ECIIA Yearbook of Internal Audit



Similar documents
EUROPEAN CONFEDERATION OF INSTITUTES OF INTERNAL AUDITING (IVZW)

Sportmanagement SPM 06 Sportmanagement Band 3

Operations and Technology Management. Volume 12

Real Estate and Destination Development in Tourism

POSITION PAPER Improving cooperation between internal and external audit

DEUTSCHE NORM February 2004 DIN EN ISO {

RFID in Operations and Supply Chain Management

Analysis on European landscape & Match making tool for Photonics Industry & Research

Change Management in Tourism

Architecture. Young Talent. Award Rules. January Organised by:

Innovative Logistics Management

TOWARDS PUBLIC PROCUREMENT KEY PERFORMANCE INDICATORS. Paulo Magina Public Sector Integrity Division

Preventing fraud and corruption in public procurement

1. Perception of the Bancruptcy System Perception of In-court Reorganisation... 4

DEUTSCHE NORM June Plastics Determination of flexural properties (ISO 178 : 2001) English version of DIN EN ISO 178

Privileged user management

Operations and Technology Management. Volume 14

ERASMUS FOR YOUNG ENTREPRENEURS : A NEW EXCHANGE PROGRAMME

IMMIGRATION TO AND EMIGRATION FROM GERMANY IN THE LAST FEW YEARS

Fostering Entrepreneurship among young people through education: a EU perspective. Simone Baldassarri Unit Entrepreneurship

The Community Innovation Survey 2010 (CIS 2010)

Location Skills Audit

Towards a Cloud Computing Strategy for Europe Digital Assembly, June 17, Brussels.

72/ April 2015

EN ISO Safety of machinery Risk assessment. Sicherheit von Maschinen Risikobeurteilung Teil 1: Leitsätze (ISO :2007)

General requirements for bodies operating assessment and certificationlregistration of quality systems (ISOIIEC Guide 6ZA996)

ARE THE POINTS OF SINGLE CONTACT TRULY MAKING THINGS EASIER FOR EUROPEAN COMPANIES?

DEUTSCHE NORM August Steel wire for mechanical springs Part 3: Stainless spring steel wire English version of DIN EN

SURVEY ON THE TRAINING OF GENERAL CARE NURSES IN THE EUROPEAN UNION. The current minimum training requirements for general care nurses

QUEST improving the quality of urban mobility policies

International Compliance

MAPPING THE IMPLEMENTATION OF POLICY FOR INCLUSIVE EDUCATION

An enabling volunteering infrastructure in Europe: Situation Trends Outlook

Electricity, Gas and Water: The European Market Report 2014

ANTI-CORRUPTION COMPLIANCE SYSTEM CERTIFICATION

Supply Chain Performance Management

Capital Market Linkages: How to facilitate cross border trading?

Annual report 2009: the state of the drugs problem in Europe

DEUTSCHE NORM September 2003

Beer statistics edition. The Brewers of Europe

Electricity and natural gas price statistics 1

IMPEL. European Union network for the Implementation and Enforcement of Environmental Law

10TH EDITION MERGER CONTROL VADEMECUM FILING THRESHOLDS AND CLEARANCE CONDITIONS IN THE 29 EUROPEAN JURISDICTIONS

Metallic products Types of inspection documents

REPORT FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT AND THE COUNCIL

DRAFT ÖNORM EN

ÖNORM EN The European Standard EN has the status of an Austrian Standard. Edition: Standards group B

NEW PASSENGER CAR REGISTRATIONS BY ALTERNATIVE FUEL TYPE IN THE EUROPEAN UNION 1 Quarter

Basic banking services

Complexity Management in Supply Chains

Implementing the cooperation mechanisms of the RES directive current status and open questions

Alcohol Consumption in Ireland A Report for the Health Service Executive

Report on impacts of raised thresholds defining SMEs

Definition of Public Interest Entities (PIEs) in Europe

The SedNet project. Jos Brils. SedNet coordinator. Netherlands Organisation for Applied Scientific Research

Internationalization, digitalization and crisis management the new challenges of corporate communication

AMADEUS: Analyse MAjor Databases from EUropean Sources - A financial database of 4 million European companies, including Eastern Europe MODULE.

