Professional Capabilities (RPCs )

INVITATION TO BECOME AN ASSOCIATE OF THE EDUCATION AND TRAINING FOUNDATION

M. RICHARD PORRAS CHIEF FINANCIAL OFFICER AND SENIOR VICE PRESIDENT

RISK ADVISORY SERVICES. HYDRO UTILITIES Overview of Internal Audit & Control Services: 2014 Credentials

Internal Audit Quality Assessment Framework

Internal audit strategic planning Making internal audit s vision a reality during a period of rapid transformation

GLOBAL BANKING AND MARKETS

Building a Strong Organization CORPORATE GOVERNANCE AND ORGANIZATIONAL STRUCTURE

Internal Audit Quality Assessment. Presented To: World Intellectual Property Organization

Linking Risk Management to Business Strategy, Processes, Operations and Reporting

AUDIT OF READINESS FOR THE IMPLEMENTATION OF THE POLICY ON INTERNAL CONTROL

The Case for Sourcing Internal Audit ADVISORY

BUSINESS CONSULTING SERVICES Comprehensive practice management solutions for independent investment advisors

Hiring Challenges and Solutions

Maximising internal audit value

Talent Management Leadership in Professional Services Firms

A CFO s Guide to Corporate Governance

PRACTICE GUIDE. Formulating and Expressing Internal Audit Opinions

JSE Accredited to Audit JSE Listed Companies

Making Connections at ACCES Employment: Employer Engagement that Results in Success for Our Job Seekers

DESCRIPTION OF GOVERNANCE STRUCTURE

THE BANK OF NOVA SCOTIA. Corporate Governance Policies

2014 state of the internal audit profession study Higher performance by design: A blueprint for change

Public Sector Internal Audit Standards. Applying the IIA International Standards to the UK Public Sector

Transcription:

MAKING INTERNAL AUDIT MORE CREDIBLE AND RELEVANT AUGUST 2011

DISCLAIMER Copyright 2011 by The Institute of Internal Auditors (IIA) located at 247 Maitland Ave., Altamonte Springs, FL, 32701, U.S.A. All rights reserved. Published in the United States of America. Except for the purposes intended by this publication, readers of this document may not reproduce, redistribute, display, rent, lend, resell, commercially exploit, or adapt the statistical and other data contained herein without the permission of The IIA. ABOUT THIS DOCUMENT The information included in this knowledge report is general in nature and is not intended to address any particular individual, internal audit activity, or organization. The objective of this document is to share information and other internal audit practices, trends, and issues. However, no individual, internal audit function, or organization should act on the information provided in this document without appropriate consultation or examination. ABOUT THE AUTHOR Sally Chan, CMA, CGEIT, is the vice president of internal audit at the Alberta Investment Management Corp. (AIMCo). Before assuming her current position, Chan was an independent consultant specializing in operational efficiency and effectiveness, technology risk management, audit, and compliance services. Her former clients include Hydro One, Manulife, John Hancock Investments, and TD Financial Group. Chan has technology consulting experience in the financial services, manufacturing, energy, and educational sectors in China, Hong Kong, North America, and the United Kingdom. Chan is a regular contributor to current articles in IT risk and control, and the co-author of several books. She is an associate of the Institute of Chartered Secretaries and Administrators in Canada and a member of the Communities Committee of the ISACA/ITGI Board. 2

TABLE OF CONTENTS DISCLAIMER... 2 ABOUT THIS DOCUMENT... 2 ABOUT THE AUTHOR... 2 MAKING INTERNAL AUDIT MORE CREDIBLE AND RELEVANT: THE AIMCO EXPERIENCE... 4 MEETING THE INTERNAL AUDIT CHALLENGE... 6 THE COMPANY... 6 THE BEGINNING... 6 THE RESOURCE PLAN... 7 KEEPING UP TO DATE... 7 BUILDING CREDIBILITY AND CONFIDENCE... 8 ONE LAST WORD: LEARNING... 9 3

