european commission ias conference 2011 internal audit strategies and successful practices brussels,...
Post on 27-Mar-2015
215 Views
Preview:
TRANSCRIPT
European Commission IAS Conference 2011
Internal Audit Strategiesand Successful Practices
Brussels, 3 October 2011
Carman L. LapointeUnder-Secretary-General for Internal Oversight, United Nations
Outline
• Your United Nations at work• Office of Internal Oversight Services• Six Strategies for internal audit success• OIOS Vision
Your United Nations at work
Your United Nations at Work
• Unique platform for international action and global engagement.
• Universal membership and inclusive decision-making of 193 member states.
• Unequalled reach.
• Provides critical services essential to peace, security, stability & prosperity.
United Nations Peacekeepers at work in Liberia (L) Ivory Coast (R)
• 99.6K uniformed; 19.5K civilians (14K local); 2.4K volunteers• 2,914 Fatalities since 1948 in 65 operations• Budget 2011 $7.8 Billion
WFP school feeding program inEast Timor
WFP food assistance 2010: 109 million people in 75 countries,Including Haiti (post-earthquake); Pakistan (post-flooding)
UN landmine assistance Kosovo
• 110 Million Landmines in 68 countries, and as many stockpiled
• 2,000 fatalities or serious injuries every month
• For every mine cleared, 20 are laid
• Used for terrorism and denying access to land, water, roads, utilities
UNHCR Refugee
Camp
Line-ups for
UNHCR services
UN Election observers Côte d’Ivoire (L); Global youth sensitizing UN Security Council (R)
UN Development Programs
Health care facility in MongoliaSG: Microfinance program for
women in Bahrain
Emergency Operations in Haiti
Cholera Vaccination for displaced families
UNICEF/Danish Red Cross temporary school
UNICEF supported schools for Afghan girls
United Nations Office of Internal Oversight
Office of Internal Oversight
175 Posts (NY, Vienna, Nairobi,Peacekeeping
Missions)
100 Posts (NY, Geneva, Nairobi, Peacekeeping
Missions)
30 Posts in NY
Executive Office
Front Office
OIOS 0.0033% of regular Budgets, excluding XB
OIOS Vision and Mission
Vision:A strong and accountable United Nationsfortified by world-class internal oversight.
Mission:Delivering objective oversight results
that make a difference.
Tagline: Keep the Promise!
Six Strategies forInternal AuditEffectiveness
IIARF 2010 CBOK: Are we prepared for what’s next?
Top 5 IA activities 2010
1. Operational Auditing (89%)2. Regulatory Compliance (75%)3. Financial Risks (72%)4. Fraud and Irregularities (71%)5. Control Frameworks (69%)
Top 5 in next five years1. Corporate Governance (23%)2. ERM Process (20%)3. Strategy vs Performance (20%)4. Ethics Reviews (19%)5. Social/Sustainability (19%)
More use expected of technology (CAATs, data mining, continuous auditing, electronic
workpapers) and risk-based audit planning
Strategy 1: Plan for comprehensive, complementary coverage
• Balance between vertical and horizontal audits confirms, informs risk assessments– Process audits help identify units, programs at risk– Unit audits help identify riskier processes
• Coordinate with other oversight functions to minimize duplication (e.g. external audit, JIU, ethics office, investigations, evaluation)
Strategy 2: Plan based on high residual
risks
• Inherent risk-based audits should be the exception, where periodic assurance is critical
• Leverage the output of Enterprise Risk Management and other monitoring processes to supplement internal audit risk assessments
• Reduce planning information requests by using organizational level documentation & validate
Strategy 3: Reduce, reuse, recycle
• Manage “scope creep”: don’t squander scarce resources—ours or our clients’!
• Park important issues for audit planning
• Examine significant results immediately to determine whether problems are isolated or systemic: e.g. Haiti (cholera), DRC (air safety)
• Leverage key projects that will “feed”, supplement other audits (e.g. control environment, IT security)
• Review completed audit results from an alternate perspective to produce systemic theme studies to compel mgmt responses
Strategy 4: Self Assess IA Capacity
•Use the IIARF Internal Audit Capability Model to assess your capacity and maturity (IA and organization)•Commit to a climbing plan •Benchmark (GAIN and others), measure and share your progress regularly with staff, colleagues, Board, Management, stakeholders
Strategy 5: Consistently apply IA processes with discipline
•Conclude against both operational and control objectives for each engagement•Use technology to track audit results by risk category and objectives to facilitate roll-ups and analyses•Target should be overall, organization-level opinions•Requires diligent follow-up, targeted variable frequency by criticality of deficiencies, quality of results•Remember: significant residual risks at the engagement level not necessarily significant organization-level risks
IA Capability Model Levels
LEVEL 5Optimizing
LEVEL 4Managed
LEVEL 3 Integrated
LEVEL 2 Infrastructure
LEVEL 1 Initial
No repeatable capabilities –dependent upon individual efforts
Sustainable IA practices
IA mgmt & professional practices uniform
IA learning from inside and outside the organization for continuous improvement
IA integrates information to improve governance/risk mgmt
IA-CM
www.theiia.org/research
Internal Audit Capability Model Matrix
Services and Role of IA
People Management
Professional Practices
Performance Management
Relationships organization
Governance Structures
Level 5 –Optimizing IA Recognized as Key
Agent of Change
Leadership Involvement with Professional Bodies
Workforce Projection
Continuous Improvement in
Professional Practices
Strategic IA Planning
Public Reporting of IA Effectiveness
Effective and Ongoing
Relationships
Independence, Power, and
Authority of the IA Activity
Level 4 –
ManagedOverall Assurance on
Governance, Risk Management, and
Control
IA Contributes to
Management Development
IA Activity Supports Professional Bodies
Workforce Planning
Audit Strategy Leverages
Organization’s Management of Risk
Integration of Qualitative and
Quantitative Performance
Measures
CAE Advises and Influences Top-level
Management
Independent Oversight of the IA
Activity
CAE Reports to Top-level Authority
Level 3 – Integrated Advisory Services
Performance/Value-for-Money Audits
Team Building and Competency
Professionally Qualified Staff
Workforce Coordination
Quality Management Framework
Risk-based Audit Plans
Performance Measures
Cost Information
IA Management Reports
Coordination with Other Review
Groups
Integral Component of Management
Team
Management Oversight of the IA
Activity
Funding Mechanisms
Level 2 – Infra-structure
Compliance Auditing
Individual Professional Development
Skilled People Identified and Recruited
Professional Practices and Processes
Framework
Audit Plan Based on Management/
Stakeholder Priorities
IA Operating Budget
IA Business Plan
Managing within the IA Activity
Full Access to the Organization’s
Information, Assets, and People
Reporting Relationship Established
Level 1 –
Initial
Ad hoc and unstructured; isolated single audits or reviews of documents and transactions for accuracy and compliance; outputs dependent upon the skills of specific individuals holding the position; no specific professional practices established other than those provided by professional associations; funding approved by management, as needed; absence of infrastructure; auditors likely part of a larger organizational unit; no established capabilities; therefore, no specific key process areas
Strategy 6: Compelling,“consumable” reports
• Short, concise, compelling results with target audience in mind
• Include a rated, overall opinion to communicate significance of results, and follow up accordingly
• Eliminate irritating language• Lead by example, (if the shoe fits…)
THANK YOU
top related