SlideShare une entreprise Scribd logo

A Sharper Focus By Ahmar Azam Iia 70 Years Celebration Magazine

A
ahmarazam
1  sur  5
Télécharger pour lire hors ligne
A Sharper Focus Page 1 of 5 Submit Q Log Out Change Custom Password Update Your Profile GLOBAL PERSPECTIVES ON RISK, CONTROL, AND GOVERNANCE FEATURES BACK TO BASICS ITAUDIT ASK THE EXPERTS FRAUD FINDINGS IN THE PROFESSION ABOUT US DIGITAL EDITION February 2011 A Sharper Focus Heightened stakeholder expectations are pushing audit departments to put greater emphasis on the key elements of internal auditing. Ahmar Azam, CA ICS Compliance LLC P oor corporate governance has contributed to the adverse economic conditions in the United States, the financial crisis in Europe, the real estate bubble in the United Arab Emirates, and the pressures of the global recession. The roller coaster ride that this generation of business leaders has experienced is unlike anything witnessed since the Great Depression. Globally, governments are endeavoring to put the economy back on track. On one side, these changes are presenting opportunities, particularly for professionals in governance, risk, and compliance (GRC). On the other side, the changes are forcing the internal audit profession to reconsider its existing model. Over the past two years, executive management and boards of directors of organizations have demanded greater assurances from internal auditing that internal controls and risk management procedures are in place to help achieve business objectives, generate greater value, and meet shareholders’ expectations. In response to these unprecedented expectations, many internal audit functions have focused on addressing the key components of internal auditing while ensuring that auditors are leveraging the resources within the organization, both in terms of people and processes. LEVERAGING RESOURCES Organizations typically have a board of directors, audit committee, regulators, external auditors, and management as their major stakeholders. Understanding the goals of the organization’s stakeholders and protecting their interests are mission- critical to audit functions. The internal audit department is a third line of defense after the business and risk managers. Performing this role is particularly difficult for internal audit functions when the economy declines. In a recession, budgets are slashed, people are overworked, and segregation of duties may be compromised, leading to increased risk of fraud and error. In situations like this, audit resources need to be strengthened, but this is not happening. According to a 2010 IIA Audit Executive Center survey, more than half of U.S. Fortune 500 internal audit departments faced budget cuts since 2007. As a result, today’s auditors need to identify every opportunity to leverage the GRC efforts that exist at different management levels within the organization, which can minimize costly duplication of GRC efforts. For example, in 2010, the audit department at one community bank was not leveraging the GRC efforts at that organization at all. Both management and internal auditing were performing separate U.S. Sarbanes-Oxley Act of 2002 testing in its entirety. In addition, auditors were not invited to attend risk management meetings, and the audit risk assessment did not take management’s risk identification and management process into account. This silo approach led to an inefficient audit process that could have been prevented if auditors had used their vertical and horizontal view of the organization to identify and eliminate such duplications. http://www.theiia.org/intAuditor/feature-articles/2011/february/a-sharper-focus/index.cfm?... 2/13/2011
A Sharper Focus Page 2 of 5 Sarbanes-Oxley brought a turning point in corporate governance by putting the focus of risks and controls at the business unit and process level. Today, as the process has evolved, elements of GRC, such as Sarbanes-Oxley testing, risk assessment, and compliance, are also embedded at the process level and are controlled and monitored by process owners. Risk-savvy audit professionals focus on leveraging the good work of management in GRC, and their organizations create processes to hold executives accountable for the “what if” scenario through a risk and reward system. A BETTER AUDIT APPROACH Building trust and relationships with management at all levels is an intricate element of an internal audit function’s success. An important goal of an organization should be to create an environment in which the process owners trust the audit function, value its contributions, and see it as a partner. Less successful audit departments tend to be those that process owners perceive to be taking a “gotcha” approach. When that happens, process owners don’t easily provide information and cooperation. A partnership between internal auditing and process owners can be achieved without compromising independence and objectivity. Such cooperation also can improve the audit function’s effectiveness and efficiency. The speed of trust gained from this partnership can give the audit function unprecedented access to information. However, this information must be managed and leveraged appropriately to bring effectiveness within both the audit function and the organization. The board, management, and internal auditing need to implement communication tools that ensure that information is analyzed, used, and forwarded timely. The audit function also must communicate effectively with its stakeholders, particularly the audit committee. Establishing a trusted relationship with audit clients is an important component of a multifaceted audit approach that addresses the key components of internal auditing: risk assessments, control testing, compliance, fraud, process improvement, and quality reviews. Risk Assessments Risk assessments cannot simply focus on the risks that are driving the existing lines of revenue; they also should identify and understand the future risks that may prevent the organization from achieving its goals tomorrow. Identifying risks is not a point-in-time exercise, especially for sophisticated sectors like financial services; it is ongoing and dynamic. Every time the organization explores a new line of revenue, it needs to identify: The additional risks it would bring to the organization. Who would own that risk. Who would own the resulting internal controls. The residual risk. The impact on the existing risk and control environment. Whether the existing GRC model has the capability to manage that risk. Whether it is worth taking that risk. This analysis should play a major role in the decision process, which makes sense when the return on investment is greater than the unmitigated risk of that investment. Internal auditors have the benefit of looking at risks within the organization, both vertically and horizontally. They also have an understanding of each stakeholder’s expectations. They can help set up processes at an operational level that help the organization make its risk identification, management, and monitoring processes more reliable and resilient. In today’s business environment, risk identification and management is happening at different levels of the organization. Internal auditors’ risk assessment process needs to incorporate the risk assessment and risk management that exists throughout the organization. Efficiency is brought about by populating the entire risk universe, identifying the owners of risks, evaluating how they are managing those risks, quantifying the residual risk, and identifying ways for internal auditing to leverage these risk assessment efforts. Control Testing http://www.theiia.org/intAuditor/feature-articles/2011/february/a-sharper-focus/index.cfm?... 2/13/2011
