an overview of internal audit an overview of internal
play

An Overview of Internal Audit An Overview of Internal Audit Jim - PowerPoint PPT Presentation

An Overview of Internal Audit An Overview of Internal Audit Jim Farquhar Chief Internal Chief Internal Jim Farquhar Auditor Auditor Deborah Clark Audit & Risk Audit & Risk Deborah Clark Manager Manager What is


  1. An Overview of Internal Audit An Overview of Internal Audit Jim Farquhar – – Chief Internal Chief Internal Jim Farquhar Auditor Auditor Deborah Clark – – Audit & Risk Audit & Risk Deborah Clark Manager Manager

  2. What is Internal Audit? What is Internal Audit? • “ • “I nternal auditing is an independent, I nternal auditing is an independent, objective assurance and consulting objective assurance and consulting activity designed to add value and improve activity designed to add value and improve an organisation’ ’s operations. I t helps an s operations. I t helps an an organisation organisation accomplish its objectives by organisation accomplish its objectives by bringing a systematic, disciplined bringing a systematic, disciplined approach to evaluate and improve the approach to evaluate and improve the effectiveness of risk management, control effectiveness of risk management, control and governance processes” ” and governance processes

  3. The Three Lines of Defence Model The Three Lines of Defence Model

  4. Internal Audit Strategy Internal Audit Strategy • 2013 • 2013- -16 Strategy agreed July 2013 16 Strategy agreed July 2013 • Purpose, Outputs and Performance • Purpose, Outputs and Performance • Key responsibilities • Key responsibilities • Links to the risk profile of the Company • Links to the risk profile of the Company • Resources • Resources

  5. Work Programme Work Programme • Risk based plan • Risk based plan • Internal audit knowledge • Internal audit knowledge • Input from directors and managers • Input from directors and managers • Horizon scanning • Horizon scanning • Approved by Audit Committee • Approved by Audit Committee

  6. Risk Assessment Tool Risk Assessment Tool Scores Risk Factors Weighting Impacts 1 2 3 4 5 Up to £500,000 £500,001 - £1million £1-5million £5-10million Over £10million 1 Annual Gross Income or 10 Expenditure Budget 2 Potential losses from Less than £5K £5-25K £25K-100K £100-250K Over £250K Materiality cash and other desirable goods 5 Less than 999 1,000 - 9,999 10,000 - 99,999 100,000 - 199,999 More than 200,000 3 Volume of transactions per 10 annum 4 Complexity of Simple Straightforward Some Complexities Complex Very Complex 10 system 5 Adverse publicity Minimum impact on the Adverse internal criticism Adverse external criticism Public/media local concern Public/media national organisations image outrage 8 Sensitivity 6 Operational impact Minimal disruption to Minimal disruption to Noticeable disruption to Major disruption to internal Major disruption to public internal company public and stakeholders internal operations, public company operations and and stakeholders and operations and stakeholders curtailment of ability to fully inability of organisation to achieve the organisations achieve strategic 10 strategic objectives. objectives. History 7 Audit Opinion Operating Well Satisfactory Significant Weakness 4 Audit 8 Time since last audit 1 year 2 years 3 years Never/ over 3 years/ follow 3 up 9 Experience of All managers and Managers and employees Managers and key employees are highly have adequate skills and employees lack relevant management and experienced in their roles. experience. skills, qualifications and staff Personnel experience. 1 10 Staff No changes since last Some recent turnover and High turnover and Turnover/Current audit new staff in key roles restructuring. Currently 1 Vacancies vacancies in key roles. 11 Level of Supervision High Adequate Low 3 12 New systems and No changes since last New system introduced in New system has been Process Changes audit the last 1-2 years introduced since last audit innovations either ICT or process 1 13 Legislative change No changes since last Minor legislative changes Significant changes, full audit since last audit details of new statutory 3 framework unclear RISK RATING SCORE AUDIT FREQUENCY 149 or less once every 36 months Low Medium 150 to 210 once every 24 months High over 210 once every 12 months

