1 / 29

IIA QA Program Requirements Presentation to CAUBO Internal Audit Group June 18, 2005

IIA QA Program Requirements Presentation to CAUBO Internal Audit Group June 18, 2005. Ingrid Loewen, CA.CIA Director, Internal Audit, Manitoba Liquor Control Commission Mary Ann Mork, CA.CIA Director, Audit Services, University of Manitoba. IIA QA Program Requirements. Presentation Overview

lenore
Télécharger la présentation

IIA QA Program Requirements Presentation to CAUBO Internal Audit Group June 18, 2005

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. IIA QA Program RequirementsPresentation to CAUBO Internal Audit GroupJune 18, 2005 Ingrid Loewen, CA.CIA Director, Internal Audit, Manitoba Liquor Control Commission Mary Ann Mork, CA.CIA Director, Audit Services, University of Manitoba

  2. IIA QA Program Requirements Presentation Overview • Background • IIA QA Attribute Standards (AS) - Overview • Reasons for QA Program • Internal QA Process • External QA Process • Common QA findings • Where to next?

  3. IIA QA Program Requirements Background • US SOX / Canadian Bill 198 • Specific requirements for AC & IA • CEO / CFO certifications • IA to advise on certification process • IA to issue opinion on IC • Promote use of COSO framework as criteria • Impact on University Environment • Best practices • Taxpayers want accountability

  4. IIA QA Program Requirements Attribute Standards: 1300 QA and Improvement Program • CAE should develop & maintain • Covers all aspects of IA activity & continuously monitors its effectiveness • Designed to add value, improve operations & provide assurance of IA compliance with IIA stds & COE

  5. IIA QA Program Requirements Attributes Standards: (con’t) 1310 Quality Program Assessments • IA should adopt a process to monitor & assess effectiveness of their program • Including • internal reviews • External review

  6. IIA QA Program Requirements Attributes Standards: (con’t) 1311 Internal Assessments Includes • Ongoing performance reviews • Periodic “self-assessments” or reviews by other knowledgeable persons with in organization

  7. IIA QA Program Requirements Attributes Standards: (con’t) 1312 External Assessments • At least once every 5 years (1st due Dec 2006) • By a qualified, independent reviewer / review team from outside organization • ***Independent verification of “periodic internal self-assessment” is most efficient and cost effective method***

  8. IIA QA Program Requirements Attributes Standards: (con’t) 1320 Reporting on Quality Program • CAE communicates results of External Assessment to Board (AC)

  9. IIA QA Program Requirements Attributes Standards: (con’t) 1330 Use of “Conducted in Accordance with the IIA Standards” • IA encouraged to use this phrase • Use ONLY if assessments of the QA program demonstrate the IA is in compliance with the standards

  10. IIA QA Program Requirements Attributes Standards: (con’t) 1340 Disclosure of Noncompliance • When noncompliance impacts overall scope or operation of IA activity disclosure should be made to SM and AC

  11. IIA QA Program Requirements Reasons for QA program: • To assess IA effectiveness & efficiency • To assess IA conformance with IIA standards • To identify opportunities for improvement

  12. IIA QA Program Requirements Ongoing Internal QA review process • Most effective if built into IA system • Supervision, file reviews • Checklists, programs, plans • Stakeholder feedback • Performance measures • Time budgets • Conclude on quality of ongoing performance • Implement follow-up action to ensure improvements

  13. IIA QA Program Requirements Ongoing Internal QA review process (con’t) Balanced Scorecard Approach / Competency Model • Quantitative(# projects scheduled / completed, timeliness, training hrs) • Client (responsiveness, client expectations, relationship) • University knowledge(applying knowledge, emerging issues) • Skills development(mentoring, training, coaching, developing) • Technical development(audit, accounting, regulatory, technology) • Innovation(best practice promo, involvement in professional organization, leadership,)

  14. IIA QA Program Requirements Periodic Internal QA Review Process • Decision to perform formal internal assessment (prepare for external, assess IIA standards conformity, E&E insight, best practice, value added, improvement, ) • Internal Assessment team(CAE, Direct report, AC chair/ member – knowledgeable about IA & standards) • Self Assessment (with Independent validation alternative to External review, more in-depth, more focused, less costly) • CAE questionnaire(E&E, conformity to standards, improvements) • Surveys(audit customers & staff)