A Sharper Focus Page 3 of 5 Whether by way of point-in-time testing of internal controls or continuous auditing, today’s internal auditing is moving beyond transactional testing. Audit efforts need to be as much forward-looking as past-focused. Most enterprise resource planning (ERP) systems have built-in tools that complement the efforts of the internal audit function through continuous monitoring and exception reporting. By focusing on red flags that these tools have identified, audit functions can catch issues before they get out of control. Moreover, IT audits can no longer operate in a silo within the audit function, nor can they only focus on areas such as IT general controls and vulnerability and penetration testing. The application controls within the ERP system need to be understood fully to identify opportunities to create exception reports leading to early warning of issues, covering both fraud and error. Assigning responsibilities for ownership of internal controls, monitoring controls, and holding the control owners accountable contributes to an effective GRC environment. This allows auditors to focus on items that really matter in meeting stakeholders’ objectives. For instance, in the area of account reconciliation, as long as management checks a sample of transactions each month, without compromising segregation of duties, the internal auditor does not need to do the same check. Instead, auditors should test a sample of transactions to verify that management is doing what it is supposed to do. Compliance With an ever-changing regulatory landscape across various industries, especially in the financial services sector, compliance has evolved into one of the most important functions in any organization. Most enforcement actions against banks and monetary penalties levied by the regulators are due to noncompliance with regulations and ineffective policies and procedures. Compliance and audit departments cannot afford to operate in isolation. Although internal auditors are responsible for auditing the compliance function, effectiveness in both functions cannot be brought about unless the audit and compliance teams fully understand each others’ mandate in a transparent manner. A mature compliance department has three broad responsibilities: Ensuring that the organization’s policies and procedures comply with laws and regulations, and protecting the interest and goals of the stakeholders. Monitoring whether process owners are in compliance with the policies and procedures. Ensuring that compliance and internal controls are embedded in the organization’s business processes, prospectively and retrospectively. Understanding the mandate of the compliance department, identifying opportunities to leverage its work, and effectively monitoring its function should be an integral part of the audit process. Focusing on areas where compliance has identified problems creates value and lowers the audit function’s costs. Fraud According to the Association of Certified Fraud Examiners’ 2010 Report to the Nations on Occupational Fraud & Abuse, a typical organization loses 5 percent of its annual revenue to fraud, translating to a global fraud loss of US $2.9 trillion. In today’s environment, an effective audit plan must include fraud as a key component. Risk assessments should include fraud risk and evaluate how the process owners are managing it. Auditors should provide guidance to process owners and compliance professionals in identifying controls that can prevent fraud and assist in devising ways of monitoring those controls. Organizations should create an environment where employees are trained to identify fraud and feel secure in reporting it. Their compliance and internal audit functions share responsibility for ensuring the integrity and effectiveness of the reporting process. Process Improvement To earn the respect of process owners, internal auditing must contribute to process improvement — simply identifying a problem is not enough. Providing ideas for improvement builds a relationship of trust and is easy to measure. http://www.theiia.org/intAuditor/feature-articles/2011/february/a-sharper-focus/index.cfm?... 2/13/2011
A Sharper Focus Page 4 of 5 Today, many audit functions see their department as a profit center, quantifying their value to the organization by the amount of fraud and errors they caught or prevented, as well as the benefits gained through process improvements. To add more value, achieve improvements, and gain access to the best practices, audit functions depend on training, assistance from professional services firms, and interaction with audit peers in other organizations. Quality Reviews In today’s business environment, self-governance and self-evaluation are critical components of process improvement. To avoid complacency, internal audit functions should perform a periodic quality review of their own practices. The International Standards for the Professional Practice of Internal Auditing (Standards) provides excellent guidance that audit functions can use to undergo a quality review. The Standards require internal audit departments to undergo an external quality assessment every five years and internal quality assessments periodically. These assessments should evaluate the department’s conformance with the Standards, Code of Ethics, and Definition of Internal Auditing; the adequacy of its charter, goals, policies, and procedures; its contribution to the organization’s governance, risk management, and control processes; compliance with applicable regulations; and the effectiveness of improvement activities. Completing such assessments as part of a quality assurance and improvement program brings transparency to the audit process and facilitates an increase in trust and respect of the audit function. AN ENHANCED AUDIT FOCUS By incorporating these six components into their audit approach, internal auditors can more effectively assess the business, identify areas for improvement, and contribute to managing business risks. This becomes increasingly important as today’s audit committees demand that their organizations have an effective, robust, and reliable governance framework in place, along with continuous compliance, monitoring, and reporting. These expectations — and the regulatory environment — will only get tougher in the future. An enhanced focus on internal auditing can help organizations stay focused on business growth, weather stormy market conditions, and enhance shareholder value. To comment on this article, e-mail the author at ahmar.azam@theiia.org. A SHARPER FOCUS A SHARPER FOCUS Heightened stakeholder expectations are pushing audit departments to put greater emphasis on the key elements The prime function of an organization is how ready the company is in its payments. This morale and its existence require the company’s liquidity position. Internal Audit as a watch to every transaction holds the funds to its spending towards business and authorized payments. This payment monitoring through regularized system , regulated by the internal audit make the company obliged to the payments to the stakeholders, through maintaining its sound system of authorized payments. Rashid Pervez IIA Membership # 1394262 Posted By: Rashid Pervez 2011-02-07 12:06 AM SHARPER FOCUS Dear, "Sharper focus" of internal auditing you have discussed is very relevant.However in most developing countries there is a need to enhance conducive enveronment of GRC in public sector.This is because legal framework defining roles and relatioship of oversight ,management and evaluation is lacking automotic driving forces as it is in private sector.The greater moving forces for GRC in private sector is axiomatic from the fact that the oversight, management and resources all belong to the same and specific owner.Thus ,the legal framework and tone at the top is very paramaount in enahcing sharper focusing of internal auditing.I believe that GRC comes next to the tone at the top and legal framework.Regardless of current obstacles , I believe that we internal auditors still have a great role to play by marketing those prerequisites of GRC in our develing countries.We have to dare forevermore in highlighting of likely consequences if uconduciveness for GRC are not resolved .Now, it is luck that in many africa countries that importance of empowering the internal audit activties is on move.Matured evaluation of Good Governance is a cornerstone for making the Internal Audit Activities to deploy GRS tools to the expectations of stakeholders. I recommend for your blog, Venance S Nijimbere CIA Posted By: venance S.Nijimbere 2011-02-04 8:43 AM Feel free to provide feedback about this article. Your comment will display below. http://www.theiia.org/intAuditor/feature-articles/2011/february/a-sharper-focus/index.cfm?... 2/13/2011
A Sharper Focus Page 5 of 5 Name: Email: Subject: Comment: Post To make something bold: <strong>Text to bold</strong> To make something italic: <em>Text to italicize</em> To make a hyperlink: <a href="URL">Text to link</a> The Institute of Internal Auditors • 247 Maitland Avenue • Altamonte Springs, Florida 32701-4201 U.S.A. +1-407-937-1100 • Fax +1-407-937-1101 • www.internalauditoronline.org Home IIA Home Privacy Policy Contents of this site, except where expressly stated, are the copyrighted property of The Institute of Internal Auditors. http://www.theiia.org/intAuditor/feature-articles/2011/february/a-sharper-focus/index.cfm?... 2/13/2011

