docWho Audits the Auditors?
download 
Report Transcription
Who Audits the Auditors?
Who Audits the Auditors? The value of Internal and External Quality Assessments Speaker: Erik Claes General Assembly IIA Belgium 19 April 2013 www.theiia.org/Quality Speaker Background Information • Started in internal audit in 1996 at RVS Verzekeringen • 1996 Master class internal audit • 1997-1998 Master class information systems audit • Became first time board member of IIA Belgium in1998 • 1999 set-up Internal Audit Services with E&Y • 1999 CIA and CISA certified and in 2000 CSA certified • 2002 - 2003 President of IIA Belgium • 2003 till today Manager internal audit for Daikin Europe Group (team of 6 auditors, coverage of 20 companies) • 2012 again board member of IIA Belgium, responsible for Quality Assurance www.theiia.org/Quality Key Areas of Discussion Today üQuality Improvement & Assurance Program üExternal quality assessments and why your audit group should have one üWhat to expect from an external QA üHow to get the most value from a QA How an Audit professional should prepare for a QA www.theiia.org/Quality Some areas we will NOT talk about today üAll of the Standards with which you need to comply to pass a QA üAll of the components of an effective quality program There just is not enough time to do this and the IIA (and other organizations) have seminars, books and CDs covering these topics www.theiia.org/Quality A Show of Hands How many Internal Audit Activities have a Quality Improvement & Assurance Program in place today? www.theiia.org/Quality A Show of Hands How many have had an external Quality Assessment? www.theiia.org/Quality A Show of Hands How many are planning to have an external quality assessment? www.theiia.org/Quality A Show of Hands How many have been part of an external QA team? www.theiia.org/Quality Does this look familiar? http://www.theiia.org/guidance/standards-and-practices/professional-practices-framework/ www.theiia.org/Quality Have you read the Quality Standards? Standard 1300 Quality Assurance and Improvement program Standard 1310 Requirements of the Quality Assurance and Improvement Program Standard 1311 Internal Assessments Standard 1312 External Assessments Standard 1320 Reporting on the Quality Assurance and Improvement Program Standard 1321 Use of “Conforms with the International Standards for the Professional Practice of Internal Auditing” www.theiia.org/Quality Standard 1300: Quality Assurance and Improvement Program (QA&IP) The chief audit executive must develop and maintain a quality assurance and improvement program that covers all aspects of the internal audit activity. www.theiia.org/Quality Quality Assurance and Improvement Program Why is a Quality Assurance & Improvement Program necessary? As an organization and its Internal Audit activity grows, its operations undergo refinement, and its internal processes change and evolve, its quality monitoring process must keep pace. www.theiia.org/Quality Quality and Improvement Program What would be the elements of a Quality and Improvement Program? QA www.theiia.org/Quality 1311: Internal Assessments Must include: • Ongoing monitoring of the performance of the internal audit activity; and • Periodic self-assessments or assessments by other persons within the organization with sufficient knowledge of internal audit practices. www.theiia.org/Quality Some Elements of a QA&IP • Staff Information (education, skills, certifications) • Audit Plan Budget to Actual • Audit Cycle Time • Issues and Recommendations Tracking • Customer Satisfaction Survey • Staff Meeting • Benchmarking to Best Practices • Training • Work Paper Review (ongoing) • QA Review Action Plan www.theiia.org/Quality Who’s Responsible for the Quality of Internal Audit? • Audit committee or Board of Directors • Chief Audit Executive (CAE) Who Will Benefit? • IA Stakeholders (AC, BOD, Regulatory Body, Sr. Mgmt) • Internal Auditors www.theiia.org/Quality By the way, what’s an external quality assessment (QA)? Professional standards require each internal audit function to obtain an external quality assessment at least once every five years (Standard 1312) www.theiia.org/Quality What’s the focus of an external QA? ü IIA Code of Ethics ü International Standards for the Professional Practice of Internal Auditing ü Audit committee & internal audit charters, audit policies and procedures ü Professional certification and education ü Process improvement & best practices www.theiia.org/Quality What happens in an external QA? ü Interview & survey stakeholders ü Assess compliance with the IIA Code of Ethics and the Standards ü