Adding Value Through Internal Audit Pres_laimay_en

8/10/2019 Adding Value Through Internal Audit Pres_laimay_en

1/14

22/09/2014 1

www.eciia.euEnhancing governance through internal audit

IAS ConferenceAdding Value through Internal Audit

Internal Auditors:

The Good?

the Bad?

the Ugly?

1

Thats the question!
http://www.eciia.eu/http://www.google.fr/url?url=http://www.123rf.com/stock-photo/clipart_ugly.html&rct=j&frm=1&q=&esrc=s&sa=U&ei=QXq-U9S4Cu-Y1AXqogE&ved=0CCQQ9QEwBw&usg=AFQjCNHs4dY0Ef_0lkA3PmpNf6e0i7iEAghttp://www.eciia.eu/


2/14

22/09/2014 2



RISK

Audit Committee & Board

Senior Management

Management and employees

Risk Management

Financial reporting review

teams

Environmental, Health

and Safety Auditors

Compliance

Quality assurance

Internal auditors

External auditors

Other External assurance

providers

The Stakeholders' relationshipIdentify assurance providers

2
http://www.eciia.eu/http://www.eciia.eu/http://www.eciia.eu/http://www.eciia.eu/


3/14

22/09/2014 3



3

Keys to success for Internal Audit:

Multi-dimension approach

Stakeholder expectations alignment

Governance effectiveness

Assurance provider maturity

Assurance map: concept of the 3 lines of defence

CAE engagement

The Stakeholders' relationshipGood practices


4/14

22/09/2014 4www.eciia.euEnhancing governance through internal audit

Interaction and cooperationwith External Audit

Why cooperate?

Help Board to obtain more comprehensive view of operations and risks

Avoid duplication of audit

Coordination of activities and recommendations, coordinated benefit formanagement

If external audit, to build on internal audit regulated by ISA 610

Scope of risk examination

External audit gathersrisk information limitedto financial reporting

risks Internal audit looks at

strategic, business andcompliance risks

4
http://www.eciia.eu/http://www.eciia.eu/


5/14



Business partner relationship

Instil the concept of customer service throughout theaudit process : act as if you had competition and your

audit customer had a choice of provider

Do not plan in silos, include all relevant parties, asappropriate in the initiating and planning phases of

internal audit engagements

Run each engagement as a project

5


6/14



Do

Identify all stakeholders

Ask for feedback from the differentstakeholders

Listen to stakeholders' expectations

Organize regular meetings withstakeholders

Understand the business

Make forward-looking recommendations

Focus on results and not on tasks

Invest in personal development

Have fun on assignments Keep the discussion and dialogues open

Work in silos

Duplicate the work of others and vice-versa

Only mention bad things

Work with no goal

Reject changes

Follow one stakeholder rather thanothers in conflicts

Forget about ethics

Be too technical

Escape the trust of others Be paralyzed by the fear of failure

Do not Do !

6


7/14


Five imperatives to address challengesand opportunities in the year ahead

Assess/address emerging stakeholder expectation gaps onfocus and capabilities

Develop and implement knowledge and talent acquisitionstrategies

Develop/enhance continuous methodologies for assessingrisks

Assume a leadership role in coordinating / aligning the 2ndand 3rdlines of defence

Seek out innovative solutions to enhance internal auditefficiency

7


8/14



Making the most of the Internal Audit Function:Recommendations for Directors and BoardCommittees

Evaluating the need for establishing an internal audit function when such

function does not exist

Assessing and approving the internal audit charter

Ensuring effective communication lines between the Chief Audit Executive

and the Board

Evaluating the internal audit plan

Assessing the staffing of the internal audit function

Gaining assurance regarding the quality of the internal audit functions work

Overseeing the relationship between the internal audit function and the

organization's centralized risk monitoring function

Coordinating the internal audit function with the work of external audit

Assessing internal audit reporting

Monitoring management follow-up of internal audit recommendations.

8


9/14


10/14


European Confederation of Institutes

of Internal Auditing (ECIIA)

The ECIIA represents the beacon of the Internal Auditprofession in the wider geographic area of Europe and the

Mediterranean basin:

35 countries

40.000 members

Primary objective of furthering the development of corporate

governance and internal audit through knowledge sharing,

key relationships and regulatory environment oversight

Our mission is to promote the Internal Audit

profession at the European Level

10


11/14


ECIIA publications

Guidance on the 8thEU Company Law Directive Article 41(with FERMA) Parts 1 & 2

Reinforcing audit committee oversight over global assurance andinternal audit

Corporate Governance Codes on Internal Audit

Making the most of the internal audit function (with Ecoda)

The role of internal audit under Solvency II

Improving cooperation between external and internal audit

11


12/14



ECIIA promotes the 3 LOD

12

The Three Lines of Defence Model for risk assurance mapping


13/14



Internal Audit PositioningApplication of the 3 Lines of Defence model

To ensure clarity of roles and responsibilities in organizationalgovernance, the 3 lines of Defencemodel defines three levels ofcontrol:

1STL

INE

Operational

management

has ownership, responsibility and accountability for

assessing, controlling and mitigating risks

2NDL

INE Internal governance

functions

(Group support and

control functions)

monitors and facilitates the implementation of

effective risk management practices by the 1st line

and assists risk owners in reporting adequate risk-

related information throughout the organization

3RDL

IN

E

Internal Audit

provides assurance to the Group governing body and

senior management on the organizationseffectiveness in assessing and managing its risks and

related internal control systems, including the manner

in which the 1st and 2nd lines operate

| 13 13


14/14


Internal Audit Positioning

The Three Lines of Defence model has helped articulateinternal auditsrole / value

Encroachment between 2nd and 3rd lines of defence is

occurring

Audit / oversight fatigue presents challenges andopportunities

Internal audit can be a leader in coordinating key players

14

Documents

Adding Value Through Internal Audit Pres_laimay_en