SELF-ASSESSMENT WITH INDEPENDENT VALIDATION

Similar documents
Practice guide. quality assurance and IMProVeMeNt PrograM

Department of Audit and Compliance. Quality Self-Assessment

Internal Audit Quality Assessment. Presented To: World Intellectual Property Organization

Establishing a Quality Assurance and Improvement Program

Quality Assurance Checklist

THE OFFICE OF THE INTERNAL AUDITOR STATUS UPDATE MARCH 11, 2014

Performance Measures for Internal Auditing

The Framework for Quality Assurance

Internal Audit Charters

Performance Expectations Program Director

Internal Audit Quality Assessment Framework

Office of Internal Audit Status Report BOARD OF TRUSTEES

B o a r d of Governors of the Federal Reserve System. Supplemental Policy Statement on the. Internal Audit Function and Its Outsourcing

Chapter 5 Responsibilities of the Board of Directors Structure of the Board

How quality assurance reviews can strengthen the strategic value of internal auditing*

SECTION B DEFINITION, PURPOSE, INDEPENDENCE AND NATURE OF WORK OF INTERNAL AUDIT

Internal Quality Assurance Arrangements

Motorola Solutions, Inc. Board Governance Guidelines (as amended October 17, 2013)

National Commission for Academic Accreditation & Assessment

PRACTICE ADVISORIES FOR INTERNAL AUDIT

INTERNAL AUDITING S ROLE IN SECTIONS 302 AND 404

Comptroller of Public Accounts Effectiveness of Internal Engagement May 1997

CHAPTER TEN. Quality Assurance and Quality Control MAINE RIGHT OF WAY MANUAL

Quality Assessment Report. Louisville Metro Government Office of Internal Audit. For. December 13, 2006

The Commonwealth of Massachusetts AUDITOR OF THE COMMONWEALTH

STT ENVIRO CORP. (the Company ) CHARTER OF THE CORPORATE GOVERNANCE AND NOMINATING COMMITTEE. As amended by the Board of Directors on May 10, 2012

CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS

BOARD OF EDUCATION OF BALTIMORE COUNTY OFFICE OF INTERNAL AUDIT - OPERATIONS MANUAL INTERNAL AUDIT OPERATIONS MANUAL

Internal Auditing Guidelines

Canada Media Fund/Fonds des médias du Canada

EUROPEAN CONFEDERATION OF INSTITUTES OF INTERNAL AUDITING (IVZW)

CSR / Sustainability Governance and Management Assessment By Coro Strandberg Principal, Strandberg Consulting

CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS OF LIVE NATION ENTERTAINMENT, INC.

QUAๆASSURANCE IN FINANCIAL AUDITING

Sound Transit Internal Audit Report - No

Audit, Risk Management and Compliance Committee Charter

Lauren Sundararajan, CFE, Internal Audit Manager

Quality Assurance. Policy P7

AUDIT COMMITTEE CHARTER THE BOARD OF DIRECTORS OF ALLIANCE SEMICONDUCTOR CORPORATION

Performance management program

Delivering Excellence in Insurance Claims Handling

1.1 Terms of Reference Y P N Comments/Areas for Improvement

COMPANY LEVEL CONTROLS A PRACTICAL FRAMEWORK

JAZZ PHARMACEUTICALS PLC CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS

INTERNAL AUDITING POLICIES AND PROCEDURES MANUAL

Inspection of Fazzari + Partners LLP Chartered Accountants (Headquartered in Vaughan, Canada) Public Company Accounting Oversight Board

Report of Don McLure, Corporate Director of Resources

ALLEGIANT TRAVEL COMPANY AUDIT COMMITTEE CHARTER

the role of the head of internal audit in public service organisations 2010

2011 Outcomes Assessment Accreditation Handbook

Arizona Association of Student Councils

The ADT Corporation. Audit Committee Charter. December 2014

UNIVERSAL AMERICAN CORP. CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS

J. W. Mays, Inc. Audit Committee Charter PURPOSE

Internal Audit Manual

Corporate Governance Principles

Unit purpose and aim. The Learner will: 1 Understand the structure of their organisation