Labour Force Survey 2014 Almost 10 million part-time workers in the EU would have preferred to work more Two-thirds were women

SURVEY ON THE LONG-TERM PRESERVATION OF DIGITAL DOCUMENTS IN EUROPEAN LIBRARIES Monika Krimbacher Michael Neuhauser Martina Vogl

13 th Economic Trends Survey of the Architects Council of Europe

ERASMUS+ MASTER LOANS

Keeping European Consumers safe Rapid Alert System for dangerous non-food products 2014

Global Logistics Management

Finance. Human resources. Health and safety. Compliance Procurement. Corporate affairs. Sales and marketing. Public relations Commercial development

Global Pricing Study 2011: "Weak pricing cuts profits by 25%" Short summary

SC2 BIOECONOMY in Horizon 2020

Single Euro Payments Area

The Tax Burden of Typical Workers in the EU Edition. James Rogers & Cécile Philippe May (Cover page) Data provided by

Ownership transfer Critical Tax Issues. Johan Fall, Anders Ydstedt March, 2010

ERASMUS+ MASTER LOANS

Higher education in "Erasmus for all : Hopes and fears. Dr. Siegbert Wuttig, DAAD Brussels, 27 March 2012

168/ November At risk of poverty or social exclusion 2 rate in the EU28, (% of total population)

The Tax Burden of Typical Workers in the EU 27

PRIORITY RULES ON COMPENSATION FOR NUCLEAR DAMAGE IN NATIONAL LEGISLATION

The role of Internal Audit under Solvency II

SESAR. Luftfahrttechnologie - Auftaktveranstaltung zum 7. EU-Forschungsrahmenprogramm Wien, 4 Dezember 2006

Automatic Recognition of Full Degrees. Erasmus Student Network AISBL *1. Emanuel Alfranseder #2. February 2014

WE DELIVER YOUR SUCCESS. WORLDWIDE

ARE YOU A EUROPEAN CITIZEN LIVING IN BELGIUM? Come and vote for the European Parliament on 25 May 2014!

HEWLETT-PACKARD COMPANY 2011 EMPLOYEE STOCK PURCHASE PLAN ( ESPP )

European Union trading fees are still +113% higher than similar fees within the US

Solutions. Expertly addressing your software needs.

Università degli Studi del Piemonte Orientale Amedeo Avogadro

ORGANISATION FOR ECONOMIC CO-OPERATION AND DEVELOPMENT

Camden Asset Recovery Inter-Agency Network (CARIN)

Pan-European opinion poll on occupational safety and health

EuroRec ( )

The European Entrepreneur Exchange Programme

2 nd ENAEE Conference, Leuven, September 2013 European Master of Advanced Industrial Management in the EHEA

Energy prices in the EU Household electricity prices in the EU rose by 2.9% in 2014 Gas prices up by 2.0% in the EU

Statistical Data on Women Entrepreneurs in Europe

THE INTERNATIONAL FEDERATION OF PURCHASING AND SUPPLY MANAGEMENT. Your global network of procurement professionals

THE ETHICS HELPLINE Worldwide Dialing Instructions April 2012

Transcription:

European Confederation of Institutes of Internal Auditing (ECIIA) (Ed.) ECIIA Yearbook of Internal Audit 2009/2010: Best Practices for a Reliable Management Edition under special guidance of Bernd Schartmann With contributions by Neil Baker, Peter W. Bos, Marianna Calise, Simona de Luca, Robert Düsterwald, Javier Faleato, Kim Stormly Hansen, Anne-Marie Idrac, János Ivanyos, Søren H. Kongsbo, Ron W. A. de Korte, Giovanni Landolfi, Daniel Lebègue, Dr. Marcel Magnus, Dr. Arno Nuijten, Arthur Piper E R I C H S C H M I D T V E R L A G

