Narrative: You Will Need A Copy of The Book As Future Reference Material For This Presentation

Essentials Companion © KHS Pickett 2011 Training Slides
Narrative
You will need a copy ACCT7142-Essential Guide to Internal Auditing

of the book as future 2nd Edition
reference material
for this presentation.
Chapter Eight
Setting an Audit Strategy

Narrative Training Aim

This presentation is To present a brief introduction to internal auditing that will
aimed at increasing give you an initial understanding of:
your level of
understanding of the 1.Establishing audit objectives.
following topics.
2.Risk based strategic planning.
3.Consulting with management.

Narrative YOUR CHOICE

Deciding ………………………….. is the starting place for
Complete the internal audit strategies. Directing resources towards
paragraph by accepted objectives sets the frame for success. There is no
selecting the missing one way of defining audit objectives as they result from
words. the changing influences of competing forces.
1.clear objectives
2.Reporting systems
3.resource levels
Narrative YOUR CHOICE ANSWERED

Deciding ………………………….. is the starting place for
The answer is 1 – internal audit strategies. Directing resources towards
clear objectives. accepted objectives sets the frame for success. There is no
Deciding what you one way of defining audit objectives as they result from
want to achieve the changing influences of competing forces.
allows you to work
out a strategy for 1.clear objectives
getting there.
2.Reporting systems
3.resource levels
Narrative
Getting buy-in to the audit objectives
There is little point
setting formal Objectives Repeated in the
Continual process
objectives for the audit embodied annual audit report.
as strategy does
within an audit
function if these are not charter.
not arise as a one-
off event but
properly publicized changes and adjusts
across the organization. Regular
over time, in
response to the
Communication may meetings with environment.
management on
take many forms. The this topic.
next few slides go over
issues concerning the Formal presentations
way objectives may be Some mention to the audit
committee.
set. within major audit
reports.
Narrative
An Exercise
We have described
the need to
communicate the set
decisions, but what
should we consider
when deciding on What considerations should be had when
our objectives?
deciding on audit objectives?
Narrative Audit Objectives - Understood

The objectives
Passing formal documents out to auditors and
should be
understood by all. management is not enough. There is need to
ensure auditors understand and work to agreed
objectives. For audit staff this may involve
internally organized induction training and
skills workshops. We may make a formal
presentation to senior management that might
be used to dispel myths and misunderstanding.
It is essential that members of the audit
committee have a clear understanding.
Narrative Audit Objectives – Type of Services

The types of services
required should be •Reviewing the corporate risk management process.
defined. The scope of
•Visiting business units to assess their arrangements.
internal audit sets a clear
frame within which audit •Review risk reports that are provided to executives
may operate. This will be management.
designed to be widely •Consider whether there are any key risks not included
applicable to most types on the corporate risk register.
of audit activities. The •Take steps to support and encourage the risk
adopted scope of internal
auditing can determine
management awareness and the overall risk
which services fall within management process
the audit role. •Risk based auditing is seen by most by the best way
forward.
Narrative Audit Objectives – Fraud Work

The topic of fraud holds
a special place when The CAE must not only ensure that the audit role in frauds
discussing audit against the organization is documented, but also that audit
objectives. Auditors is in a position to discharge this role. It is better to place a
understand the control caveat by stating that the organization should provide
cycle that dictates that
additional resources for large projects. Management is
fraud is caused by poor
controls. This does not ultimately responsible for investigating frauds but there is
detract from the need to a growing view that anti-fraud work should be put back on
set out our role in the internal auditor’s list of top priorities.
relation to fraud
detection and

investigation.
Narrative Audit Objectives – Geared into the Organization

Any audit objective must
be linked directly into
the organization’s own
So long as we accept that our role is located in risk
objectives (or mission). management and control issues, the final audit product may
The starting place for take different guises in addressing control-related matters.
setting audit’s role is to Risk management must be set within the culture of the
isolate what the organization and its success criteria. Organizations range
organization is trying to between tightly bureaucratic entities through to loosely
achieve and then see
how audit resources can
based project teams. The growth in non-traditional audit
assist this. services may be geared to the way the corporate control
environment has developed.
Narrative
Audit Objectives - Approved
Approved. Any
audit objective must
be approved by the
This in most cases will be the audit
organization. committee where a formally signed
audit charter will be agreed along
with any changes.
Narrative
An Exercise
The modern internal
auditor does not
work in a vacuum.
How can we make
sure our work fits
with what is needed How can we make sure audit work fits into
from us?
what the organization needs from its internal
auditors?
Essentials Companion © KHS Pickett 2011
Narrative Organizational objectives
A cornerstone of audit Governance, risk management & control arrangements

