internal auditing for credit unions nuala comerford, chair iia irish region committee pamela...
TRANSCRIPT
Internal auditing for credit unions
Nuala Comerford, Chair IIA Irish Region Committee
Pamela McDonald Council Member IIA
Credit Union Summer School
Thursday, 23rd May, 2013
Presentation
• The role of internal audit
• How the institute supports the internal audit profession
• The Profession and the institute in Ireland
“Internal auditing is an independent, objective
assurance and consulting activity designed to add value
and improve an organisation's operations.
It helps an organisation accomplish its objectives by
bringing a systematic, disciplined approach to evaluate
and improve the effectiveness of risk management,
internal control, and governance processes.”
The Chartered Institute of Internal Auditors
The role of internal audit
Internal audit is the management function responsible for evaluating and improving the effectiveness of risk management, control and governance processes.
It is therefore one of the four cornerstones ofgood corporate governance:
A cornerstone of good governance
Control Environment- Key Issues
Corporate Governance
Control Environment
Control Framework
Corporate Governance
Manner by which Organisations are directed & controlled as administered by management
Structures and processes in place to direct, manage & monitor the activities towards achievement of objectives
Principles
– Openness– Transparency– Accountability
Control Environment
Attitudes of Management / Board regarding the significance of control in the Organisation
Management’s philosophy & operating style
Integrity & ethical values
Control environment sets the discipline for the achievement of the primary objectives of the system of internal control
Control Framework
Internal Control Objectives / Why?
Control Activities / How?
Risk Assessment / Best practice form of management
Control Objectives / Why?
Achievement of Objectives
Compliance with statutory requirements
Reliability of financial & other information
Effectiveness & Efficiency of operations
Safeguarding of Assets
8 Key areas of Control Activities How?
Segregation of dutiesOrganisation’s structuresAuthorisation & ApprovalHR policiesManagement controlsArithmetic & AccountingPhysical controlsSupervision
Physical
Types of Controls
Preventive
Detective
Corrective
Anticipatory
Directive
Managing risk
…Is part of good management and good governance
– Risk management is of value to organisations because it increases the chances of achieving objectives.
…is a foundation for control
– risk management is central to good internal control
– A sound system of internal control is defined as one where the risks facing an organisation are managed as all stakeholders expect or want – within its risk appetite.
What does it Mean for the Credit Union?Identify relevant control / Set of actions, Is control sufficient / helps achieve objectivesGuard against negative consequences of riskMust be cost effective
Procedure Manuals are best format for documenting Controls and ensuring compliance
Activities of Internal Audit
• Evaluating controls & advise managers at all levels• Evaluating Risks• Analysing operations and confirm information• Review compliance
A critical friend
An Internal auditor is a “critical friend” to the
organisation, someone who can:
• Challenge the business on risk management and internal controls
• Champion best practice in risk management
• Act as a Catalyst for change and improvement in risk management
The Internal Auditor should be well positioned in the organisation in order to influence management and effect change
Options for Internal Audit Services
• In house• Shared Service• Outsourced• Co-outsourced• Collaboration
Internal auditors are distinct from external auditors:
• They occupy a unique position of independence and objectivity• Their remit goes beyond evaluation of financial controls• They have in-depth knowledge of the organisation as a whole
The core activities of an internal auditor are:
• Evaluating key risks arising from the current and future activities• Evaluating specific controls and advising managers at all levels on their
effectiveness• Reviewing compliance with laws, rules, policies, Codes of Practice,
Guidelines• Reporting findings to all levels of management but crucially the Board, usually via
the Audit Committee
External audit and internal audit?
Other assurance providers
Measuring and
Monitoring
Control Framework Operation
Control Framework Design
Risk Strategy and Policy Setting
Board/Risk Committee
Risk Control Functions*
Customer Facing Departments/ Treasury Front Office
Risk Control Functions*
ASSURANCE
Three lines of defence
Value for the audit committee
Confidence in risk management processes
Confidence in management’s assurances
Regulatory compliance enabled
Value for management
Confirmation of effective operation of controls
Confidence in own management of risk
Challenge & support for better management of risks
Confidence for regulatory reporting
Enabling safe risk-taking – opportunity management
About the Institute
• Established 1948. Professional body for internal auditors across all sectors in the UK and Ireland
• Affiliated to Global IIA, 180,000 members in 190 countries. Part of the European Confederation
of Institutes of Internal Audit (ECIIA), which represents 40,000 members in 33 countries
• 8,000 members in the UK/ Ireland, including 700 Heads of Internal Audit. 9 Regional Groups, including Scotland, Wales, Ireland
• 70 % representation in the FTSE 100.
• Two qualifications: Diploma and Advanced Diploma Qualifications, leading to Chartered status (accredited by the Open University)
• Offers extensive programme of training courses and support services, including on-line learning tools, technical guidance • All members globally work to the International Standards and are bound by a Code of Ethics.
Definition
A standard for the profession
Code of Ethics
Behaviours for individuals
International Standards
Standards for what to do: setting up a function; completing audit work; reporting lines
International Professional Practices Framework (IPPF)
Working to improve the management of risk and develop the profession
• The Institute contributes to the debates on governance and the management of risk, through relationships with key government departments and regulators and collaboration with other professional bodies
• International Standards form the basis of the Irish Government and UK Government’s standards
for public sector internal audit.
• Invited by the UK financial regulator to create sector specific guidance on internal audit (due for publication in 2013)
The regulator’s expectations : Robust guidance, agreed by the industry, which provide principles that firms can assert they comply with; and supervisors can measure and monitor IA effectiveness.
The internal audit professionin Ireland
The institute has 764 members in Ireland – over 300 in the financial services sector
Over 200 of our members hold the Institute's qualifications, including over 120 Chartered Internal Auditors (35 of whom work in the financial services sector) The Institute’s Irish region network embraces members in the North and South and runs a number of events each year. An annual conference takes place in the Spring.
Regional Chair’s contact details:
Nuala Comerford
Tel : +353 1 414 9210 Email : [email protected]
www.iia.org.uk
Questions ?