Contenu connexe


Plus de Transcendent Group(20)


Vad är kvalitet i internrevision?

  1. Kvalitet i internrevisions- arbetet 15 maj 2014 Hans Löfgren
  2. Vem är jag? ©TranscendentGroupSverigeAB2013
  3. Vad är kvalitet? Definitionen enligt ISO 9000: ”Alla sammantagna egenskaper hos en produkt/prestation som ger den dess förmåga att tillfredsställa uttalade eller underförstådda behov.” IIA QAIP - Practice Guide: ”Kvaliteten på en produkt eller tjänst utgörs av den grad som produkten eller tjänsten möter kundernas förväntningar.” ©TranscendentGroupSverigeAB2013
  4. Vad är kvalitet i internrevisionsarbetet? Quality in internal audit is guided by both an obligation to meet customer expectations as well as professional responsibilities inherent in conforming with the Standards. While predominantly complementary, it is the challenge for the CAE to achieve both these requirements. ©TranscendentGroupSverigeAB2013
  5. Kvalitet i internrevisionsarbetet • Standards 1300 to 1312 specifically require the CAE to develop a QAIP incorporating both internal (self) assessments and external assessments. • Beyond these specific standards, internal audit as a profession, should maintain a formal, structured approach to quality. • Operating with proficiency and due professional care, undertaking continuing professional development and conforming with a set of recognised standards. • Each of these allows internal audit to differentiate itself from non-professional areas. ©TranscendentGroupSverigeAB2013
  6. Hur uppfattar internrevisorer sitt värde? – CBOK 2011 • Most respondents believe that their internal audit activities add value to their organizations. • Both independence and objectivity are viewed as key factors for internal audit activities to add value. • While most respondents view their internal audit activity as contributing to controls, they do not to the same extent perceive it as contributing to risk management or governance. • The most important factors to the perceived contribution of the internal audit activity are: having appropriate access to the audit committee, functioning without coercion to change a rating assessment or withdraw a finding and more audit tools or technology used on a typical audit engagement. ©TranscendentGroupSverigeAB2013
  7. Hur uppfattar kunderna internrevisorernas värde? Det finns studier som visar att kunderna inte är lika positiva till internrevisionens värde som internrevisorerna tycker själva. ©TranscendentGroupSverigeAB2013
  8. 44% 56% 79% 21% PwC:s undersökning 2013 I genomsnitt ansåg 37 procent att internrevisionen presterade bra eller mycket bra inom de 8 attributen. I genomsnitt ansåg 56 procent att internrevisionen presterade bra eller mycket bra inom de 8 attributen. 2013 State of the Internal Audit Profession Study, PwC Företagsledning och styrelseledamöter är inte eniga i sin uppfattning om intern- revisionens värde och prestation. En större procentuell andel av styrelseledamöter jämfört med företagsledningen anser att internrevisionen ger ett väsentligt värde. Det är stor skillnad mellan företagsledningen och styrelseledamöterna i deras bedömning av internrevisionens prestationer. ©TranscendentGroupSverigeAB2013 executive management board members
  9. Vad hindrar oss att arbeta med ett systematiskt kvalitetsarbete – CBOK 2011 The principle reasons for noncompliance include: • Small size of the organization or internal audit staff, • Cost of using the Standards, • Amount of time required for compliance, or • Lack of management/board support. ©TranscendentGroupSverigeAB2013
  10. Utveckla en kundkultur ©TranscendentGroupSverigeAB2013 It starts with relationships • Understand and exceed stakeholder expectations • Formal relationship management program— involve the whole team Focus on people and talent development • Training programs include business acumen and leadership • Coaching and development programs to reinforce OTJ training Establish credibility and earn a seat at the table • Bring the right skills to cover a broader range of risks • Ask for feedback and measure client satisfaction • Balance independence, objectivity and value
  11. Hur ledande internrevisionschefer arbetar för att bli mer relevanta • Recruiting from the business and sourcing externally for missing capabilities. • Continually improving executive and audit committee reports to provide better context and insight. • Maintaining close working relationships with the audit committee. • Participating in strategic growth, cost and compliance initiatives. • Engaging legal and compliance expertise to address the complex array of global compliance risks. • Partnering with internal and external technology specialists to address rapidly changing technical and business risks. ©TranscendentGroupSverigeAB2013 2013 State of the Internal Audit Profession Study, PwC
  12. Quality Assurance and Improvement program ©TranscendentGroupSverigeAB2013
  13. A QAIP should conclude on the quality of the internal audit activity It enables an evaluation of: • conformance with the Definition of Internal Auditing, the Code of Ethics and the Standards, • adequacy of the internal audit activity’s charter, goals, objectives, policies and procedures, • contribution to the organization’s governance, risk management, and control processes, • completeness of coverage of the entire audit universe, • compliance with applicable laws, regulations, and government or industry standards to which the internal audit activity may be subject, • the risks affecting the operation of the internal audit activity itself, • effectiveness of continuous improvement activities and adoption of best practices and • whether the internal audit activity adds value, improves the organization’s operations, and contributes to the attainment of objectives. ©TranscendentGroupSverigeAB2013
