Sie sind auf Seite 1von 14

22/09/2014 1

www.eciia.eu
Enhancing governance through internal audit
IAS Conference
Adding Value through Internal Audit
Internal Auditors:

The Good?
the Bad?
the Ugly?
1

Thats the question!

22/09/2014 2

www.eciia.eu
Enhancing governance through internal audit

www.eciia.eu
Enhancing governance through internal audit
RISK
Audit Committee & Board
Senior Management
Management and employees
Risk Management
Financial reporting review
teams
Environmental, Health
and Safety Auditors
Compliance
Quality assurance
Internal auditors
External auditors
Other External assurance
providers
The Stakeholders' relationship
Identify assurance providers
2
22/09/2014 3

www.eciia.eu
Enhancing governance through internal audit

www.eciia.eu
Enhancing governance through internal audit
3

Keys to success for Internal Audit:

Multi-dimension approach
Stakeholder expectations alignment
Governance effectiveness
Assurance provider maturity
Assurance map: concept of the 3 lines of defence
CAE engagement



The Stakeholders' relationship
Good practices
22/09/2014 4

www.eciia.eu
Enhancing governance through internal audit
Interaction and cooperation
with External Audit
Why cooperate?

Help Board to obtain more comprehensive view of operations and risks
Avoid duplication of audit
Coordination of activities and recommendations, coordinated benefit for
management
If external audit, to build on internal audit regulated by ISA 610

Scope of risk examination

External audit gathers
risk information limited
to financial reporting
risks
Internal audit looks at
strategic, business and
compliance risks
4
22/09/2014 5

www.eciia.eu
Enhancing governance through internal audit

www.eciia.eu
Enhancing governance through internal audit
Business partner relationship
Instil the concept of customer service throughout the
audit process : act as if you had competition and your
audit customer had a choice of provider

Do not plan in silos, include all relevant parties, as
appropriate in the initiating and planning phases of
internal audit engagements

Run each engagement as a project




5
22/09/2014 6

www.eciia.eu
Enhancing governance through internal audit

www.eciia.eu
Enhancing governance through internal audit
Do
Identify all stakeholders
Ask for feedback from the different
stakeholders
Listen to stakeholders' expectations
Organize regular meetings with
stakeholders
Understand the business
Make forward-looking recommendations
Focus on results and not on tasks
Invest in personal development
Have fun on assignments
Keep the discussion and dialogues open

Work in silos
Duplicate the work of others and vice-
versa
Only mention bad things
Work with no goal
Reject changes
Follow one stakeholder rather than
others in conflicts
Forget about ethics
Be too technical
Escape the trust of others
Be paralyzed by the fear of failure

Do not Do !
6
22/09/2014 7

www.eciia.eu
Enhancing governance through internal audit
Five imperatives to address challenges
and opportunities in the year ahead
Assess/address emerging stakeholder expectation gaps on
focus and capabilities
Develop and implement knowledge and talent acquisition
strategies
Develop/enhance continuous methodologies for assessing
risks
Assume a leadership role in coordinating / aligning the 2
nd

and 3
rd
lines of defence
Seek out innovative solutions to enhance internal audit
efficiency
7
22/09/2014 8

www.eciia.eu
Enhancing governance through internal audit

www.eciia.eu
Enhancing governance through internal audit
Making the most of the Internal Audit Function:
Recommendations for Directors and Board
Committees
Evaluating the need for establishing an internal audit function when such
function does not exist
Assessing and approving the internal audit charter
Ensuring effective communication lines between the Chief Audit Executive
and the Board
Evaluating the internal audit plan
Assessing the staffing of the internal audit function
Gaining assurance regarding the quality of the internal audit functions work
Overseeing the relationship between the internal audit function and the
organization's centralized risk monitoring function
Coordinating the internal audit function with the work of external audit
Assessing internal audit reporting
Monitoring management follow-up of internal audit recommendations.
8
22/09/2014 9

www.eciia.eu
Enhancing governance through internal audit

www.eciia.eu
Enhancing governance through internal audit

Adding Value through Internal Audit


Appendix: About ECIIA



9
22/09/2014 10

www.eciia.eu
Enhancing governance through internal audit
European Confederation of Institutes
of Internal Auditing (ECIIA)
The ECIIA represents the beacon of the Internal Audit
profession in the wider geographic area of Europe and the
Mediterranean basin:
35 countries
40.000 members

Primary objective of furthering the development of corporate
governance and internal audit through knowledge sharing,
key relationships and regulatory environment oversight
Our mission is to promote the Internal Audit
profession at the European Level

10
22/09/2014 11

www.eciia.eu
Enhancing governance through internal audit
ECIIA publications
Guidance on the 8
th
EU Company Law Directive Article 41
(with FERMA) Parts 1 & 2
Reinforcing audit committee oversight over global assurance and
internal audit
Corporate Governance Codes on Internal Audit
Making the most of the internal audit function (with Ecoda)
The role of internal audit under Solvency II
Improving cooperation between external and internal audit

11
22/09/2014 12

www.eciia.eu
Enhancing governance through internal audit

www.eciia.eu
Enhancing governance through internal audit
ECIIA promotes the 3 LOD
12
The Three Lines of Defence Model for risk assurance mapping

22/09/2014 13

www.eciia.eu
Enhancing governance through internal audit

www.eciia.eu
Enhancing governance through internal audit
Internal Audit Positioning
Application of the 3 Lines of Defence model
To ensure clarity of roles and responsibilities in organizational
governance, the 3 lines of Defence model defines three levels of
control:
1
S
T

L
I
N
E

Operational
management
has ownership, responsibility and accountability for
assessing, controlling and mitigating risks
2
N
D

L
I
N
E

Internal governance
functions
(Group support and
control functions)
monitors and facilitates the implementation of
effective risk management practices by the 1st line
and assists risk owners in reporting adequate risk-
related information throughout the organization
3
R
D

L
I
N
E

Internal Audit
provides assurance to the Group governing body and
senior management on the organizations
effectiveness in assessing and managing its risks and
related internal control systems, including the manner
in which the 1st and 2nd lines operate
|

13 13
22/09/2014 14

www.eciia.eu
Enhancing governance through internal audit
Internal Audit Positioning
The Three Lines of Defence model has helped articulate
internal audits role / value

Encroachment between 2
nd
and 3
rd
lines of defence is
occurring

Audit / oversight fatigue presents challenges and
opportunities

Internal audit can be a leader in coordinating key players
14