Internal audit and control teams must reinvent themselves in order to proceed and accompany the various transformations/transitions: digitalization, CSR; while ensuring the control of the activities by incorporating the Cyber-risks and the use of artificial intelligence. This is what will promote the sustainability of the voting company or your organization.
Let’s add complementary to this new paradigm for audit and internal control teams: energy, dynamism, projects, passion, understanding, caring, listening, quality, and progress.
« REDEFINING INTERNAL AUDIT AS A BUSINESS NECESSITY »
Should the Internal or External Auditorsimply study the organizational, accounting, functional and managerial processes and ensure the quality of the information on which the Directorate-General supports its decisions?
The selection of internal audit assignments is based on an annual interactive audit mission plan, classified according to estimated priorities, approved by the Audit Committee or the executive.
The Internal Auditor, like the External Auditor, provides an analysis and control of the company’s activity. It summarises, through a report including recommendations, with the management and follows the implementation of recommendations.
For this, the main tasks of the traditional internal auditor are: 1. Develop and adapt analytical tools, indicators, within companies 2. Ensure a watch on sensitive sectors or with an interest in the growth of the company 3. Set up reporting, standards, and processes 4. Measuring Risks and performance 5. Analyze the existing 6. Prepare and transmit Audit reports to the Directorate-General
It allows any manager to increase efficiency in risk management and internal control. The role of the internal auditor is to accompany the company in the improvement of its procedures and results.
Let’s not forget that internal auditing, or periodic control, is only a snapshot at a given time.
This synthetic presentation of the periodic control emphasizes that the exact and actual situation is most often piecemeal, even if it is a transversal audit.
In addition, the Internal Audit does not have the same scope depending on the function to which it is attached (Accounting or Finance or Risk-Management or Governance).
We are also confronted, as an internal auditor, with a role of verification and sometimes of advice, subject to properly framing the scope of intervention and the method used.
We are facilitating, as a first step, the work of the external audit (Office of the Auditors), but, secondly, the latter judges (External Audit), at the same time, our efficiency and efficiency towards the entity concerned.
I ask the question: do we need to evolve progressively or practice a disruptive method?
The PwC 2018 State of the Internal Audit Profession Study revealed what most auditors already know: management and boards are demanding more value from internal audit. Lately, audit leaders have written and spoken of the need for auditors to be trusted advisors and to partner with business management. This is a very desirable thing and, of course, some audit teams have already achieved it. The practical question for those audit teams that are not there yet is: What can they be doing differently to help make it happen?
The following are five ways audit teams can communicate and deliver greater value, while ensuring their activities are strategically aligned with the priorities of business leaders
1. Think like a business leader
… 2. Leverage automation to move beyond traditional audit areas
… 3. Embrace and promote collaborative technology
… 4. Be quick and agile
… 5. Provide insights that no one else can deliver
The history of business is littered with once-powerful organisations – and professions – that fell by the wayside when they failed to adapt to changing economic conditions and new technology. Internal audit skills are still in demand and are likely to remain so, but audit leaders must be looking ahead to see both the broader challenges to their businesses and to their own roles if they are to remain relevant, Alistair Smith, internal audit risk and control director at EDF Energy, told delegates at Internal Audit 2018;
“I do not intend to be auditing into old age and I’m not a futurologist, so why do I think we should be thinking about how we audit in ten years’ time?” he asked. His answer was brief: “Because if we don’t adapt to change, we and our organisations could be toast.”
The practice of including ratings in internal audit reports to highlight or summarize results is not something new. I began exploring and lecturing on the pros and cons of ratings more than 10 years ago. But the subject came up recently at a CAE roundtable, reminding me how popular — yet controversial — the practice continues to be.
Almost 40 percent of those in the room use ratings in some form, and the last time I formally surveyed on the practice, more than two-thirds of respondents said they were including ratings in their audit reports.