  14. A QAIP must effectively be applied at three fundamental levels (or perspectives) Internal Audit Engagement Level (self-assessment at the audit, engagement or operational level): The engagement supervisor (possibly a manager or the CAE) is responsible for providing assurance that: • appropriate processes have been used to translate audit plans into specific, appropriately resourced audit engagements, • planning, fieldwork/conduct and reporting/communicating results conforms with the Definition of Internal Auditing, the Code of Ethics and the Standards, • appropriate mechanisms are established and used to follow-up management actions in response to audit recommendations and • post-engagement client surveys, lessons learned, self-assessments and other mechanisms to support continuous improvement are completed. ©TranscendentGroupSverigeAB2013
  15. A QAIP must effectively be applied at three fundamental levels (or perspectives) Internal Audit Activity Level (self-assessment at the internal audit activity or organizational level): The CAE is responsible for providing assurance that: • written policies and procedures, covering both technical and administrative matters, are formally documented to guide audit staff in consistent conformance with the Definition of Internal Auditing, the Code of Ethics and the Standards, • audit work conforms with written policies and procedures, • audit work achieves the general purposes and responsibilities described in the internal audit charter, • audit work conforms with the Definition of Internal Auditing, the Code of Ethics and the Standards, • internal audit work meets stakeholder expectation, • the internal audit activity adds value and improves the organization’s operations and • resources for the internal audit activity are efficiently and effectively utilized. ©TranscendentGroupSverigeAB2013
  16. A QAIP must effectively be applied at three fundamental levels (or perspectives) External Perspective (independent external assessment of the entire internal audit activity including individual engagements): • The CAE must ensure that the internal audit activity undergoes an external assessment (either an independent external assessment or a self-assessment with independent validation) at least once every five years by an independent assessor or assessment team from outside the organization that is qualified in the practice of internal auditing as well as the quality assessment process. ©TranscendentGroupSverigeAB2013
  17. 1311 – Interna bedömningar (PA 1311-1) Interna bedömningar ska innefatta: • fortlöpande övervakning/uppföljning av intern- revisionsverksamheten och • regelbundna granskningar som genomförs som självutvärderingar eller av andra personer inom organisationen med kunskap om internrevisionspraxis. ©TranscendentGroupSverigeAB2013
  18. 1311– Interna bedömningar (PA 1311-1) • Fortlöpande uppföljning är en integrerad del av den dagliga övervakningen och uppföljningen av internrevisionsverksamheten. Fortlöpande uppföljning är del av policys och praxis som används för att leda internrevisionsverksamheten och använder de processer, verktyg och information som kan anses nödvändig för att utvärdera överensstämmelsen med Definitionen av internrevision, de Yrkesetiska Riktlinjerna samt Riktlinjer för yrkesmässigt utövande av internrevision. • Regelbundna granskningar är de utvärderingar som genomförs för att utvärdera överensstämmelsen med Definitionen av internrevision, de Yrkesetiska Riktlinjerna samt Riktlinjer för yrkesmässigt utövande av internrevision. • Tillräcklig kunskap om internrevisionspraxis kräver åtminstone en förståelse för samtliga de delar som ingår i ”International Professional Practices Framework”. ©TranscendentGroupSverigeAB2013
  19. Ongoing Monitoring Ongoing monitoring provides assurance that the processes in place are working effectively to ensure quality is delivered on an audit-by- audit basis. It is primarily achieved through: • continuous monitoring activities including engagement planning and supervision, • standard working practices, • working paper procedures and signoffs and • report reviews. ©TranscendentGroupSverigeAB2013
  20. Ongoing monitoring Additional mechanisms include: • acquiring feedback from audit clients and other stakeholders, • assessing the audit engagement readiness prior to fieldwork by looking for items like pre-approval of the audit scope, innovative best practices, budgeted hours and assigned staff (expertise), • using checklists or internal audit automation to give assurance on whether processes adopted by the internal audit activity (e.g. in internal audit policies and procedures manuals) are being followed, • using measures of project budgets, timekeeping systems and audit plan completion to determine if appropriate time is spent on different aspects of the audit process as well as high risk and complex areas and • analyzing other performance metrics to measure stakeholder value. ©TranscendentGroupSverigeAB2013
