Internal Audit, Best Practices - PowerPoint PPT Presentation

1 / 20

About This Presentation

Title:

Internal Audit, Best Practices

Description:

Number of Views:1578

Avg rating:1.0/5.0

Slides: 21

Provided by: pma62

Category:

more less

Transcript and Presenter's Notes

Title: Internal Audit, Best Practices

1
Internal Audit, Best PracticesÖzlem
Aykaç, CIA,CCSACAE Coca-Cola Içecek
2
What I share with you today

3
When management perceive IA value

As management seeks to meet business objectives
especially relates to the objectives of internal
control
Efficiency and effectiveness of operations
Reliability of financial reporting
Compliance with applicable laws and regulations
Safeguarding of assets
As management (as well as the Board or Audit
Committee) sees IA resources being utilized/
leveraged as a part to achieve strong, and
effective risk management, internal control and
corporate governance process

4
Elements to Enhance IA Functions
5
Best Practices - Customers

6
Best Practices - People

7
Best Practices - Process

Understand and align with Managements overall
objectives and business strategies
Organize the department along business lines
Evaluate and document risk management of product/
service / initiatives.
Broaden the definition of risk to improve
process performance
Train customers on internal control
Use self-assessment to gather valuable
information prior to the Audit
Build flexibility into your audit plan
Sharing Story Control Self-Assessment

8
CONTROL SELF-ASSESSMENT (CSA)

CSA is a formal, documented process facilitated
by IAD which designed to allow management and
work teams made up of individuals from business
units, functions to collaboratively
Identify risks and exposures.
Assess the control process that mitigate or
manage those risks.
Develop action plans to reduce risks to
acceptable levels.
Determine the likelihood of achieving the
business objectives.
Potential Outcomes
Employees at all levels better understand and
assume responsibility and accountability for
effective control and risk management.
Corrective action can be more effective because
participants own the results.
Provides a broader coverage on important issues
because the experts quickly focus on risks and
controls.
Improves communication at all levels increase
employee satisfaction.
Teaches participants how to analyze and report on
internal control , thus increase the control
conciousness.
Reduce risk of fraud and noncompliance with laws
and regulations
CCI IAD Policy
Implement self-assessment in areas like Finance
and BSG to promote internal controls and to
enhance audit resources.

9
Best Practices - Communication

Listen to different customers voices regularly
Help educate the organization through various
communication forums (publications, newsletters,
business book summaries,training sessions)
Become a repository for best practices/
benchmarking information and share with the
organization
Reduce reporting cycle time and maximize action
Sharing Story Activity Reporting

10
Best Practices - Technology

Link Management objectives/ strategies to
supporting IT infrastructure
Integrate systems risk analysis into each audit
define from a business not a technical
perspective
Utilize technology in the audit process timely
coverage
Computer assisted audit techniques (CATT)
Self-Assessment facilitation tools
Sharing Story CMS

11
CONTINOUS MONITORING SYSTEM (CMS)

CMS is a management-driven process used for
monitoring high risk areas and exceptions.
Management is responsible for reviewing
exceptions and taking necessary actions to
diminish the risks.
Internal Audit has to ensure that exceptions are
reviewed and necessary actions are taken by
management to reduce the risks.
Advantages
Independent Control Mechanism which helps us to
Assure Internal Controls Complaince
Reduce Operational Risks
Mitigate the risk of Fraud
CCI IAD Policy
Implement Continuos Monitoring System(CMS) in
high risk areas which will help us to assure
internal controls complaince, reduce operational
risks and mitigate the risk of fraud.

12
Performance Review (QAR)

International Standards require of a independent
Quality Assurance Review every 5 years,
Should be more Audit Committee, management and
internal audit customers
Use of smart KPIs as a benchmark for
performance
World Class Internal audit should actively seek
performance reviews from numerous sources.
Periodic independent review, regular internal
audit customers, management and the Audit
Committee formalised feedback and use of KPIs

13
Performance Measures

14
Performance Measures - Customers

Results of customer/stakeholder surveys vs.
predetermined level of satisfaction goals. (Audit
timeliness, Taking account of business concern,
Professionalism, etc.)
Number of recommendations implemented.
Number of management requests (for
assistance,consultation, special audits, etc.).
Number of committees and task forces audit is
involved in or is asked to be involved in.

15
Survey
16
Performance Measures - People

17
Performance Measures - Communication

Percentage of recommendations implemented within
the time period agreed to by audit customers.
Number of surprises at closing meeting.
Report cycle time (Total - end of field work to
report delivery).
Cycle time between various key milestones in the
audit reporting process.
Number of audit findings agreed
recommendations implemented.

18
QAR Measurement Criteria
19
What we expect to see in the Future

More interaction with the Board or Audit
Committee.
Consideration of IT risks, internal controls in
all engagements
Increased leverage of technology tools
Evolving 'ownership' of internal controls at the
field level
More defined Consulting engagements for internal
audit
Ongoing training role of internal audit on
internal controls, fraud prevention, ethics
.and others

20
QUESTIONS ??? ozlem_aykac_at_cci.com.tr