strategy is the corporate Corporate Risk Assessment
assessment of business risk.
This establishes an Required audit products
organization’s control
needs. It involves the
ongoing task of capturing
the key systems that
underpin an organization so
that material control needs
may be isolated and
addressed.
While audit objectives set Governance, risk management & control arrangements
out what we wish to
Corporate Risk Assessment
achieve, control needs
dictate how much work Required audit products
needs doing and the type of Existing
Existing resources
resources most procedures
appropriate. Audit plans
will need to be driven by
the enterprise risk
management process that
is in place and there should
be a clear alignment
between audit risk profiles
and the corporate risk
landscape.
An audit risk survey Governance, risk management & control arrangements

necessitates discussion with
Corporate Risk Assessment
middle management and
involves: Required audit products
•A definition of the audit
Existing resources Existing
unit. procedures
•An assessment of the
PESTL & SWOT Analysis
relative risks inherent in
each unit. Strategic gap
•Research into the type of
problems units attract. Audit strategic plan
•Risk ranking related to
resources subsequently
Implementation Review
assigned via an audit plan.
Governance, risk management & control arrangements

The CAE will want to Corporate Risk Assessment
define an audit
Required audit products
universe which will
comprise all that falls Existing resources Existing
procedures
within the remit of
the internal audit PESTL & SWOT Analysis
coverage which will Strategic gap

then be divided into
audit areas. Audit strategic plan
Implementation Review
Narrative Management Participation

There is a temptation to
become trapped inside
the struggle to preserve Management participation is alluded to in IIA Performance
audit independence, Standard 2010.A1 which states that: The internal audit
wherein contact with the activity’s plan of engagements must be based on a
outside world is avoided. documented risk assessment, undertaken at least annually.
Our plans and strategies
The input of senior management and the board must be
are then based entirely on
audit’s perception of considered in this process.
organizational needs on a
‘we know best’ basis.
Narrative
An Exercise
We cannot ask
management to set
our plans for us but
we should talk to
them – but how
should we carry out Standard 2010 A.1 says we should consult
this task and also
with management when establishing plans –
remain
independent? but how can this best be done?
Narrative
Consulting with Management
The risk based
auditing approach to 1 Discuss the understanding of risk maturity with the
designing audit work board and senior managers.
has been explored by 2 Obtain documents, where they are available, which
the IIA in their 2005 detail the objectives of the organization. How risks are
professional analyzed, for example by scoring their impact and
guidance for internal likelihood.
auditors in terms of 3 Conclude on the risk maturity.
three main stages.
Narrative Practice Advisory 2010 - 1

In developing the internal audit activity’s audit plan, many chief audit
Audit planning is executives (CAEs) find it useful to first develop or update the audit
driven by what is universe. The audit universe is a list of all the possible audits that could
included in the be performed. The CAE may obtain input on the audit universe from
senior management and the board.
audit universe and The audit universe can include components from the organization’s
Practice Advisory strategic plan. By incorporating components of the organization’s
2010-1 provides strategic plan, the audit universe will consider and reflect the overall
business’ objectives. Strategic plans also likely reflect the
some useful organization’s attitude toward risk and the degree of difficulty to
guidance. achieving planned objectives. The audit universe will normally be
influenced by the results of the risk management process. The
organization’s strategic plan considers the environment in which the
organization operates. These same environmental factors would likely
impact the audit universe and assessment of relative risk.
Essentials Companion © KHS Pickett 2011 Objectives : what are we trying to achieve?
Review Strategy : how do we achieve it?

Narrative
Structure : what structures are required ?
The standard human
resource management Job analysis : how should this be done ?
process should be used by
Job descriptions : what should be done ?
the chief audit executive
to resource the agreed Job specifications : what is needed to do it?
strategy and this is dealt
Recruitment/selection : who should be employed ?
with in pages 242 to 245.
Induction
Training and development
Appraisals
Separation Rewards Promotion

Narrative
An Exercise
We have an audit
strategy and we have
the resources in
place to discharge
this strategy. Now
we need to measure How can we measure the performance of the
performance?
internal audit service?
Narrative
An Exercise Answered
There is material on
managing audit’s
performance
including a long list
of performance
targets on pages 245 Have a look at pages 245 onwards.
to 250. Note that
these targets may be
placed into a balance
scorecard.
Organizational Objectives
Narrative
assess risk priorities
Let’s look at the audit planning
process:
Organizational objectives. The
starting place for audit planning
must be in the objectives of the
organization. If these objectives
are based on devolution of
corporate services to business
units, then the audit mission must
also be so derived. Management
must clarify goals and aspirations
before plans can be formulated
and this feedback can be achieved
by active liaison and
communication.
Assess risk priorities. The relative
risks of each audit area must be
identified, with reference to the
corporate risk database.
Narrative
Resource prioritized areas.
Suitable resources for these
areas must be provided. resource prioritised areas
Audit strategic plan. A plan to
reconcile workload with audit strategic plan
existing resources should be
developed. This should take on
board the various constraints
and opportunities that are
influential now and in the
future. The strategic plan takes
us from where we are to where
we wish to be over a defined
time frame, having due regard
for the audit budget.
Narrative
Annual audit plan. A formal
audit plan for the year ahead is
expected by most audit resource prioritised areas
committees.
Quarterly audit plan. A audit strategic plan
quarterly plan can be derived
from the annual plan. Most Annual Audit Plan
organizations experience
constant change making the
quarterly audit plan
quarter a suitable time-slot for
supportive work programs.
Outline objectives statement. outline objectives statement
Audit management can make a
one-line statement of
expectations from an audit
from work done so far in the
planning process.
Narrative
Preliminary survey.
Background research requires
thought on key areas to be resource prioritised areas
covered in an audit. This ranges
from a quick look at previous audit strategic plan
files and a conversation with
an operational manager to Annual Audit Plan
formal processes of many days
of background work involving a
quarterly audit plan
full assessment of local
business risks.
Assignment plan. We can now outline objectives statement
draft an assignment plan with
formal terms of reference, preliminary survey
including budgets, due dates
and an audit program. assignment plan
audit Organizational Objectives corporate risk

