The Changing Role Of Internal Audit Moving Away From . - Deloitte
The Changing Role of Internal AuditMoving away from traditional Internal Audits
Harnessing thefull potential ofInternal Audit byenhancing andprotecting valueCurrent InternalAudit trends Moving awayfrom traditionalInternal AuditsIntegratedoversight –Journey towardsRiskManagement,Assurance andValue CreationThe changing role of Internal Audit
1. Harnessing the full potential ofInternal Audit by enhancing andprotecting valueThe key activities of leading-edge internal audit functions should align with the expectations of theaudit committee and management, and be flexible enough to meet the changing business strategiesand needs of the organisation.Often, internal audit concentrates only on financial and compliance areas; however, organisations arenow adopting more of an enterprise risk focus – one that considers strategic and operational risks aswell as financial and regulatory risks, with internal audit serving as a strategic adviser.To continue to enhance the performance of the internal audit function and its value to theorganisation, we believe that audit committees should periodically ask whether internal audit isperforming the appropriate activities, has adequate resources, and is proactively identifying risks andmonitoring critical controls.1.1.Aligning and measuring internal audit expectationsAn optimised internal audit function can provide the balance between protecting and enhancingenterprise value by taking a holistic approach to risk management across the enterprise and providingindependent and objective assurance with value-added advice.For internal audit to be successful, it is important for Internal Audit to clearly understand the followingfrom the audit committee and management: The expectations for internal audit. The perception of the value that internal audit adds to the organisation and the audit committee. How the success of internal audit activities is measured. An effective relationship between theaudit committee and internal audit is fundamental to internal audit’s success.1.2.Securing the appropriate resources for internal audit to meet expectationsIn many organisations, the audit committee is responsible for approving the internal audit budget, andthis approval is typically based on management’s recommendation. The audit committee shouldasses whether internal audit: Is effectively using available resources Is appropriately funded and staffed to meet expectations Has the appropriate mix of skills to achieve its strategic objectives and proactively identify andaddress current and emerging risksThe changing role of Internal Audit1
1.3.Understanding internal audit’s role in the organizationIn assessing the effectiveness of internal audit, it is critical that the audit committee understands howinternal audit relates to, and interacts with, other risk or assurance-related functions, such asenterprise risk management, legal, security, health and safety, loss prevention, and compliance.This includes evaluating who is doing what and whether there are any gaps or duplications betweeninternal audit and these groups regarding the assurance being provided.It is also important that the audit committee understands how internal audit interacts with the externalaudit provider. Greater efficiencies and effectiveness can be achieved if the two work together. Inaddition, the external auditor’s perception of an organisation’s internal audit function can be animportant indicator to the audit committee.1.4.Fostering a mutually beneficial relationship with internal auditCommunication is an important component in maintaining an effective relationship between the auditcommittee and internal audit. Internal audit’s communications should be timely, actionable, andrelevant, with a priority on the implementation of recommendations and resolution of issues. Auditcommittees may consider the following objectives for internal audit communications in helping thefunction spur positive change in the organisation: Be informativeBe objective and accurateServe as a catalyst for actionEducateProvide clarity on important and complex issuesGain respectBe persuasiveAvoid surprisesProvide valueThe changing role of Internal Audit2
2. Current Internal Audit trends -Movingaway from traditional Internal Audits2.1.Strategic vs. Back to Basic Internal AuditOrganisations innovate and grow, meaning there is constant change and new ventures on thehorizon. Whilst dealing with “new thinking” required for Internal Audit relating to strategic andinnovative new ventures, we know that it is important not to shift focus from basic, hygienic risk andcontrol management. We also know that it is important to keep up with the risk and control of thebusiness as it evolves into a business of tomorrow. Therefore, organisations are investing more onspecialised audits.Internal audit has advanced significantly in the last decade. Below are some recent Internal Audittrends and the types of reviews that we are performing at our clients.Data analyticsBy leveraging the power ofanalytics, internal audit canaddress current and emergingrisks quickly, and drawconclusions that help companydecision-makers take action morequickly, more confidently, and withdeeper insights, thereby deliveringenhanced value. More specifically,internal audit analytics can helpdrive a more effective, risk-basedplanning process by: determiningwhich