Recommandé

An industrial approach to risk and control self-assessments
An industrial approach to risk and control self-assessmentsAn industrial approach to risk and control self-assessments
An industrial approach to risk and control self-assessmentsGrant Thornton LLP
 
McLagan_HR_RiskBasedCompensation_final
McLagan_HR_RiskBasedCompensation_finalMcLagan_HR_RiskBasedCompensation_final
McLagan_HR_RiskBasedCompensation_finalVamsi Srinivas
 
How Audit Committees Can Help with Third-Party Risks
How Audit Committees Can Help with Third-Party RisksHow Audit Committees Can Help with Third-Party Risks
How Audit Committees Can Help with Third-Party RisksMHM (Mayer Hoffman McCann P.C.)
 
2015 Tackling This Year's Audit Hot Spots
2015 Tackling This Year's Audit Hot Spots2015 Tackling This Year's Audit Hot Spots
2015 Tackling This Year's Audit Hot SpotsRon Steinkamp
 
Taking the road to advanced approaches and heightened standards in risk manag...
Taking the road to advanced approaches and heightened standards in risk manag...Taking the road to advanced approaches and heightened standards in risk manag...
Taking the road to advanced approaches and heightened standards in risk manag...Grant Thornton LLP
 
The changing role of internal audit
The changing role of internal auditThe changing role of internal audit
The changing role of internal auditaakash malhotra
 
KRI (Key Risk Indicators) & IT
KRI (Key Risk Indicators) & ITKRI (Key Risk Indicators) & IT
KRI (Key Risk Indicators) & ITMax Neira Schliemann
 
Operational risk: the new frontier
Operational risk: the new frontierOperational risk: the new frontier
Operational risk: the new frontierMichel Rochette
 

Recommandé

An industrial approach to risk and control self-assessments
An industrial approach to risk and control self-assessmentsAn industrial approach to risk and control self-assessments
An industrial approach to risk and control self-assessmentsGrant Thornton LLP
 
McLagan_HR_RiskBasedCompensation_final
McLagan_HR_RiskBasedCompensation_finalMcLagan_HR_RiskBasedCompensation_final
McLagan_HR_RiskBasedCompensation_finalVamsi Srinivas
 
How Audit Committees Can Help with Third-Party Risks
How Audit Committees Can Help with Third-Party RisksHow Audit Committees Can Help with Third-Party Risks
How Audit Committees Can Help with Third-Party RisksMHM (Mayer Hoffman McCann P.C.)
 
2015 Tackling This Year's Audit Hot Spots
2015 Tackling This Year's Audit Hot Spots2015 Tackling This Year's Audit Hot Spots
2015 Tackling This Year's Audit Hot SpotsRon Steinkamp
 
Taking the road to advanced approaches and heightened standards in risk manag...
Taking the road to advanced approaches and heightened standards in risk manag...Taking the road to advanced approaches and heightened standards in risk manag...
Taking the road to advanced approaches and heightened standards in risk manag...Grant Thornton LLP
 
The changing role of internal audit
The changing role of internal auditThe changing role of internal audit
The changing role of internal auditaakash malhotra
 
KRI (Key Risk Indicators) & IT
KRI (Key Risk Indicators) & ITKRI (Key Risk Indicators) & IT
KRI (Key Risk Indicators) & ITMax Neira Schliemann
 
Operational risk: the new frontier
Operational risk: the new frontierOperational risk: the new frontier
Operational risk: the new frontierMichel Rochette
 
CCAR & DFAST: How to incorporate stress testing into banking operations + str...
CCAR & DFAST: How to incorporate stress testing into banking operations + str...CCAR & DFAST: How to incorporate stress testing into banking operations + str...
CCAR & DFAST: How to incorporate stress testing into banking operations + str...Grant Thornton LLP
 
Five Lines of Assurance A New ERM and IA Paradigm
Five Lines of Assurance A New ERM and IA ParadigmFive Lines of Assurance A New ERM and IA Paradigm
Five Lines of Assurance A New ERM and IA ParadigmTim Leech
 
Five lines of assurance a new paradigm in internal audit &amp; erm
Five lines of assurance a new paradigm in internal audit &amp; ermFive lines of assurance a new paradigm in internal audit &amp; erm
Five lines of assurance a new paradigm in internal audit &amp; ermDr .Maizar Radjin, SE., M.Ak., QIA., QRMA, CRGP
 
How to Create a Risk Profile for Your Organization: 10 Essential Steps
How to Create a Risk Profile for Your Organization: 10 Essential StepsHow to Create a Risk Profile for Your Organization: 10 Essential Steps
How to Create a Risk Profile for Your Organization: 10 Essential StepsCase IQ
 
Managing The Business Risk Of Fraud
Managing The Business Risk Of FraudManaging The Business Risk Of Fraud
Managing The Business Risk Of FraudMahmoud Elbagoury
 
Key Risk Indicators - Changing the Reference Points
Key Risk Indicators - Changing the Reference PointsKey Risk Indicators - Changing the Reference Points
Key Risk Indicators - Changing the Reference PointsTony Moroney
 
Thought Leadership on Ethics & Compliance scale Final
Thought Leadership on Ethics & Compliance scale FinalThought Leadership on Ethics & Compliance scale Final
Thought Leadership on Ethics & Compliance scale FinalSundaraparipurnan Narayanan
 
Strategically+Speaking+October+2015
Strategically+Speaking+October+2015Strategically+Speaking+October+2015
Strategically+Speaking+October+2015Andrew Smart
 
Combining Corporate Governance with Internal Leadership
Combining Corporate Governance with Internal LeadershipCombining Corporate Governance with Internal Leadership
Combining Corporate Governance with Internal Leadershipjobdoctors
 
How to integrate risk into your compliance-only approach
How to integrate risk into your compliance-only approach How to integrate risk into your compliance-only approach
How to integrate risk into your compliance-only approachAbhishek Sood
 
Alliance governance: Balancing Trust and Control in Dealing with Risk
Alliance governance: Balancing Trust and Control in Dealing with RiskAlliance governance: Balancing Trust and Control in Dealing with Risk
Alliance governance: Balancing Trust and Control in Dealing with RiskAlex Todd
 
Why Community-based Financial Institutions Should Practice Enterprise Risk Ma...
Why Community-based Financial Institutions Should Practice Enterprise Risk Ma...Why Community-based Financial Institutions Should Practice Enterprise Risk Ma...
Why Community-based Financial Institutions Should Practice Enterprise Risk Ma...WolfPAC - Integrated Risk Management
 
Reinventing Internal Audit Final April 2015
Reinventing Internal Audit Final April 2015Reinventing Internal Audit Final April 2015
Reinventing Internal Audit Final April 2015Tim Leech
 
Proposal for an Implementation Methodology of Key Risk Indicators System: Cas...
Proposal for an Implementation Methodology of Key Risk Indicators System: Cas...Proposal for an Implementation Methodology of Key Risk Indicators System: Cas...
Proposal for an Implementation Methodology of Key Risk Indicators System: Cas...Hajar Mouatassim Lahmini
 
GRC15620_Report_-_Third_party_risk_exposing_the_gaps
GRC15620_Report_-_Third_party_risk_exposing_the_gapsGRC15620_Report_-_Third_party_risk_exposing_the_gaps
GRC15620_Report_-_Third_party_risk_exposing_the_gapsKate Tomlinson
 
Hedge Fund Management
Hedge Fund ManagementHedge Fund Management
Hedge Fund ManagementJoseph Gigliotti
 
Summit 2013 Wrap-Up
Summit 2013 Wrap-UpSummit 2013 Wrap-Up
Summit 2013 Wrap-UpKeisuke Anzai
 
eVar7 Summit 報告会
eVar7 Summit 報告会eVar7 Summit 報告会
eVar7 Summit 報告会Keisuke Anzai
 
How to Presentation
How to Presentation How to Presentation
How to Presentation Keisuke Anzai
 
