value-added internal audit: myth or reality?€¦ · value-added internal audit: myth or reality?...
TRANSCRIPT
![Page 1: Value-Added Internal Audit: Myth or Reality?€¦ · Value-Added Internal Audit: Myth or Reality? Prague 4-5 November 2015 Jean-Pierre Garitte, CIA, CCSA, CISA, CFE, RFA Past Chairman](https://reader031.vdocuments.us/reader031/viewer/2022021822/5b1dda377f8b9ac96a8b778b/html5/thumbnails/1.jpg)
Value-Added Internal Audit: Myth or Reality?
Prague
4-5 November 2015
Jean-Pierre Garitte, CIA, CCSA, CISA, CFE, RFA Past Chairman of the Board IIA Past President ECIIA Past President ACIIA
![Page 2: Value-Added Internal Audit: Myth or Reality?€¦ · Value-Added Internal Audit: Myth or Reality? Prague 4-5 November 2015 Jean-Pierre Garitte, CIA, CCSA, CISA, CFE, RFA Past Chairman](https://reader031.vdocuments.us/reader031/viewer/2022021822/5b1dda377f8b9ac96a8b778b/html5/thumbnails/2.jpg)
Definition of internal auditing
Internal auditing is an independent, objective
assurance and consulting activity designed to
add value and improve an organization's
operations. It helps an organization accomplish
its objectives by bringing a systematic,
disciplined approach to evaluate and improve
the effectiveness of risk management, control,
and governance processes.
2 JPG Consulting
![Page 3: Value-Added Internal Audit: Myth or Reality?€¦ · Value-Added Internal Audit: Myth or Reality? Prague 4-5 November 2015 Jean-Pierre Garitte, CIA, CCSA, CISA, CFE, RFA Past Chairman](https://reader031.vdocuments.us/reader031/viewer/2022021822/5b1dda377f8b9ac96a8b778b/html5/thumbnails/3.jpg)
Mission of Internal Auditing
Expand the IPPF to include a mission statement to support the internal
audit profession. The Mission of Internal Auditing as was exposed:
“To enhance and protect organizational
value by providing stakeholders with risk-
based, objective and reliable assurance,
advice and insight.”
![Page 4: Value-Added Internal Audit: Myth or Reality?€¦ · Value-Added Internal Audit: Myth or Reality? Prague 4-5 November 2015 Jean-Pierre Garitte, CIA, CCSA, CISA, CFE, RFA Past Chairman](https://reader031.vdocuments.us/reader031/viewer/2022021822/5b1dda377f8b9ac96a8b778b/html5/thumbnails/4.jpg)
1st Line of Defense 2nd Line of Defense 3rd Line of Defense
In
tern
al A
ud
it
Security
Risk Management
Inspection
Quality
Financial Control Exte
rn
al a
ud
it / N
AO
Reg
ula
tor
Man
ag
em
en
t C
on
tro
ls
In
tern
al C
on
tro
l M
easu
res
Compliance
Three lines of defense model
Board of Directors / Audit Committee
Senior Management
JPG Consulting 4
![Page 5: Value-Added Internal Audit: Myth or Reality?€¦ · Value-Added Internal Audit: Myth or Reality? Prague 4-5 November 2015 Jean-Pierre Garitte, CIA, CCSA, CISA, CFE, RFA Past Chairman](https://reader031.vdocuments.us/reader031/viewer/2022021822/5b1dda377f8b9ac96a8b778b/html5/thumbnails/5.jpg)
JPG Consulting
Value of Internal Audit
The internal audit function should be able to tell : - when the company is being poorly managed,
- where critical risks are not being identified or properly managed,
- when the business objectives are not likely to be met.
5
![Page 6: Value-Added Internal Audit: Myth or Reality?€¦ · Value-Added Internal Audit: Myth or Reality? Prague 4-5 November 2015 Jean-Pierre Garitte, CIA, CCSA, CISA, CFE, RFA Past Chairman](https://reader031.vdocuments.us/reader031/viewer/2022021822/5b1dda377f8b9ac96a8b778b/html5/thumbnails/6.jpg)
JPG Consulting
Value of Internal Audit
In addition, internal audit: • could act as a training ground for future line managers, by exposing fast track members of the department to a variety of situations, activities and functions within the organization; • could provide a “one stop shop” for best practice advice; • could provide an independent, objective opinion as to the quality of the business controls; • could stimulate risk awareness throughout the organization;
6
![Page 7: Value-Added Internal Audit: Myth or Reality?€¦ · Value-Added Internal Audit: Myth or Reality? Prague 4-5 November 2015 Jean-Pierre Garitte, CIA, CCSA, CISA, CFE, RFA Past Chairman](https://reader031.vdocuments.us/reader031/viewer/2022021822/5b1dda377f8b9ac96a8b778b/html5/thumbnails/7.jpg)
JPG Consulting
Value of Internal Audit
In addition, internal audit (continued): • is a source of qualified, experienced talent that can aid management in business improvement programs;
• provides specialist professional independent opinions on a variety of situations, such as due diligence exercises; • reports on fraudulent activity within the organisation, with a view to understanding how it happened and how to prevent it occurring again; • ensures that the company-wide initiatives, such as a code of conduct, are being adhered to; • makes Senior Management and the Board sleep well at night.