entities have greater riskand should receive more attention;and improving the efficiency,coverage, and value of discreteaudit reviews.The changing role of Internal AuditGlobal IA fraud preventioncontrolsA number of internal audit clients areincreasingly interested in fraud andbribery prevention and detectioncontrols. In Deloitte’s experience,fraud and anti-corruption risks oftendo not receive proper attention frommanagement which may lead tosignificant financial, compliance andreputational consequences shouldunfortunate incidents occur. Moreand more, internal audit is expectedto assess key fraud and anticorruption risks and determinewhether risk exposures exist.Cyber CrimeThe rise of the sophisticated cybercriminal has become one of the fastestgrowing security threats toorganizations. The cyber-crimelandscape features malware exploitsthat can routinely evade traditionalsecurity controls. The reactive attackand penetration approaches of the pastmay no longer be sufficient to dealeffectively with this level of ingenuityand are being replaced with new formsof cyber intelligence capable ofenhancing traditional securityprograms. Internal audit has asignificant role to play in identifyingexposures and helping managementaddress cyber vulnerabilities.3
Auditing the risk managementfunctionThe IIA Standard 2120 requires“the internal audit activity toevaluate the effectiveness andcontribute to the improvement ofrisk management processes.Although these processes areassessed through on-going auditactivities, internal audit should alsoconduct regular and formal auditsof an organization’s riskmanagement function andprogram, given the critical role thatrisk management plays within theorganization. Auditing acompany’s risk managementfunction encompasses anassessment of the quality andeffectiveness of risk managementefforts, including the overallapproach to risk issues, riskidentification, risk reporting, therole of risk owners, methodologies,and supporting tools.Software Asset ManagementSoftware Asset Management(SAM) provides a single,integrated view of installedsoftware in order to allow a one-toone reconciliation between usageand purchase/license records. Itthereby also helps to deliver onthe IT aspects of requirement thatInternal Audit “ascertains theextent of compliance withestablished contracts” and“recommends improvements inprocedures and systems toprevent waste ”.SAM helps organizationsunderstand what software theyhave licensed, deployed, in use,and the deltas between thosefigures. Further, SAM empowersan organization to betterunderstand the hierarchicalranking of software products froma vendor managementperspective.The changing role of Internal AuditEthical and regulatory compliancePeople RiskNew regulations—and enhancedmeasures aimed at enforcingthem—together with increased focuson ethical standards have created amulti-faceted and complexcompliance challenge for manycompanies. As a result, ethical andregulatory risks are a majordiscussion point within the C-suiteand internal audit has a key role toplay. Internal audit departmentsshould consider structuring anassurance framework and build arange of program activities designedto evaluate ethical and regulatorycompliance and promote a greaterlevel of understanding, efficiency,and effectiveness in theorganization’s compliance practicesand operations.Talent plays a most critical role indriving and sustaining businessperformance and Human Resourcesplays a key role in building the talentpool and creating the talent experience.An audit of the HR function and talentmanagement practices may validatewhether an effective talent strategy is inplace.Sustainability and IntegratedReportingInternal assurance must play a keyrole in integrated reporting. One ofthe King III requirements relates tothe preparation of an IntegratedReport and the required disclosuresto be included.A good Integrated Report shoulddemonstrate in plain language howthe organisation plans to sustainlong term competitiveness withoutunduly compromising short termprofitability.In today’s business environment,where organisations are beginningto understand the importance offinding the right balance betweenfinancial, social, and environmentalpriorities, a carefully orchestratedSustainability and Climate Changestrategy is vital to the success of theorganisation.Tax ReviewsTax departments' view of riskhistorically focuses around tax returnreporting and compliancerequirements. But businesses need amuch broader view of tax risk, one thatencompasses strategic, operational,and financial exposures that mightotherwise be overlooked. Internalaudit's entitywide perception of risk canhelp the tax function identify andmitigate a much wider range ofexposures. The two functions can learnfrom each other's skill sets, andteaming may help reduce some of thepressure on overloaded and underresourced tax departments. Thecollaboration between tax and internalaudit is varying along a continuum fromreview and validation to competitiveadvantage.4
