Planning and programming for sustained effective use of internal audit resources

1
Planning and programming for sustained effective
use of internal audit resources

• Rob Newsome
• African Regional Director

2
Overview

• The need to understand what is subject to audit
• Understand the objectives of the Ministry
• Using risk to position the audit work
• Co-ordinating with other assurance providers
• Skilling up the internal audit department

3
Audit Universe
4
Strategy to risk link
5
Benchmarking
Risks which threaten objectives Controls linked to risks
Accidents Monitor compliance with safety standards and policies procedures
Lack and timing of resources Monitor compliance with logistics plan
Equipment break-downs Monitor compliance with maintenance plan
Labour disruptions Human Resources management
Wasted expenditure Budgeting and financial disciplines
6
Assurance co-ordination
Assurance Areas Focus Timing Assurance Provider
Cash risk Independently evaluate your process to ensure that the key controls in place adhere to sound cash management principles March September Management / Internal Audit External audit review
Strategic Staff planning, productivity, succession, competency, performance, capacity, staff morale, mentorship June Management
Plant maintenance Maintenance expenditure control May Management
Human Resource Management Recruitment February Management
7
Internal Audit expectations
To support the Board of Directors, Audit
Committee and management in identifying and
managing risks and thereby enabling them to
achieve corporate objectives. This is achieved by

• Enhancing the understanding of risk management
  and the underlying concepts and assisting to
  implement an effective risk process and
• Providing objective feedback on the quality of
  organisational controls and performance.

8
Internal Audit resources needed for

• Risk management ,and
• Providing objective feedback

9
Risk Management Resources

• Chief Risk Officer vs. Chief of Internal Audit
• Providing objective feedback on the process of
  risk management
• Risk management software to maintain the risk
  data base

10
Assurance Resources

• Determine which risks Internal Audit should
  provide assurance on
• Group the risks within logical processes to
  detemine effective audit coverage
• For each audit identified consider the resources
  needed to complete the review

11
Assurance Resources continued

• Use software for data interrogation and audit
  working papers
• Assess the skill levels needed to complete each
  audit
• Determine the hours of each skill level to
  complete the specific tasks
• Per skill level aggregregate the estimated hours
• Obtain view of the total resource needed to
  complete the audit universe

12
Assurance Resources continued

• Agree with management and the Audit Committee on
  the annual cycle to cover the audit universe
• The man plan of the department therefore has a
  zero base
• Determine the optimal level and specialist
  staffing mix inclusive of skills that may be
  outsourced
• This optimal man plan becomes the profile to
  recruit, train and provide career development

13
Assurance Resources continued

• Benchmark the plan against international and
  other relevant measures to ensure that the
  investment is within acceptable norms
• Develop acceptable measures to report on
  department utilisation of resources

14
Closing comments

• Audit efficiency and effectiveness through using
  CAATs
• Establish monetary and time budgets for each
  review and measure actual performance

15
This approach is being adopted in the public
sector. What needs to be done to make it
operational in your organisation???