Bibliographic information published by Die Deutsche Nationalbibliothek Die Deutsche Nationalbibliothek lists this publication in the Deutsche Nationalbibliografie; detailed bibliographic data are available in the Internet at http://dnb.ddb.de. For further information concerning this title please follow this link: ESV.info/978 3 503 12068 0 ECIIA ivzw European Confederation of Institutes of Internal Auditing ivzw Koningsstraat 109 111 bus 5 1000 Brussels Belgium Tel +32 2 217 33 20 Fax + 32 2 217 33 20 http://www.eciia.org ISBN 978 3 503 12068 0 All rights reserved Erich Schmidt Verlag GmbH & Co., Berlin 2009 www.esv.info This paper fulfills the requirements of the Frankfurter Forderungen of Die Deutsche Nationalbibliothek and the Gesellschaft für das Buch concerning the paper permanence and meets the tight regulations of American National Standard Ansi/Niso Z 39.48-1992 as well as ISO 9706 Typesetting: Steffan Gippert Printing and Binding: Druckerei Strauss GmbH, Mörlenbach

Foreword The last 12 months have been a period of turbulence and turmoil, with many organisations facing regulatory and financial failure. In many instances this has led to government bailouts and the partial nationalisation of some banks and other financial institutions. There is an increased focus on risk and corporate governance in many countries amendments to the Fourth, Seventh and Eighth Council Directives are looking to enhance corporate governance in the EU, including requirements for companies listed on EU exchanges to publish an annual corporate governance statement and to establish an audit committee. The financial market crisis has pushed boardroom governance and risk management to the top of the global political agenda. For many Heads of Internal Audit (HIA), this is their first experience of managing an Internal Audit function and delivering to management and the Audit Committee through a downturn. In today s turbulent environment, senior management have increased expectations of, and place more reliance on, HIA s to provide greater assurance and comfort. At the 2008 ECIIA Conference in Berlin, Mauro Di Gennaro (the outgoing ECIIA president) said that Internal Auditors needed to react to changing boardroom expectations of what the profession should deliver. In many cases that will mean Internal Audit departments moving beyond the traditional territory of financial control and putting a higher priority on strategic, operational and business risk. Indeed, recent surveys from the Institute of Internal Audit have noted that many internal audit departments have seen a change in focus onto emerging risks that are resulting from the changing economic conditions. For some Internal Audit departments, this increased focus and role has been part of their remit for some time for some Internal Audit departments this may be a new role to fulfil. Therefore it is crucial that as Internal Auditors we share the knowledge and skills that we have in order to grow and develop. Progress through sharing is the global motto our profession is dedicated to, and sharing the enormous knowledge we have throughout Europe is one of the most important objectives of our organisation. In that light, the ECIIA management board has decided to start a new initiative. We want to make excellent knowledge available to a wider audience. With this first ECIIA Yearbook, a collection of the best articles on Internal Audit, risk 5

Foreword management and corporate governance published in local IIA magazines throughout 2008, we take a further step in that direction. In this edition, you will find articles from Denmark, France, Germany, Hungary, Italy, Spain, the Netherlands and the United Kingdom on the impact of the credit crunch, new planned EU directives on auditing and corporate governance, the limitations of financial regulation, integrated auditing, implementing IT controls and many more.we hope that you find the articles informative, interesting and innovative. We would like to thank all the authors and other contributors to this project. We also would like to thank the international project team for making the publication of this Yearbook possible: Nicole Schneider-Brennecke, IIA Germany (project lead), Nicola Rimmer, IIA UK and Ireland and Emma Marcandalli, Protiviti. The ECIIA Yearbook Task Force was lead by Bernd Schartmann, CIA, President IIA Germany. We hope that you will find the ECIIA Yearbook useful. The ECIIA Management Board Elisabeth Styf, Sweden (President) Head of Internal Audit, Riskpolisstyrelsen Claude Cargou, France (Vice-President) CEO of Governis, Member of the Board of IFACI Bernd Schartmann, Germany (Project Lead) Executive Vice President, Head of Corporate Audit & Security, Deutsche Post DHL Mauro di Gennaro, Italy Chief Audit Executive & Compliance Officer, FIAT SpA Christian Van Nedervelde, Luxembourg Vice President, Internal Audit, SES Phil Tarling, UK & Ireland International Partner, RSM Bentley Jennison Tzvetan Tzvetkov, Bulgaria Head of Internal Audit Unit, Bulgarian National Audit Office Ali Sir Yardim, Turkey CIA, CFE, Chief Auditor, Istanbul Stock Exchange, Turkey 6

