Finance. Human resources. Health and safety. Compliance Procurement. Corporate affairs. Sales and marketing. Public relations Commercial development



Similar documents
Risk management and risk based internal auditing

Effective Internal Audit in the Financial Services Sector

Effective Internal Audit in the Financial. Services Sector. Non Executive Directors (NEDs) and the Management of Risk

Internal Audit Quality Assessment Framework

Procurement Performance model

IHEEM WORKING WITH YOU TO DEVELOP YOUR CAREER

quality, health & safety and environment training and consulting

An insight into the salaries of management system auditors around the world

Professional Indemnity Proposal Form Business & Management Consultants

About ACCA. Global infrastructure

Management Liability Policy Employment practices liability only

Qualification Number: 601/6551/0 Purpose Statement Version 2.0 published 22 April 2016

Downloaded from Datalog

FIRST DATA CORPORATION PROCESSOR DATA PROTECTION STANDARDS

Association for Project Management Business Management System

CAMBRIDGE CITY COUNCIL

Excess Professional Indemnity. Policy document

Excess Professional Indemnity policy

What is the ACCA Approved Employer Programme?

The Audit Plan for West Mercia Energy Joint Committee

We are the nursing and midwifery regulator for England, Wales, Scotland, Northern Ireland and the Islands.

Academic Associate application form

Food Safety and Quality Management Skills. Providing accredited training and education to the Food Industry

SCRUTINY COMMITTEE ITEM MARCH 2012

The City Foundation Course ILM Level 5 Certificate in Leading with Integrity

Understanding corporate statements

Corporate Governance and Risk Management Agenda

Report of the 2013 salary survey of the IP profession

Roger Dickinson, ICSA

Programme Specification: MSc Audit Management and Consultancy

Regulatory Standards of Governance and Financial Management

Brighton and Sussex University Hospital NHS Trust

To join Achilles UVDB, visit call +44 (0) or

Effective Date of this Endorsement: Endorsement No. Company: Chubb Insurance Company of Europe SE. To Be Attached To & Form Part of Policy No.

KING III CORPORATE GOVERNANCE COMPLIANCE REGISTER

Explanation where the company has partially applied or not applied King III principles

CAFOD s People In Aid Code of Good Practice Audit Report

Directors & Officers Liability (D&O) Insurance. Benchmarking Report 2013

Tech Partnership Training Fund

Corporate Governance Statement 21 October 2015

PUBLIC HEALTH WALES NHS TRUST CHIEF EXECUTIVE JOB DESCRIPTION

Application of King III Corporate Governance Principles

Excess Directors and Officers Liability. Policy document

WILLIS RETAIL PRACTICE REDUCING THE COST OF RISK

Tech Partnership Training Fund

Internal Audit and supervisory expectations building on progress

Student Handbook. Chartered Institute of Customer Relationship Management Africa

Directors & Officers Liability Insurance for Financial Institutions

the role of the head of internal audit in public service organisations 2010

ACCA is the global body for professional accountants with 428,000 trainees and 162,000 qualified members in 170 countries.

Report of Don McLure, Corporate Director of Resources

Institute of Leadership & Management. Creating a coaching culture

The Diverse Law Firm.

Level 2 Certificate in International Trade and Logistics Operations ( )

Professions TechGuard Proposal Form

Helping you meet your global objectives. Helping you grow PRECISE. PROVEN. PERFORMANCE.

THE CERTIFICATE OF THE COMPTROLLER AND AUDITOR GENERAL TO THE HOUSE OF COMMONS

Application of King III Corporate Governance Principles

DIPLOMA IN BUSINESS RISK MANAGEMENT

(FOR THE HANDLING AND PROCESSING OF MOBILE PHONES AND OTHER MOBILE DEVICES SO AS TO ENSURE THAT THOSE DEVICES IDENTIFIED AS STOLEN ARE HANDLED IN

How To Get Professional Indemnity Insurance

DTZ Corporate Finance Limited Pillar 3 Disclosures as at 30 April 2009

EUROPEAN CONFEDERATION OF INSTITUTES OF INTERNAL AUDITING (IVZW)

CHIEF EXECUTIVE INFORMATION PACK

Quality Assurance Checklist

Education and Training Committee, 10 March Professional indemnity insurance. Executive summary and recommendations.