IPPF Practice guide. MeasurINg INterNal audit effectiveness and efficiency

Internal Audit Division

AUDIT COMMITTEE OF THE BOARD OF DIRECTORS OF ADVANTAGE OIL & GAS LTD. CHARTER

Effective Internal Audit in the Financial Services Sector

The PNC Financial Services Group, Inc. Business Continuity Program

CAMBRIDGE CITY COUNCIL

Evaluation Reminders. For Team Chairs Evaluators, Financial Reviewers, And Generalists Institutions being Reviewed

ALAMOS GOLD INC. AUDIT COMMITTEE CHARTER

MANDATE OF THE AUDIT COMMITTEE FOUNDERS ADVANTAGE CAPITAL CORP.

GUIDELINES FOR ACADEMIC PROGRAM REVIEW For self-studies due to the Office of the Provost on October 1, 2016 RESEARCH AND SERVICE CENTERS

Manual Guide of The Induction Program for New Employees in the Federal Government

Mission Statement. Vision. Values. Introduction

Results and processes guide. Australian Government Australian Aged Care Quality Agency.

Governance, Risk and Compliance Charter

The Procter & Gamble Company Board of Directors Compensation & Leadership Development Committee Charter

Core Monitoring Guide

3.5 The findings from the review will be reported to the next meeting of the Audit and Assurance Committee.

Weber State University Information Technology

The Procter & Gamble Company Board of Directors Audit Committee Charter

Standards for the Professional Practice of Internal Auditing

SANDVINE CORPORATION (the "Company") CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS

COHERENT, INC. Board of Directors. Governance Guidelines

Business Analyst Position Description

Performance Management Overview

MetLife, Inc. Audit Committee Charter. (as reviewed October 27, 2015; as amended and restated effective October 27, 2015)

The IIA Global Internal Audit Competency Framework

Quality Manual ISO9001:2008

Disability Employment Services Quality Framework Advice V 2.0

FINDING THE RISK IN RISK ASSESSMENTS NYSICA JULY 26, Presented by: Ken Shulman Internal Audit Director, New York State Insurance Fund

Appendix G: Organizational Change Management Plan. DRAFT (Pending approval) April 2007

CHARTER PEOPLE S UNITED FINANCIAL, INC. AUDIT COMMITTEE

CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS

SunTrust Banks, Inc. Audit Committee of the Board of Directors Charter

Inspection of Chang G Park (Headquartered in San Diego, California) Public Company Accounting Oversight Board

ADOBE CORPORATE GOVERNANCE GUIDELINES

INTERNAL AUDITING POLICIES AND PROCEDURES MANUAL

U.S. Department of Education. Office of the Chief Information Officer

National Commission for Academic Accreditation & Assessment. Standards for Quality Assurance and Accreditation of Higher Education Institutions

NEW YORK STATE RACING AND WAGERING BOARD QUALITY OF INTERNAL CONTROL CERTIFICATION OFFICE OF THE NEW YORK STATE COMPTROLLER

Corporate Governance Guidelines of Ferrellgas, Inc., as the general partner of Ferrellgas Partners, L.P.

WHOLE FOODS MARKET, INC. Corporate Governance Principles, Board of Directors' Mission Statement & Role Definition. Effective September 6, 2012

The primary purposes of the Audit Committee shall be to:

Automated Office Systems Support Quality Assurance Plan. A Model DRAFT. December 1996

Transcription:

