Example: confidence

Key considerations for your internal audit plan

Insights on governance, risk and compliance May 2013. Key considerations for your internal audit plan Enhancing the risk assessment and addressing emerging risks Contents Risk assessment leading 2. 4. 6. 8. 10. 12. Corporate 14. Fraud and 16. Information 18. Business continuity 19. 20. 21. IT risk 22. Program 24. Software/IT asset 26. Social media risk 28. Segregation of duties/identity and access 30. Data loss prevention and 32. Human 34. Supply chain and 36. iii Insights on governance, risk and compliance | May 2013. The internal audit risk assessment and the ongoing refresh processes are critical to identifying and filtering the activities that internal audit can perform to provide measurable benefit to the organization. While there are often a al number of non-negotiable activities that internal audit functions must Co ci an support (SOX and other regulatory compliance, external auditor assistance), m Fin pli the internal audit department has the opportunity to deliver increased risk an coverage, cost savings and measurable value to the business by identifying and ce performing audits across the company's value chain.

Key considerations for your internal audit plan Enhancing the risk assessment and addressing emerging risks Insights on governance, risk and compliance

Tags:

  Considerations

Information

Domain:

Source:

Link to this page:

Please notify us if you found a problem with this document:

Other abuse

Advertisement

Transcription of Key considerations for your internal audit plan

1 Insights on governance, risk and compliance May 2013. Key considerations for your internal audit plan Enhancing the risk assessment and addressing emerging risks Contents Risk assessment leading 2. 4. 6. 8. 10. 12. Corporate 14. Fraud and 16. Information 18. Business continuity 19. 20. 21. IT risk 22. Program 24. Software/IT asset 26. Social media risk 28. Segregation of duties/identity and access 30. Data loss prevention and 32. Human 34. Supply chain and 36. iii Insights on governance, risk and compliance | May 2013. The internal audit risk assessment and the ongoing refresh processes are critical to identifying and filtering the activities that internal audit can perform to provide measurable benefit to the organization. While there are often a al number of non-negotiable activities that internal audit functions must Co ci an support (SOX and other regulatory compliance, external auditor assistance), m Fin pli the internal audit department has the opportunity to deliver increased risk an coverage, cost savings and measurable value to the business by identifying and ce performing audits across the company's value chain.

2 In our role as the leading Accounting 6 18 Fraud and corruption provider of internal audit services, we have spent considerable time working with our clients and thought leaders to: 10 Tax 12. Finance 8 Sustainability 1. Identify emerging risks and areas that most organizations are currently Supply chain focused on 23 and operations IT risk 24 management 2. Develop practical Social media risk management 27 audit Corporate ideas for these emerging development 16 28 SoD /risks identity and access management 3. Consider the questions that chief audit Information security 20. executives 25 Program management should be asking to further qualify their relevanceCustomer 14. 21 Business continuity Cloud 23 management Human 30. The following pages provide a view of where 26 the processes resources begin by identifying gic Software / IT.

3 Asset management Op these emerging risks and focus areas and their corresponding practical, te Mobile 22. a e r ra 29 Data value-based audits. This document is intended loss prevention to facilitate discussion as your St and privacy ti on organization develops and updates its internal audit activities for the future. s The risk radar below depicts the risk by functional area of the business, ranked Recommended reading across the risk management spectrum financial, compliance, operations and strategic. The number associated with each function indicates the page where you can find more information about the emerging risks related to the function, focus areas for internal audit and examples of related audits that deliver value to the business. al Co ci an m Fin pli an ce Business Pulse: exploring dual perspectives on the top 10 risks and opportunities Accounting 4 16 Fraud and corruption in 2013 and beyond 8 Tax Global report Finance 6 10 Sustainability Supply chain 36 and operations 22 IT risk management Social media risk management 28 Corporate 14 30 SoD/identity and development access management Information security 18 24 Program management Customer 12.

4 Cloud 21 19 Business continuity management Human resources 34. gic 26 Software/IT. asset management Op te Mobile 20. a e r r 32 Data loss prevention St at and privacy on i s Source: Ernst & Young, 2013. Insights on governance, risk and compliance | May 2013 1. Risk assessment leading practices Why is the need for a world-class internal audit risk assessment Components of the more vital than ever? risk assessment Data reviewed There are multiple drivers behind the growing importance of executing a robust and comprehensive risk assessment: internal audit executives continue to be challenged by the audit Committee and 1. Data analytics executive management to look around the corner and answer the question, Have we identified all the big risks? . Stakeholder engagement Changes in the marketplace and external environment: 2.