Social MediaTechnology AssuranceBusiness Continuity and DisasterRecovery ProgrammesNo longer confined to areas ofentertainment and lifemanagement, social media andsocial software have become anintegral part of the postdigitalbusiness landscape. With moreand more users linking, liking,friending and following, how canInternal Audit (IA) help assess andmitigate risks associated withsocial business?The ICT world is becomingincreasingly interconnected andcomplex and understanding theassociated risks and formulating acomprehensive ICT assurancestrategy is key.There are regulatory requirements,fiduciary responsibilities andcontractual issues requiring strictercontrol over information and supportingtechnology. Business ContinuityManagement and Planning includes:Technology assurance aims toprovide management with theassurance that the IT processes,systems and applications have beenimplemented according tomanagement’s intention, that theuse of Information Technology issupporting management’s vision anddirection and that the necessarycontrols have been implemented sothat management and users canplace reliance on the informationgenerated by the applications. These are the proactive steps IAcan take to help address suchgrowing challenges as: Brand and reputation damageRegulatory complianceInformation leakageThird-party riskGovernance riskIn each of these categories, IA canplay a critical role in understandingthe potential risks of engaging insocial business. IA can also helpto monitor and manage threatsand strike a balance between risksand opportunities.The changing role of Internal Audit Is the organisation’s operationalenvironment impact-tolerant?Have points of failure beenidentified and mitigated?Is the organisation prepared forbusiness and ICT systeminterruptions?Is the organisation’s contingencyplan documented and approved?Has the plan been reviewed withemployees, suppliers and otherrelevant stakeholders?Is the plan current and regularlytested?Does the plan ensure resumptionof critical business functions withintimeframes acceptable to theorganisation?Is awareness of the BCM Programmeregularly refined and maintained?5
3. Integrated oversight – the Journeytowards Risk Management, Assuranceand Performance/Value CreationThe key pillars for an oversight function usually consist of Risk Management, Internal Audit,Compliance, and Forensics. While these functions sometimes exist in organisations, they are oftennot integrated which compromises effectiveness. Emerging oversight functions that exist in someorganisations include Performance Audit units and Monitoring and Evaluation functions.Organisations requires forward looking assurance, business insights and advice that will practicallyanchor continuous monitoring and combined assurance, whilst supporting strategic objectives andlong term sustainability.The Deloitte Integrated Oversight model is depicted in the graphic below and provides a list ofadvantages of such a function.Common GovernanceModelCommon RiskMethodologyCommon ComplianceCommon Risk/ControlRequirement LibraryCommon VocabularyEnhanced Visibility,Efficiency, EffectivenessContinuous MonitoringShared ServicesShared TechnologyPerformanceValueThe changing role of Internal Audit6
By adopting an integrated oversight approach, the credibility and relevance of outputs increase, whichserves as a greater opportunity to be seen as an essential participant in major projects from the outset.3.1.Integrated Oversight: Securing Value Protection and Value Creation? Achieving complex scope Intensive and extensive depth and breadth of coverage Audits will take a more global approach that looks at several aspects including, but not limited to,financial, operational, IT, regulatory, compliance, environmental, performance and fraud Using multiple audit techniques and disciplines to accomplish the desired outcome, e.g. continuousauditing, sampling, surveys, and data analysis Increased use of external resources or increased knowledge of staff and additional skill sets Enhanced project management skills to ensure coordination and effective completion of the audit Increased oversight and creativity to think outside the box by the auditor, and communication among allparties involved in the engagement A balanced approach to risk identification and rating, especially with unfamiliar areas that have not beentraditionally reviewedA focused leadership effort continuously focused on bringing together oversight disciplines balanced toprotect and enhance value.3.2.The changing role of Internal Audit in Enterprise Risk ManagementThere is much debate about the opportunity that ERM presents to raise the profile and effectiveness ofinternal audit, and the extent that internal audit could be involved without compromising its independence.The diagram below provides guidance in terms of what internal audit should and should not do, and it alsoincludes a middle ground.Core internal audit roles inregard to ERMGiving assurance on the riskmanagement processGiving assurance that risks arecorrectly evaluatedEvaluating risk managementprocessesEvaluating the reporting of keyrisksReviewing the management ofkey risksThe changing role of Internal AuditLegitimate internal audit roleswith safeguardsRoles internal audit shouldnot undertakeFacilitating, identification andevaluation of risksSetting the risk appetiteCoaching management inresponding to risksCoordinating ERM activitiesImposing risks managementprocessManagement assurance onrisksConsolidated reporting on risksMaintaining and developing theERM frameworkChampioning establishment ofERMDeveloping RM strategy forboard approvalTaking decision on riskresponsesImplementing risk responses onmanagement’s behalfAccountability for riskmanagement7