CCE RA - Mission
CCE RA - MissionCCE RA - Mission
CCE RA - MissionCCE Research Alliance
 
Narrazione didattica
Narrazione didatticaNarrazione didattica
Narrazione didatticamariutz
 
Elections régionales 2015 en France : Résultats du second tour (dimanche 13 d...
Elections régionales 2015 en France : Résultats du second tour (dimanche 13 d...Elections régionales 2015 en France : Résultats du second tour (dimanche 13 d...
Elections régionales 2015 en France : Résultats du second tour (dimanche 13 d...Super Professeur
 

Contenu connexe

Tendances

CCAR & DFAST: How to incorporate stress testing into banking operations + str...
CCAR & DFAST: How to incorporate stress testing into banking operations + str...CCAR & DFAST: How to incorporate stress testing into banking operations + str...
CCAR & DFAST: How to incorporate stress testing into banking operations + str...Grant Thornton LLP
 
Five Lines of Assurance A New ERM and IA Paradigm
Five Lines of Assurance A New ERM and IA ParadigmFive Lines of Assurance A New ERM and IA Paradigm
Five Lines of Assurance A New ERM and IA ParadigmTim Leech
 
How to Create a Risk Profile for Your Organization: 10 Essential Steps
How to Create a Risk Profile for Your Organization: 10 Essential StepsHow to Create a Risk Profile for Your Organization: 10 Essential Steps
How to Create a Risk Profile for Your Organization: 10 Essential StepsCase IQ
 
Managing The Business Risk Of Fraud
Managing The Business Risk Of FraudManaging The Business Risk Of Fraud
Managing The Business Risk Of FraudMahmoud Elbagoury
 
Key Risk Indicators - Changing the Reference Points
Key Risk Indicators - Changing the Reference PointsKey Risk Indicators - Changing the Reference Points
Key Risk Indicators - Changing the Reference PointsTony Moroney
 
Thought Leadership on Ethics & Compliance scale Final
Thought Leadership on Ethics & Compliance scale FinalThought Leadership on Ethics & Compliance scale Final
Thought Leadership on Ethics & Compliance scale FinalSundaraparipurnan Narayanan
 
Strategically+Speaking+October+2015
Strategically+Speaking+October+2015Strategically+Speaking+October+2015
Strategically+Speaking+October+2015Andrew Smart
 
Combining Corporate Governance with Internal Leadership
Combining Corporate Governance with Internal LeadershipCombining Corporate Governance with Internal Leadership
Combining Corporate Governance with Internal Leadershipjobdoctors
 
How to integrate risk into your compliance-only approach
How to integrate risk into your compliance-only approach How to integrate risk into your compliance-only approach
How to integrate risk into your compliance-only approachAbhishek Sood
 
Alliance governance: Balancing Trust and Control in Dealing with Risk
Alliance governance: Balancing Trust and Control in Dealing with RiskAlliance governance: Balancing Trust and Control in Dealing with Risk
Alliance governance: Balancing Trust and Control in Dealing with RiskAlex Todd
 
Why Community-based Financial Institutions Should Practice Enterprise Risk Ma...
Why Community-based Financial Institutions Should Practice Enterprise Risk Ma...Why Community-based Financial Institutions Should Practice Enterprise Risk Ma...
Why Community-based Financial Institutions Should Practice Enterprise Risk Ma...WolfPAC - Integrated Risk Management
 
Reinventing Internal Audit Final April 2015
Reinventing Internal Audit Final April 2015Reinventing Internal Audit Final April 2015
Reinventing Internal Audit Final April 2015Tim Leech
 
Proposal for an Implementation Methodology of Key Risk Indicators System: Cas...
Proposal for an Implementation Methodology of Key Risk Indicators System: Cas...Proposal for an Implementation Methodology of Key Risk Indicators System: Cas...
Proposal for an Implementation Methodology of Key Risk Indicators System: Cas...Hajar Mouatassim Lahmini
 
GRC15620_Report_-_Third_party_risk_exposing_the_gaps
GRC15620_Report_-_Third_party_risk_exposing_the_gapsGRC15620_Report_-_Third_party_risk_exposing_the_gaps
GRC15620_Report_-_Third_party_risk_exposing_the_gapsKate Tomlinson
 

Tendances (16)

CCAR & DFAST: How to incorporate stress testing into banking operations + str...
CCAR & DFAST: How to incorporate stress testing into banking operations + str...CCAR & DFAST: How to incorporate stress testing into banking operations + str...
CCAR & DFAST: How to incorporate stress testing into banking operations + str...
 
Five Lines of Assurance A New ERM and IA Paradigm
Five Lines of Assurance A New ERM and IA ParadigmFive Lines of Assurance A New ERM and IA Paradigm
Five Lines of Assurance A New ERM and IA Paradigm
 
Five lines of assurance a new paradigm in internal audit &amp; erm
Five lines of assurance a new paradigm in internal audit &amp; ermFive lines of assurance a new paradigm in internal audit &amp; erm
Five lines of assurance a new paradigm in internal audit &amp; erm
 
How to Create a Risk Profile for Your Organization: 10 Essential Steps
How to Create a Risk Profile for Your Organization: 10 Essential StepsHow to Create a Risk Profile for Your Organization: 10 Essential Steps
How to Create a Risk Profile for Your Organization: 10 Essential Steps
 
Managing The Business Risk Of Fraud
Managing The Business Risk Of FraudManaging The Business Risk Of Fraud
Managing The Business Risk Of Fraud
 
Key Risk Indicators - Changing the Reference Points
Key Risk Indicators - Changing the Reference PointsKey Risk Indicators - Changing the Reference Points
Key Risk Indicators - Changing the Reference Points
 
Thought Leadership on Ethics & Compliance scale Final
Thought Leadership on Ethics & Compliance scale FinalThought Leadership on Ethics & Compliance scale Final
Thought Leadership on Ethics & Compliance scale Final
 
Strategically+Speaking+October+2015
Strategically+Speaking+October+2015Strategically+Speaking+October+2015
Strategically+Speaking+October+2015
 
Combining Corporate Governance with Internal Leadership
Combining Corporate Governance with Internal LeadershipCombining Corporate Governance with Internal Leadership
Combining Corporate Governance with Internal Leadership
 
How to integrate risk into your compliance-only approach
How to integrate risk into your compliance-only approach How to integrate risk into your compliance-only approach
How to integrate risk into your compliance-only approach
 
Alliance governance: Balancing Trust and Control in Dealing with Risk
Alliance governance: Balancing Trust and Control in Dealing with RiskAlliance governance: Balancing Trust and Control in Dealing with Risk
Alliance governance: Balancing Trust and Control in Dealing with Risk
 
Why Community-based Financial Institutions Should Practice Enterprise Risk Ma...
Why Community-based Financial Institutions Should Practice Enterprise Risk Ma...Why Community-based Financial Institutions Should Practice Enterprise Risk Ma...
Why Community-based Financial Institutions Should Practice Enterprise Risk Ma...
 
