Strategies to Maintaining Internal - PowerPoint PPT Presentation

About This Presentation

Title:

Strategies to Maintaining Internal

Description:

See April 1, 2003 Webcast archive, Coordinating Internal and External Audit Work ... Trending (Cautiously) Risk Based Auditing & ERM. Evolving. With -Audit Committee ... – PowerPoint PPT presentation

Number of Views:31

Avg rating:3.0/5.0

Slides: 33

Provided by: lorion

Category:

more less

Transcript and Presenter's Notes

Title: Strategies to Maintaining Internal

1
Strategies to Maintaining Internal External
Relationships

The Institute of Internal AuditorsApril 13, 2004

Xenia Parker, CIA, CISA, CFSAPrincipalXLP
Associates
2
Agenda

Introduction Overview
Xenia Parker, XLP Associates
Roles and Responsibilities
Tony Tocco, DTE Energy
Rating and Ranking
Kimberly Gavaletz, Lockheed Martin
Changing Relationships
Eric Hespenheide, Deloitte
Break
Q A

3
Moderator

Xenia Ley Parker, CIA, CFSA, CISA

4
For Your Reference

See April 1, 2003 Webcast archive, Coordinating
Internal and External Audit Work In Meeting
Sarbanes-Oxley Requirements
Audit Committee Expectations Steve Goepfert
Impact on Annual Internal Audit Plan Kimberly
Gavaletz
Reliance on Internal Audit Work Darryl Briley

5
Practice Advisory 2050 Coordination with
External Providers

The chief audit executive should share
information and coordinate activities with other
internal and external providers of relevant
assurance and consulting services to ensure
proper coverage and minimize duplication of
efforts
See also
2050-1Coordination
2050-2 Acquisition of External Audit Services

6
Practice Advisory 2060 Reporting to the Board
and Senior Management

The chief audit executive should report
periodically to the board and senior management
on the internal audit activitys purpose,
authority, responsibility, and performance
relative to its plan
Reporting should also include significant risk
exposures and control issues, corporate
governance issues and other matters needed or
requested by the board and senior management
See also
2060-1 Reporting to Board and Senior Management
2060-2 Relationship with the Audit Committee

7
Upcoming Practice Advisory Internal Audits
Role in 302 and 404 of the Sarbanes-Oxley Act

The IIA International Professional Issues
Committee (PIC) team of Chief Audit Executives
(CAE), including those that took part in the
November 2003 response to the PCAOB, developed
this critical PA
The PIC and the Internal Audit Standards Board
(IASB) have signed off on the draft
Next steps
Executive Committee review and comment
Issue the final paper, communicating widely
through web site, various IIA publications, etc

8
Practice Advisory Highlights
.

The IIA recognizes organizations will respond
differently to the reporting requirements
Internal audit will play various roles,
especially in the short-term
However, this paper describes an ideal role for
internal audit that best fits within the
Standards

9
Internal Audit Recommended Role

Services performed by internal audit may add
significant value to the organization in meeting
the requirements of SOX Sections 302 and 404
These services should not interfere with the
requirement of the Standards for the internal
auditors independence and objectivity
Major areas identified are
Project oversight
Consulting and project support
On-going monitoring and testing

10
Roles and Responsibilities

Anthony M. Tocco, CIA, CFE
Assistant General Auditor
DTE Energy

11
Sarbanes-Oxley Governance

Control Office
COSO Framework
Central Repository of Data
Control Centers
Internal Process Control Committee of Management
Internal Control Steering Committee of Executives
Audit Committee
External Auditors

12
Control Office
Project Management Office Develop methodology and standards Provide guidance and tools Coordinate 302 and 404 activities Maintain data repository Oversee Quality Assurance (QA) Report status to Steering Committee

13
Internal Audit

Provide QA support
Provide 302 support
Share Risk Assessment/Audit Plan
Participate on committees
Coordinate work plan

14
Control Process Centers

Perform Risk Assessment
Document process and procedures
Identify key controls and gaps
Develop and perform testing
Develop and implement remediation
Report status to committee Provide QA support

15
Internal Control Committee

Oversee Control Center activities
Provide guidance
Report status to Steering Committee
Provides input review for 302 and 404

16
Internal Control Steering Committee

Provide strategic direction
Serves as governance body
Report status to executive team
Report status to audit committee

17
External Auditors

Provide certain advisory services
Assess progress
Attend committee meetings
Coordinate work plan
Perform testing

18
Rating and Ranking
Kimberly Gavaletz VP, Corporate Internal
Audit Lockheed Martin
19
Internal Audits Ratings Rankings

Before Sarbanes-Oxley
Evolving With Sarbanes-Oxley

20
Before - Sarbanes-Oxley

Decades of Commonly Used
Scope Definitions
Terms
Ratings
Report Distribution Practices
Issue Closure Processes
Emerging Practices
Consulting
Value Add Work Relationships
Trending
Risk Based Auditing

Common Language With -Audit Committee -External
Auditors -Management -Audit Staff
21
Evolving With Sarbanes-Oxley

Term Definitions Changed
Significant Deficiency, Key Controls, Control
Weakness
Scopes
Must be in Context of the Whole
Reporting
Read Differently
Time Element Imposed
Emerging Practices Morphing
Consulting Advisory
Value Add Work Relationships
Trending (Cautiously)
Risk Based Auditing ERM

Evolving With -Audit Committee -External
Auditors -Management -Audit Staff PCAOB,
Investors
22
Advice for the Journey

Key to Internal Audits Success
Being Understood
Must Adapt not Abdicate
Requires All of Audit Understanding and Relating
to the Overall Context
Requires Letting Go Updating/Re-tooling
Realize that the Journey is Continuous

Listen, Learn, Share?Succeed
23
The Changing Relationships Between Internal Audit
and External Audit Firms
Eric Hespenheide, CPA Global Managing Director
Internal Audit Services Deloitte
24