Anda di halaman 1dari 72

Governance, Risk Management & Compliance

Our Vision
To be the lead advocate, trainer and practitioner in internal auditing in Africa by providing superior internal audit solutions to the private and public sectors as well as the third sector .

Governance, Risk Management & Compliance

Our Mission
To engage internal audit leaders and their customers; government officials, corporate executives and senior management in a constant dialogue on the position, role and value of the internal audit activity.

Governance, Risk Management & Compliance

Governance, Risk Management & Compliance

Internal Audit 101: Audit Principles and Techniques

Governance, Risk Management & Compliance

Course Overview
Day One
Modern Internal Auditing The Audit Process Risk Management and Risk Assessment Audit Planning

Day Two
Process Documentation Audit Programs Audit Fieldwork Audit Reports Soft Skills

Governance, Risk Management & Compliance

Module One

Modern Internal Auditing

Governance, Risk Management & Compliance

Modern Internal Auditing


Internal Auditing Defined Code of Ethics The Value Proposition of IA The Role of Internal Auditor The IIA Competency Framework Components of the Audit Model

Governance, Risk Management & Compliance

Internal Auditing Defined


independent, objective assurance and consulting activity designed to 1add value and improve an organizations operations. It 2helps an organization accomplish its objectives by bringing a systematic, disciplined approach to 3evaluate and improve the effectiveness of risk management, control, and governance processes
Governance, Risk Management & Compliance

Internal Auditing Defined

The what The why


Governance, Risk Management & Compliance

The how

What are we doing?


1adding value and improving on organisations operations Making things better than when we met it.

Systems | Processes | Procedures


Governance, Risk Management & Compliance

Why are we doing it?


2helping the organization accomplish its objectives How do you determine organisational objectives?

Gain a seat at the table


Governance, Risk Management & Compliance

How are you doing it?


3evaluating and improving the effectiveness of risk management, control, and governance processes The triple magic wand

Governance, Risk Management & Compliance

IIA Definition Logic


Helps the organization accomplish its objectives

Adding value and improving on organisations operations

Evaluating and improving on the effectiveness of GRC processes


Governance, Risk Management & Compliance

Internal Auditing Defined


independent, objective assurance and consulting activity designed to 1add value and improve an organizations operations. It 2helps an organization accomplish its objectives by bringing a systematic, disciplined approach to 3evaluate and improve the effectiveness of risk management, control, and governance processes
Governance, Risk Management & Compliance

Code of Ethics
Principles and Rules
Integrity Objectivity Confidentiality Competency

Governance, Risk Management & Compliance

Code of Ethics Principles


Integrity
The integrity of internal auditors establishes trust and thus provides the basis for reliance on their judgment

Governance, Risk Management & Compliance

Integrity Rules
Shall perform their work with honesty, diligence, and responsibility Shall observe the law and make disclosures expected by the law and the profession Shall not knowingly be a party to any illegal activity, or engage in acts that are discreditable to the profession of internal auditing or to the organization Shall respect and contribute to the legitimate and ethical objectives of the organization

Governance, Risk Management & Compliance

Code of Ethics Principles


Objectivity Internal auditors exhibit the highest level of professional objectivity in gathering, evaluating, and communicating information about the activity or process being examined.

Governance, Risk Management & Compliance

Objectivity Rules
Shall not participate in any activity or relationship that may impair or be presumed to impair their unbiased assessment. Shall not accept anything that may impair or be presumed to impair their professional judgment. Shall disclose all material facts known to them that, if not disclosed, may distort the reporting of activities under review.
Governance, Risk Management & Compliance

Code of Ethics Principles


Confidentiality
Internal auditors respect the value and ownership of information they receive and do not disclose information without appropriate authority unless there is a legal or professional obligation to do so.

Governance, Risk Management & Compliance

Confidentiality Rules
Shall be prudent in the use and protection of information acquired in the course of their duties. Shall not use information for any personal gain or in any manner that would be contrary to the law or detrimental to the legitimate and ethical objectives of the organization.
Governance, Risk Management & Compliance

Code of Ethics Principles


Competency
Internal auditors apply the knowledge, skills, and experience needed in the performance of internal audit services.

Governance, Risk Management & Compliance

Competency Rules
Shall engage only in those services for which they have the necessary knowledge, skills, and experience. Shall perform internal audit services in accordance with the International Standards for the Professional Practice of Internal Auditing. Shall continually improve their proficiency and the effectiveness and quality of their services
Governance, Risk Management & Compliance

Internal Auditing is the cornerstone for sustainable organisational success


The IIA Value Proposition

Governance, Risk Management & Compliance

Role of Internal Auditors



Governance, Risk Management & Compliance

Re- Corporate Governance Re- Risk Management Re- Fraud Re- Corporate Ethics Re- Internal Controls Re- Information Technology Re- Financial Reporting