Boards, audit committees and management are starting to have a growing awareness of what ERM can beand how it can deliver value. Many organisations planning to implement ERM are still looking to internalauditors for help, because they are seen as the people who understand risk assessment and control. Butthese organisations increasingly want management to own ERM as soon as possible, for the following keyreasons: They want internal audit to providing independent assurance of the ERM function They question the perceived lack of objectivity where a common leader is accountable for both RiskManagement and Internal AuditLegitimate areas do exist where internal audit and risk management functions can overlap, but care needs tobe taken to manage these situations. The key factors to take into account when determining internal auditsrole are: Whether the activity raises any threats to internal audits independence and objectivity; and Whether it is likely to improve the organisation’s risk management, control, and governance processes.8
Pramesh BhanaLeader: Governance, Risk and OversightDeloitte South AfricaCell: 27 (0)82 303 2227pbhana@deloitte.co.zaDeloitte refers to one or more of Deloitte Touche Tohmatsu Limited (DTTL), a UK private companylimited by guarantee, and its network of member firms, each of which is a legally separate andindependent entity. Please see www.deloitte.com/about for a detailed description of the legal structureof Deloitte Touche Tohmatsu Limited and its member firms.Deloitte provides audit, tax, consulting and financial advisory services to public and private clientsspanning multiple industries. With a globally connected network of member firms in more than 150countries, Deloitte brings world-class capabilities and high-quality service to clients, delivering theinsights they need to address their most complex business challenges. Deloitte has in the region of200 000 professionals, all committed to becoming the standard of excellence.This communication contains general information only, and none of Deloitte Touche Tohmatsu Limited,its member firms, or their related entities (collectively, the “Deloitte Network”) is, by means of thispublication, rendering professional advice or services. Before making any decision or taking any actionthat may affect your finances or your business, you should consult a qualified professional adviser. Noentity in the Deloitte Network shall be responsible for any loss whatsoever sustained by any person whorelies on this communication. 2013 Deloitte & Touche. All rights reserved. Member of Deloitte Touche Tohmatsu Limited
audit committee and internal audit is fundamental to internal audit's success. 1.2. Securing the appropriate resources for internal audit to meet expectations In many organisations, the audit committee is responsible for approving the internal audit budget, and this approval is typically based on management's recommendation.
May 02, 2018 · D. Program Evaluation ͟The organization has provided a description of the framework for how each program will be evaluated. The framework should include all the elements below: ͟The evaluation methods are cost-effective for the organization ͟Quantitative and qualitative data is being collected (at Basics tier, data collection must have begun)
Silat is a combative art of self-defense and survival rooted from Matay archipelago. It was traced at thé early of Langkasuka Kingdom (2nd century CE) till thé reign of Melaka (Malaysia) Sultanate era (13th century). Silat has now evolved to become part of social culture and tradition with thé appearance of a fine physical and spiritual .
On an exceptional basis, Member States may request UNESCO to provide thé candidates with access to thé platform so they can complète thé form by themselves. Thèse requests must be addressed to esd rize unesco. or by 15 A ril 2021 UNESCO will provide thé nomineewith accessto thé platform via their émail address.
̶The leading indicator of employee engagement is based on the quality of the relationship between employee and supervisor Empower your managers! ̶Help them understand the impact on the organization ̶Share important changes, plan options, tasks, and deadlines ̶Provide key messages and talking points ̶Prepare them to answer employee questions
Dr. Sunita Bharatwal** Dr. Pawan Garga*** Abstract Customer satisfaction is derived from thè functionalities and values, a product or Service can provide. The current study aims to segregate thè dimensions of ordine Service quality and gather insights on its impact on web shopping. The trends of purchases have
Chính Văn.- Còn đức Thế tôn thì tuệ giác cực kỳ trong sạch 8: hiện hành bất nhị 9, đạt đến vô tướng 10, đứng vào chỗ đứng của các đức Thế tôn 11, thể hiện tính bình đẳng của các Ngài, đến chỗ không còn chướng ngại 12, giáo pháp không thể khuynh đảo, tâm thức không bị cản trở, cái được
Le genou de Lucy. Odile Jacob. 1999. Coppens Y. Pré-textes. L’homme préhistorique en morceaux. Eds Odile Jacob. 2011. Costentin J., Delaveau P. Café, thé, chocolat, les bons effets sur le cerveau et pour le corps. Editions Odile Jacob. 2010. Crawford M., Marsh D. The driving force : food in human evolution and the future.
Le genou de Lucy. Odile Jacob. 1999. Coppens Y. Pré-textes. L’homme préhistorique en morceaux. Eds Odile Jacob. 2011. Costentin J., Delaveau P. Café, thé, chocolat, les bons effets sur le cerveau et pour le corps. Editions Odile Jacob. 2010. 3 Crawford M., Marsh D. The driving force : food in human evolution and the future.