  7. Performance Performance • Progress against the plan • Progress against the plan • Actual hours against planned hours • Actual hours against planned hours • Number of audit assignments completed • Number of audit assignments completed against plan against plan • Number of audit recommendations • Number of audit recommendations implemented implemented • Audits completed within agreed time • Audits completed within agreed time • Customer satisfaction levels • Customer satisfaction levels

  8. Priority of Recommendations Priority of Recommendations • HI GH • HI GH - - These are fundamental These are fundamental weaknesses, which represent a major risk weaknesses, which represent a major risk to the organisation, , service or establishment service or establishment to the organisation and immediate remedial action is imperative and immediate remedial action is imperative • MEDI UM • MEDI UM - - These are weaknesses, which These are weaknesses, which represent a considerable risk to the represent a considerable risk to the organisation, service or establishment and organisation, service or establishment and urgent remedial action is necessary urgent remedial action is necessary • BEST PRACTI CE • BEST PRACTI CE - - These issues merit These issues merit attention and their implementation will attention and their implementation will enhance the control environment or enhance the control environment or promote value for money promote value for money

  9. Priority of Recommendations Priority of Recommendations HI GH HI GH • Leads to a failure to achieve organisational • Leads to a failure to achieve organisational or service objectives or service objectives • Breach of legal requirement • Breach of legal requirement • Material error • Material error • Major breach of organisation • Major breach of organisation’ ’s policies or s policies or procedures procedures • Potential for major public embarrassment • Potential for major public embarrassment

  10. Priority of Recommendations Priority of Recommendations MEDI UM MEDI UM • Significant or frequent error rate • Significant or frequent error rate • • Lesser breach of the organisation’ ’s s Lesser breach of the organisation policies or procedures policies or procedures • • Significant potential to improve value for Significant potential to improve value for money money

  11. Priority of Recommendations Priority of Recommendations BEST PRACTI CE BEST PRACTI CE • • Minor but noteworthy errors Minor but noteworthy errors • • Lesser value for money issue Lesser value for money issue

  12. Reporting Opinions Reporting Opinions • OPERATI NG WELL • OPERATI NG WELL - - Used where the system is Used where the system is effective and no recommendations or only a few best effective and no recommendations or only a few best practice recommendations have been raised. The vast practice recommendations have been raised. The vast majority of recommendations from the previous audit majority of recommendations from the previous audit need also to have been implemented. need also to have been implemented. • SATI SFACTORY • SATI SFACTORY - - Used where the system works but Used where the system works but there are a number of medium priority recommendations there are a number of medium priority recommendations or where issues have not been addressed from the or where issues have not been addressed from the previous audit. previous audit. • SI GNI FI CANT WEAKNESSES • SI GNI FI CANT WEAKNESSES - - Used where the Used where the system is flawed so there is one or more high priority or system is flawed so there is one or more high priority or a large number of medium priority recommendations. a large number of medium priority recommendations. Also where very little or no action has been taken since Also where very little or no action has been taken since the previous audit. the previous audit.

  13. The Process The Process • Assignment Brief Issued • Assignment Brief Issued • Fieldwork Undertaken • Fieldwork Undertaken • Exit Meeting • Exit Meeting • Working papers and draft report produced • Working papers and draft report produced • Quality review • Quality review • Draft report issued • Draft report issued • Discussion/Negotiation • Discussion/Negotiation • Final report issued • Final report issued

  14. Action Plans for Management Action Plans for Management

  15. Statement of Internal Control Statement of Internal Control Annual review of the effectiveness of the Annual review of the effectiveness of the internal control systems covering: internal control systems covering: • Governance and Risk Management • Governance and Risk Management • Performance Management • Performance Management • Financial Management • Financial Management • Internal Audit • Internal Audit • External Audit • External Audit

  16. Special Investigations Special Investigations • Counter fraud and corruption • Counter fraud and corruption investigations investigations • Financial irregularities • Financial irregularities • Police liaison • Police liaison

Recommend


More recommend