iia annual survey - governance and risk report 2013
DESCRIPTION
IIA Annual Survey - Governance and Risk Report 2013. Tuesday 5 th November 2013. WELCOME TO THE WEBINAR. The audio for this webcast will be broadcast via your PC speakers – you do not need to dial in. - PowerPoint PPT PresentationTRANSCRIPT
IIA Annual Survey -Governance and Risk Report 2013
Tuesday 5th November 2013
WELCOME TO THE WEBINAR
• The audio for this webcast will be broadcast via your PC speakers – you do not need to dial in.
• If you are unable to use your PC speakers please click on the Request icon on the WebEx tool bar to receive teleconference information.
• Please submit your questions in the Q&A window. If viewing in full screen mode, please click the icon in the floating participant panel tray. We will address as many questions as time permits at the end of the presentation.
THOMSON REUTERS GRC
WEBINAR PRESENTERS
Papiya Chatterjee, Senior Policy OfficerPapiya has over 10 years’ experience in research and policy analysis and has worked in a wide range of policy areas in Parliament, the National Audit Office and more recently regulation. She also has a background in both value for money and external audit.
David Lyscom, Policy DirectorDavid has been the IIA Policy Director since August 2012. He had a long career in the Diplomatic Service where he specialised in economic and financial policy issues. He was UK Ambassador to the OECD from 2004 to 2008.
Susannah Hammond, Senior Regulatory Intelligence ExpertSusannah joined the regulatory affairs team at Thomson Reuters from the GE Capital Bank where she was head of compliance. Susannah has more than 20 years’ wide-ranging experience in international and UK financial services. A qualified chartered accountant, more recently Susannah was head of international regulatory risk for the Halifax Group and became head of retail regulatory risk for HBOS plc upon Halifax’s merger with Bank of Scotland.
IIA Annual Survey -Governance and Risk Report 2013
First ever annual policy survey of IIA heads of internal audit (HIA) conducted in July / August 2013.
The purpose - to collect factual data on the profession, including its position in organisations, and the services it provides; and to find out HIAs’ views on risk management issues and the skills and competencies internal audit needs to function effectively.
Of the 642 HIAs sent the survey 307 responded - 48 per cent - broadly representative in terms of sector, location of work and gender.
IIA Annual Survey Results 1
In your view, what is the level of your organisation's risk maturity?
Risk Management
IIA Annual Survey 2
Operational
IT an
d data m
anag
emen
t
Risk m
anag
emen
t effecti
veness
Compliance
and re
gulati
on
Finan
cial re
porting a
nd contro
l
Corporat
e gove
rnan
ce
Change
man
agem
ent
Corruption/fr
aud
Business
strat
egy
Cost red
uction/co
ntainmen
t
Ethics
and cu
lture
Crisis m
anag
emen
t0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
All sectorsFinancial servicesPublic sectorPrivate sector (non FS)
Perc
enta
ge o
f res
pond
ents
Resource prioritiesAreas where respondents spend most of their time according to their audit plans
IIA Annual Survey 3Whistleblowing and Fraud
Conduct confidential investigations, such as fraud
Provide views on the performance of management in relation to controls or the adequacy of corrective actions
Offer concrete proposals on improving internal controls
Provide an annual opinion on the adequacy of the organisation’s system of internal controls
Act as a channel for whistleblowing
Conduct governance reviews
Manage co-sourcing of internal audit functions
Provide input on the evaluation of the external auditor’s performance
Contribute to the induction and/or CPD of board members
Advise the board / committee on reports or information from external parties, such as regulators
Which of the following additional services does internal audit provide your board/board committee? (tick all that apply)
Public sectorPrivate sector (non-FS)Financial services sectorAll sectors
Percentage of respondents
IIA Annual Survey Results 4
Risk Focus of Audit Resources
Areas of risk where internal audit spends most of its time
IIA Annual Survey Results 5Reporting lines.
Functional reporting line (to whom are you ultimately accountable?)
IIA Annual Survey Results 6
Who has ultimate responsibility for approving your
Overseeing internal audit.
IIA Annual Survey Results 7
Executive management responsible
for:
All sectors Financial services
Public sector Private sector (non
FS)
Budget 50% 31% 62% 51%
Remuneration 69% 48% 82% 70%
Appraisal 79% 71% 86% 78%
Audit Committee responsible
for:
All sectors Financial services
Public sector Private sector (non
FS)
Appointment 59% 76% 38% 75%
Audit Charter 77% 86% 68% 76%
Audit Plan 85% 91% 85% 85%
IIA Annual Survey Results 8
How frequently is your internal audit function externally assessed to judge compliance with IIA Standards?
Quality assurance
6%
15%
47%
12%
20%
AnnuallyEvery 2-3 yearsEvery 4-5 yearsOver 5 yearsNever
IIA Annual Survey Results 8
Top areas of expected internal audit budget and staff increases over the next year
Auditing culture
IIA Annual Survey Results 9
Top competencies internal audit needs now and in five years’ time
Internal audit competencies
Thomson Reuters GRC State of Internal Audit 2013
17
2013 survey
• Surveyed more than 1100 internal audit practitioners in February & March 2013
• 76 countries
• IA departments of all sizes from less than 5 to more than 100
181818
Current Focus – top 3 areas
191919
Future Focus – top 3 areas
202020
In your opinion how mature is your organisations risk management function?
11%
19%
20%
41%
9%
We do not have a formal program or resources
In the development stage
Immature
Implemented, but requires additional work and resources
Robust and embedded framework and resources in place
212121
How much reliance do external auditors place on the work of internal audit?
14%
52%
28%
6%
None
Some - in key areas or locations
Extensive - significant reliance placed with additional external audit assurance
Full reliance placed on all internal audit work
22
Key challenges for internal audit in year ahead
23
IA view of challenges for their boards
2013 2012
Corporate strategy 43% 52%
Strategic level risk management 37% 47%
Legal and regulatory risk 31% 38%
Corporate governance 30% 35%
IT security and risk 28% 28%
Monitoring 19% n/a
Global expansion 17% 15%
Capital and liquidity 16% n/a
Assurance on internal control processes 15% 13%
Fraud and corruption 12% 8%Follow up on implementation of remedial action 11% n/a
Process level risk management 8% 10%
Customer outcome 8% n/a
Other 2% n/a
Comparisons
• Risk maturity
• Thomson Reuters: 50% reported that their organisation’s risk management function was non-existent, in development or immature.
• The IIA: 45% of organisations reported that they felt the level of risk maturity within their organisation was at the early stages of implementation, in development or non-existent.
• Skills and competencies
• Both surveys show the wide range of skills that internal auditors need which span both technical and business skills. Thomson Reuters commented that internal auditors may need additional training particularly in qualitative areas such as culture and corporate governance.
Further materials
• IIA Governance and Risk Report 2013http://www.iia.org.uk/policy/governance-and-risk-report-2013/
• State of Internal Audit 2013 http://accelus.thomsonreuters.com/sites/default/files/GRC00311.pd
• Effective Internal Audit in the Financial Services Sectorhttp://www.iia.org.uk/policy/financial-services-initiative/
• Culture, Corporate Governance and the Internal Auditor http://accelus.thomsonreuters.com/sites/default/files/GRC00075.pdf