Narrative committee landscape
The audit fieldwork.
Progress should be management resource prioritised areas
monitored with all requests assurance
matters in the terms of map
audit strategic plan
reference considered. resource
implications
Annual Audit Plan
business units
The reporting process.
Planning feeds naturally audit budget quarterly audit plan
into reporting so long as
we have made proper outline objectives statement
reference to our plans
preliminary survey
throughout the course of
the audit. Reporting Audit
Process assignment plan Fieldwork
Narrative
Annual Audit Plan
Audit will publish an
annual audit plan formally
approved by the audit Auditors will have around 214 days a year available,
committee. This lists although it is better to form long-term plans on a week-by-
planned audits for the week basis. The annual audit plan will set out which parts
year and includes a of the listed systems will be subject to audit cover over the
reconciliation of audit next 12 months without assigning resources to each audit.
resources to required
audit cover. The annual
plan is important as it
represents the justification
for resourcing the internal
audit service. See page
255.
Narrative
Quarterly Audit Plan
The quarterly audit
plan provides an The quarterly period has much more meaning to both
opportunity to take managers and auditors as a time frame in view of the fast
the planning process pace of business life. Quarterly plans are no longer short-
to greater detail where term matters as it becomes increasingly more difficult to
the various projects predict what factors may influence the organization as new
may be scheduled over developments arise. The annual plan sets a background to
a 13-week period. See the quarterly plan. In today’s fast moving word, three
pages 255 to 256. months is often the most appropriate period within which
to set priorities and assign work.
Narrative
Each organization will
have its interpretation of
good control, good
Internal
governance and the way Control
risk should be managed.
Internal audit will want to Framework
plan its work to fit into
this agenda so as to
maximize the value that it
contributes to the
Risk Internal
business. Management Controls
Corporate
Strategies &
Review
Narrative To Close
Internal audit will
want to maximize its Most internal audit shops have moved on from the risk
impact on the assessment checklists and entered into a dialogue with the
organization through a board about how the audit resource can be used to best
clear strategy. effect, that is utilizing the corporate assessment of risks
along with auditors’ special expertise in risk management,
control models and specific control mechanisms (and
requests for consulting projects), and the way objective
assessments can be used to promote accountability and
help managers deliver.
Narrative Training Aim

We hope you have To present a brief introduction to internal auditing that will
increased your level give you an initial understanding of:
of understanding of
the following topics. 1.Establishing audit objectives.
2.Risk based strategic planning.
3.Consulting with management.

Narrative
You will need a copy Essential Guide to Internal Auditing 2nd Edition
of the book as future
reference material
for this presentation. Chapter Eight
Setting an Audit Strategy

Narrative: You Will Need A Copy of The Book As Future Reference Material For This Presentation

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Narrative: You Will Need A Copy of The Book As Future Reference Material For This Presentation

Uploaded by

Copyright:

Available Formats

Essentials Companion © KHS Pickett 2011 Training Slides

You will need a copy ACCT7142-Essential Guide to Internal Auditing

Setting an Audit Strategy

Narrative Training Aim

3.Consulting with management.

Narrative YOUR CHOICE

Narrative YOUR CHOICE ANSWERED

Narrative Audit Objectives - Understood

Narrative Audit Objectives – Type of Services

Narrative Audit Objectives – Fraud Work

Narrative Audit Objectives – Geared into the Organization

Narrative Organizational objectives

A cornerstone of audit Governance, risk management & control arrangements

Narrative Organizational objectives

Narrative Organizational objectives

An audit risk survey Governance, risk management & control arrangements

Narrative Organizational objectives

Governance, risk management & control arrangements

coverage which will Strategic gap

Narrative Management Participation

Narrative Practice Advisory 2010 - 1

Review Strategy : how do we achieve it?

Training and development

Separation Rewards Promotion

audit Organizational Objectives corporate risk

Narrative Training Aim

2.Risk based strategic planning.

3.Consulting with management.

Setting an Audit Strategy

You might also like