5 Increased risk due to expanding operations in emerging markets and developing countries Increased regulatory demands Increased focus on cost savings across all functions including internal audit Interview/survey techniques Changes in the role of internal audit within organizations: 3. Effective use of internal audit resources no longer means only maintaining a world-class assurance program that keeps the organization out of trouble. The department must also improve the business through value-based audits and recommendations. Investors are willing to pay for it 82% of institutional investors are more willing to Collaboration pay a premium for effective risk management (source: Ernst & Young survey). audit prioritization Outputs When assessing risk to the organization, internal audit functions typically fall between basic and leading on the maturity curve below.

6 As your department moves toward leading by utilizing the techniques listed here, you increase your ability to look around the corner and identify the right risks. 2 Insights on governance, risk and compliance | May 2013. Degree of confidence Basic Low High Leading internal audit issues Root causes SOX and external audit issues Competitor and peer risks Industry trends Third-party external risk data Analyst reports Analytics run but limited Risk analytics are based on most critical questions business summarization of data and IA need to answer Business and IA leadership struggle Trending and period-to-period comparisons can identify to spot trends in data emerging risks or changes to existing risks Efforts are aligned with other big data initiatives Focus on Finance/Accounting/IT Includes operational and global stakeholders beyond Finance/.

7 Stakeholders Accounting/IT. Heavy emphasis on home office Risk management is embedded in leadership training stakeholders Risk scenario planning workshops Point-in-time engagement primarily Continuous dialogue with stakeholders (monthly, during annual risk assessment quarterly meetings). Business leaders are not trained on Risk committee utilized to review risk assessment changes risk management Inconsistent documentation of interviews Subject matter resources participate in select interviews to Surveys used for SOX 302 certification draw out key risks purposes or not at all Surveys used to confirm risk assessment results with lower-level management not interviewed Stakeholders self-assess risk based on GRC solution containing dynamic risk database internal audit attends interviews with Risk assessment collaboratively developed by internal audit little participation from other risk and other risk management functions management functions SOX.

8 External audit and other risk management functions Risk assessment viewed as internal participate in interviews audit 's risk assessment Risk assessment embedded within strategic planning process Impact and likelihood utilized for Relevance to strategic objectives is utilized to prioritize risks prioritization Audits executed based on value to organization and connection Audits prioritization based heavily on to strategic objectives competencies available in IA department Relatively static internal audit plan Dynamic internal audit plan (3+9). SOX plan External audit plan and IA reliance strategy Legal/ethical compliance training plans Business risk mitigation plans (where appropriate). What increases confidence in the risk assessment process? Diversity in data, stakeholders and participants leads to greater risk insight.

9 Technology, used in the right way, is a game changer. Collaboration and an embedded process lead to a deeper analysis. Insights on governance, risk and compliance | May 2013 3. Accounting The pace of change to accounting standards is unprecedented Financial instruments. The exposure draft on classification and in the US and globally. Multinational organizations need to measurement is expected to be issued in the first quarter of understand how business decisions affect accounting and 2013. Many changes have been made for convergence in these reporting today, as well as the impact anticipated changes to areas, but the two Boards remain relatively far apart on the standards may have. The business needs to develop practical issue of impairment. strategies for managing the impact of accounting changes on IFRS update The SEC is continuing to investigate whether to the organization.

10 There needs to be particular focus in countries incorporate IFRS into the US financial reporting system and, if where regulators are increasingly aligning local regulations with so, when to do so. The indication is that a decision will not be IFRS, such as Brazil and the United Kingdom. It is imperative for made anytime soon. the internal audit department to be aware of potential changes to accounting regulations, such as: As organizations are executing the day-to-day activities to meet the reporting requirements, there are specific areas that they SEC accounting, disclosure and reporting matters The need to focus on to mitigate the associated risks: SEC staff recently discussed year-end financial statement considerations and their areas of focus: revenue recognition Statutory reporting Multinational organizations need to disclosures, valuation of deferred tax assets and observations understand the statutory reporting requirements and the related to the new fair value disclosures.


Related search queries