Embed Size (px)
Citation preview
Enhancing and Protecting
Organizational Value
Introducing Sawyers 7th Edition
Objectives
• Introduce Sawyers 7th Edition – Focused on achieving the
mission of internal audit
– Setting Up and Internal Audit Shop
– Delivering IA Products and Services
• Using Sawyers to define value delivered today and
opportunities to grow value tomorrow
Sawyers 7th Edition Goals
• Mission Focused
– Enhancing & Protecting Organizational Value
• Readable by IA and Stakeholders
– Business Perspective of Internal Audit
• Relevant to today’s IA Challenges
– Growing Risk Functions, Collaboration
• Spirit of Knowing Modern Methods
- Staying Current with Leading Ideas
Enhancing and Protecting Organizational Value
Sawyers 7th Edition – Setting Up the IA Shop
Chapter 1: Internal Audit Strategy
Chapter 2: Audit Products/Services
Chapter 3: Audit Operations/Capabilities
Chapter 4: Audit Team/Resourcing Model
Chapter 5: Audit Leaders/Staff
Chapter 6: Building Relationships
Chapter 7: Business Acumen
Chapter 8: Context within which Audit
Works
Examples from CH 1
Three Cornerstones of Internal Audit Strategy• Stakeholder Expectations
• IA Professional Expectations
• CAE Expectations
What is the Value Proposition?
What Drives Value?
Examples from CH 2
Type of Service and Expected Product
Generation 1 – Internal/External Auditor
Generation 2 – Internal Control Process Auditor
Generation 3 – Risk Based Auditor
Generation 4 – Risk Management Based Auditor
Generation 5 – Objective Based Auditor
Examples from CH 3
Connecting People, Processes, Technology with Service/Product- Using Capability Maturity Models
Considering Relationships and Culture
Considering Governance Structures
Examples from CH 4-5
Implied Role of IA = The Type of Services and Products Expected
Service and Product Expectations =
Core Skills & Certifications Required
Specialty Skills & Certifications Required
Skills Required =Internal Audit Structure and Outsourcing Needs
Examples from CH 6-8
Building Relationships“Relationships with stakeholders can either contribute to the success of internal audit functions or break it.”
Business Acumen“In general business acumen means CAEs effectively align their own perspective of value with the
perspective of board and management stakeholders”
Understanding the Context for IA“It is more important than ever for internal audit to partner with SME’s and the second line of defense
functions…and define IA effectiveness”
Sawyers 7th Edition – Setting Up the IA Shop
Chapter 1: Internal Audit Strategy
Chapter 2: Audit Products/Services
Chapter 3: Audit Operations/Capabilities
Chapter 4: Audit Team/Resourcing Model
Chapter 5: Audit Leaders/Staff
Chapter 6: Building Relationships
Chapter 7: Business Acumen
Chapter 8: Context within which Audit
Works
Sawyers 7th Edition – Delivering IA Services
Chapter 9: The Internal Audit Mission and Its Risks
Chapter 10: Risk Assessment and Audit Planning
Chapter 11: Planning the Audit Engagement
Chapter 12: Assessing Internal Control
Chapter 13: Audit Communication (Reporting and Follow-up)
Chapter 14: Assembling and Supervising the Internal Audit Team
Chapter 15: Specialty Skill Areas
Chapter 16: Advisory Services
CH 10 Risk Assessment and Audit Planning - Generations
Risk Assessing – defined by service/product expectation
Generation 1 – Compliance or financial reporting risks audited
Generation 2 – Transaction, efficiency and hazard risks audited
Generation 3 – What could go wrong… risk assessments
Generation 4 – Top-down risk assessments, strategic risk, risk mgmt.
Generation 5 – Integrated risk assessment, 2nd line, risk mgmt., and audit
CH 11 Planning the Audit Engagement - Generations
Planning Considerations – defined by service/product
Generation 1 – standards, regulations, systems, policies
Generation 2 – add…flowcharting, key performance indicators
Generation 3 – scope implied by risk, further investigate, define
Generation 4 – strategic/operational priorities, risk mgmt. practices, culture
Generation 5 – business objectives at risk, sub objectives, strength of
oversight and operations, 2nd line assessments and actions
CH 12 Internal Control - Generations
Risk and Control Implications – defined by types of
engagement
Generation 1 – Risk – noncompliance with standards and regulations
Control – transactional accuracy, completeness
Generation 2 – Risk – expands to inefficiency and ineffectiveness
Control – expands to process documentation, analytics
Generation 3 – Risk – Mgmt. perspective of what could go wrong
Control – less tangible definitions, stop bad events
Generation 4 – Risk – Risk Mgmt. is a Management job, they structure
Control – Expands to include good mgmt./governance
Generation 5 – Risk – simply the effect of uncertainty on objectives
Control – actions align with mgmt process for oversight,
operations alignment of people, process, and technology
CH 13 - Communication
Value is in the eye of the beholder and what they hear through audit
communications
CH 14-15 Putting the Team Together
• “Internal Auditors must possess the knowledge, skills and other
competencies needed to perform their individual responsibilities” – IIA
Competency Framework
• “Some objectives are narrow …they require a lower level of skill…general
and broad…higher level of skill”
• Specialty Skill – IT, Fraud, Accounting
CH 16 Advisory Services (Consulting)
Consulting/Advisory service activities
• Agreed to with the client
• Intended to add value and improve an organization’s governance, risk
management, and control processes
• Examples include counsel, advice, facilitation, and training.
Conclusion
• Enhancing and Protecting Organizational Value
– Requires the CAE to understand the value their organization is
producing
– Requires the CAE to align their services and products to add to
that value
– The future is one that will include Collaborative IA connecting
with the 1st and 2nd lines of defense around assurance and
management of risk
QUESTIONS
Contributing Professionals
• Hans Beumer (Switzerland)
• Dan Clayton (USA)
• Farah Araj (UAE)
• Michael Levy (USA)
• Jenitha John (S.Africa)
• Jason Mefford (USA)
• Bruce Turner (Australia)
• Andrew Cox (Australia)
• Cris Shreve (USA)
• Angie Chin (USA/Brazil/Europe/Asia)
Contributing Authors Technical Editors
• Paul Sobel (USA)
• Dan Clayton (USA)
• Angie Chin (USA/Brazil/Europe/Asia)
• Cris Shreve (USA)
Advisory Committee
• Larry Rittenberg (USA)
• Mark Salamasick (USA)
• Angie Chin (USA/Brazil/Europe/Asia)
Thank You
The Institute of Internal Auditors
Dan Clayton
Director of Strategy & KM, System Audit Office
LinkedIn: https://www.linkedin.com/in/dan-clayton-cia-
cpa-ckm-52b2227