MAKING INTERNAL AUDIT MORE CREDIBLE AND RELEVANT: THE AIMCO EXPERIENCE Over the years, the scope of internal auditing has continued to evolve and expand. Internal auditors have seen a remarkable shift from traditional financial programs and compliance work to strategic and operational assurance efforts. Auditors also are expected to play a greater advisory role as a catalyst for business improvement and to sharpen organizational focus on emerging risks. 1 The 2011 PricewaterhouseCooper s (PwC s) annual State of the Internal Audit Profession Study revealed that strategic growth, emerging technologies, and increasing regulation were the three areas of concern among the internal audit professionals responding to the survey. 2 Cutting across these concerns was the lack of confidence in internal audit s ability to address these topics. A similar sentiment was expressed by chief audit executives (CAEs) participating in The Institute of Internal Auditors Research Foundation s (IIARF s) 2010 Common Body of Knowledge (CBOK) study. 3 According to responding CAEs, keeping up to date is among the most important competencies all auditors should possess. BUILDING CREDIBILITY AND CONFIDENCE In addition to continuously building credibility and confidence through value-adding audits and advisory services, the Alberta Investment Management Corp. has taken the following steps to help build relationships with stakeholders and enhance our credibility: Leveraging co-sourcer s knowledge and bringing industry best practices in-house. Increasing the external auditor's reliance on internal audit's work. Getting involved up front and early in process or program development. Real-time dynamic reporting. Balanced reporting on both good and bad news. Promoting a risk-based control culture across the organization. There is a significant correlation between staying current, having the ability to address emerging issues of importance to management, and inspiring the confidence of internal audit stakeholders. As internal audit organizations strive to transition from financial controls oversight to advising on a wide range of strategic, business, and compliance risks, it is imperative that they establish credibility with company leaders by demonstrating their skills and capabilities in these areas, There is SIGNIFICANT CORRELATION between STAYING explains the PwC 2011 study (p. 5). Similarly, It is imperative CURRENT, having the ability to ADDRESS EMERGING for internal auditors to examine current trends within the ISSUES of importance to management, and INSPIRING profession and be able to make recommendations within the THE CONFIDENCE OF internal audit STAKEHOLDERS. internal audit activity, adds the CBOK 2010 study. 4 1 Ernst & Young, Insights for North American Audit Committee Members, April 2011. 2 PwC s 2011 State of the Internal Audit Profession Study, April 2011, p. 3. 3 The IIA s 2010 CBOK Study The State of the Profession, Internal Auditor, April 2011, p. 3. 4 The IIA s 2010 CBOK Study The State of the Profession, Internal Auditor, April 2011, p. 53. 4

While the message is loud and clear, the challenges facing the internal audit profession also are daunting. The following is a case study of the actions taken by the Alberta Investment Management Corp. s (AIMCo s) internal audit function and our plans moving forward to be viewed as credible business partners and a relevant source of knowledge. 5

MEETING THE INTERNAL AUDIT CHALLENGE THE COMPANY AIMCo 5 is one of Canada s largest institutional investment managers. Established as a crown corporation on Jan. 1, 2008, AIMCo manages approximately C $70 billion in financial assets for 26 clients a diverse group of Alberta public-sector pension plans, endowment funds, and certain assets for the Government of Alberta. AIMCo is governed by an experienced board of directors and employs more than 250 investment and operations professionals. Leadership style, tone at the top, discipline, and organizational structure all support management s commitment to character, integrity, and high ethical values. THE BEGINNING AIMCo s internal audit function was established in 2009 in the midst of an organizational transformation. Consequently, internal audit took a bold step to seek approval from the audit committee to focus on independent advisory services to management as its primary responsibility in the first year. Advisory services ranged from reviews and commentaries on draft investment operations policies to providing advice on the implementation of IT governance framework and the selection of the external auditor for the Canadian Institute of Chartered Accountants Section 5970 certification. Shifting focus from regular audits to independent advisory services is a departure from the primary focus normally When independent advisory services TAKES PRIORITY expected of internal audit. In our initial audit planning, we over internal audits, it is important to CLEARLY questioned the value and relevance of after-the-fact findings COMMUNICATE that this approach does not in any way in point-in-time audits for a company in the midst of major IMPAIR THE AUDITOR S INDEPENDENCE AND business and organizational change. We concluded that OBJECTIVITY as defined in the audit charter. ongoing interactions with stakeholders and timely responses to the needs of management were the first orders of the day. To this end, we obtained up-front buy-in from the audit committee and senior executives notably the CEO, chief operating officer, and chief financial officer that providing independent, on-demand advisory services was the right approach at this time to allow governance, risk, and control considerations to be incorporated into business processes during their development. As the company was building its processes, internal audit built relationships for future cooperation through regular dialogue with management. Since 2010, internal audit has experienced an increased number of on-demand advisory requests from management while concurrently building an internal audit universe. Our proactive advisory approach varied from topical issues, such as testing procedures for daily forecasting of swaps to entity-level controls pertaining to delegation of duties. Internal audit also regularly received invitations from the human resources department and hiring managers to participate in many interviews for independent feedback. 5 www.aimco.alberta.ca 6

