Stakeholder Report

1

Org Name

Date

SAMPLE

The purpose of the Stakeholder Survey is to identify and articulate:

- The expectations of Internal Audit stakeholders,including executive management, the Board/AuditCommittee and the CEO.

- How to align and maintain the alignment of the variousexpectations from key stakeholders.

- Opportunities to build and reinforce the relationshipbetween the Board/Audit Committee and Internal Audit.

- The Internal Audit practices and activities that are mosthighly valued by Boards/Audit Committees.

- Best practices regarding performance monitoring,communications and reporting of Internal Audit byBoards/Audit Committees.

This report contains the answers provided from the key stakeholders you have identified within your organization.

2

SAMPLE

Table of Contents

Demographics...........................………………………......................................

Effective strategies for a Chief Audit Executive …………………………..........

Scope for Internal Audit.................…………………….....................................

Involvement with the organization’s strategic risks…………………….............

Avenues to increase involvement with strategic risks……………………….....

Work of internal Work of internal audit according to its importance and level of internal audit performance........................................

Internal Audit Function Maturity Level............................................................

Areas where Internal Audit excels or can enhance it's performance..............

This report contains confidential data and is for the exclusive use of your organization. Distribution to other companies is strictly prohibited. By accepting this document you are consenting to be bound by an agreement between your organization and the Institute of lntemal Auditors (The IIA). Unauthorized reproduction or distribution of this document, or any portion of it, may result in severe civil or criminal penalties.

Your suggestions for improvement are always welcome and can be submitted via e-mail to ais@theiia.org.

Page 4

Page 5

Page 6

Page 7

Page 8

Page 9,10,11,12

Page 13

Page 14

3

SAMPLE

Position in the Organization Count Percentage

Board Committee Chair (audit, compensation,

governance, etc.)1 5.9%

94.1%

Board Member/Audit Committee Member (or equivalent

role) – employee of the organization4 23.5%

76.5%

Board Member/Audit Committee Member (or equivalent

role) – not an employee of the organization6 35.3%

64.7%

Chief Compliance Officer (or equivalent role) 1 5.9% 94.1%

Chief Executive Officer (or equivalent role) 1 5.9% 94.1%

Chief Information Officer (or equivalent role) 1 5.9% 94.1%

Chief Legal Officer (or equivalent role) 1 5.9% 94.1%

Chief Operating Officer (or equivalent role) 1 5.9% 94.1%

Chief Risk Officer (or equivalent role) 1 5.9% 94.1%

Total: 17 100.0%

Q1. Which of the following best describes your position with the organization?

5.9% 23.5%

35.3%5.9% 5.9% 5.9%

5.9% 5.9% 5.9%

Board Committee Chair (audit, compensation, governance, etc.)

Board Member/Audit Committee

Board Member/Audit Committee Member (or equivalent role) – not an employee of the Chief Compliance Officer (or equivalent role) Chief Executive Officer (or equivalent role) Chief Information Officer (or equivalent role)

Chief Legal Officer (or equivalent role) Chief Legal Officer (or equivalent role) Chief Operating Officer (or equivalent role)

4

SAMPLE

Q2. What have you found to be the three most effective strategies for a Chief Audit Executive to employ in order to prioritize and address competing demands in the organization? (Please mark the three that apply.)

8%

23% 23% 23%

31%

46%

Strong relationships withoperational and functional

leaders

Regular presence inappropriate Board or

Board committee meetings

Involvement in enterpriserisk management

Other Report directly to AuditCommittee

Effective reporting structure within the

organization – for example, report into Csuite

Top 3

5

SAMPLE

0%

0%

0%

8%

8%

8%

8%

25%

25%

25%

42%

0% 5% 10% 15% 20% 25% 30% 35% 40% 45%

Identify known and emerging risk areas for management

Provide education on risk and controls

Act as facilitator or change agent for major initiatives

Identify appropriate risk management frameworks, practices and processes

Investigate and prevent fraud

Identify costsaving opportunities

Facilitate and monitor data security

Provide advice on new systems and technologies

Provide guidance on risk management processes

Other

Consult on business process improvements

Q3. Internal Audit’s customary role involves providing objective assurance regarding the adequacy of risk mitigation and controlsystems. In addition to assurance, there are areas in which Internal Audit may be involved. Which of the following areas should,beyond assurance, be in scope for Internal Audit? (Please select all that apply.)

