managing a global audit function - iia congres/2015... · global audit adding value audit...
TRANSCRIPT
1
2
Managing a
Global Audit function
MOVIE
3
Introduction speaker
4
1. External Audit:
• KPMG 9 years Financial Audit
2. Finance
• Ahold 2 years Vice President Accounting & Reporting
• Burg Industries 6 years Group Controller, CFO
3. Internal Audit:
• Heerema 2 years Manager Internal Audit
• Ahold 1 year Vice President Internal Audit Europe
5 years Senior Vice President Internal Audit
• Heineken 5 years Executive Director Global Audit
30 years experience
Agenda
• Heineken at a glance
• The Global Audit journey
• Do’s and Dont’s
5
Heineken at a glance
6
• Diverse system landscape
• Large investments
• Change programmes
Global Audit adding value
Audit Governance, Risk & Compliance (GRC)
7
CHANGE MANAGER
Lines of defence
8
Internal Control
The journey
Structure, Staffing, Methodology, Rating & Reporting
Local Audit journeyAudit Manual
Audit toolQA reviewAudit academy
Audit ManualPeople flow IIA quality
assessment2011: 45 FTE
2012: 52 FTE
2013: 55 FTE
2014: 65 FTE
2010: 12 FTE
2015: 55 FTE
Internal Control
Risk Management
Business Conduct
Heineken Rules
GRC
AUDIT
Follow up tool
Audit activities
10
Agree upon audit universe and audit activities
Brewery audits
Integrated process audits
Project audits
IT audits
Special Investigations
Financial Reporting audits
Full scope audits
People and Locations
11
Central?
Decentral?
Staffing?
People
12
Global Audit Leadership Team55 fte
50% / 50%
> 20 nationalities
20% IT auditors
• > 40% have businesss experience
• 65% professional auditors
• 50% hired inside, 50% external
• Rotational program from/to the business
Tooling & Follow up
13
Global Audit Tool Control Self Assessment tool &
Issue and Task management tool
+ SAP GRC
+ ACM
+ ...others
Branding the function
14
CommunicationInternal Audit:
• Stakeholder Attitude Yardstick (SAY)
• Real Drives/Management Drives
• Yammer: Global, 2nd and 3rd line
• Cascade Packages: after meetings
• Conferences: Global and Regional
• Training sessions, webinars, conference calls
HEINEKEN organisation
• Audit report, findings, actions, timelines, issue & task owners
• Quarterly summary reports per region, function and total group
• Reporting of good practices
• Alerts
15
Do’s and Dont’s
Do’s
• Define the journey
• Brand the function
• Be clear about role and position
• Understand the business
• Agree upon the level of assurance
• Ask feedback from stakeholders
• Benchmark the function
Dont’s
• Take yourselves to serious
• Use a standard approach
• Use audit language
• Focus on finding or rating: follow up!
• Forget to take your moments of fame
• Get in your comfort zone
• Forget why you are there.
16