7
![Page 8: Value-Added Internal Audit: Myth or Reality?€¦ · Value-Added Internal Audit: Myth or Reality? Prague 4-5 November 2015 Jean-Pierre Garitte, CIA, CCSA, CISA, CFE, RFA Past Chairman](https://reader031.vdocuments.us/reader031/viewer/2022021822/5b1dda377f8b9ac96a8b778b/html5/thumbnails/8.jpg)
Internal audit in practice(1)
• Internal audit does not always provide assurance. • Internal audit does not always provide value-
added consulting services.
• Internal audit does not often evaluate the governance processes.
• Internal audit does not often evaluate the risk management processes.
JPG Consulting 8
![Page 9: Value-Added Internal Audit: Myth or Reality?€¦ · Value-Added Internal Audit: Myth or Reality? Prague 4-5 November 2015 Jean-Pierre Garitte, CIA, CCSA, CISA, CFE, RFA Past Chairman](https://reader031.vdocuments.us/reader031/viewer/2022021822/5b1dda377f8b9ac96a8b778b/html5/thumbnails/9.jpg)
Internal audit in practice (2)
• Internal audit operates as a second line of defense.
• Internal audit acts and is perceived as a compliance function.
• Internal audit inspects branches, stores.
JPG Consulting 9
![Page 10: Value-Added Internal Audit: Myth or Reality?€¦ · Value-Added Internal Audit: Myth or Reality? Prague 4-5 November 2015 Jean-Pierre Garitte, CIA, CCSA, CISA, CFE, RFA Past Chairman](https://reader031.vdocuments.us/reader031/viewer/2022021822/5b1dda377f8b9ac96a8b778b/html5/thumbnails/10.jpg)
1st Line of Defense 2nd Line of Defense
Internal Audit
Security
Risk Management
Inspection
Quality
Financial Control Exte
rn
al a
ud
it / N
AO
Reg
ula
tor
Man
ag
em
en
t C
on
tro
ls
In
tern
al C
on
tro
l M
easu
res
Compliance
Three lines of defense model
Board of Directors / Audit Committee
Senior Management
JPG Consulting 10
![Page 11: Value-Added Internal Audit: Myth or Reality?€¦ · Value-Added Internal Audit: Myth or Reality? Prague 4-5 November 2015 Jean-Pierre Garitte, CIA, CCSA, CISA, CFE, RFA Past Chairman](https://reader031.vdocuments.us/reader031/viewer/2022021822/5b1dda377f8b9ac96a8b778b/html5/thumbnails/11.jpg)
Perception by stakeholders
• No added value.
• No business partner.
• No alignment with company strategy.
• Fear factor: from errors to punishment.
• No managerial talent.
• No meaningful KPIs.
• Not focused on the proper risks.
JPG Consulting 11
![Page 12: Value-Added Internal Audit: Myth or Reality?€¦ · Value-Added Internal Audit: Myth or Reality? Prague 4-5 November 2015 Jean-Pierre Garitte, CIA, CCSA, CISA, CFE, RFA Past Chairman](https://reader031.vdocuments.us/reader031/viewer/2022021822/5b1dda377f8b9ac96a8b778b/html5/thumbnails/12.jpg)
Conditions of audit committees
• No proper monitoring of risk management, internal control and internal audit.
• Not always properly staffed.
• Not well prepared.
• No support when needed.
• No voice at the Board.
JPG Consulting 12
![Page 13: Value-Added Internal Audit: Myth or Reality?€¦ · Value-Added Internal Audit: Myth or Reality? Prague 4-5 November 2015 Jean-Pierre Garitte, CIA, CCSA, CISA, CFE, RFA Past Chairman](https://reader031.vdocuments.us/reader031/viewer/2022021822/5b1dda377f8b9ac96a8b778b/html5/thumbnails/13.jpg)
Conditions of companies
• No risk and control culture.
• No risk ownership.
• No accountability.
• Control is not my business.
• Cost cutting affects control tasks.
JPG Consulting 13
![Page 14: Value-Added Internal Audit: Myth or Reality?€¦ · Value-Added Internal Audit: Myth or Reality? Prague 4-5 November 2015 Jean-Pierre Garitte, CIA, CCSA, CISA, CFE, RFA Past Chairman](https://reader031.vdocuments.us/reader031/viewer/2022021822/5b1dda377f8b9ac96a8b778b/html5/thumbnails/14.jpg)
Core principles for the Professional Practice of
Internal Auditing
1. Demonstrates uncompromised integrity.
2. Displays objectivity in mindset and approach.
3. Demonstrates commitment to competence.
4. Is appropriately positioned within the organization with sufficient
organizational authority.
