Internal Audit, Best Practices - PowerPoint PPT Presentation


PPT – Internal Audit, Best Practices PowerPoint presentation | free to view - id: 259ed6-ZDc1Z


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation

Internal Audit, Best Practices


Integrate systems risk analysis into each audit define from a ' ... Implement Continuos Monitoring System(CMS) in high risk areas ... of technology tools ... – PowerPoint PPT presentation

Number of Views:758
Avg rating:1.0/5.0
Slides: 21
Provided by: pma62


Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: Internal Audit, Best Practices

Internal Audit, Best Practices Özlem
Aykaç, CIA,CCSA CAE Coca-Cola Içecek
What I share with you today
  • When management perceive IA value
  • Elements to Enhance IA Functions
  • Best Practices in these Elements
  • Performance Measures

When management perceive IA value
  • As management seeks to meet business objectives
    especially relates to the objectives of internal
  • Efficiency and effectiveness of operations
  • Reliability of financial reporting
  • Compliance with applicable laws and regulations
  • Safeguarding of assets
  • As management (as well as the Board or Audit
    Committee) sees IA resources being utilized/
    leveraged as a part to achieve strong, and
    effective risk management, internal control and
    corporate governance process

Elements to Enhance IA Functions
Best Practices - Customers
  • Identify your customers
  • Develop relationship to understand their needs
  • Establish business partner relationship with
    audit customers
  • Include customers in the risk assessment/planning
  • Sharing Story..Risk Assessment in CCI

Best Practices - People
  • Blend of audit and operational expertise
  • Market a career in the Company rather than just
    within IA
  • Establish training requirements
  • Create an environment for innovation
  • Obtain high performance personnel from within as
    well as from outside
  • Sharing Story Utilizing Co-sourcing

Best Practices - Process
  • Understand and align with Managements overall
    objectives and business strategies
  • Organize the department along business lines
  • Evaluate and document risk management of product/
    service / initiatives.
  • Broaden the definition of risk to improve
    process performance
  • Train customers on internal control
  • Use self-assessment to gather valuable
    information prior to the Audit
  • Build flexibility into your audit plan
  • Sharing Story Control Self-Assessment

  • CSA is a formal, documented process facilitated
    by IAD which designed to allow management and
    work teams made up of individuals from business
    units, functions to collaboratively
  • Identify risks and exposures.
  • Assess the control process that mitigate or
    manage those risks.
  • Develop action plans to reduce risks to
    acceptable levels.
  • Determine the likelihood of achieving the
    business objectives.
  • Potential Outcomes
  • Employees at all levels better understand and
    assume responsibility and accountability for
    effective control and risk management.
  • Corrective action can be more effective because
    participants own the results.
  • Provides a broader coverage on important issues
    because the experts quickly focus on risks and
  • Improves communication at all levels increase
    employee satisfaction.
  • Teaches participants how to analyze and report on
    internal control , thus increase the control
  • Reduce risk of fraud and noncompliance with laws
    and regulations
  • CCI IAD Policy
  • Implement self-assessment in areas like Finance
    and BSG to promote internal controls and to
    enhance audit resources.

Best Practices - Communication
  • Listen to different customers voices regularly
  • Help educate the organization through various
    communication forums (publications, newsletters,
    business book summaries,training sessions)
  • Become a repository for best practices/
    benchmarking information and share with the
  • Reduce reporting cycle time and maximize action
  • Sharing Story Activity Reporting

Best Practices - Technology
  • Link Management objectives/ strategies to
    supporting IT infrastructure
  • Integrate systems risk analysis into each audit
    define from a business not a technical
  • Utilize technology in the audit process timely
  • Computer assisted audit techniques (CATT)
  • Self-Assessment facilitation tools
  • Sharing Story CMS

  • CMS is a management-driven process used for
    monitoring high risk areas and exceptions.
  • Management is responsible for reviewing
    exceptions and taking necessary actions to
    diminish the risks.
  • Internal Audit has to ensure that exceptions are
    reviewed and necessary actions are taken by
    management to reduce the risks.
  • Advantages
  • Independent Control Mechanism which helps us to
  • Assure Internal Controls Complaince
  • Reduce Operational Risks
  • Mitigate the risk of Fraud
  • CCI IAD Policy
  • Implement Continuos Monitoring System(CMS) in
    high risk areas which will help us to assure
    internal controls complaince, reduce operational
    risks and mitigate the risk of fraud.

Performance Review (QAR)
  • International Standards require of a independent
    Quality Assurance Review every 5 years,
  • Should be more Audit Committee, management and
    internal audit customers
  • Use of smart KPIs as a benchmark for
  • World Class Internal audit should actively seek
    performance reviews from numerous sources.
    Periodic independent review, regular internal
    audit customers, management and the Audit
    Committee formalised feedback and use of KPIs

Performance Measures
  • Performance measures enable the internal audit
    team to
  • Gauge its success in meeting or exceeding
    client service expectations
  • Measure how well the audit process is managed
    and achieves its objectives
  • Select the measures which reflect your needs
    and values.
  • Select a few and commit to tracking/reporting

Performance Measures - Customers
  • Results of customer/stakeholder surveys vs.
    predetermined level of satisfaction goals. (Audit
    timeliness, Taking account of business concern,
    Professionalism, etc.)
  • Number of recommendations implemented.
  • Number of management requests (for
    assistance,consultation, special audits, etc.).
  • Number of committees and task forces audit is
    involved in or is asked to be involved in.

Performance Measures - People
  • Percentage of function personnel with various
    types of experience.
  • Number of individuals with certifications - CIA,
    CCSA, CISA, CPA,...
  • Employee satisfaction survey results.
  • Attainment of annual goals for staff training.
  • Average years of audit experience for managers,
    in charge, and staff.
  • Number of individuals promoted into the

Performance Measures - Communication
  • Percentage of recommendations implemented within
    the time period agreed to by audit customers.
  • Number of surprises at closing meeting.
  • Report cycle time (Total - end of field work to
    report delivery).
  • Cycle time between various key milestones in the
    audit reporting process.
  • Number of audit findings agreed
    recommendations implemented.

QAR Measurement Criteria
What we expect to see in the Future
  • More interaction with the Board or Audit
  • Consideration of IT risks, internal controls in
    all engagements
  • Increased leverage of technology tools
  • Evolving 'ownership' of internal controls at the
    field level
  • More defined Consulting engagements for internal
  • Ongoing training role of internal audit on
    internal controls, fraud prevention, ethics
  • .and others

  • Internal Audit, BEST PRACTICES
  • Özlem Aykaç, CIA,CCSA
  • CAE, Coca-Cola Içecek