Reinventing Internal Audit Final April 2015
Reinventing Internal Audit Final April 2015Reinventing Internal Audit Final April 2015
Reinventing Internal Audit Final April 2015
 
Proposal for an Implementation Methodology of Key Risk Indicators System: Cas...
Proposal for an Implementation Methodology of Key Risk Indicators System: Cas...Proposal for an Implementation Methodology of Key Risk Indicators System: Cas...
Proposal for an Implementation Methodology of Key Risk Indicators System: Cas...
 
GRC15620_Report_-_Third_party_risk_exposing_the_gaps
GRC15620_Report_-_Third_party_risk_exposing_the_gapsGRC15620_Report_-_Third_party_risk_exposing_the_gaps
GRC15620_Report_-_Third_party_risk_exposing_the_gaps
 
Hedge Fund Management
Hedge Fund ManagementHedge Fund Management
Hedge Fund Management
 

En vedette

eVar7 Summit 報告会
eVar7 Summit 報告会eVar7 Summit 報告会
eVar7 Summit 報告会Keisuke Anzai
 
How to Presentation
How to Presentation How to Presentation
How to Presentation Keisuke Anzai
 
Narrazione didattica
Narrazione didatticaNarrazione didattica
Narrazione didatticamariutz
 
Elections régionales 2015 en France : Résultats du second tour (dimanche 13 d...
Elections régionales 2015 en France : Résultats du second tour (dimanche 13 d...Elections régionales 2015 en France : Résultats du second tour (dimanche 13 d...
Elections régionales 2015 en France : Résultats du second tour (dimanche 13 d...Super Professeur
 
Woman of the Day : Happy Birthday to you Jessica Janusz !!! From Ronning Agai...
Woman of the Day : Happy Birthday to you Jessica Janusz !!! From Ronning Agai...Woman of the Day : Happy Birthday to you Jessica Janusz !!! From Ronning Agai...
Woman of the Day : Happy Birthday to you Jessica Janusz !!! From Ronning Agai...Super Professeur
 
20150610 3つのPで実現される「喜ばれるエクスペリエンス」とは(抜粋)
20150610 3つのPで実現される「喜ばれるエクスペリエンス」とは(抜粋)20150610 3つのPで実現される「喜ばれるエクスペリエンス」とは(抜粋)
20150610 3つのPで実現される「喜ばれるエクスペリエンス」とは(抜粋)Keisuke Anzai
 
Adobe Summit 2014 Quick Wrap-up
Adobe Summit 2014 Quick Wrap-upAdobe Summit 2014 Quick Wrap-up
Adobe Summit 2014 Quick Wrap-upKeisuke Anzai
 
Summit 2016 Wrap-up for eVar7
Summit 2016 Wrap-up for eVar7Summit 2016 Wrap-up for eVar7
Summit 2016 Wrap-up for eVar7Keisuke Anzai
 
Woman of the Day (November 5th ) is Btecem Riche. Happy Birthday to you!!! F...
Woman of the Day (November 5th ) is Btecem Riche. Happy Birthday to you!!! F...Woman of the Day (November 5th ) is Btecem Riche. Happy Birthday to you!!! F...
Woman of the Day (November 5th ) is Btecem Riche. Happy Birthday to you!!! F...Super Professeur
 
Marketing : Les comportements du consommateur - Cours de Marketing sur www....
Marketing : Les comportements du consommateur - Cours de Marketing sur www....Marketing : Les comportements du consommateur - Cours de Marketing sur www....
Marketing : Les comportements du consommateur - Cours de Marketing sur www....Super Professeur
 
Summit 2016 wrap up hands out
Summit 2016 wrap up hands outSummit 2016 wrap up hands out
Summit 2016 wrap up hands outKeisuke Anzai
 
今、顧客体験を向上させるために取り組むべきこと ~Experience Business時代を迎えて~
今、顧客体験を向上させるために取り組むべきこと ~Experience Business時代を迎えて~今、顧客体験を向上させるために取り組むべきこと ~Experience Business時代を迎えて~
今、顧客体験を向上させるために取り組むべきこと ~Experience Business時代を迎えて~Keisuke Anzai
 
20140415 アドタイデイズ 安西パート
20140415 アドタイデイズ 安西パート20140415 アドタイデイズ 安西パート
20140415 アドタイデイズ 安西パートKeisuke Anzai
 
20150622 Adobe Analytics
20150622 Adobe Analytics20150622 Adobe Analytics
20150622 Adobe AnalyticsKeisuke Anzai
 
Les comportements du consommateur - Cours de Marketing sur www.SuperProfesse...
Les comportements du consommateur - Cours de Marketing sur www.SuperProfesse...Les comportements du consommateur - Cours de Marketing sur www.SuperProfesse...
Les comportements du consommateur - Cours de Marketing sur www.SuperProfesse...Super Professeur
 

En vedette (17)

Summit 2013 Wrap-Up
Summit 2013 Wrap-UpSummit 2013 Wrap-Up
Summit 2013 Wrap-Up
 
eVar7 Summit 報告会
eVar7 Summit 報告会eVar7 Summit 報告会
eVar7 Summit 報告会
 
How to Presentation
How to Presentation How to Presentation
How to Presentation
 
CCE RA - Mission
CCE RA - MissionCCE RA - Mission
CCE RA - Mission
 
Narrazione didattica
Narrazione didatticaNarrazione didattica
Narrazione didattica
 
Elections régionales 2015 en France : Résultats du second tour (dimanche 13 d...
Elections régionales 2015 en France : Résultats du second tour (dimanche 13 d...Elections régionales 2015 en France : Résultats du second tour (dimanche 13 d...
Elections régionales 2015 en France : Résultats du second tour (dimanche 13 d...
 
Woman of the Day : Happy Birthday to you Jessica Janusz !!! From Ronning Agai...
Woman of the Day : Happy Birthday to you Jessica Janusz !!! From Ronning Agai...Woman of the Day : Happy Birthday to you Jessica Janusz !!! From Ronning Agai...
Woman of the Day : Happy Birthday to you Jessica Janusz !!! From Ronning Agai...
 
20150610 3つのPで実現される「喜ばれるエクスペリエンス」とは(抜粋)
20150610 3つのPで実現される「喜ばれるエクスペリエンス」とは(抜粋)20150610 3つのPで実現される「喜ばれるエクスペリエンス」とは(抜粋)
20150610 3つのPで実現される「喜ばれるエクスペリエンス」とは(抜粋)
 
Adobe Summit 2014 Quick Wrap-up
Adobe Summit 2014 Quick Wrap-upAdobe Summit 2014 Quick Wrap-up
Adobe Summit 2014 Quick Wrap-up
 
Summit 2016 Wrap-up for eVar7
Summit 2016 Wrap-up for eVar7Summit 2016 Wrap-up for eVar7
Summit 2016 Wrap-up for eVar7
 
Woman of the Day (November 5th ) is Btecem Riche. Happy Birthday to you!!! F...
Woman of the Day (November 5th ) is Btecem Riche. Happy Birthday to you!!! F...Woman of the Day (November 5th ) is Btecem Riche. Happy Birthday to you!!! F...
Woman of the Day (November 5th ) is Btecem Riche. Happy Birthday to you!!! F...
 
