Developing A 2025 Strategic Plan Of The Internal Audit .
Developing a 2025 Strategic Planof the Internal Audit FunctionKristiina LagerstedtVP, Audit & Assurance @SanomaBoard member @ECIIABoard member @Uutechnic Group Plc (Nasdaq Helsinki)
Agenda1. Making assurance relevant to the Board andTop Management2. Siloed vs combined functions, 3 lines ofdefense3. Should Internal Audit lead the change?2
What is the role ofInternal Audit & Assurance Board and the management needs to know what is happening in the various areas ofthe business – and to have the trust that business operations/ actions are heading theright way. Compliance activities ensure the right guidance is in place and it is adequatelyimplemented (training). A good Internal control framework assures that the laws and company policies/standards are being followed, the authorization limits are adhered to and no surprisesarise from the businesses. Internal control is responsibility of the board and CEO (thebusiness ,1st LoD), Internal Audit & Assurance can help in implementing andmonitoring this activity; and in maintaining the Internal Control Framework. Reporting is the way for the management and board to follow if the businessoperations/ actions are successful (Financial reporting KPI’s for strategic goals).Effective Internal controls ensure that the financial reporting is correct.3
What is the role ofInternal Audit & Assurance Risk management facilitates a process to identify, prioritize & manage the mainrisks. Board and CEO is ultimately responsible for risk in their organizations. Investigative activities occure when issues have arisen from a whistleblowerchannel or from an Internal audit or other channels (Ethics & Compliance/ Security/Internal audit). There needs to be a way to have corrective actions to change controls/or have adequate monitoring to prevent similar issues in the future. The Internal audit activities are conducted to check processes/ issues that are ofhigher importance to the management or has greater impact from shareholder valueperspective - or areas where lack of controls or incidents of fraud are identified.Internal audit can also have the lead in investigation activities where it can works inclose cooperation with Compliance/ Security. External audit provides assurance that the financial statements give a true and fairview.4
Board and top management expectations fromInternal Audit and AssuranceAssurance on: Execution of strategy Provide a view on significant risks emerging risks and the mitigation of those Adherence to external and internal regulation(laws and policies) Monitoring and Financial reporting Assurance that the right things are doneDoing the rightthings right5
Agenda1. Making assurance relevant to the Board andTop Management2. Siloed vs combined functions, 3 lines ofdefense3. Should Internal Audit lead the change?6
History of Assurance Functions and Internal audit1992:COSO Internalcontrol Integratedframework1941 IIAformed2004 releaseof 80’s:Increasedfocus oncontrols andcompliance inFinancialindustry2002 SOX20002020
Second line of defense and internal audit 8Understanding role and responsibility foreach separate function (Internal Controls,Compliance, Risk Management, InternalAudit and also External Audit) is a challengeto directors serving on the Board of DirectorsThree lines of defense model makes thismore clear but on high levelIn worst cases the siloed functions use a lotof time between themselves to argue abouttheir roles and responsibilitiesFrom Board and Top Managementperspective it does not matter who does it,but they want it to be done in a systematicand clear way
Current Guidance from IIA related to second line ofdefense tasks The key question is if the Internal Audit Function canwork independently and objectively if support isprovided on areas relating to Risk Management,Compliance and Internal Controls.Combining the Internal Audit and second line ofdefense functions is not the preferred solution fromthe perspective of the three lines of defense modeland the auditor’s independence and objectivity.Need to consider what is the best way to operate –this depends on––––91) what business(es) the company operates in and howregulated those are2) what countries the company operates in3) what is the maturity of the assurance relatedprocesses and4) the quality of the resourcesSource: IIA Netherlands: White paper - Combining Internal Audit andSecond Line of Defense Functions? 2014
Agenda1. Making assurance relevant to the Board andTop Management2. Siloed vs combined functions, 3 lines ofdefense model3. Should Internal Audit lead the change?10
Internal audit vs 2nd Line of Defense functions In 3 LoD model Internal audit is expected to auditthe 2nd LoD functions 2nd LoD functions does not have ownership ofthe areas where they provide help to thebusiness (Risk and Controls) The target for ALL of these functions is same – toprovide assurance on Doing the right things When having less resources, the doing ofInternal controls and Risk management shouldbe pushed to where ownership belongs – to the1st LoD, and to also audit these activities on thatlevel This approach provides Internal audit (orAssurance functions, whatever you call it) tofocus on more important areas and to delivergreater value to Board and Top Management11
Internal auditInternal audit definitionInternal auditing is an independent, objective assurance and consulting activitydesigned to add value and improve an organization's operations. It helps anorganization accomplish its objectives by bringing a systematic, disciplined approach toevaluate and improve the effectiveness of risk management, control, and governanceprocesses.Internal audit missionTo enhance and protect organizational value by providing risk-based and objectiveassurance, advice, and insight.12
Core Principles for the Professional Practice of InternalAuditing 13Demonstrates integrity.Demonstrates competence and due professional care.Is objective and free from undue influence (independent).Aligns with the strategies, objectives, and risks of the organization.Is appropriately positioned and adequately resourced.Demonstrates quality and continuous improvement.Communicates effectively.Provides risk-based assurance.Is insightful, proactive, and future-focused.Promotes organizational improvement.