Membership for those with an MBA qualification. Membership of the CIPD Application form

JEDDAH, KSA JANUARY Organized by UBT University of Business and Technology and CEC Continuous Education Center in partnership with Leoron PDI

Investment Performance Analysis Market Practices and Industry Trends

Electricity Settlements Company Ltd Framework Document

Property & Casualty. Flexible insurance for retail chain stores

DIPLOMA IN DIPL FORENSIC ACCOUNTING

I. Personal data and its use in the business to business environment.

Professional Indemnity Insurance for Accountants. Proposal Form

Advanced Certificate in Human Resources

Accountants Professional Liability Insurance Proposal

Audit Committee Terms of Reference

Application for membership

Property Management (Factoring) Policy. Approval date July 2014 Review date July 2017 Approved by Link Group Board.

Measuring your capabilities in Workplace Safety Management

Construction Professional Liability Insurance Proposal

Consulting. Strategy, Consulting, Advisory

REPORT OF THE DIRECTOR AND FINANCIAL STATEMENTS FOR THE YEAR ENDED 31 DECEMBER 2014 FOR BRUNSWICK ROAD (PIRBRIGHT) RESIDENTS COMPANY LIMITED

REPORT OF THE DIRECTORS AND FINANCIAL STATEMENTS FOR THE YEAR ENDED 31 MARCH 2015 FOR THE UK ASSOCIATION OF LETTING AGENTS LIMITED

MCB MANAGEMENT CONSULTANTS LIMITED Financial Accounts REGISTERED NUMBER: (England and Wales)

RUSSELL REAL ESTATE ADVISERS, INC.

Annual Report and Accounts 2013

Specialising in Hospitality, Retail & Sales Recruitment

Professional Indemnity Insurance for Security Companies Proposal Form

Charity Audit Committee performance evaluation Self assessment checklist. October 2014

Survey of Property Asset Management in Central Government

Contractors Choice. Professional Indemnity Supplementary Proposal Form September 2013 Edition

Assignment Brief. Director of Executive Education Cambridge Institute for Sustainability Leadership

Captive & Insurance Management

NSF-DBA Medical Device Diploma. Learning through doing with experts at your side

Corporate governance standards

An Alternative Method for Maintaining ISO 9001/2/3 Certification / Registration

IT Risk Closing the Gap

Information Commissioner's Office

The Code: Standards of conduct, performance and ethics for nurses and midwives

Transcription:

Heads of Internal Audit Service Benchmarking Report Document Control Introduction This report contains an analysis of results for the survey entitled: Document Control. The survey asks heads of internal audit to comment on the way their organisations identify, structure, approve, issue and coordinate controlled documents. The results include answers from all respondents who took the survey in the 14 day period from Wednesday, 2 to Tuesday 16. A total of 23 completed responses were received to the survey during this time. The majority of responses have come from organisations based in the UK and Ireland with a 2:1 split between the private and public sectors. Many of the private sector companies operate on an international basis with operations in the European Union (65%), North America (57%) and Asia (52%). The size and turnover of participating organisations is broad. The largest groupings are organisations with 2,500 to 5,000 staff and organisations with annual turnover between 1bn and 5bn, both of which represent 26% of respondents. Organisation wide policies and procedures Most organisations (91%) have a controlled set of policies and procedures that people must adhere to. While Finance and Human Resources are the most likely areas to have detailed policies and procedures there is a wide range of other categories as shown in the chart below. In which categories of risk does your organisation have policies? Finance Human resources Health and safety Compliance Procurement Corporate affairs Sales and marketing Public relations Commercial development Clincial research Pharmacovigilance Other 0 5 10 15 20 25

Programme and project management, customer information, contracts approval and grants make up the other category. We have not discerned any association between the size, structure and type of organisation to the total number of policies per organisation. Nor is there a particular pattern between the type of organisation and specific policies. Organisations appear to create policies according to their specific needs and circumstances. Identification, scope and approval of controlled documents There are mixed results regarding who has responsibility for identifying the need for controlled policies and procedures. For 22% this is done centrally. Most of these organisations are within the public sector. A further 35% rely on subsidiaries and departments to identify the need. Most of these are private sector organisations. The majority, 43%, apply a combination of the two methods. A similar mixed pattern has emerged with regard to who determines the scope and content of controlled documents and who approves controlled documents, as shown in the table below. Designation Determination of the scope and content of controlled documents Approval of controlled documents Board of directors or executive committee Named individuals e.g. Chief executive, Company secretary Head of entity subsidiary or department 11% 11% 11% 23% 11% 0% Combination of the above 61% 50% Not clearly stated 6% 16% It is noticeable that none of the organisations surveyed have specifically indicated that a Head of Entity is allowed to approve a controlled document. Unfortunately, it is not possible to tell from the results whether or not this happens as part of the combination of methods. The approach to updating controlled documents is equally split between periodic reviews and ad-hoc reviews as and when required. Management and communication of controlled documents About one-third (35%) of organisations use some form of software system to manage controlled documents. All of these are private sector organisations, most of which have an annual turnover greater than 500m and more than 1000 staff. There is an equal split between purchased software packages (13%) and tailored software packages (13%) with a slightly smaller number using in-house designed software (9%). Most of the organisations are reasonably satisfied with the approach they have adopted. Organisations tend to use a combination of specific notifications that controlled documents have changed and periodic reminders about the existence of controlled documents to keep people informed. August 2009 Page 2