Marketing : Les comportements du consommateur - Cours de Marketing sur www....
Marketing : Les comportements du consommateur - Cours de Marketing sur www....Marketing : Les comportements du consommateur - Cours de Marketing sur www....
Marketing : Les comportements du consommateur - Cours de Marketing sur www....
 
Summit 2016 wrap up hands out
Summit 2016 wrap up hands outSummit 2016 wrap up hands out
Summit 2016 wrap up hands out
 
今、顧客体験を向上させるために取り組むべきこと ~Experience Business時代を迎えて~
今、顧客体験を向上させるために取り組むべきこと ~Experience Business時代を迎えて~今、顧客体験を向上させるために取り組むべきこと ~Experience Business時代を迎えて~
今、顧客体験を向上させるために取り組むべきこと ~Experience Business時代を迎えて~
 
20140415 アドタイデイズ 安西パート
20140415 アドタイデイズ 安西パート20140415 アドタイデイズ 安西パート
20140415 アドタイデイズ 安西パート
 
20150622 Adobe Analytics
20150622 Adobe Analytics20150622 Adobe Analytics
20150622 Adobe Analytics
 
Les comportements du consommateur - Cours de Marketing sur www.SuperProfesse...
Les comportements du consommateur - Cours de Marketing sur www.SuperProfesse...Les comportements du consommateur - Cours de Marketing sur www.SuperProfesse...
Les comportements du consommateur - Cours de Marketing sur www.SuperProfesse...
 

Similaire à A Sharper Focus By Ahmar Azam Iia 70 Years Celebration Magazine

POSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORK
POSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORKPOSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORK
POSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORKHaresh Lalwani
 
Measuring the impact of Internal Audit
Measuring the impact of Internal Audit Measuring the impact of Internal Audit
Measuring the impact of Internal Audit Huzeifa Unwala
 
Reinventing Internal Audit Final April 2015
Reinventing Internal Audit Final April 2015Reinventing Internal Audit Final April 2015
Reinventing Internal Audit Final April 2015Tim Leech
 
Tyco Internal Audit Case Study
Tyco Internal Audit Case StudyTyco Internal Audit Case Study
Tyco Internal Audit Case StudyJessica Myers
 
CFO Survey 2010 Full Report
CFO Survey 2010 Full ReportCFO Survey 2010 Full Report
CFO Survey 2010 Full ReportErwinTheunissen
 
2010 Cfo Study
2010 Cfo Study2010 Cfo Study
2010 Cfo StudyNone
 
Evolving role of internal auditing function
Evolving role of internal auditing functionEvolving role of internal auditing function
Evolving role of internal auditing functionDebashis Gupta
 
The effect of risk based audit approach on the implementation of internal co...
The effect of risk based audit approach on the implementation of internal co... The effect of risk based audit approach on the implementation of internal co...
The effect of risk based audit approach on the implementation of internal co...inventionjournals
 
Internal Audit And Internal Control Presentation Leo Wachira
Internal Audit And Internal Control Presentation Leo WachiraInternal Audit And Internal Control Presentation Leo Wachira
Internal Audit And Internal Control Presentation Leo WachiraJenard Wachira
 
Enterprise Risk Management Integrating with Strategy and Per
Enterprise Risk Management Integrating with Strategy and PerEnterprise Risk Management Integrating with Strategy and Per
Enterprise Risk Management Integrating with Strategy and PerTanaMaeskm
 
Designing Effective Financial Controls - Leveraging the Internal Control Fram...
Designing Effective Financial Controls - Leveraging the Internal Control Fram...Designing Effective Financial Controls - Leveraging the Internal Control Fram...
Designing Effective Financial Controls - Leveraging the Internal Control Fram...Stephen G. Lynch
 
The importance of value for money and perfomance based audits
The importance of value for money and perfomance based auditsThe importance of value for money and perfomance based audits
The importance of value for money and perfomance based auditspaul young cpa, cga
 
Control Self-Assessment article
Control Self-Assessment articleControl Self-Assessment article
Control Self-Assessment articleDeepika Menon
 
Internal Audit in Post COVID Era.pdf
Internal Audit in Post COVID Era.pdfInternal Audit in Post COVID Era.pdf
Internal Audit in Post COVID Era.pdfFiyona Nourin
 
Credit Risk Msia
Credit Risk MsiaCredit Risk Msia
Credit Risk MsiaTommy Seah
 

Similaire à A Sharper Focus By Ahmar Azam Iia 70 Years Celebration Magazine (20)

POSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORK
POSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORKPOSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORK
POSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORK
 
Measuring the impact of Internal Audit
Measuring the impact of Internal Audit Measuring the impact of Internal Audit
Measuring the impact of Internal Audit
 
Reinventing Internal Audit Final April 2015
Reinventing Internal Audit Final April 2015Reinventing Internal Audit Final April 2015
Reinventing Internal Audit Final April 2015
 
Tyco Internal Audit Case Study
Tyco Internal Audit Case StudyTyco Internal Audit Case Study
Tyco Internal Audit Case Study
 
CFO Survey 2010 Full Report
CFO Survey 2010 Full ReportCFO Survey 2010 Full Report
CFO Survey 2010 Full Report
 
2010 Cfo Study
2010 Cfo Study2010 Cfo Study
2010 Cfo Study
 
Lean Auditing
Lean AuditingLean Auditing
Lean Auditing
 
Evolving role of internal auditing function
Evolving role of internal auditing functionEvolving role of internal auditing function
Evolving role of internal auditing function
 
The effect of risk based audit approach on the implementation of internal co...
The effect of risk based audit approach on the implementation of internal co... The effect of risk based audit approach on the implementation of internal co...
The effect of risk based audit approach on the implementation of internal co...
 
Internal Audit And Internal Control Presentation Leo Wachira
Internal Audit And Internal Control Presentation Leo WachiraInternal Audit And Internal Control Presentation Leo Wachira
Internal Audit And Internal Control Presentation Leo Wachira
 
Risk based auditing
Risk based auditingRisk based auditing
Risk based auditing
 
Mcclain Plastics
Mcclain PlasticsMcclain Plastics
Mcclain Plastics
 
Enterprise Risk Management Integrating with Strategy and Per
Enterprise Risk Management Integrating with Strategy and PerEnterprise Risk Management Integrating with Strategy and Per
Enterprise Risk Management Integrating with Strategy and Per
 
Designing Effective Financial Controls - Leveraging the Internal Control Fram...
Designing Effective Financial Controls - Leveraging the Internal Control Fram...Designing Effective Financial Controls - Leveraging the Internal Control Fram...
Designing Effective Financial Controls - Leveraging the Internal Control Fram...
 