  15. IIA QA Program Requirements Periodic Internal QA review (Con’t) • Review activities(WP’s, balanced sample, document review) • Interviews(AC chair, SM, Mgmt – to obtain views on IA value & professionalism, client expectations & suggested improvements) • Evaluation (Summary of issues & degree of conformance with IIA standards) • Reporting (agreed form & communication medium, CAE response, internal only) • Follow-up(at least annually, documented & reported to report recipients)

  16. IIA QA Program Requirements External QA Review Process (12 points) • Select a QA team • O/S organization – University and other • Qualified, objective, experienced – accredited in QA validation • Size – depends on scope of review, at least 2 for broad perspective

  17. IIA QA Program Requirements External QA Review • Prepare the self study for the team • Comprehensive questionnaire and documentation in specific info about organization & IA staff (org charts, policies, F/S, stats, IA activity) • Prepared by or under supervision of CAE • External QA team reviews prior to on-site work

  18. IIA QA Program Requirements External QA Review • External team leader makes a preliminary visit to the organization • Confirm objectives • Identify survey recipients • Arrange IA staff survey / meetings • Discuss self study / assessment contents • Select interview candidates • Administrative details • Prepare brief summary

  19. IIA QA Program Requirements External QA Process • Send out customer and staff surveys • Excellent feedback • Before on-site work – send, completion, return, analyze surveys • Use email / online methodology • Consider externally administered for complete anonymity • IA staff – survey only if you can’t interview them all!

  20. IIA QA Program Requirements External QA Review 5.Evaluate IA activity’s effectiveness at remaining current and adding value through interviews with: • Audit Committee Chairperson • Senior management • Operating managers • Internal audit staff

  21. IIA QA Program Requirements External QA Review • Interviews: (con’t) Used to elicit views on: • Value of audits & consultations • Client expectations • Professionalism of audit staff • Areas to improve IA activity • Risk mgmt, organizational controls, accountability & general mgmt of the organization

  22. IIA QA Program Requirements External QA Process 6. QA team performs the on-site work including: • Review of administrative policies and procedures • Consideration of enterprise risk • Evaluation of risk assessment in audit planning • Review of working papers and final reports for selected engagements • Review of number and skills of internal audit staff • Evaluate adequacy of IT audit coverage

  23. IIA QA Program Requirements External QA Process 7. Evaluate coordination of internal audit work with that of independent auditors and other monitoring functions. 8. Evaluate internal audit activity’s conformance with IIA Standards and other relevant standards.

  24. IIA QA Program Requirements External QA Process 9. Review quality/process improvement actions currently underway 10. Provide summary of issues and recommendations, and hold closing conference with the CAE and/or other requestors.

  25. IIA QA Program Requirements External QA Process 11. Draft a report, obtain comments, and issue a final report • Copies to CAE, Direct report, AC Chair 12. Hold a follow-up executive conference (optional) • Presentation to AC & SM

  26. IIA QA Program Requirements Common QA Findings • Inappropriate CAE reporting relationships • Out-of-date charters for IA activity and/or audit committee • Lack of board approved policy on internal control responsibility (outlines responsibilities for mgmt, IA and AC) • Client perception of inadequate audit staff knowledge • Lack of a formalized risk assessment process • Lack of understanding regarding: • Internal audit activity’s consulting responsibilities • Reflection of consulting in the mission and charter • Inadequate IT coverage or technical skills • Insufficient Training

  27. IIA QA Program Requirements Common QA Findings (con’t) • Risk Assessment Deficiencies • Audit Universe Deficiencies • Lack of Performance Measurements • Failure to Track Auditors’ Time • Poor Cycle Time • Inconsistent work papers • Non-electronic work papers • Audit Report Deficiencies, e.g., lack of Executive Summary, too long • No overall report conclusion • Findings aren’t ranked according to risk (high, med, low)

  28. IIA QA Program Requirements Where to next? • Determine who has / is / plans to implement a QA program at their University? • Form QA oversight team? – mandate? • Form teams to perform QA reviews • Include University and O/S people • Need some University IAs accredited for “Internal QA Validations” by IIA

  29. IIA QA Program Requirements Thank you! Questions?

More Related