Unlocking the Potential of Internal Audit udt November 18, 2014 Grant Thornton LLP. A Canadian Member of Grant Thornton International Ltd
With an introduction from Andy Poprawa, CEO of DICO
Your Presenters David Florio, CPA, CA.IT, PCI QSA, CRMA Partner Operational Advisory Services T +1 416 369 6415 E David.Florio@ca.gt.com Jen Pavlov, BA, CICA Senior Manager Operational Advisory Services T +1 416 369 6421 E Jen.Pavlov@ca.gt.com com Grant Thornton LLP. A Canadian Member of Grant Thornton International Ltd 3
Agenda 1. Introduction 2. Internal Audit Function 3. Governance and Reporting 4. Qualifications 5. Quality Assessment 6. Overall Discussions s and Conclusions o s Grant Thornton LLP. A Canadian Member of Grant Thornton International Ltd 4
INTERNAL AUDIT FUNCTION Grant Thornton LLP. A Canadian Member of Grant Thornton International Ltd 5
What is Internal Audit? The IIA Definition Internal Auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It assists an organization to accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes. Grant Thornton LLP. A Canadian Member of Grant Thornton International Ltd 6
Expectations of Internal Audit Function Internal laudit is an internal consultant, a quasiindependent advisor, cognizant of the organization s business strategies and priorities and culture.al Audit Internal Audit function should be able to influence: reduction in exposure to unacceptable risks improvements in processes (efficiency/effectiveness gains) heightened control/risk management culture information for executive information for governance level credibility of the organization Grant Thornton LLP. A Canadian Member of Grant Thornton International Ltd 7
Internal Audit Function Scenarios Insourced Internal Audit Department Chief Audit Executive or Director, Internal Audit Internal Audit staff Co-sourced Chief Audit Executive or Director, Internal Audit Third Party Consultant(s) t( Outsourced Third Party Consultant(s) Grant Thornton LLP. A Canadian Member of Grant Thornton International Ltd 8
Reporting Structure Internal Audit Department Insourced Benefits In-house staff with knowledge of day to day operations. Management has the ability to ensure training is targeted to the specific needs of the staff and/ or Credit Union. Cross functional resources. Risk assessment and control experts onsite. Challenges May be objectivity and Independence issues. Significant investment required in people, processes and technology. Demand of resources or feasible to maintain full time staff. Grant Thornton LLP. A Canadian Member of Grant Thornton International Ltd 9
Reporting Structure Internal Audit Department Co-sourced Benefits Additional objectivity and independence. Breadth of skill set, availability and flexibility in staffing. Best practices. Required to comply with governing standards and regulations. Ability to leverage automated tools and technology. Challenges Consultant does not report directly to Audit Committee. Less internal knowledge and capacity building. Possible communication issues. Grant Thornton LLP. A Canadian Member of Grant Thornton International Ltd 10
Reporting Structure Internal Audit Department Outsourced Benefits The same benefits of co-sourcing. Consultant reports directly to Audit Committee allowing for more objectivity and independence. Cost control. Proven risk based internal audit methodologies. Challenges Less internal knowledge and capacity building. Communications with management. Responsiveness and accountability might be more difficult. Less ability to control costs. Grant Thornton LLP. A Canadian Member of Grant Thornton International Ltd 11
GOVERNANCE AND REPORTING Grant Thornton LLP. A Canadian Member of Grant Thornton International Ltd 12
The Three Lines of Defense Grant Thornton LLP. A Canadian Member of Grant Thornton International Ltd 13
Considerations for the Audit Committee Audit quality is increasingly in the spotlight as a key element of the financial reporting process. With effective oversight of the work of the auditors, audit committees can contribute to the audit s overall quality while safeguarding the auditor s independence. Facilitates integration of the knowledge and concerns of the audit committee into the audit process. At least one Audit Committee member should have internal audit qualifications to perform their responsibilities. Significant benefits for audit committees including: Improved communications with their auditors Augmented understanding of risk and control issues Better alignment of the audit process with principal business and financial reporting risks Improved feedback to management, and Enhanced quality of financial and management reporting. Grant Thornton LLP. A Canadian Member of Grant Thornton International Ltd 14