When independent advisory services takes priority over internal audits, it is important to clearly communicate that this approach does not in any way impair the auditor s independence and objectivity as defined in the audit charter. For example, AIMCo s audit charter specifically states that the audit activity does not preclude us from advising or consulting on risk management, control, and governance processes as long as the auditor does not design, implement, draft procedures, or operate in the areas subject to an audit. This is fully aligned with IIA Standards 1100 1130 and is consistent with practices employed by major accounting firms. In addition, it is equally important to communicate via the audit plan when the performance of internal audits will return as a core activity. THE RESOURCE PLAN All internal audit departments and, for that matter, all organizations regardless of size face the same challenges in their resource planning process: To achieve optimal value and operational efficiency within current budget and resource constraints. Many CAEs and internal audit professionals recognize the increasing sophistication of investment management in today s constantly changing landscape. While it is unrealistic for us to build investment subject-matter expert auditors in-house, we are ready to tap into the larger pool of specialists and audit firms employing staff with a broader, more varied expertise and proven track record than career internal auditors. All internal audit departments face the SAME CHALLENGES in their resource planning process: To achieve OPTIMAL VALUE and OPERATIONAL EFFICIENCY within CURRENT BUDGET and RESOURCE CONSTRAINTS. Building bench strength means seeking the right mix and complementary skill sets. Our basic premise is simple internal audits requiring specialized industry knowledge and expertise will be co-sourced. Regular knowledge transfer occurs during the audit, at which time an in-house internal auditor is assigned as co-auditor along with the co-sourcer and after the completion of an audit when audit procedures are updated. Figure 1 illustrates AIMCo s co-sourcing model. In our model, AIMCo retains in-house leadership in its co-sourcing arrangement. We believe in-house leadership is critical to our design of knowledge transfer and monitoring of service provider performance. More important, this model allows us to facilitate the alignment of audit activities with AIMCo s business goals, while maintaining confidential and privileged information in-house. With this co-sourcing model, we added flexibility to resourcing by not exclusively relying on one major co-sourcer. We set a budget for opportunistic recruiting and lined up potential on-demand, independent contractors to manage internal downtime and address contingency resourcing. 7

Figure 1: AIMCo s Internal Audit Staffing Model 8

KEEPING UP TO DATE Although co-sourcing provides us with global access to a wide range of highly specialized expertise and an opportunity to tap into the co-sourcer s best practices, keeping up to date is hardly easy. Not only must internal auditors become knowledgeable in areas that are aligned with their organization s business plan, they must also make that knowledge relevant to management and the audit committee. Having a global firm as a co-sourcer brings the required knowledge closer to home. It is an effective way to keep pace with the increasing sophistication of the investment management industry. History is full of CAUTIONARY TALES ABOUT TAKING BAD RISKS that can serve as GREAT CASE STUDIES for To put that knowledge to practical use in the context of the internal auditors to SHARPEN THEIR ACUMEN on business organization s business and maturity level is more of an art risk assessments. than a science. The co-sourcer may put the internal audit function in a better position to participate in discussions on new strategic initiatives and emerging markets, for example. But to meet the relevance and credibility challenge, the CAE must play a pivotal role in encouraging internal auditors to apply that knowledge, use it contextually for opportunities for future improvement, and advise audit staff on emerging risks. Keeping up to date does not mean that we don t look to the past. When looking back at history to glean lessons learned from others, in addition to asking the usual question, Can it happen to us?, we need to ask, Can it happen today? If not, why not? What has changed? History is full of cautionary tales about taking bad risks that can serve as great case studies for internal auditors to sharpen their acumen on business risk assessments. The same can be said of the success stories from others. The important aspect to keep in mind is that what works for one company may not work for another. Therefore, instead of posing the question, Can it happen to us?, we should ask, Will this success formula work for us given our appetite for risk? By looking back with an eye to the future, we can uncover a timeline that can serve as a continuum rather than a fixated point in the present. 9