6

SAMPLE

Q4. Should Internal Audit have a more involvement with the organization’s strategic risks? (For example: plans for global expansion, new products, new distribution channels)

Neutral – no opinion, 18%

No, definitely, 18%

Probably not, 35%

Yes, definitely, 24%

Yes, somewhat, 6%

7

SAMPLE

67%

42%

42%

8%

25%

Identify and/or communicate key risks related to strategy to the Board and executive management

Focus more on strategic risks during audit projects

Provide advice about risk and controls for new strategic initiatives

Evaluate execution of strategic initiatives

Other

Q5. Please designate which of the following are avenues for Internal Audit to increase its involvement with strategic risks.(Respondents were allowed to choose multiple responses)

8

SAMPLE

Response Not important Low Importance Moderate Importance High importance No Opinion Total

Demonstrates sufficient knowledge about changes in the

business, the industry and relevant regulatory issuesCount 5 3 5 2 2 17

% By Row 29% 18% 29% 12% 12% 100%

Sufficiently communicates its audit plans Count 2 2 6 4 3 17

% By Row 12% 12% 35% 24% 18% 100%

Addresses areas that are significant to the organization Count 2 2 7 0 6 17

% By Row 12% 12% 41% 0% 35% 100%

Communicates timely identified risks to stakeholders Count 3 3 4 3 4 17

% By Row 18% 18% 24% 18% 24% 100%

Assesses controls mitigating operational risks Count 2 4 5 1 5 17

% By Row 12% 24% 29% 6% 29% 100%

Assesses controls mitigating financial risks Count 2 2 4 5 4 17

% By Row 12% 12% 24% 29% 24% 100%

Assesses controls mitigating compliance risks Count 3 4 2 3 5 17

% By Row 18% 24% 12% 18% 29% 100%

Assesses risk management processes Count 5 3 5 1 3 17

% By Row 29% 18% 29% 6% 18% 100%

Assesses governance structure and effectiveness Count 3 4 4 3 3 17

% By Row 18% 24% 24% 18% 18% 100%

Provides useful recommendations addressing the root

cause of identified issuesCount 4 5 6 0 2 17

% By Row 24% 29% 35% 0% 12% 100%

Demonstrates sufficient knowledge about information

technologyCount 2 3 4 2 6 17

% By Row 12% 18% 24% 12% 35% 100%

Demonstrates sufficient knowledge about fraud and

corruption Count 4 3 6 1 3 17

% By Row 24% 18% 35% 6% 18% 100%

Perception of Internal Audit within the organization Count 2 3 6 5 1 17

% By Row 12% 18% 35% 29% 6% 100%

Total: Count 39 41 64 30 47 221

% By Row 18% 19% 29% 14% 21% 100%

Q6. Please provide a response to each of the following statements regarding the work of internal audit according to its importance and level of internal audit performance: (Importance of Topics)

(Respondents could only choose a single response for each topic)

9

SAMPLE

12%

24%

12%

24%

18%

29%

18%

12%

12%

18%

12%

12%

29%

18%

18%

18%

29%

24%

18%

24%

12%

24%

18%

12%

12%

18%

35%

35%

24%

35%

24%

29%

12%

24%

29%

24%

41%

35%

29%

29%

6%

12%

0%

18%

6%

18%

29%

6%

18%

0%

24%

12%

6%

18%

35%

12%

18%

18%

29%

24%

29%

24%

35%

18%

12%

Perception of Internal Audit within the organization

Demonstrates sufficient knowledge about fraud and corruption

Demonstrates sufficient knowledge about information technology

Provides useful recommendations addressing the root cause of identified issues

Assesses governance structure and effectiveness

Assesses risk management processes

Assesses controls mitigating compliance risks

Assesses controls mitigating financial risks

Assesses controls mitigating operational risks

Communicates timely identified risks to stakeholders

Addresses areas that are significant to the organization

Sufficiently communicates its audit plans

Demonstrates sufficient knowledge about changes in the business, the industry and relevant regulatory issues

Not important Low Importance Moderate Importance High importance No Opinion

Q6. Please provide a response to each of the following statements regarding the work of internal audit according to its importance and level of internal audit performance: (Importance of Topics)

(Respondents could only choose a single response for each topic)