The importance of value for money and perfomance based audits
The importance of value for money and perfomance based auditsThe importance of value for money and perfomance based audits
The importance of value for money and perfomance based audits
 
Governance, Risk, and Control Knowledge Elements
Governance, Risk, and Control Knowledge ElementsGovernance, Risk, and Control Knowledge Elements
Governance, Risk, and Control Knowledge Elements
 
Control Self-Assessment article
Control Self-Assessment articleControl Self-Assessment article
Control Self-Assessment article
 
Internal Audit in Post COVID Era.pdf
Internal Audit in Post COVID Era.pdfInternal Audit in Post COVID Era.pdf
Internal Audit in Post COVID Era.pdf
 
Credit Risk Msia
Credit Risk MsiaCredit Risk Msia
Credit Risk Msia
 
Aligning Corporate Strategy with Risks in order to avoid a Crisis
Aligning Corporate Strategy with Risks in order to avoid a CrisisAligning Corporate Strategy with Risks in order to avoid a Crisis
Aligning Corporate Strategy with Risks in order to avoid a Crisis
 

A Sharper Focus By Ahmar Azam Iia 70 Years Celebration Magazine

  • 1. A Sharper Focus Page 1 of 5 Submit Q Log Out Change Custom Password Update Your Profile GLOBAL PERSPECTIVES ON RISK, CONTROL, AND GOVERNANCE FEATURES BACK TO BASICS ITAUDIT ASK THE EXPERTS FRAUD FINDINGS IN THE PROFESSION ABOUT US DIGITAL EDITION February 2011 A Sharper Focus Heightened stakeholder expectations are pushing audit departments to put greater emphasis on the key elements of internal auditing. Ahmar Azam, CA ICS Compliance LLC P oor corporate governance has contributed to the adverse economic conditions in the United States, the financial crisis in Europe, the real estate bubble in the United Arab Emirates, and the pressures of the global recession. The roller coaster ride that this generation of business leaders has experienced is unlike anything witnessed since the Great Depression. Globally, governments are endeavoring to put the economy back on track. On one side, these changes are presenting opportunities, particularly for professionals in governance, risk, and compliance (GRC). On the other side, the changes are forcing the internal audit profession to reconsider its existing model. Over the past two years, executive management and boards of directors of organizations have demanded greater assurances from internal auditing that internal controls and risk management procedures are in place to help achieve business objectives, generate greater value, and meet shareholders’ expectations. In response to these unprecedented expectations, many internal audit functions have focused on addressing the key components of internal auditing while ensuring that auditors are leveraging the resources within the organization, both in terms of people and processes. LEVERAGING RESOURCES Organizations typically have a board of directors, audit committee, regulators, external auditors, and management as their major stakeholders. Understanding the goals of the organization’s stakeholders and protecting their interests are mission- critical to audit functions. The internal audit department is a third line of defense after the business and risk managers. Performing this role is particularly difficult for internal audit functions when the economy declines. In a recession, budgets are slashed, people are overworked, and segregation of duties may be compromised, leading to increased risk of fraud and error. In situations like this, audit resources need to be strengthened, but this is not happening. According to a 2010 IIA Audit Executive Center survey, more than half of U.S. Fortune 500 internal audit departments faced budget cuts since 2007. As a result, today’s auditors need to identify every opportunity to leverage the GRC efforts that exist at different management levels within the organization, which can minimize costly duplication of GRC efforts. For example, in 2010, the audit department at one community bank was not leveraging the GRC efforts at that organization at all. Both management and internal auditing were performing separate U.S. Sarbanes-Oxley Act of 2002 testing in its entirety. In addition, auditors were not invited to attend risk management meetings, and the audit risk assessment did not take management’s risk identification and management process into account. This silo approach led to an inefficient audit process that could have been prevented if auditors had used their vertical and horizontal view of the organization to identify and eliminate such duplications. http://www.theiia.org/intAuditor/feature-articles/2011/february/a-sharper-focus/index.cfm?... 2/13/2011
  • 2. A Sharper Focus Page 2 of 5 Sarbanes-Oxley brought a turning point in corporate governance by putting the focus of risks and controls at the business unit and process level. Today, as the process has evolved, elements of GRC, such as Sarbanes-Oxley testing, risk assessment, and compliance, are also embedded at the process level and are controlled and monitored by process owners. Risk-savvy audit professionals focus on leveraging the good work of management in GRC, and their organizations create processes to hold executives accountable for the “what if” scenario through a risk and reward system. A BETTER AUDIT APPROACH Building trust and relationships with management at all levels is an intricate element of an internal audit function’s success. An important goal of an organization should be to create an environment in which the process owners trust the audit function, value its contributions, and see it as a partner. Less successful audit departments tend to be those that process owners perceive to be taking a “gotcha” approach. When that happens, process owners don’t easily provide information and cooperation. A partnership between internal auditing and process owners can be achieved without compromising independence and objectivity. Such cooperation also can improve the audit function’s effectiveness and efficiency. The speed of trust gained from this partnership can give the audit function unprecedented access to information. However, this information must be managed and leveraged appropriately to bring effectiveness within both the audit function and the organization. The board, management, and internal auditing need to implement communication tools that ensure that information is analyzed, used, and forwarded timely. The audit function also must communicate effectively with its stakeholders, particularly the audit committee. Establishing a trusted relationship with audit clients is an important component of a multifaceted audit approach that addresses the key components of internal auditing: risk assessments, control testing, compliance, fraud, process improvement, and quality reviews. Risk Assessments Risk assessments cannot simply focus on the risks that are driving the existing lines of revenue; they also should identify and understand the future risks that may prevent the organization from achieving its goals tomorrow. Identifying risks is not a point-in-time exercise, especially for sophisticated sectors like financial services; it is ongoing and dynamic. Every time the organization explores a new line of revenue, it needs to identify: The additional risks it would bring to the organization. Who would own that risk. Who would own the resulting internal controls. The residual risk. The impact on the existing risk and control environment. Whether the existing GRC model has the capability to manage that risk. Whether it is worth taking that risk. This analysis should play a major role in the decision process, which makes sense when the return on investment is greater than the unmitigated risk of that investment. Internal auditors have the benefit of looking at risks within the organization, both vertically and horizontally. They also have an understanding of each stakeholder’s expectations. They can help set up processes at an operational level that help the organization make its risk identification, management, and monitoring processes more reliable and resilient. In today’s business environment, risk identification and management is happening at different levels of the organization. Internal auditors’ risk assessment process needs to incorporate the risk assessment and risk management that exists throughout the organization. Efficiency is brought about by populating the entire risk universe, identifying the owners of risks, evaluating how they are managing those risks, quantifying the residual risk, and identifying ways for internal auditing to leverage these risk assessment efforts. Control Testing http://www.theiia.org/intAuditor/feature-articles/2011/february/a-sharper-focus/index.cfm?... 2/13/2011
