Title: Planning and programming for sustained effective use of internal audit resources
1Planning and programming for sustained effective
use of internal audit resources
- Rob Newsome
- African Regional Director
2Overview
- The need to understand what is subject to audit
- Understand the objectives of the Ministry
- Using risk to position the audit work
- Co-ordinating with other assurance providers
- Skilling up the internal audit department
3Audit Universe
4Strategy to risk link
5Benchmarking
Risks which threaten objectives Controls linked to risks
Accidents Monitor compliance with safety standards and policies procedures
Lack and timing of resources Monitor compliance with logistics plan
Equipment break-downs Monitor compliance with maintenance plan
Labour disruptions Human Resources management
Wasted expenditure Budgeting and financial disciplines
6Assurance co-ordination
Assurance Areas Focus Timing Assurance Provider
Cash risk Independently evaluate your process to ensure that the key controls in place adhere to sound cash management principles March September Management / Internal Audit External audit review
Strategic Staff planning, productivity, succession, competency, performance, capacity, staff morale, mentorship June Management
Plant maintenance Maintenance expenditure control May Management
Human Resource Management Recruitment February Management
7Internal Audit expectations
To support the Board of Directors, Audit
Committee and management in identifying and
managing risks and thereby enabling them to
achieve corporate objectives. This is achieved by
- Enhancing the understanding of risk management
and the underlying concepts and assisting to
implement an effective risk process and - Providing objective feedback on the quality of
organisational controls and performance.
8Internal Audit resources needed for
- Risk management ,and
- Providing objective feedback
9Risk Management Resources
- Chief Risk Officer vs. Chief of Internal Audit
- Providing objective feedback on the process of
risk management - Risk management software to maintain the risk
data base
10Assurance Resources
- Determine which risks Internal Audit should
provide assurance on - Group the risks within logical processes to
detemine effective audit coverage - For each audit identified consider the resources
needed to complete the review
11Assurance Resources continued
- Use software for data interrogation and audit
working papers - Assess the skill levels needed to complete each
audit - Determine the hours of each skill level to
complete the specific tasks - Per skill level aggregregate the estimated hours
- Obtain view of the total resource needed to
complete the audit universe
12Assurance Resources continued
- Agree with management and the Audit Committee on
the annual cycle to cover the audit universe - The man plan of the department therefore has a
zero base - Determine the optimal level and specialist
staffing mix inclusive of skills that may be
outsourced - This optimal man plan becomes the profile to
recruit, train and provide career development
13Assurance Resources continued
- Benchmark the plan against international and
other relevant measures to ensure that the
investment is within acceptable norms - Develop acceptable measures to report on
department utilisation of resources
14Closing comments
- Audit efficiency and effectiveness through using
CAATs - Establish monetary and time budgets for each
review and measure actual performance
15This approach is being adopted in the public
sector. What needs to be done to make it
operational in your organisation???