Ratings are often assigned based on the overall results of the audit, and they can take on adjectival forms, such as « satisfactory, » « needs improvement, » or « unsatisfactory. » More creative approaches include assignment of ratings to individual findings, or using color-coded indicators, such as green, yellow, red. Regardless of the methodology, the objective for assigning ratings is typically the same: It is a powerful way to draw management and the board’s attention to the bottom line of an internal audit. https://iaonline.theiia.org/blogs/chambers/2017/Pages/Ratings-in-Audit-Reports-Lights-or-Lightning-Rods.aspx
Last July, I submitted written comments and suggestions to COSO on the draft of the ERM framework update. In this post, I remind you of those comments and discuss (see Comment) how well they have been addressed in the final edition. (At the time, I discussed them with several people involved in the update, who […]
What is stated in the note below, is it not a way of moving from a simple risk management to a risk intelligence ? And, in correlation, from a simple internal control to a collective intelligence of internal control ?
My best-selling book, World-Class Risk Management, describes how risk management can enable better decision-making, from strategy-setting to execution, and make a significant contribution to the success of any organization. But how do you assess the leader of risk management within your organization? Here are some attributes I consider critical. They tend to overlap but offer […]
Les termes mis en caractères gras sont de mon fait.
Stakeholders increasingly expect boards of directors to do more to oversee the organizations they direct. Some of these expectations are spelled out in laws and regulations—the Sarbanes-Oxley, Dodd Frank, Foreign Corrupt Practices, Anti-money Laundering acts—and stock exchange listing standards, to name just a few. Regulatory-driven board risk oversight expectations, by design, have focused on protecting the public and entity value preservation. The newest board risk oversight expectations, perhaps the most important to date, are being elevated by institutional investors representing billions of current and future pensioners and controlling trillions of dollars of investments. These highly influential investors are calling on CEOs and boards to spend more time and effort directing and overseeing long term value creation. Boards, in turn, are asking CEOs to provide long term value creation strategies, together with their assessment of risks to those objectives. The next logical step is for boards to ask for assurances from internal audit departments and enterprise risk management (ERM) specialists that the risk information they get from management linked to top value creation and value preservation objectives is reliable.
This post analyzes these developments and proposes “objective centric ERM and internal audit” as the best way forward for public companies and their boards. It is based on a paper published in the Spring 2017 Edition of Ethical Boardroom titled Focusing ERMand InternalAudit on What Really Matters: Long-Term Value Creation and Preservation.
Highlights:Institutional investors who control trillions of dollars of investor funds are calling on CEOs to focus on long-term value creation and strategy and boards of directors to oversee that process.
This post focuses on an important question linked to these developments: Are boards receiving reliable information they need to meet investor expectations on their company’s long-term value creation and preservation objectives and, perhaps more importantly, risks that threaten their achievement?
The author believes that current risk management and internal audit methods and processes are ill-equipped to meet these new expectations.
He proposes a new approach—objective centric ERM and internal audit—as the way forward.
Internal Auditor magazine, the world’s leading publication covering the internal audit profession, is launching a scholarship program. We are offering six, US$1,000 scholarships for undergraduate and graduate students who write the most informative and intuitive essays on internal audit subjects. Once the student winners are announced, we will publish the winning essay on InternalAuditor.org.
If you want the internal audit team to address the risks that matter to the success of the organization, they have to know what they are. I addressed this in detail in Auditing that matters. In the section on Being Present, I said: Some internal audit departments live in an ivory tower, part of a […]
Delegates at this year’s Chartered IIA conference were advised to focus more on risk culture throughout their organisation – « the next disaster is incubating now, » said Richard Anderson, immediate past president of the Institute of Risk Management.
Risk appetite, culture and risk culture are separate but vital issues, and businesses need to understand all of these better to deal with today’s challenges, Richard Anderson, director of AndersonRisk and immediate past president of the Institute of Risk Management (IRM), told delegates at this year’s Chartered IIA conference.