Compliance with policies and procedures The final section of the survey is concerned with the way organisations gain assurance that controlled documents are being applied. The following chart shows the various methods and the extent of their application: Who provides assurance that entities comply with policies? 22% 13% 4% Internal audit 34% 96% Other internal assurance reviewers Annual sign-off required by line management Other external assurance reviewers 56% 56% On-line testing/self assessment of employee understanding Annual sign-off required by all employees Other All of the organisations, bar one, use internal audit to verify compliance. However, this organisation in the other category pointed out that it uses a three lines of defence model that requires internal audit to provide independent assurance. The other noteworthy aspect is that more than half of all organisations place some responsibility on line managers to provide assurance there is adherence to polices and procedures. Some organisations also highlighted that controlled documents fall within the remit of its quality system and are subject to assurance checks by internal and/or external assurance providers. Conclusions Most organisations have a controlled set of polices and procedures to specify how operations should be conducted. The activities this applies to vary between organisations but as a minimum there likely is to be controlled documentation in the areas of Finance and Human Resources. Approval of the policies and procedures tends to take place at high level such as board of directors, executive committee, chief executive, other senior executive or some combination of this group. Internal audit is the main source of assurance that controlled documents are being applied but most organisations have other forms of assurance and there may be need for internal auditors to develop a working relationship with these providers. In the first instance this may be a simple case of coordination but for some organisations internal auditors may be required to review the reliability of the other assurance providers. August 2009 Page 3

Copy of survey issued to Service members Document Control A member of the Heads of Internal Audit Service (HIAS) is currently reviewing his company s Document Control process. He is particularly interested to learn how other organisations identify, structure, approve, issue and coordinate controlled documents. 1) What is your industry sector (choose one from this list): Banks and building societies Insurance Other financial services Food and drink Manufacturing and engineering Media and leisure Retail Telecommunications Utilities High technology Pharmaceutical/Life Sciences Other private sector Voluntary/charity Education Central government Local government Health Other public sector None of the above 2) Where is your organisation's headquarters? UK Ireland Outside the UK and Ireland 3) What countries/continents do you operate in? UK Ireland Rest of Europe (EU) Rest of Europe (non EU) North America Central America South America Africa Asia Australia/New Zealand Pacific Page 4

Copy of survey issued to Service members 4) What is the turnover or gross revenue spend of your organisation? (provide the worldwide total for multi-national organisations) up to 50 million or 57 million 51m - 100m or 58m - 115m 101m - 200m or 116m - 230m 201m - 350m or 231m - 402m 351m - 500m or 403m - 575m 501m - 1bn or 576m - 1.15bn 1bn - 5bn or 1.15bn - 5.75bn 5bn - 10bn or 5.75bn - 11.5bn Over 10bn or 11.5bn 5) What is the total number of employees in your organisation? (if your organisation is international or has multiple divisions, your answer should cover only that part of the organisation which your internal audit services cover) less than 101 101 to 200 201 to 500 501 to 1,000 1,001 to 2,500 2,501 to 5,000 5,001 to 10,000 10,001 to 25,000 25,001 to 50,000 over 50,000 6) How many entities does your organisation have? (typically a subsidiary for a private company or a department for a public sector organisation) Less than 10 10-50 51-100 101-300 301-500 501-1000 More than 1000 7) Do you have a controlled set of organisation wide/global policies and procedures that all entities must adhere to (Controlled Documents)? Yes No Don't know 8) In which categories of risk does your organisation have policies? Finance Sales and marketing Information technology Compliance (legal, code of ethics, policies) Health and safety Clinical research Human resources Business development Commercial development Procurement Pharmacovigilance Corporate affairs Public relations None Page 5