Our Vision and Mission To be the consolidated voice for the profession of internal auditing in a widely defined Europe by dealing with the European Union, its Parliament and Commission and any other European or global institutions of influence. To represent and develop the internal auditing profession throughout the wider geographic area of Europe and the Mediterranean basin. To represent the European internal auditing profession on the global stage in tandem and in consultation with IIA Inc. To promote the profession in economically emerging countries, as appropriate, within the wider geographic area of Europe and the Mediterranean basin. 7

Project Team Bernd Schartmann, (Head of Task Force) Executive Vice President, Head of Corporate Audit & Security, Deutsche Post DHL, Member of the Board of Management ECIIA, President of IIA Germany (Bonn, Germany) Nicole Schneider-Brennecke, (Project Lead) Press and Media Relations Manager, IIA Germany (Frankfurt am Main, Germany) Nicola Rimmer, Director, Mazars LLP and Council Member IIA UK and Ireland (London, United Kingdom) Emma Marcandalli, Director at Protiviti Italy, Head of the Editorial Committee - IIA Italy (Milan, Italy) 8

Table of Content Foreword... 5 Our Vision and Mission... 7 Project Team... 8 INTERNAL AUDIT MANAGEMENT Anne-Marie Idrac Internal Audit: A Difficult, Demanding Job that Needs to be Part of a Business Plan... 17 1 Audit as a Performance Lever... 17 2 The Relationship Between Internal Audit and Corporate Governance. 17 3 Fraud and Ethics... 18 4 Audit Plan and Risk Mapping... 18 5 The Internal Audit Report... 18 6 The Development of Internal Audit in the Public Sector... 19 7 The Role of the French Audit Office... 20 8 The Internal Audit Function... 20 9 Should Internal Audit be Regulated?... 21 10 What Message Would You Like to Send to Internal Auditors?... 21 Arno Nuijten What are the Hallmarks of a Successful Internal Auditor?... 23 1 Metaprofile Analysis (MPA)... 23 2 Tailored Approach... 24 3 The Metaprofile of an Internal Auditor... 24 4 Communication... 29 5 Conclusion... 29 INTERNAL AUDIT METHODOLOGY DIIR Project Group Project Management Audit Lead: Robert Düsterwald DIIR Audit Standard No. 4 Standard for Auditing Projects: Definitions and Rules... 33 1 Introduction... 33 9

Table of Contents 1.1 Importance of Projects to Companies... 33 1.2 Content of this Document... 35 1.3 Addressees... 35 1.4 Binding Nature of the Standard... 36 2 DIIR Definitions... 36 2.1 Definition of Projects... 36 2.2 Definition of Project Management... 37 3 Audit Areas and Audit Objects... 38 3.1 General Audit Areas in Projects... 38 3.2 Project Audit... 39 4 Project Audit Universe... 40 5 Audit Approach and Procedure... 45 5.1 General Approach... 45 5.2 Priority of Internal Audit... 46 5.3 Independence of Project Audits... 46 5.4 Criteria... 47 5.5 Preventive Approach... 47 5.6 Project-Supervisory Approach... 48 Dr. Marcel Magnus Client Auditor Feedback a Tool with Undesirable Side-Effects?... 49 1 Client Auditor Feedback... 49 2 Objective and Suitability of this Tool... 50 3 Lack of Construct Validity... 51 4 Dubious Conclusions... 52 5 Unwanted Side-Effects... 52 5.1 The External Impact... 53 5.2 The Internal Impact... 54 6 Conclusion... 57 Literature... 57 Peter W. Bos and Ronald W. A. de Korte Soft Controls: If you Think you have Worked it out, Think Again!... 59 1 Introduction... 59 2 Various Ways of Thinking about People, Organizations and Control... 60 2.1 Various Ways of Thinking about People... 60 2.2 Various Ways of Thinking about Organizations... 61 2.3 Various Ways of Thinking about Management Control... 62 3 The Impact of Different Ways of Thinking on Research... 63 10