Chapter 3 SELF-ASSESSMENT WITH INDEPENDENT VALIDATION General Considerations An external quality assessment, outlined in Chapter 2, is the optimum means of complying with the requirements of IIA Standard 1312: External Assessments, and achieves the highest level of quality assurance, benchmarking of successful practices, and credibility for the IA activity. While an independent assessment with independent validation achieves maximum benefit for the activity, the selfassessment with independent validation provides an alternative means of complying with Standard 1312. A self-assessment with independent [external] validation includes a comprehensive and fully documented self-assessment process that will requires the CAE time and resources to complete the selfassessment work, and would normally provides limited attention to benchmarking, review, and consultation as to employment of successful practices. Interviews with senior and operating management may also be reduced. The principal features of the self-assessment with independent validation are patterned after those followed by an independent reviewer or review team, and include: 1. The self-assessment follows a quality assessment process similar to that set forth in Chapter 2, but is performed under the direction of the CAE by competent in-house audit professionals. A self-assessment preparation guide (Tool 1A) is included to assist in getting started. 2. The self-assessment must be documented adequately; it results in conclusions (by the self-assessment team and the CAE) as to the IA activity s conformity to the Standards, its charter, and other relevant criteria, as well as recommendations for improvement and plans for their implementation. A self-assessment guide that can assist with the selfassessment process is included with this Quality Assessment Manual as Tool 2A. This guide is modeled on Tool 2, Quality Assessment Advanced Preparation. 3. A report of the results of the self-assessment should be drafted (Tool 21) for presentation to the board (audit committee or other body with oversight of the IA activity) and senior management after review by the independent evaluator (see items 4 and 5). 4. A qualified, independent evaluator conducts interviews with the audit committee chair or other appropriate board member and several key senior executives and performs limited tests of the self-assessment and the draft report to the board and senior management to validate the results and serve as the basis for the evaluator s comments and, if appropriate, additional recommendations. 25

26 Quality Assessment Manual, 6th Edition 5. The evaluator expresses an opinion as to the adequacy of the self-assessment process and the indicated level of the IA activity s conformity to the Standards. The evaluator s comments are included in, or attached to, the report that is then presented to the board and senior management. Because IA activities differ so much in size, nature of authority and responsibility, scope of work, staff skills, and other features, a self-assessment program must be flexible and adapted to those differing conditions. This is similar to the flexibility appropriate to the external quality assessment described in Chapter 2. However, the principal steps outlined in this chapter will be needed in most cases and represent a starting point for planning the self-assessment project and design of the selfassessment program. Planning and Preparation The CAE should designate a manager-level or experienced senior audit professional to perform the self-assessment (or to lead the team). This person could be from the IA activity or someone with prior internal audit experience who is now working elsewhere in the organization. The project staffing and reporting for the self-assessment should be structured so as to ensure its credibility and objectivity. Whether one person or several conducts the review will depend on the size of the organization and the scope of the engagement. Planning and scheduling of the project, including scope, objectives, and documentation of the process in a planning memorandum, should be similar to that of a regular audit or consulting engagement. See Tool 1A, Preparation and Planning, which can also be used for an external quality assessment. As part of the planning process, the CAE and the person/team designated to do the self-assessment should review Tool 19, Standards Conformance Evaluation Summary, to ensure that they are aware of all aspects of what conformity to the Standards means. Early in the planning and preparation process, a qualified, independent evaluator should be engaged and scheduled to perform the validation phase of the self-assessment. Qualifications of the independent evaluator should be in line with those set forth in Chapter 2 (under the heading QA Team ). The CAE should ensure that the independent evaluator understands the general nature and scope of an external quality assessment as well as the specific responsibilities attached to the validation process for the self-assessment (and any limitations of its scope). The validator should have had special training or experience in conducting external quality assessments. The CAE should also agree with the independent evaluator on the logistics of the validation effort (i.e., how much of the work can be done off-site in advance, how long the on-site visit is expected to be, the form and content of the validation report, and administrative matters, such as payment of a fee and reimbursement of expenses). The principal matters to be addressed in the planning and preparation phase by the self-assessment team leader or team are these:

Chapter 3: Self-assessment with Independent Validation 27 1. Prepare relevant portions of the Self-assessment Guide (Tool 2A,) and the CAE Questionnaire (Tool 3,), considering all portions, but completing only those deemed necessary to the scope and other requirements of the self-assessment team. The related attachments and referenced documents (not attached, but available for review) should be reviewed to ensure they are complete and up-to-date (e.g., organization charts, charters, policy manual, risk assessment model and audit plans, analysis of audit plan accomplishment, and information on the IA activity s staff). As indicated above, the self-assessment process and the detailed attachments may be reduced to fit the needs of the self-assessment team and the independent evaluator. 2. Consider sending out Audit Client Surveys (Tool 4) and Internal Audit Activity Staff Surveys (Tool 5) or similar survey tools used by the organization to all of the IA activity s staff (or to a representative sample, if there are more than 20 staff members) and to a representative sample of the IA activity s customers/stakeholders (senior and operational management, appropriate board members, and others served by the IA activity). This step could be reduced or omitted, based on the extent to which similar surveys are routinely conducted by the IA activity and recent pertinent results are available. Structure the mailings and responses to protect the anonymity of survey recipients. 3. Summarize and analyze the survey responses, including comments, for subsequent use in enhancing interviews. Extract indicators of the IA activity s effectiveness, potential opportunities for improvement, significant trends or patterns, potential matters on which subsequent feedback or other communication may be beneficial, problems requiring resolution, suggestions for improvement, etc. See Chapter 2 (the section Audit Customer Survey, Staff Survey, and Summaries ) for further guidance. 4. Select a representative sample of audit and consulting engagements (taking care to include a variety of engagements across the types of services performed by the IA activity and inclusive of a wide range of the IA activity s staff) for a review of engagement planning, workpapers, supervision, results, and communications issued. Select several additional reports for review, including consideration of the adequacy and timeliness of implementation and follow-up. Interviews with IA Stakeholders and Staff (Optional See Independent Validation of the Self-assessment) If the IA activity regularly receives adequate feedback from its customers through post-audit surveys and/or periodic meetings, further interviews may not be necessary or may be reduced. They could also be reduced to the extent it is planned that the validator will be interviewing such persons (see below). The interview process should be coordinated with the validator so that the same people are not being contacted by both parties. However, if it is considered worthwhile to obtain further formal input from stakeholders, schedule interviews with selected members of the board, senior management, external audit firm management, and a representative sample of the IA activity s recent audit and consulting customers. Also, consider scheduling interviews with the IA activity s staff (all, or a representative sample, as appropriate).

28 Quality Assessment Manual, 6th Edition Carry out the interviews using the relevant interview checklists, as modified by questions arising from analysis of the surveys and other adaptations related to the nature of the organization, the responsibilities and scope of work of the IA activity, and similar relevant factors: 1. Audit committee chair and/or other selected board members Tool 6. 2. Executive to whom the CAE reports Tool 7. 3. Selected customers/stakeholders (senior and operational management), including some to whom surveys were sent Tool 8. 4. Partner (or other appropriate executive) from the external audit firm Tool 11. 5. All or selected IA activity staff Tool 10. Summarize and analyze the interview responses. Extract the opportunities for improvement and other items as discussed above regarding survey responses. Compare these results with those from the surveys and with data on the IA activity s relations with its customers (e.g., previous customer satisfaction surveys and periodic planning meetings) and staff (e.g., performance evaluation and career development sessions). Self-assessment Fieldwork The review program segments to be applied to the self-assessment are essentially the same as those used for an external quality assessment. These program segments are discussed briefly in Chapter 2 and more extensively in Chapter 5. The CAE and the self-assessment team leader should review and modify, as appropriate, the various program segments to be applied, and also determine that the files and other items to be reviewed are complete. The team leader (and team members) should perform the applicable program steps in assessing the following areas of the IA activity (reduced, as appropriate, based on knowledge and prior work by team members in these areas): 1. Departmental structure and organization, Tool 12 to determine the effectiveness of the IA activity s implementation of its charter, mission statement, goals, and similar documents, as well as to evaluate the organizational structure, policy manual, and processes to manage the function. 2. Risk assessment and engagement planning, Tool 13 to determine the extent to which the IA activity is aligned with the organization s enterprise risk universe, governance processes, management controls, decision support information, and accountability mechanisms. Also, to determine how effectively the IA activity applies its planning processes to make optimum use of its resources. 3. Staffing skills and experience, Tool 14 to assess of the sources, numbers, skills mix, continuing professional education, communications with staff, empowerment