The IIA Global Internal Audit Competency Framework - 2013

Governance, Risk Management & Compliance

Module Two

The Audit Process

Governance, Risk Management & Compliance

The Audit Process

Governance, Risk Management & Compliance

The Audit Process

Governance, Risk Management & Compliance

The Internal Audit Process

Governance, Risk Management & Compliance

Governance, Risk Management & Compliance

How an audit is conducted

Governance, Risk Management & Compliance

Planning

Governance, Risk Management & Compliance

Distribute Audit Notification Conduct Pre-Audit Meeting Interview Department Personnel Review Policies and Procedures Understand and Document the Business Processes Perform Risk Assessment Prepare a Detailed Audit Program Prepare audit budget (in hours) Select items to be Audited (samples, not 100%)

Fieldwork
Review Supporting Documentation Interview department personnel Perform analyses Identify Exceptions Identify Recommendations for Improvement Prepare Written Audit Comments (i.e., findings) Department Provides Written Response and Corrective Action Plan for findings
Governance, Risk Management & Compliance

Reporting
Issue a draft report Discuss draft report with unit management Issue final report Report is factual, clear, concise, with an appropriate tone

Governance, Risk Management & Compliance

Module Three

Risk Management/Assessment

Governance, Risk Management & Compliance

Governance, Risk Management & Compliance

A few things about Risk


What is Risk?
The effect of uncertainty on an objective Could be positive or negative

Governance, Risk Management & Compliance

A few things about Risk


What is Risk Management?
Coordinated activities to direct and control an organisation with regard to risk

Governance, Risk Management & Compliance

The Risk Management Process

Governance, Risk Management & Compliance

A few things about Risk


What is Risk Management Process?
Systematic application of management policies, procedures and practices to the activities of communicating, consulting, establishing the context, and identifying, analyzing, evaluating, treating, monitoring and reviewing risk.
Governance, Risk Management & Compliance

Components of Risk Assessment Risk Identification Risk Analysis Risk Evaluation

Governance, Risk Management & Compliance

2013 COSO Internal Control


Definition Pillars | Components | Standards Principles

Governance, Risk Management & Compliance

The ORC Relationship


Group Work

Governance, Risk Management & Compliance

Module Four

Audit Planning

Governance, Risk Management & Compliance

Audit Planning
Annual Audit Planning Components of the Audit Project Plan

Governance, Risk Management & Compliance

Annual Audit Planning


Risk Based Audit Planning
Overview

Governance, Risk Management & Compliance

Components of the Audit Project Plan

Audit Objectives Audit Scope Audit Methodology Audit Program Audit Time Budget Audit milestone dates

Governance, Risk Management & Compliance

Audit Objectives
General audit objectives Specific audit objectives

Governance, Risk Management & Compliance

Audit Objectives
Select one functional area in your organisation and formulate a general audit objective and the appropriate specific objectives for that function

Governance, Risk Management & Compliance

Module Five

Audit Programs

Governance, Risk Management & Compliance

Audit Programs
Components of the Audit Program Audit Objectives and Lines of Enquiry

Governance, Risk Management & Compliance

Components of the Audit Program the audit objective(s); the relevant line(s) of inquiry, criteria, and audit questions; the information to be requested from entities how the evidence will be analyzed;
Governance, Risk Management & Compliance

Example of Audit Program


Cash at Bank and on Hand
Cash and bank.doc

Governance, Risk Management & Compliance

Module Six

Process Documentation

Governance, Risk Management & Compliance

Process Documentation
Process Flow charts Tools for Process Mapping System Narratives Interviewing Skills

Governance, Risk Management & Compliance

Process Flow charts


A Flowchart is a diagram that uses graphic symbols to depict the nature and flow of the steps in a process This is very helpful in identifying the risks embedded within the process
Governance, Risk Management & Compliance

Drawing a flow chart


Start with the big picture Observe the current process Record process steps Arrange the sequence of steps Draw the Flowchart

Governance, Risk Management & Compliance

Governance, Risk Management & Compliance

Example Washing of Hands

Governance, Risk Management & Compliance

Module Seven

Audit Fieldwork

Governance, Risk Management & Compliance

Audit Fieldwork
Testing Controls design and operating effectiveness Techniques for gathering audit evidence Working paper preparation

Governance, Risk Management & Compliance

Testing Controls design and operating effectiveness


Group work. Design procurement (G1) and recruitment and selection G2) systems with requisite controls for review by the audit team.

Governance, Risk Management & Compliance

Module Eight

Audit Reporting

Governance, Risk Management & Compliance

Why write internal audit reports? Required by Standards. Inform- (Tell what auditors found) Persuade (Convince management of worth and validity of findings) Get Results (Move management towards change and improvement.)

Governance, Risk Management & Compliance

Audit Reports
From issues to findings The Five Cs Reporting Formats Other Reports

Governance, Risk Management & Compliance

From issues to findings


Findings are issues which are fully developed to add value
Improve the current condition

Governance, Risk Management & Compliance

The 5 Cs
Cause

Criterion

Corrective action

condition

Consequence
Governance, Risk Management & Compliance

In a nutshell
What should be? What is? Why the deviation from the what should be occurred? What happened or could happen because the what is differed from the what should be? What is needed to correct the condition and improve operations?
Governance, Risk Management & Compliance

Soft Skills
Team work Communication Discussion with delegates
Importance of teamwork and communication Improving teamwork and comunication
Governance, Risk Management & Compliance

The End

Thank you for your time

Governance, Risk Management & Compliance