Table of Contents 3.1 Way of Thinking and Parties Concerned... 64 3.2 Ways of Thinking and Models... 64 3.3 Ways of Thinking and Research Design... 64 4 Knowledge Skills and Curiosity... 65 INTERNAL AUDIT PRACTICES Søren H. Kongsbo Information About the Work of the IIA Committee on Quality... 69 1 Build Capacity... 70 2 Monitor Conformance... 71 Daniel Lebègue Essential Co-Operation in the Golden Triangle : Audit Committee, Board of Auditors and Internal Audit Function... 73 ETHICAL PRACTICES Marianna Calise, Simona de Luca Auditing Becomes Ethical... 81 1 Business Ethics... 81 2 What is an Ethics Audit?... 83 3 The Audit Programme... 84 4 An Opportunity for Auditors... 85 IT-AUDIT Kim Stormly Hansen End-User Applications yet Again... 89 1 What are EUAs and Why are they so Popular?... 91 2 Why are there Potential Problems with EUAs?... 91 2.1 Access Controls... 92 2.2 Change Management, Including Testing... 92 2.3 Documentation... 93 2.4 Backup and Archiving... 93 2.5 Verification of Input and Output Data, and Analysis... 94 3 What can the Company do?... 95 3.1 What... 95 3.2 How... 95 3.3 Allocation of Responsibility... 95 3.4 Records... 95 11

Table of Contents 3.5 Categorization... 95 3.6 Status... 96 3.7 Here-and-Now Protection... 96 3.8 What can an Auditor do?... 97 3.9 To Recap... 98 János Ivanyos Implementing COBIT based Process Assessment Model for Evaluating IT Controls... 99 1 Introduction... 99 2 COBIT Based Process Assessment Model... 100 3 Applying Enterprise Risk Management concept on IT Controls... 107 3.1 Objectives Setting... 107 3.2 Achieving Compliance Objective at Performed Process (Level 1)... 111 3.3 Achieving Reliable IT Operation Objective at Managed Process (Level 2)... 112 3.4 Achieving Effective and Efficient Operation Objective at Established Process (Level 3)... 113 3.5 Achieving Strategic Objective at Predictable Process (Level 4)... 114 4 Evaluating IT Control Process related Risk... 115 4.1 Setting Target Capability... 116 4.2 Analysing Control Process related Risk based on Gap Assessment... 116 5 Purposes of ISO/IEC 15504 conformant Process Assessment... 117 5.1 Process Capability Determination... 118 5.2 Reasons for IT Control Process Improvement... 118 5.3 Conclusion on effectiveness of IT controls... 118 References... 119 CREDIT CRUNCH IMPACTS Arthur Piper Capitalism in Free Fall... 123 1 Causes... 123 2 Governance Failure... 124 3 Pay Day... 125 4 Fragmentation... 126 5 Internal Audit... 128 12

Table of Contents Neil Baker System Error... 129 1 The Whistleblower... 129 2 The Policy Expert... 130 3 Camouflage... 133 4 References... 133 THE FUTURE OF INTERNAL AUDIT Giovanni Landolfi The Antidote in the Drawer... 137 1 Pay Attention to the Talking Crickets... 137 2 Surpassing the Probabilistic Approach... 138 3 The State of the Profession... 139 4 A New Paradigm for Internal Auditing... 140 5 Keynes and Musical Chairs... 142 Javier Faleato Recommendations from the Board of the IIA for Internal Auditors within the context of the present-day economic situation... 143 List of Authors... 147 13

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information