Slide 1

Valarie King-Bailey, M.B.A.

Best Practices For Audit Management

Executive Webinar Series21st Century Audit Management: Challenges & OpportunitiesIntegrating Enterprise Risk & Audit ManagementAudit Management Best PracticesSummary

Todays Topics2What Is Your Primary Audit Management Challenge?

Audit PlanningManaging and Closing Audit ObservationsTimeOrganizational Support of The Audit ProcessRisk ManagementAll of The AbovePOLLING QUESTION3COMPANY OVERVIEWABOUT XYBION CORPORATION

4

Xybion Corporation Fast FactsFounded in 1977Preclinical Lab Management And Drug Safety SolutionsCorporate Headquarters Bensalem, PAPreclinical R&D SolutionsGRC/ECM SolutionsEnterprise Asset Management Services & SolutionsQuebec City, CanadaGermanyIndiaInnovative Development & Testing COE In IndiaDelivers Quality Testing & Development ServicesInternal Product Development & Support

Proven GRC and Quality PlatformYOUR PARTNER OF CHOICE FOR INTEGRATED GRC

CorporateNew MarketsSatellite LocationsCenter of ExcellenceValue Proposition521st Century Audit Management:Challenges & Opportunities

An Audit Is A Formal Review Of Some Of The Controls, With Full Testing And A Formal ReportAn Audit Can Be Of All Of An Entity (Typical), Or Some Processes In An Entity, Or Even One Or More Processes Across Entities

Auditing: A Practical Definition7Audits Are Process-Oriented

Enterprise Audit ManagementActPlanCheckDoQuality Management System ProcessesTypeAudited ElementsFocusEnvironmentalEmissions (processes)ReportsCompliance with Regs/PermitsQuestionnaire & ResultsHealth & SafetyH&S PoliciesProceduresMeetingsDaily Recurring InspectionsQualityEquipment & ProcessesSOPsGMPFindingsSOPs are the criteria or Questions of whether compliance (implemented)also what is being audited (content)And Questions could be used to test SOP readers of their knowledge

FinancialFinancial CalculationsFinancial Assertions ORInternal Controls (IT, procedures implemented) over financial

Internal controlsTest PlansSelf AssessmentsBusiness UnitCustomer SatisfactionSurveys Roll-upTypes of Audits

Internal AuditingInternal Auditing Is Designed To:Provide The Most Effective And Efficient Deployment Of Internal Audit Resources In A Manner That Addresses:Areas Of Highest Relative RiskCore Business ActivitiesBroad Coverage Across The Spectrum Of Business Operations.

10

Compliance AuditingEvaluate Whether Regulated Industry Is In Compliance With Federal Environmental Laws And RegulationsAdopted Voluntarily To Identify And Correct Compliance Problems Before Inspectors ArriveIndustry Concerns About Accidental Audit Disclosure, Privacy, and Retention11

New View of Auditing: Show How Audits Benefit All StakeholdersFor The Most Part, Firms Still View Audits As By Business, For BusinessAuditing Can Promote Bottom Line 12Integrated Auditing

EvaluationTestingReportingPlanning

Rationale for IntegrationQuality Standards Help Reduce and Control Variation in Processes Resulting in:Product Non-Conformity and WasteInjuries, Deaths and Property DamageEnvironmental Impact and/or contamination

Benefits of IntegrationFocusIntegration of organizations overall goals and objectivesEfficiencyIntegration of Management planning, realization & control processesEffectivenessApplication of proven quality management tools15

Benefits of IntegrationBetter Resource ManagementImprove Resource UtilizationPeople, Equipment, Facilities, Materials, EnergyReduce Time RequiredMinimal Duplication Of EffortsCommonize DocumentationIntegration & Simplification Of Procedures And InstructionsCost Avoidance/SavingsIdentification Of Cost Reduction OpportunitiesEmployee EmpowermentEasier To Understand, Follow And Use

Benefits of IntegrationBetter Risk ManagementReduction, Prevention and Control of:Quality FailuresAccidents, Injuries, Illness, DeathsProperty & Equipment Damage Or LossEnvironmental Incidents And AccidentsPotential Prosecution And FinesDamage To Public ImageLoss Of Employee Morale

Benefits of IntegrationCompetitive EdgeInternational MarketsLevel Playing FieldCustomer & Industry And Governmental StandardsFinancial PerformanceInsurance OpportunitiesDue DiligenceReduced Costs and Improved ProfitabilityDo You Know What Your Organization Is Doing To Comply With Both Mandated Legal And Regulatory Requirements?Are You Confident That Your Compliance Processes And Controls Are Effective?Are You Prepared In The Event Of Non-compliance?

Analyzing Your Compliance Processes & ControlsTraditional Audit Management Process

Conducting the Audit20Conducting the AuditFrom this point it is the internal auditors responsibility to conduct the audit. This involves a number of different steps which are summarised above.