Internal audit(or Assurance Functions) in 2025 Coordinates or leads the work of separateassurance functions Based on a Company risk assessment Internalaudit and Assurance functions can be integrated insome cases Coordinated/ joint development of Assurance Focus on Big Digit items from Strategy, Risk orBoard/ Top Management perspective to grow orprotect shareholder value14
15
IIA Position Paper: THE THREE LINES OF DEFENSE INEFFECTIVE RISK MANAGEMENT AND CONTROL - JANUARY2013IIA Netherlands, White paper: Combining Internal Audit andSecond Line of Defense Functions? – September 2014IIA Practice Guide: Internal Audit and the Second Line ofDefense – January 2016 Upcoming changes to International Standards for theProfessional Practice of Internal Auditing16
PowerPoint Presentation Author: Kri
A27c1 Louis Stephens Dr Ext (NL) Little Drive Poplar Pike Lane 0 4 0.72 3,036,000.00 Division 2025 2025 A28b Davis Dr Farm Pond Rd US 64 2 4 1.1 10,056,446.40 Division 2025 2025 A2b Southall Rd Southall Rd (Existing) Hedingham Blvd 0 4 0.28 3,800,000.00 Division 2025 2025 A407b3 NC 42 NC
GSU STRATEGIC PLANNING PROCESS. The development of . Strategy 2025. was a campus wide endeavor. Details on participants and the . process used are included in the . Strategic Planning Process for Strategy 2025. Questions on the process and implementation steps can be directed to . effectiveness@govst.edu. GSU Strategic Plan 2025. 5
THE STATE UNIVERSITY SYSTEM of FLORIDA Board of Governors 2025 SYSTEM STRATEGIC PLAN 5 THE STATE UNIVERSITY SYSTEM 2025 SYSTEM STRATEGIC PLAN Introduction The Board of Governors is authorized in Article IX, Section 7(d), Florida Constitution, to "operate, regulate, control, and be fully responsible for the management of the whole university system."
8 NPCC Strategic Plan 2021-2025 Building a resilient tomorrow Mauritius 2020- 2025 and building on the lessons we have learned, the National Productivity and ompetitiveness ouncils (NP ) Strategic Plan 2021-2025, themed uilding a Resilient Tomorrow sets forth our vision, goa ls, objectives and strategies to drive
Year 3 - 6 Primary School. 5 3 DHPS Business Plan 2022 - 2025 DHPS Business Plan 2022 - 2025 3. Research Based Framework Priority Areas 2022 - 2025 Our Business Plan is underpinned by the Research Based Framework (RBF), developed by the Education Faculty at the University of Southern Queensland and inspired by the Fogarty Edvance School
Sep 05, 2017 · STRATEGIC PLAN FORMAT 2017-2020 . The sample strategic planning format uses a one page Strategic Map format to identify areas of focus for the Plan. From the Strategic Map, a Strategic Plan is created to advance strategic priorities for the coming 1-3 years. The plan accomplishments a
Strategic Plan and the process . used to create the Plan in four sections: 1. The Process: An overview of the process used to create the Strategic Plan. 2. Strategic Insights: A summary of the six insights that provided a foundation for the development of the Strategic Plan. 3. Strategic Plan Overview: A one-page summary of the Strategic Plan. 4.
Strategic Improvement Plan 2017-2020 Page 1 Strategic Improv. Plan Strategic Improvement Plan Template Forsyth County Schools Strategic Plan Goal Area Culture and Climate Forsyth County Schools Strategic Plan Performance Objective #1 Acquire, develop, and retain excellent staff for