Chapter 3: Self-assessment with Independent Validation 29 and management development practices, and other elements of the IA activity s management of human resources. 4. Information technology review, Tool 15 to give special consideration to the adequacy of the organization s management of technology and the IA activity s capability to cover those important functions. Also, as a review of the IA activity s recent coverage of information technology areas in the organization (either as part of the general assessment described in the next caption or as part of a separate information technology review using the relevant portions of Tool 17 to review selected information technology engagements). 5. Assessment of the IA activity s production and value added and reviews of individual engagements and reports, Tools 16 and 17 to assess the appropriateness of the planning, control, supervision, and use of resources on individual engagements; adequacy of documentation of audit and consulting services; form, content, and effectiveness of audit and consulting communications; and implementation follow-up. Self-assessment Results, Recommendations, and Implementation Plans The self-assessment team leader should prepare a summary review memorandum containing the major results/findings, with emphasis on the IA activity s opportunities for process improvement and enhancement of relations with customers (see Tool 21). In addition, the team leader should prepare (together with any other team members) an evaluation summary, Tool 19, and conclude as to the IA activity s conformity to the Standards (both individual standards and overall). Based on the foregoing information, the team leader, in coordination with the CAE, should prepare a draft report of the self-assessment, including action plans to implement the indicated opportunities to improve the IA activity s effectiveness. Also included in the draft should be any opportunities to enhance the organization s structure and processes that have been disclosed by the self-assessment. That report, after review and inclusion of comments (including those regarding conformity to the Standards) by the independent evaluator, should be sent to senior management and the board (audit committee or other appropriate oversight body). Independent Validation of the Self-assessment As indicated earlier, the logistics of the independent validation should have been arranged during the planning and preparation phase of the project. In accordance with those arrangements, the CAE should send the validator/validation team the self-assessment and other materials that can be reviewed off site and prepare for the on-site visit, which, in normal circumstances, should require two to three days. The principal elements of the independent validator s work program are summarized below:

30 Quality Assessment Manual, 6th Edition 1. Review the self-assessment and other advance materials and make notes of items for follow-up during the on-site visit, potential successful practices to consider (assuming this is within the scope of the independent validation), and other opportunities for improvement. 2. On site, review the documentation of the self-assessment, paying particular attention to the various program segments and memoranda on results, conclusions as to opportunities for improvement, and other action items. Perform limited tests by reference to source documents (such as workpapers of audit and consulting projects and audit planning documents), the self-assessment work, and the validity of the information submitted. Review the evaluation summary regarding conformity to the Standards and discuss the basis of the conclusions with the self-assessment team leader and CAE. Review the CAE s draft communication to the board and senior management on the results of the self-assessment. 3. To the extent practicable, conduct brief interviews with the CEO or other head of the organization, the executive to whom the CAE reports, the chair of the audit committee or other appropriate board member, and possibly one or two of the IA activity s customers/stakeholders. The purpose of these interviews should be to get an independent indication of such matters (to the extent they are appropriate to the scope of the independent evaluation) as to the effectiveness and credibility of the IA activity, the appropriateness of its authority and scope, opportunities for improvement, and other such matters. These interviews should be conducted by the independent validator to provide direct input from the highest levels of oversight and management. This provides needed checks and balances to ensure that input is received by the validator in undiluted fashion and provides the validator independent input to compare against the survey results and the self-assessment report. The validator should use the same interview guides (Tools 6 11, Appendix B) mentioned in the earlier section on interviews, page 26. 4. Prepare a memorandum to serve as the basis of a closing conference with the selfassessment team leader and the CAE. The memorandum, to be transformed subsequently into a formal validation report, should be a summary of validation procedures performed and results, including a conclusion as to the level of conformity to the Standards demonstrated by the self-assessment and the independent validation (see Tool 21). Also, it should outline any opportunities for improvement and other recommended action items not already included in the draft report prepared by the CAE. The CAE s report, with the independent validator s report attached, will be sent to senior management and the board. If considered appropriate by the independent evaluator and the CAE, a follow-up visit could be scheduled, including attendance by the evaluator at a meeting with senior management and/or representatives of the board, to discuss planned changes to the IA activity and any items applicable to the organization as a whole. These latter items could be changes in enterprise risk management and governance processes, management of technology, and other areas of management control and accountability relevant to enhancing the effectiveness of the IA activity.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information