Professional Documents
Culture Documents
Narrative
1.clear objectives
2.Reporting systems
3.resource levels
Essentials Companion © KHS Pickett 2011 Training Slides
3.resource levels
Essentials Companion © KHS Pickett 2011 Training Slides
Narrative
Getting buy-in to the audit objectives
There is little point
setting formal Objectives Repeated in the
Continual process
objectives for the audit embodied annual audit report.
as strategy does
within an audit
function if these are not charter.
not arise as a one-
off event but
properly publicized changes and adjusts
across the organization. Regular
over time, in
response to the
Communication may meetings with environment.
management on
take many forms. The this topic.
next few slides go over
issues concerning the Formal presentations
way objectives may be Some mention to the audit
committee.
set. within major audit
reports.
Essentials Companion © KHS Pickett 2011 Training Slides
Narrative
An Exercise
We have described
the need to
communicate the set
decisions, but what
should we consider
when deciding on What considerations should be had when
our objectives?
deciding on audit objectives?
Essentials Companion © KHS Pickett 2011 Training Slides
Narrative
Audit Objectives - Approved
Approved. Any
audit objective must
be approved by the
This in most cases will be the audit
organization. committee where a formally signed
audit charter will be agreed along
with any changes.
Essentials Companion © KHS Pickett 2011 Training Slides
Narrative
An Exercise
The modern internal
auditor does not
work in a vacuum.
How can we make
sure our work fits
with what is needed How can we make sure audit work fits into
from us?
what the organization needs from its internal
auditors?
Essentials Companion © KHS Pickett 2011
organization’s control
needs. It involves the
ongoing task of capturing
the key systems that
underpin an organization so
that material control needs
may be isolated and
addressed.
Essentials Companion © KHS Pickett 2011
While audit objectives set Governance, risk management & control arrangements
out what we wish to
Corporate Risk Assessment
achieve, control needs
dictate how much work Required audit products
needs doing and the type of Existing
Existing resources
resources most procedures
appropriate. Audit plans
will need to be driven by
the enterprise risk
management process that
is in place and there should
be a clear alignment
between audit risk profiles
and the corporate risk
landscape.
Essentials Companion © KHS Pickett 2011
Implementation Review
Essentials Companion © KHS Pickett 2011 Training Slides
Narrative
An Exercise
We cannot ask
management to set
our plans for us but
we should talk to
them – but how
should we carry out Standard 2010 A.1 says we should consult
this task and also
with management when establishing plans –
remain
independent? but how can this best be done?
Essentials Companion © KHS Pickett 2011 Training Slides
Narrative
Consulting with Management
The risk based
auditing approach to 1 Discuss the understanding of risk maturity with the
designing audit work board and senior managers.
has been explored by 2 Obtain documents, where they are available, which
the IIA in their 2005 detail the objectives of the organization. How risks are
professional analyzed, for example by scoring their impact and
guidance for internal likelihood.
auditors in terms of 3 Conclude on the risk maturity.
three main stages.
Essentials Companion © KHS Pickett 2011
Appraisals
Narrative
An Exercise
We have an audit
strategy and we have
the resources in
place to discharge
this strategy. Now
we need to measure How can we measure the performance of the
performance?
internal audit service?
Essentials Companion © KHS Pickett 2011 Training Slides
Narrative
An Exercise Answered
There is material on
managing audit’s
performance
including a long list
of performance
targets on pages 245 Have a look at pages 245 onwards.
to 250. Note that
these targets may be
placed into a balance
scorecard.
Essentials Companion © KHS Pickett 2011
Organizational Objectives
Narrative
assess risk priorities
Let’s look at the audit planning
process:
Organizational objectives. The
starting place for audit planning
must be in the objectives of the
organization. If these objectives
are based on devolution of
corporate services to business
units, then the audit mission must
also be so derived. Management
must clarify goals and aspirations
before plans can be formulated
and this feedback can be achieved
by active liaison and
communication.
