leading internal audit practices and emerging risks€¦ · 7. pace of technology change (e.g....
Post on 21-Sep-2020
2 Views
Preview:
TRANSCRIPT
Sean Winekauf
Leading Internal Audit Practices and Emerging Risks
September 14, 2015
© 2015 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Leading Practices
© 2015 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Setting the Stage
© 2015 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Caveats
– Practices of high-impact departments
– Not all are present in the same department
– Not all will fit with your IA department or your company
– There are others out there
© 2015 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Assumptions
– CAE reports to the Audit Committee
– IA is more than compliance- and financial-focused
– Audit plan is risk-based, not simply rotational in nature
– IA “building blocks” are present –respected department, consistent methodology, timely reporting, etc.
© 2015 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Leading Practices – Positioning
© 2015 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Positioning
Internal Audit Strategy– Documented multi-year plan highlighting
key departmental focus areas and initiatives
– Aligned with strategies and initiatives of the company
– IA is proactively treated as a business partner
© 2015 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Positioning
Integrated Assurance / Risk Convergence– Enterprise risk assessment drives IA
resource allocation
– Combined assurance – one consistent view
– IA has role in driving integrated view
© 2015 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Positioning
Knowledge Sharing– IA has unique perspective
– Sharing external insights on industry and emerging risks
– Sharing best practices within the company
© 2015 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Positioning
Other “Positioning” Leading Practices– CAE and direct reports have strong
relationships across senior management
– Others?
© 2015 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Leading Practices – People
© 2015 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
People
PMO within Internal Audit– Dedicated resource(s)
– Facilitate project management, planning, reporting, issue tracking, quality reviews and Internal Audit KPI monitoring
– More common in regulated industries, but gaining traction
© 2015 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
People
IT Audit Complement– IT Audit being led by full-time senior
leader
– IT auditors make up 25-50% of staff coverage
– Integrated auditing is the default
© 2015 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
People
Offshoring– Cost effective resources
– Efficient coverage of routine- and non-routine tasks
– Frees up audit staff for more challenging audits and consulting projects
© 2015 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
People
Use of Subject Matter Professionals– Often deployed when IA reviews First
Line of Defense
– Helps ensure IA remains relevant
– Helps provide desired assurance to Audit Committee and the Board
© 2015 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
People
Other “People” Leading Practices– Guest auditor & rotation programs
– Talent placement – into and out of IA
– Auditor involvement in IA improvement initiatives
– “Centers of Excellence”
– Others?
© 2015 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Leading Practices – Process
© 2015 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Process
Leveraging Technology– Impacting all phases of audit cycle
– Business partnering to define data analytics objectives
– Increased use of GRC platforms
© 2015 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Process
Dynamic / Continuous Risk Assessment– Nimble audit planning
– Enhanced focus on strategic initiatives and issues
– Multi-year projects with interval reporting
© 2015 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Process
Management Control Awareness Ratings– Considered in planning phase of audits
– Reporting contains visibility
– IA contributes to management’s performance assessment
© 2015 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Process
Other “Process” Leading Practices– Organizational ownership of IA findings
– Continuous benchmarking
GAIN, Corporate Executive Board, etc.
– Others?
© 2015 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Leading Practice Recap
© 2015 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
IIA Framework
Mission of Internal Audit
To enhance and protect organizational value by providing risk-based and objective assurance, advice, and insight
Core Principles:
1. Demonstrates integrity
2. Demonstrates competence and due professional care
3. Is objective and free from undue influence (independent)
4. Aligns with the strategies, objectives and risks of the organization
5. Is appropriately positioned and adequately resourced
6. Demonstrates quality and continuous improvement
7. Communicates effectively
8. Provides risk-based assurance
9. Is insightful, proactive, and future focused
10. Promotes organizational improvementSource: Institute of Internal Auditors
© 2015 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Emerging Risks
© 2015 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Emerging Risk
Talent Management –• Generational Gap
• Knowledge Gap / Single Point of Failure
• Talent Retention
Regulations / Compliance• New regulations
• Different interpretations
• Public Opinion
Innovation / Business Model• Millennial buying habits
• Delivery Models
• Organizational Fatigue
Technology• Cybersecurity
• Pace of change
© 2015 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
2015 Global Audit Committee Survey
Top Challenges and Concerns1. Uncertainty and volatility (Economic, Regulatory, Political)2. Government regulation / impact of public policy initiatives3. Legal / regulatory compliance4. Operational risk / control environment5. Talent management and development6. Growth and innovation (or lack of innovation)7. Pace of technology change (e.g. emerging technologies, mobile, social
media, data analytics, cloud computing)8. Possible disruption to the business model9. Cybersecurity – including data privacy and protection of intellectual
property10.Global systemic risk (pandemic, social unrest, geopolitical instability …)
Source: KPMG’s Audit Committee Institute
© 2015 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Conclusion
What should your internal audit department look like?
© 2015 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
The KPMG name, logo and “cutting through complexity” are registered trademarks or trademarks of KPMG International.
Sean Winekauf, DirectorKPMG, ERM / GRCswinekauf@kpmg.com402-672-0126
top related