Transform The Internal Audit Department From Its Traditional Roleperforming Checklist Activitiesto One That Focused On Corporate And Business Unit Goals, Strategies And Risk Management Processes. To Achieve This Restructuring, Ask These Fundamental Questions: How Do We Define Internal Control?What Best Practices Should We Incorporate Into Audits Evolving Role?How Can Internal Audit Become An Integral Part Of Risk Management Processes And Maintain Independence?What Should The Departments Strategic Plan Be?How Should The Audit Group Deliver Its Services And Communicate Its Observations?

Transformation To Progressive Audit Management

Audit Management Challenges & OpportunitiesDoing More with Less Creating the Integrated Auditor Adapting to New Organizational Environments "Tuning In" on an Organization's Strategic Relationships Auditing in a Highly Automated Environment TextEffectively Usage of Automation to Audit Addressing Management Concern with the Cost and Other Effects of Fraud Finding New Tools to Meet the Audit Challenge Meeting the Challenges Created by the New Economy Effective Usage of Both Internal and External Resources 22

Traditional vs. Progressive AuditingAudit Focus Transaction-based Financial Account Focus Compliance Objective Policies And Procedures Focus Multiyear Audit Coverage Policy Adherence Budgeted Cost Center Career Auditors Methodology: Focus On Policies, Transactions And Compliance Business FocusProcess BasedCustomer FocusRisk Identification, Process Improvement Objective Risk Management Focus Continual-risk-reassessment Coverage Change Facilitator Accountability For Performance Improvement Results Opportunities For Other Management Positions Methodology: Focus On Goals, Strategies And Risk Management Processes Progressive Best PracticesTraditional23

Achieving Audit ExcellenceAuditor Skills Required to SucceedFirst Class Consulting Skills Marketing Skills Facilitation Skills Reassessing the New Economy Environment and Auditor RolesThe Nature of Change See Clearly Building Risk-based Audit Plans Using Collaborative Risk assessment Recognizing the Relationship of Empowerment and Fraud Potential Reducing Cycle time Developing and Using Audit Metrics as a Way to Achieve Auditor ExcellencePerformance Measurement Productivity tools Defining Audit Scope for Excellence

Integrating Enterprise Risk & Audit Management

A Practical Approach

What Is Risk?Risk May Be Defined As: the threat or possibility that an action or event will adversely or beneficially affect an organisations ability to achieve its objectives

What Is Risk Management?Risk Management May Be Defined As: the systematic application of management policies, practices and procedures to the task of analysing, assessing, treating, monitoring and reporting on risks

AuditFocus

Supports Strategic Plan

Enhanced Communication

Minimizes Risk

ReassuresStakeholders

Continuous Improvement

Effective Use of ResourcesBenefits of Risk Management

The Risk Assessment ProcessGather InformationInterviews With Management And StaffData/Financial AnalysisGroup InterviewsQuestionnairesConsider Contemporary IssuesConsider Core Audit TopicsAssess The Universe29

Organizational Risk Strategies Risks And Controls Belong To Entities within your organizationBut Risks And Controls Might Be Continually Assessed Whether Or Not You Carry Out A Formal AuditAssess Similar Risks And Controls Across Entities30

Risk Scoring FlexibilityDerived From A Risk System, There Is:Scoring FlexibilityCentral/Self Assessment And ComparisonsOverall Group Impact/Local ImpactRisk And Control Costing If RequiredRisk Grouping To Identify Overall Problem Areas31

Audit Committees & Risk Management Best Practices SummaryIn Summary, You Should:Familiarize Itself With Risk ManagementCatalyze Risk ManagementEnsure Appropriate Audit Work Is UndertakenReview Information On Risks And Risk ManagementReview Internal And External Audit ReportsReview Corporate Governance Statements32Audit Management Best Practices

An Integrated Process Approach33

4 Key Elements of Effective Audit Management ProgramIntegrated Performance Information (Financial And Non-financial, Historical, And Prospective); A Sound Approach To Risk Management; Appropriate Control Systems; And A Shared Set Of Ethical Practices And Organizational Values, Beyond Legal Compliance.

Audit Self-AssessmentStrategic LeadershipMotivated People Values And EthicsDevelop And Use A Range Of Integrated Performance Information Risk ManagementStewardship Of The Resources Entrusted To ThemClearly Defined Accountabilities

Best Practice 1: Understanding Your Risk ProfileRisk Profile And Play A Key Role In Identifying Areas For Risk Management.Understanding The Business Operations Can Make The Auditors A Catalyst For Change with A Prominent Position As Key Risk Advisers

Financial Audit Considerations: Peer ReviewAll Auditors Should Consider Adopting SEC Peer Review System To Make Professional Interpretation More UniformYet Even SECs Additional Safeguards Have Been Proven Inadequate To Ensure Transparency And Auditor IndependenceThese Conditions Must Be Met Well Before ISO 14001 Contemplated As A Public Policy Tool37Expand Beyond Traditional Internal Audit Testing Of Control Activities, Such As Policies And Procedures And Approvals And Reconciliations, To Include:Four Additional Components That Derive From The Way Management Runs A Business: Control EnvironmentRisk AssessmentInformation And CommunicationMonitoring.