BUILDING CREDIBILITY AND CONFIDENCE Credibility and confidence go hand in hand. In addition to continuously building credibility and confidence through valueadding audits and advisory services, we also take the following steps to help build relationships with stakeholders and, ultimately, to enhance our credibility: ON-THE-JOB CROSS TRAINING is an effective way to LEVERAGING CO-SOURCER S KNOWLEDGE AND change the traditional negative image of an auditor with a BRINGING INDUSTRY BEST PRACTICES IN-HOUSE. Our gotcha attitude. goal is to learn and share. To this end, we post topics on governance, risk, and control on our internal audit department s intranet home page. 6 In addition, we connect the businesses with appropriate external subject-matter experts on matters such as policies on the valuation of assets and external audits of blocker corporations. INCREASING THE EXTERNAL AUDITOR'S RELIANCE ON INTERNAL AUDIT'S WORK. Increasing reliance on internal audit's work helps to minimize business interruptions. This is accomplished through credible audit reporting and collaboration with external auditors during the audit planning and scheduling phase. GETTING INVOLVED UP FRONT AND EARLY IN PROCESS OR PROGRAM DEVELOPMENT. Instead of getting involved after the fact, where appropriate, internal audit will perform synchronized reviews with core teams and concurrent reviews of processes to provide timely input. DYNAMIC REPORTING. Reporting observations as they occur is always more valued by management than doing so after the fact. Because the production of audit reports takes time, we issue a series of audit briefs when matters arise requiring immediate management attention. BALANCED REPORTING. In each audit, every attempt is made to reinforce the balance of good news versus bad news. Reporting good news builds relationships, while reporting bad news in its proper context, along with thoughtful recommendations for improvement and early resolution, adds value. PROMOTING A RISK-BASED CONTROL CULTURE ACROSS THE ORGANIZATION. AIMCo s small audit department welcomes guest auditors, interns, summer students, and internal job rotations as part of its recruitment strategy to augment its current skill sets. We believe that on-the-job cross training is an effective way to change the traditional image of an auditor with a gotcha attitude to one that has an educational and partnering relationship perspective. Experience has shown us that credibility and confidence take a long time to establish. However, we are well on our way to establishing ourselves as credible, confident business partners. On the other hand, short-term displays of helpfulness, which enable us to enhance our relevance and are one of AIMCo s core values, are already evident in our work. 6 For example, the home page of the internal audit activity s knowledge center discusses three future-looking topics of interest to management and audit staff, such as: (1) replacing S5970/SAS70 with CSAE 3416 and SSAE 16; (2) an interview with Canada s Auditor General Sheila Fraser and her views on the challenges that lie ahead; and (3) the risks of Bringing Your Own Technology to the workplace. The knowledge center, which is available on AIMCo s intranet site, is refreshed quarterly. 10

ONE LAST WORD: LEARNING Internal auditors must be reminded that the current concerns addressed in the PwC 2011 study strategic growth, emerging technologies, and increasing regulation come with new risks and new rewards. Continuous learning with an eye on the future and a timely application of relevant knowledge to create value will help to enhance internal audit s credibility and confidence in the work we do. As Jack Welch stated, An organization s ability to learn, and translate that learning into action rapidly, is the ultimate competitive advantage. It is not a coincidence that another one of AIMCo s core values is learning. 11

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information