10

SAMPLE

Response Very Poor Poor Acceptable Good Excellent Total

Demonstrates sufficient knowledge about changes in the

business, the industry and relevant regulatory issuesCount 3 6 1 1 6 17

% By Row 18% 35% 6% 6% 35% 100%

Sufficiently communicates its audit plans Count 3 6 3 4 1 17

% By Row 18% 35% 18% 24% 6% 100%

Addresses areas that are significant to the organization Count 5 3 4 0 5 17

% By Row 29% 18% 24% 0% 29% 100%

Communicates timely identified risks to stakeholders Count 3 4 2 7 1 17

% By Row 18% 24% 12% 41% 6% 100%

Assesses controls mitigating operational risks Count 5 6 2 2 2 17

% By Row 29% 35% 12% 12% 12% 100%

Assesses controls mitigating financial risks Count 3 3 4 4 3 17

% By Row 18% 18% 24% 24% 18% 100%

Assesses controls mitigating compliance risks Count 3 3 5 3 3 17

% By Row 18% 18% 29% 18% 18% 100%

Assesses risk management processes Count 3 5 5 2 2 17

% By Row 18% 29% 29% 12% 12% 100%

Assesses governance structure and effectiveness Count 6 2 1 5 3 17

% By Row 35% 12% 6% 29% 18% 100%

Provides useful recommendations addressing the root

cause of identified issuesCount 7 2 1 5 2 17

% By Row 41% 12% 6% 29% 12% 100%

Demonstrates sufficient knowledge about information

technologyCount 6 4 3 3 1 17

% By Row 35% 24% 18% 18% 6% 100%

Demonstrates sufficient knowledge about fraud and

corruption Count 1 3 4 1 8 17

% By Row 6% 18% 24% 6% 47% 100%

Perception of Internal Audit within the organization Count 3 4 2 4 4 17

% By Row 18% 24% 12% 24% 24% 100%

Total: Count 51 51 37 41 41 221

% By Row 23% 23% 17% 19% 19% 100%

Q7. Please provide a response to each of the following statements regarding the work of internal audit according to its importance and level of internal audit performance: (Performance of Internal Audit)

11

SAMPLE

Q7. Please provide a response to each of the following statements regarding the work of internal audit according to its importance and level of internal audit performance: (Performance of Internal Audit)

18%

6%

35%

41%

35%

18%

18%

18%

29%

18%

29%

18%

18%

24%

18%

24%

12%

12%

29%

18%

18%

35%

24%

18%

35%

35%

12%

24%

18%

6%

6%

29%

29%

24%

12%

12%

24%

18%

6%

24%

6%

18%

29%

29%

12%

18%

24%

12%

41%

0%

24%

6%

6%

18%

35%

12%

18%

18%

29%

24%

29%

24%

35%

18%

12%

Perception of Internal Audit within the organization

Demonstrates sufficient knowledge about fraud and corruption

Demonstrates sufficient knowledge about information technology

Provides useful recommendations addressing the root cause of identified issues

Assesses governance structure and effectiveness

Assesses risk management processes

Assesses controls mitigating compliance risks

Assesses controls mitigating financial risks

Assesses controls mitigating operational risks

Communicates timely identified risks to stakeholders

Addresses areas that are significant to the organization

Sufficiently communicates its audit plans

Demonstrates sufficient knowledge about changes in the business, the industry and relevant regulatory issues

Very Poor Low Importance Acceptable Good Excellent

12

SAMPLE

Q8. Which of the following best describes the maturity of the organization’s internal audit function?

Initial Stage – Dependent on individual efforts; Ad hoc/unstructured; Outputs are dependent largely on individual skills and position.

Building/Infrastructure Stage – Planning and in process of establishing sustainable and repeatable IA practices and procedures.

Performing/Integrated Stage – IA management and professional practices are both applied evenly; Policies, processes, and procedures are defined, documented, and integrated; organizations at this level are in full conformance with the standards.

Leading/Managed Stage – IA continually improves and innovates its activities regarding governance, risk and control; organizations at this level have implemented a continuous Quality Assurance and Improvement program, anticipating not only reacting.

Controlling/Optimized Stage – IA management and activities are considered optimized for the organization; IA’s insight and advice are actively sought out by management and the board related to governance, risk and control topics; they are a 24%

18%

24%

12%

24%

13

SAMPLE

Response 1

Response 2

Response 3

Response 4

Response 5

Response 6

Q9. What are other areas in your organization where Internal Audit excels or can enhance its performance?

14

SAMPLE