  • 3. A Sharper Focus Page 3 of 5 Whether by way of point-in-time testing of internal controls or continuous auditing, today’s internal auditing is moving beyond transactional testing. Audit efforts need to be as much forward-looking as past-focused. Most enterprise resource planning (ERP) systems have built-in tools that complement the efforts of the internal audit function through continuous monitoring and exception reporting. By focusing on red flags that these tools have identified, audit functions can catch issues before they get out of control. Moreover, IT audits can no longer operate in a silo within the audit function, nor can they only focus on areas such as IT general controls and vulnerability and penetration testing. The application controls within the ERP system need to be understood fully to identify opportunities to create exception reports leading to early warning of issues, covering both fraud and error. Assigning responsibilities for ownership of internal controls, monitoring controls, and holding the control owners accountable contributes to an effective GRC environment. This allows auditors to focus on items that really matter in meeting stakeholders’ objectives. For instance, in the area of account reconciliation, as long as management checks a sample of transactions each month, without compromising segregation of duties, the internal auditor does not need to do the same check. Instead, auditors should test a sample of transactions to verify that management is doing what it is supposed to do. Compliance With an ever-changing regulatory landscape across various industries, especially in the financial services sector, compliance has evolved into one of the most important functions in any organization. Most enforcement actions against banks and monetary penalties levied by the regulators are due to noncompliance with regulations and ineffective policies and procedures. Compliance and audit departments cannot afford to operate in isolation. Although internal auditors are responsible for auditing the compliance function, effectiveness in both functions cannot be brought about unless the audit and compliance teams fully understand each others’ mandate in a transparent manner. A mature compliance department has three broad responsibilities: Ensuring that the organization’s policies and procedures comply with laws and regulations, and protecting the interest and goals of the stakeholders. Monitoring whether process owners are in compliance with the policies and procedures. Ensuring that compliance and internal controls are embedded in the organization’s business processes, prospectively and retrospectively. Understanding the mandate of the compliance department, identifying opportunities to leverage its work, and effectively monitoring its function should be an integral part of the audit process. Focusing on areas where compliance has identified problems creates value and lowers the audit function’s costs. Fraud According to the Association of Certified Fraud Examiners’ 2010 Report to the Nations on Occupational Fraud & Abuse, a typical organization loses 5 percent of its annual revenue to fraud, translating to a global fraud loss of US $2.9 trillion. In today’s environment, an effective audit plan must include fraud as a key component. Risk assessments should include fraud risk and evaluate how the process owners are managing it. Auditors should provide guidance to process owners and compliance professionals in identifying controls that can prevent fraud and assist in devising ways of monitoring those controls. Organizations should create an environment where employees are trained to identify fraud and feel secure in reporting it. Their compliance and internal audit functions share responsibility for ensuring the integrity and effectiveness of the reporting process. Process Improvement To earn the respect of process owners, internal auditing must contribute to process improvement — simply identifying a problem is not enough. Providing ideas for improvement builds a relationship of trust and is easy to measure. http://www.theiia.org/intAuditor/feature-articles/2011/february/a-sharper-focus/index.cfm?... 2/13/2011
  • 4. A Sharper Focus Page 4 of 5 Today, many audit functions see their department as a profit center, quantifying their value to the organization by the amount of fraud and errors they caught or prevented, as well as the benefits gained through process improvements. To add more value, achieve improvements, and gain access to the best practices, audit functions depend on training, assistance from professional services firms, and interaction with audit peers in other organizations. Quality Reviews In today’s business environment, self-governance and self-evaluation are critical components of process improvement. To avoid complacency, internal audit functions should perform a periodic quality review of their own practices. The International Standards for the Professional Practice of Internal Auditing (Standards) provides excellent guidance that audit functions can use to undergo a quality review. The Standards require internal audit departments to undergo an external quality assessment every five years and internal quality assessments periodically. These assessments should evaluate the department’s conformance with the Standards, Code of Ethics, and Definition of Internal Auditing; the adequacy of its charter, goals, policies, and procedures; its contribution to the organization’s governance, risk management, and control processes; compliance with applicable regulations; and the effectiveness of improvement activities. Completing such assessments as part of a quality assurance and improvement program brings transparency to the audit process and facilitates an increase in trust and respect of the audit function. AN ENHANCED AUDIT FOCUS By incorporating these six components into their audit approach, internal auditors can more effectively assess the business, identify areas for improvement, and contribute to managing business risks. This becomes increasingly important as today’s audit committees demand that their organizations have an effective, robust, and reliable governance framework in place, along with continuous compliance, monitoring, and reporting. These expectations — and the regulatory environment — will only get tougher in the future. An enhanced focus on internal auditing can help organizations stay focused on business growth, weather stormy market conditions, and enhance shareholder value. To comment on this article, e-mail the author at ahmar.azam@theiia.org. A SHARPER FOCUS A SHARPER FOCUS Heightened stakeholder expectations are pushing audit departments to put greater emphasis on the key elements The prime function of an organization is how ready the company is in its payments. This morale and its existence require the company’s liquidity position. Internal Audit as a watch to every transaction holds the funds to its spending towards business and authorized payments. This payment monitoring through regularized system , regulated by the internal audit make the company obliged to the payments to the stakeholders, through maintaining its sound system of authorized payments. Rashid Pervez IIA Membership # 1394262 Posted By: Rashid Pervez 2011-02-07 12:06 AM SHARPER FOCUS Dear, "Sharper focus" of internal auditing you have discussed is very relevant.However in most developing countries there is a need to enhance conducive enveronment of GRC in public sector.This is because legal framework defining roles and relatioship of oversight ,management and evaluation is lacking automotic driving forces as it is in private sector.The greater moving forces for GRC in private sector is axiomatic from the fact that the oversight, management and resources all belong to the same and specific owner.Thus ,the legal framework and tone at the top is very paramaount in enahcing sharper focusing of internal auditing.I believe that GRC comes next to the tone at the top and legal framework.Regardless of current obstacles , I believe that we internal auditors still have a great role to play by marketing those prerequisites of GRC in our develing countries.We have to dare forevermore in highlighting of likely consequences if uconduciveness for GRC are not resolved .Now, it is luck that in many africa countries that importance of empowering the internal audit activties is on move.Matured evaluation of Good Governance is a cornerstone for making the Internal Audit Activities to deploy GRS tools to the expectations of stakeholders. I recommend for your blog, Venance S Nijimbere CIA Posted By: venance S.Nijimbere 2011-02-04 8:43 AM Feel free to provide feedback about this article. Your comment will display below. http://www.theiia.org/intAuditor/feature-articles/2011/february/a-sharper-focus/index.cfm?... 2/13/2011
  • 5. A Sharper Focus Page 5 of 5 Name: Email: Subject: Comment: Post To make something bold: <strong>Text to bold</strong> To make something italic: <em>Text to italicize</em> To make a hyperlink: <a href="URL">Text to link</a> The Institute of Internal Auditors • 247 Maitland Avenue • Altamonte Springs, Florida 32701-4201 U.S.A. +1-407-937-1100 • Fax +1-407-937-1101 • www.internalauditoronline.org Home IIA Home Privacy Policy Contents of this site, except where expressly stated, are the copyrighted property of The Institute of Internal Auditors. http://www.theiia.org/intAuditor/feature-articles/2011/february/a-sharper-focus/index.cfm?... 2/13/2011