  21. Periodic Self-Assessment A periodic self-assessment has a different but interrelated focus to ongoing monitoring. Periodic self-assessments focus on evaluating: • conformance with the Internal Audit Charter, the IIA Definition of Internal Auditing, the Code of Ethics and the Standards, • the quality of the audit work, including adherence to the internal audit methodology for selected engagements, • the quality of supervision, • the infrastructure, including the policies and procedures, supporting the internal audit activity, • the ways in which the internal audit function adds value to the organization and • the achievement of performance standards/indicators ©TranscendentGroupSverigeAB2013
  22. Periodic self-assessments should be conducted through: • working paper reviews for conformance with the Definition of Internal Auditing, the Code of Ethics and the Standards and internal audit policies and procedures, by staff not involved in the respective audits, • self-assessment of the internal audit activity with objectives/ criteria established as part of the QAIP, • review of internal audit performance metrics and benchmarking of best practices and • periodic activity and performance reporting to the board and other stakeholders as deemed necessary. ©TranscendentGroupSverigeAB2013
  23. Performance methods – CBOK study The internal audit activity performance methods most frequently used include: 1) assessment by percentage of the audit plan completed, 2) acceptance and implementation of recommendations, 3) surveys/feedback from the board/audit committee/senior management, 4) customer/auditee surveys from audited departments, 5) assurance of sound risk management and 6) reliance by external auditors on the internal audit activity. ©TranscendentGroupSverigeAB2013
  24. Performance metrics ©TranscendentGroupSverigeAB2013 Infrastructure • number of audits scheduled/completed • opportunities for cost reductions identified Planning • timeliness of audit notifications • frequency of risk assessment updates Fieldwork • average time spent in field • percentage of special requests fulfilled Reporting and Communication • average number of days to issue final report • percent of issues past due
  25. Client satisfaction Client satisfaction surveys • distributed to management and the Audit Committee • should provide a basis for continuous improvement • individual project satisfaction surveys are often used on larger projects. ©TranscendentGroupSverigeAB2013
  26. Engagement Supervision, Working Papers and Working Paper Quality Review ©TranscendentGroupSverigeAB2013 Engagement Supervision • monitor progress • assess quality • provide coaching • the work provided by consultants should also be supervised and monitored. Working papers • engagement working papers
  27. Engagement Supervision, Working Papers and Working Paper Quality Review ©TranscendentGroupSverigeAB2013 Working Papers Quality Review • quality checks • management oversight • should be performed on selected audits
  28. Små internrevisionsenheter ©TranscendentGroupSverigeAB2013 • In sole auditor activities, the internal auditor may seek assistance from other parts of the organisation to undertake quality assurance activities, provided this does not impact the independence of internal audit. • The internal auditor may also look to peers in other organisations for support. • Using checklists can also assist in providing assurance over audit quality.
  29. Extern kvalitetsutvärdering There are two approaches to the conduct of external assessments: • A full external assessment involves the use of a qualified, independent assessor or assessment team to conduct the full assessment. • A self-assessment with independent (external) validation involves the use of a qualified, independent assessor or assessment team to conduct an independent validation of the self-assessment completed by the internal audit activity. ©TranscendentGroupSverigeAB2013
  30. Syftet med en kvalitetssäkring? Syftet med en kvalitetssäkring av en internrevision ska utifrån vår erfarenhet utgå ifrån följande tre dimensioner för att internrevisionen ska kunna bli ansedd som effektiv: 1. Effektiviteten i att möta uppdragsgivares och intressenters krav och behov. 2. Förmågan att tillämpa senaste best practice inom internrevisionsprofessionen. 3. Effektiviteten i efterlevnaden av tillämpliga professionella och/eller regulatoriska internrevisionsstandards, t.ex. de internationella riktlinjerna för yrkesmässigt utövande av internrevision och/eller internrevisionsförordningen. ©TranscendentGroupSverigeAB2013
  31. Utvärderingskriterier • IIA Quality Assessment Manual Scale: Does Not Conform/Partially Conforms/Generally Conforms. • The IIA’s Assessment Scale — IIA Path to Quality: Introductory/Emerging/Established/Progressive/ Advanced. • IIA Capability Model for the Public Sector: Initial/ Infrastructure/Integrated/Managed/Optimizing. • DIIR (IIA–Germany) Guideline for Conducting a Quality Assessment: 3–Satisfactory/2–Room for Improvement/1–Significant Improvement Needed/ 0–Unsatisfactory/Not Applicable). ©TranscendentGroupSverigeAB2013
  32. Vad har jag gjort för iakttagelser vid kvalitets- genomgångar? • Dialogen med styrelse/revisionsutskott och ledning är bristfällig. • Utvecklingen av ett Audit Universe förekommer ej eller är bristfällig. • Riskanalysen förankras inte i organisationen innan internrevisionsplanen beslutas. • Internrevisionsplanen kopplar inte till riskanalysen. • Revisionsmålen är inte preciserade. • Ojämn kvalitet på granskningsdokumentationen. • Iakttagelserna matchar inte revisionsmålen. • Rapporterna för långa, saknar sammanfattning, saknar prioriteringar. • Uppföljning av beslutade åtgärder saknas. ©TranscendentGroupSverigeAB2013