Assess charters, policies & procedures ü Review staff experience & qualifications ü Review workpapers www.theiia.org/Quality What are the benefits of an external QA? ü Expert advice & counsel from practitioners with years of experience ü Sounding Board ü Leverage for funding, authority, independence & training ü Visibility ü Assurance for the audit committee & senior management www.theiia.org/Quality Why have an external QA? üProfessional credibility üOrganizational credibility üLegal liability üCompliance with Standards üContinuous improvement üAudit Committee oversight www.theiia.org/Quality What problems are commonly found? üInadequate Quality Assurance & Improvement Program üConsulting omitted from the mission and charter üInadequate IT coverage or technical skills üLack of performance measures www.theiia.org/Quality What problems are commonly found? üInappropriate CAE reporting relationships üOut-of-date charters üClient perception of inadequate audit staff knowledge üNo formalized risk assessment process www.theiia.org/Quality How long does an external QA take? A sample timeline… total ±12 weeks RFP: ± 2 weeks Prepare background info: ± 2 weeks Stakeholder surveys: ± 2 weeks GAIN data input on IIA website: 1 day Preliminary meeting ± 2 weeks On-site fieldwork Issue draft report ± 2 weeks Discuss report with CAE Issue final report: ± 2 weeks www.theiia.org/Quality What is a self-assessment with independent validation (SAIV)? Perform your own internal assessment and then… Engage an independent party to review your work www.theiia.org/Quality What’s the advantage of the SAIV? ü Part of the cost is internal üLearning experience üIncrease commitment What’s the trade-off for a SAIV? ü Requires IAA to budget more resources Diminished: ü Independence ü Outside expertise www.theiia.org/Quality What should you do? If you can’t get the budget for an external QA, go the SAIV route to get into compliance Consider SAIV for your 1st QA and follow-up with an external QA in 2-3 years www.theiia.org/Quality What if in doubt? If you are in doubt and want to find out if it is worthwhile doing an external assessment à have a quick scan A quick scan gives you quickly an idea about the bigger gaps to close before doing an external assessment or self assessment with independent validation www.theiia.org/Quality How long does an SAIV take? A sample timeline… total ±13 weeks RFP: ± 2 weeks Prepare self assessment: ± 4 weeks Stakeholder surveys: ± 2 weeks GAIN data input on IIA website: 1 day Preliminary meeting ± 1 week On-site validation Issue draft report ± 2 weeks Discuss report with CAE Issue final report: ± 2 weeks www.theiia.org/Quality Quality Assurance Committee The current members of the QAC at IIABel are: Pascal Stroobant Danièle Roussel Mark Dekeyser Harold Van Koeckhoven Erik Claes (chairman) www.theiia.org/Quality Quality Assurance in reporting • Draft report is sent to the QAC • QAC members review report & work papers • QAC meets to discuss report, eventually ask additional questions to reviewer(s) • QAC approves report for finalisation www.theiia.org/Quality Recognition Danièle Roussel is until today the driving force for execution of QA’s for IIA Belgium -Providing training (last April 15) -Preparing quotations -Executing assessments www.theiia.org/Quality Current list of reviewers • Danièle Roussel • Monique Garsoux • Kelly Hogan • Tommaso Capurso • Christine Carbonez • Rudi Guldentops • Michel Weber • Jean-Pierre Garitte • Chantal Pierre • Olivia Verhulst • Philippe Menève • Alain Vanmeerhaege And why not you? www.theiia.org/Quality Benefits for the reviewer ü Increase experience to implement and improve your QA&IP ü Increase experience to better run your IA activity ü Improve your expert network ü Sharing expertise and best practices ü Earning money for yourself or your company www.theiia.org/Quality What Does It *Cost? Number of Total Size of QA Internal number of team Audit Staff mandays Average Cost SA with external validation Quick scan 1 to 5 2 12 days 17.360 € 12.440 € 5.820 € 6 to 10 2 13 days 18.490 € 13.570 € 6.950 € 11 to 20 2 14 days 19.620 € 14.700 € 8.080 € *Source: IIARF Survey April 2007 www.theiia.org/Quality IIA Recognition Organizations that have an external quality assessment completed by IIA Belgium with a “General Conformance” opinion will receive a recognition www.theiia.org/Quality Where to Find Quality Resources? • Free web-based resources at www.theiia.org/quality • QA training seminars by IIA Belgium • Quality Services by IIA Belgium and other service providers www.theiia.org/Quality Time for…. Questions??? www.theiia.org/Quality