Best Practice 2: Beyond Traditional ControlsAudits Are Typically Confidential, Yet Goal Of Such Audits Is To Assure Sustained ComplianceConfusion Rendered By This Choice Contrasts Sharply With Openness Of Financial ReportingAuditors Should Consider How Public Reporting Can Be More Explicitly Addressed

Financial Audit Considerations: Improve Transparency39

Best Practice 3: Auditors Need More Than A ListMonitoring Business Activities And Key Performance Indicators ContinuouslyCoordinating With Other Risk Management FunctionsDeveloping The Audit Plan Based On Risk PrioritiesAutomate Audit Management - Getting Involved In Technology Projects.

Best Practice 4: Improve Risk Management ProcessesAuditors Dont Just Audit Control Activities, They Also Monitor A Companys Risk Profile And Play A Key Role In Identifying Areas To Improve Risk Management Processes.

Best Practice 5:Monitor Business Activities And Key Performance Indicators ContinuouslyCompliance Balanced Scorecard ApproachDefine compliance KPIsMonitorMeasureControl Assurance and AuditOperational Review

Actionable Compliance Intelligence

Audit Findings & Observations

Findings Can Be Categorized, Prioritized, And Granularized In Order To Find The Problem Areas.Attachments and evidence can also be included with a findingBest Practice #5: Integrated Security Across Key Processes

Best Practice 6: Coordinate With Other Risk Management Functions Leverage The Work Of Other Departments Where Possible By Reviewing The Scope Of Their Activity And Considering Their Results In Your Approach. Frequency Of Audits On A Business Areas Risk Factors:Previous Poor Audit RatingsSignificant Changes In Personnel. Focus On The Highest Risk Priorities Devote Appropriate Resources To New And Changing AreasTrain Managers To Update Their Own Risk Assessment Systems And MethodologiesImplement Steps To Monitor Quality Control And Segregation Of Duties.

Best Practice 7: Develop The Audit Plan Based On Risk Priorities.

Under an audit program you can create audits, schedule your resources and determine if any conflicts occur

The audit plan or audit preparation form is configurable so you can choose the fields are part of the plan, including attachments & documentsBest Practice #8: Define Comprehensive Audit Forms

Questionnaires or checklists are completely configurable by you, including the answer types and scoring: scores are automatically computedBest Practice #9: Adopt Appropriate Technology - Integrated Compliance Process ControlEven as integrated approaches to compliance management have developed, new technologies have been introduced to facilitate such processes by automating and uniting common governance, risk and compliance activities into one unified platform

Adam Turteltaub GRC 360 Fall, 2005

Best Practice #10:Develop A Strategic Audit PlanProvide For A Mix Of Skill Sets Within Your Audit Group. Create The Audit Plan By Identifying Audit Entities And Performing A Formal Risk Assessment. Ensure Your Auditors Update Risk Assessments And Monitor The Risk Indicators On An Ongoing Basis. Establish Your Teams Communication Strategies And Reporting Formats

Each audit can be split into multiple tasks across auditors; questionnaires can be assigned; and you can link the audit to each item in the organization (incl. suppliers, equipment, products, documents, organization entities) that will be audited for business intelligenceBest Practice #11: Establish Alert System For Closed-Loop Process

Audit Program

eQCM provides the capability to set up an Audit programBest Practice #12: Automate Your Audit Processes

Begin With A Clear Focus On Your OrganizationIntegrated Audit Management

Auditors can input findings and answer questionnaires. NC and CAPA can be initiated and linked to a specific findingBest Practice #13: Establish Good Audit Reporting System

59sfdjsklAudit Reporting Made Easy

eQCM makes creating the audit report easy. You can add more information into the fields/sections you choose and then auto-generate the report with the click of a button: it allows reformatting and a helpful preview screen. On Demand Audit Information

All the audit information is accessible for users with permissions via a search panel. Configurable reports are available from the search panel.Close The Loop! Audit Notifications

Audit participants can be notified and accept whether they will be availableEffective Management of Audit Workload

With eQCM, the user only has to look in one place to see the tasks they must dothe workload

Managing ChangeDesign Processes To Support Their Operational Needs; Provide Information For Decisions To Those Who Need It; And Adopt More Flexible Procedures And Approaches.

Manage ExpectationsAuditors Must Play A Greater Role In Managing ExpectationsPromote Greater Uniformity In Auditing ProceduresAdopt Effective Peer ReviewCommunicating High Professional Auditing Standards65

Automate!

Best Practices

Manage ExpectationsSummaryIntegrated Process FocusRisk Management66

Questions?

Valarie King-Bailey, M.B.A.VP Sales & Marketing vkbailey@xybion.comKevin MillerInside Sales Managerkmiller@xybion.com

Contact UsTHANK YOU!