Assess risk priorities. The relative
risks of each audit area must be
identified, with reference to the
corporate risk database.
Essentials Companion © KHS Pickett 2011
Organizational Objectives
Narrative
assess risk priorities
Resource prioritized areas.
Suitable resources for these
areas must be provided. resource prioritised areas
Audit strategic plan. A plan to
reconcile workload with audit strategic plan
existing resources should be
developed. This should take on
board the various constraints
and opportunities that are
influential now and in the
future. The strategic plan takes
us from where we are to where
we wish to be over a defined
time frame, having due regard
for the audit budget.
Essentials Companion © KHS Pickett 2011
Organizational Objectives
Narrative
assess risk priorities
Annual audit plan. A formal
audit plan for the year ahead is
expected by most audit resource prioritised areas
committees.
Quarterly audit plan. A audit strategic plan
quarterly plan can be derived
from the annual plan. Most Annual Audit Plan
organizations experience
constant change making the
quarterly audit plan
quarter a suitable time-slot for
supportive work programs.
Outline objectives statement. outline objectives statement
Audit management can make a
one-line statement of
expectations from an audit
from work done so far in the
planning process.
Essentials Companion © KHS Pickett 2011
Organizational Objectives
Narrative
assess risk priorities
Preliminary survey.
Background research requires
thought on key areas to be resource prioritised areas
covered in an audit. This ranges
from a quick look at previous audit strategic plan
files and a conversation with
an operational manager to Annual Audit Plan
formal processes of many days
of background work involving a
quarterly audit plan
full assessment of local
business risks.
Assignment plan. We can now outline objectives statement
draft an assignment plan with
formal terms of reference, preliminary survey
including budgets, due dates
and an audit program. assignment plan
Essentials Companion © KHS Pickett 2011
Narrative
Annual Audit Plan
Audit will publish an
annual audit plan formally
approved by the audit Auditors will have around 214 days a year available,
committee. This lists although it is better to form long-term plans on a week-by-
planned audits for the week basis. The annual audit plan will set out which parts
year and includes a of the listed systems will be subject to audit cover over the
reconciliation of audit next 12 months without assigning resources to each audit.
resources to required
audit cover. The annual
plan is important as it
represents the justification
for resourcing the internal
audit service. See page
255.
Essentials Companion © KHS Pickett 2011
Narrative
Quarterly Audit Plan
The quarterly audit
plan provides an The quarterly period has much more meaning to both
opportunity to take managers and auditors as a time frame in view of the fast
the planning process pace of business life. Quarterly plans are no longer short-
to greater detail where term matters as it becomes increasingly more difficult to
the various projects predict what factors may influence the organization as new
may be scheduled over developments arise. The annual plan sets a background to
a 13-week period. See the quarterly plan. In today’s fast moving word, three
pages 255 to 256. months is often the most appropriate period within which
to set priorities and assign work.
Essentials Companion © KHS Pickett 2011
Narrative
Each organization will
have its interpretation of
good control, good
Internal
governance and the way Control
risk should be managed.
Internal audit will want to Framework
plan its work to fit into
this agenda so as to
maximize the value that it
contributes to the
Risk Internal
business. Management Controls
Corporate
Strategies &
Review
Essentials Companion © KHS Pickett 2011 Training Slides
Narrative To Close
Internal audit will
want to maximize its Most internal audit shops have moved on from the risk
impact on the assessment checklists and entered into a dialogue with the
organization through a board about how the audit resource can be used to best
clear strategy. effect, that is utilizing the corporate assessment of risks
along with auditors’ special expertise in risk management,
control models and specific control mechanisms (and
requests for consulting projects), and the way objective
assessments can be used to promote accountability and
help managers deliver.
Essentials Companion © KHS Pickett 2011 Training Slides
Narrative
You will need a copy Essential Guide to Internal Auditing 2nd Edition
of the book as future
reference material
for this presentation. Chapter Eight