5. Aligns strategically with the aims and goals of the enterprise.
6. Has adequate resources to effectively address significant risks.
7. Demonstrates quality and continuous improvement.
8. Achieves efficiency and effectiveness in delivery.
9. Communicates effectively.
10. Provides reliable assurance to those charged with governance.
11. Is insightful, proactive, and future-focused.
12. Promotes positive change.
![Page 15: Value-Added Internal Audit: Myth or Reality?€¦ · Value-Added Internal Audit: Myth or Reality? Prague 4-5 November 2015 Jean-Pierre Garitte, CIA, CCSA, CISA, CFE, RFA Past Chairman](https://reader031.vdocuments.us/reader031/viewer/2022021822/5b1dda377f8b9ac96a8b778b/html5/thumbnails/15.jpg)
Value-Added Internal Audit :
Myth or Reality?
15 JPG Consulting
![Page 16: Value-Added Internal Audit: Myth or Reality?€¦ · Value-Added Internal Audit: Myth or Reality? Prague 4-5 November 2015 Jean-Pierre Garitte, CIA, CCSA, CISA, CFE, RFA Past Chairman](https://reader031.vdocuments.us/reader031/viewer/2022021822/5b1dda377f8b9ac96a8b778b/html5/thumbnails/16.jpg)
What to do to change myth into reality?
• At macro-level: the Institute of Internal Auditors (IIA Inc., ECIIA, ČIIA)
• At micro-level: every Chief Audit Executive
JPG Consulting 16
![Page 17: Value-Added Internal Audit: Myth or Reality?€¦ · Value-Added Internal Audit: Myth or Reality? Prague 4-5 November 2015 Jean-Pierre Garitte, CIA, CCSA, CISA, CFE, RFA Past Chairman](https://reader031.vdocuments.us/reader031/viewer/2022021822/5b1dda377f8b9ac96a8b778b/html5/thumbnails/17.jpg)
Efforts by the CAE (1)
• Internal audit should be an agent for change:
– Change the risk and control culture of your organization.
– Coordinate risk management activities.
– Develop an assurance map for your organization.
JPG Consulting 17
![Page 18: Value-Added Internal Audit: Myth or Reality?€¦ · Value-Added Internal Audit: Myth or Reality? Prague 4-5 November 2015 Jean-Pierre Garitte, CIA, CCSA, CISA, CFE, RFA Past Chairman](https://reader031.vdocuments.us/reader031/viewer/2022021822/5b1dda377f8b9ac96a8b778b/html5/thumbnails/18.jpg)
Efforts by the CAE (2)
• Focus on the areas that need to be audited, not what is easy to audit.
• Provide assurance on major risks.
• Audit the second lines of defense and, if OK, rely on the results of their work.
• Do not duplicate second line of defense activities.
JPG Consulting 18
![Page 19: Value-Added Internal Audit: Myth or Reality?€¦ · Value-Added Internal Audit: Myth or Reality? Prague 4-5 November 2015 Jean-Pierre Garitte, CIA, CCSA, CISA, CFE, RFA Past Chairman](https://reader031.vdocuments.us/reader031/viewer/2022021822/5b1dda377f8b9ac96a8b778b/html5/thumbnails/19.jpg)
Efforts by the CAE (3)
• Develop a comprehensive audit universe.
• Assess the risks on a periodical basis.
• Do not adhere to your audit plan in a rigid way.
• Develop metrics that are relevant for your stakeholders.
JPG Consulting 19
![Page 20: Value-Added Internal Audit: Myth or Reality?€¦ · Value-Added Internal Audit: Myth or Reality? Prague 4-5 November 2015 Jean-Pierre Garitte, CIA, CCSA, CISA, CFE, RFA Past Chairman](https://reader031.vdocuments.us/reader031/viewer/2022021822/5b1dda377f8b9ac96a8b778b/html5/thumbnails/20.jpg)
Efforts by the CAE (4)
• Write reports with impact.
• Do not focus on problems, but offer solutions.
• Solutions should not be academic but rather pragmatic.
• Listen to your stakeholders.
JPG Consulting 20
![Page 21: Value-Added Internal Audit: Myth or Reality?€¦ · Value-Added Internal Audit: Myth or Reality? Prague 4-5 November 2015 Jean-Pierre Garitte, CIA, CCSA, CISA, CFE, RFA Past Chairman](https://reader031.vdocuments.us/reader031/viewer/2022021822/5b1dda377f8b9ac96a8b778b/html5/thumbnails/21.jpg)
Value-Added Internal Audit: Myth or Reality?
Prague
4-5 November 2015
Jean-Pierre Garitte, CIA, CCSA, CISA, CFE, RFA Past Chairman of the Board IIA Past President ECIIA Past President ACIIA