Copy of survey issued to Service members 9) Are entities responsible for identifying the need for local Controlled Documents (Policy or Standard Operating Procedure)? Yes, entities identify the need for local controlled documents No, the need for controlled documents is established at the global level A combination of the above 10) Who is responsible for determining the scope and content of Controlled Documents in the organisation? Board of directors or executive committee Named individuals e.g Chief executive, Company secretary Head of the entity - subsidiary or departmental head Combination of the above Not clearly stated 11) Who approves the issue of Controlled Documents in the organisation? Board of directors or executive committee Named individuals e.g Chief executive, Company secretary Head of the entity - subsidiary or departmental head Combination of the above Not clearly stated 12) What is the approach for updating Controlled Documents? Ad-hoc, based on identified need for update and development Periodic review of policies None 13) How are people informed about Controlled Documents? Periodic reminders about the existence and location of policies A notification when changes are made to policies Through the induction process for new employees A combination of the above No specific communication 14) Does your organisation use software to manage Controlled Documents? Yes: developed in-house Yes: off the shelf package Yes: tailored package No 15) Please indicate how satisfied you are with the software product very dissatisfied dissatisfied reasonably satisfied satisfied very satisfied highly satisfied 16) Please specify the software product you use Page 6

Copy of survey issued to Service members 17) Who provides assurance that entities are complying with the requirements of Controlled Documents (please tick all that apply)? Annual sign-off required by line management Annual sign-off required by all employees On-line testing/self assessment of employee understanding Internal audit Other internal assurance reviewers Other external assurance reviewers 18) Please provide any further comments about Document Control in your organisation or Document Control in general that may be relevant. 19) If you are willing to be contacted on this subject by the author please include your telephone number or email address below - thank you Data Protection Notice Thank you for completing the survey, your views and opinions are very important. Your response will be treated in total confidence. Completed questionnaires will be processed only by the Institute of Internal Auditors - UK and Ireland (IIA) using Vovici EFM Continuum software and will not be disclosed to any other third parties. By submitting this questionnaire you consent to our processing of your sensitive personal data for these purposes. Page 7

The Institute of Internal Auditors UK and Ireland The IIA is the only body focused exclusively on internal auditing and we are passionate about supporting, promoting and training the professionals who work in it. We have been leading the profession of internal auditing for over 60 years. The IIA plays an active role in the public arena, building awareness of internal auditing, promoting members interests and challenging organisations to reach the highest standards of corporate governance Our International Standards and Code of Ethics unite a global community of 160,000 internal auditors in 165 countries. We are committed to enhancing the recognition and professionalism of internal audit in the UK and Ireland, through: Dynamic leadership of the profession which maximises the reputation and influence of our members, both individually and collectively Setting performance benchmarks and promoting professional integrity through our International Standards and Code of Ethics Continually developing our qualifications so that their high quality and reputation is maintained, Providing technical resources, networking opportunities and support to our members throughout their careers Maintaining our position as the market leader in internal audit training Informing. Inspiring. Assuring. About Heads of Internal Audit Service benchmarking reports The IIA recognises that heads of internal audit need specialist information and support to help them respond to the demands of a competitive and increasingly regulated business climate. The Heads of Internal Audit Service is an exclusive service designed specifically for the leaders of the profession to keep them up to date, provide networking opportunities with like-minded professionals and to discuss successes and concerns in confidence with their peers. Other services include access to technical updates, a monthly e-bulletin, a programme of forum meetings and specifically commissioned research. The benchmarking reports are designed to help members make the most of the Service s networking opportunities. Service members can pose a question to other members to help them identify best practice on a particular issue. Questions for consideration can be emailed to chris.baker@iia.org.uk or technical@iia.org.uk Disclaimer This material is not intended to provide a definitive answer to addressing specific individual circumstances and as such is intended to be used only as a guide. The IIA recommends that you always seek independent expert advice relating directly to any specific situation. The IIA accepts no responsibility for anyone placing sole reliance on this guidance. www.iia.org.uk The Institute of Internal Auditors UK and Ireland Ltd 13 Abbeville Mews, 88 Clapham Park Road, London SW4 7BX Tel 020 7498 0101 Fax 020 7978 2492 Email technical@iia.org.uk Registered in England and Wales, no. 1474735 Information can be made available in other formats

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information