Beruflich Dokumente
Kultur Dokumente
INTERNAL AUDITING;
FUNDAMENTALS
PALOMAR HEALTH,
SAN DIEGO, CA
WHY IS IT NECESSARY?
Audit
A di required
i d ffor publicly
bli l hheld
ld companies
i and
d entities
ii
held publically accountable
Assurance that:
Internal Audit
Confirms the effectiveness of business process controls in reducing financial
risk
I di t areas where
Indicates h business
b i processes may be
b improved
i d upon
Internal Controls
Organizational
System development
Structure methods
Management reaction to
Audit Committee
external influences
Ensure Reliability
Promote Compliance
Safeguard Assets
Optimize Resources
Internal Controls
Intended to avoid an unwanted event
P
Preventive
i from occurring
Designed to monitor operations identify
Detective
e ec ve errors and abnormalities
Designed to correct errors and
Corrective abnormalities that have occurred
Processes intended
d d to create desired
d d
Application outcomes, consistently
Performed byy individuals outside of a
Manual system.
Internal Controls - Defined
In a business environment
environment
IInternal
t l Control
C t l objectives
bj ti are desired
d i d goals l or
conditions for a specific event cycle which, if achieved,
minimize the potential that waste,
waste loss,
loss unauthorized
use or misappropriation will occur.
For a control objective to be effective, compliance with
it must be measurable and observable.
Internal Controls - Objectives
Internal Control objectives include:
Authorization
Completeness
Accuracy
Validity
Physical Safeguards
Security
S it
Error Handling
Segregation of Duties.
Internal Controls - Objectives
24
I a motor
In t vehicle
hi l
Guardrails Cruise Control
T Signals
Turn Si l S t Belts
Seat B lt
Brakes Air-Bags
I ab
In business
i environment
i t
Segregation of duties
Proper authorization
Adequate documentation
Physical control over assets
Preventative Vs. Detective
Preventive Controls - Defined
Th
They are ddesigned
i d to t discourage
di errors or preventt
irregularities from occurring
They are proactive controls that help prevent a loss
They are most desirable as it stops problems and incorrect
processing from occurring
Detective Controls - Defined
Methods of Management
assigning control Effectiveness
Management authority and methods of specific
philosophy and responsibility policies and
operating style
procedures
Personnel
policies and System
Organizational Internal practices development
Structure Audit
methods
Control Management
Board of Systems
reaction to
Director external
and Audit influences
Committee
Control Environment
36
Unrestricted access
Audit charter
Audit reports
p and follow-up
p
Provide
oversight of:
The Performance
Financial legal and
Auditors of the Internal
statement regulatory
qualifications Audit Function
integrity compliance
Internal Audit Services follow
professional standards; examples
Enterprise
p Risk Assessment
Not b
N badd Not b
N badd
not likely but likely
Likelihood
Assessing Risk
HIGH
Moderate Risk
MODERATE HIGH
Financial /
mpact
Compliance
Im
LOW MODERATE
Moderate Risk
LOW
Likelihood HIGH
How much control is enough?
g
Cost of securing an asset should not exceed the
assets value
Value of tangible assets easily calculated
E.g., improperly documented charges
Intangible assets value difficult to assess
What is the damage if patients lose confidence in the
hospital?
p
How does one measure the extent and value of such lost
confidence?
Assessing Cost of Controls
High
g
Impact
Low
E t
Extreme Risk
Ri k Requires
R i urgentt action
ti
Risk
Assessment
Report Perform
Results Audit
Types
yp of Audits
50
Technology
gy and the Audit Function
The way
y it used to be . . .
2. People management
3. Professional practices
6. Governance structure
Keys
y for Success
57
Staying
y g in tune with the organizations
g risk priorities
p
Taking a risk-based approach to internal audit
planning
Continuously monitoring organizational changes
Making informed and educated recommendations to
management and the Board
Partner with management and auditees
Obtain honest feedback and make improvements
p
Become an reliable and invaluable team member
Save the Date:
August 25-28,
25-28 2013
59