What the Audit Committee will expect from the Internal Audit Function Internal Audit Charter Risk Based Internal Audit Plan Engagement Letter Regular updates Working papers Reports Follow-up Grant Thornton LLP. A Canadian Member of Grant Thornton International Ltd 15
Grant Thornton CAE Survey 2014 - Areas the Board and Audit Committee want to see value delivered d Grant Thornton LLP. A Canadian Member of Grant Thornton International Ltd 16
Grant Thornton CAE Survey 2014 - Risk Areas that could potentially impact your organization's i growth add context Grant Thornton LLP. A Canadian Member of Grant Thornton International Ltd 17
QUALIFICATIONS Grant Thornton LLP. A Canadian Member of Grant Thornton International Ltd 18
Qualifications of Internal Auditors Head of department should be certified in one of the following designation(s); e.g., CPA, CA, CMA, CGA, CIA, CICA, CRMA, CISA, QSA, etc. Bachelors degree in accounting, finance, business or related field. Minimum # of years relevant experience; e.g., risk assessments, internal controls reviews, audit, etc. Strong knowledge of auditing and principles and techniques. Excellent communication skills. Grant Thornton LLP. A Canadian Member of Grant Thornton International Ltd 19
Things to Consider in Selecting an Internal Auditor Do they have the qualifications and/ or licensing? Are they required to follow a code of conduct/ ethics? Are they required to follow a professional standard; e.g., CPA, IIA, etc.? Perform a background check and check references. Do they have Professional Liability Insurance (cosourced or outsourced)? Do they complete their minimum annual professional development elopment hours? Grant Thornton LLP. A Canadian Member of Grant Thornton International Ltd 20
QUALITY ASSESSMENTS Grant Thornton LLP. A Canadian Member of Grant Thornton International Ltd 21
IIA - Quality Assessments by Internal Audit Department Internal Quality Assessments Ongoing Work kpaper Reviews Performance Evaluations Actual vs. Budgeted Analysis Various Monitoring Metrics Customer Surveys Periodic Self-Assessment Annually Covering all IIA Standards over 5 years Quarterly/Semi-Annual Portions of IIA Standards each year Assess compliance with IA Activity Charter Grant Thornton LLP. A Canadian Member of Grant Thornton International Ltd 22
IIA - Quality Assessments by External Third Parties External Quality Assessments Required every 5 years Standard enacted January 1, 2002 Two methods: External Quality Assessment with the review and report by an independent team Self Assessment with report validation by an Independent Validator Grant Thornton LLP. A Canadian Member of Grant Thornton International Ltd 23
Why Conduct an External Quality Assessment? To provide independent analyses: Do we meet professional standards? Can things be done better? Should more be done? Is maximum value being received for each dollar of expense? Can we add more value to management and the audit committee? Can we enhance our image, perceptions, and credibility within the organization? Grant Thornton LLP. A Canadian Member of Grant Thornton International Ltd 24
Self Assessment with Independent Validation Internal Audit Activity conducts their own Self assessment, determines compliance with the Standards and writes the report. Internal Audit Activity then engages an independent Validator to review documentation and perform limited testing. Validator concurs with report or disagrees and issues own report (opinion). Validator can be an external service provider or from a peer pool Grant Thornton LLP. A Canadian Member of Grant Thornton International Ltd 25
Questions Grant Thornton LLP. A Canadian Member of Grant Thornton International Ltd 26
Thank you! David Florio, CPA, CA.IT, PCI QSA, CRMA Jen Pavlov, BA, CICA Partner Senior Manager Operational Advisory Services Operational Advisory Services T +1 416 369 6415 T +1 416 369 6421 E David.Florio@ca.gt.com E Jen.Pavlov@ca.gt.com Grant Thornton LLP. A Canadian Member of Grant Thornton International Ltd 27