Sharpening our Focus on the Road Ahead: Internal Audit in 2020 - Carolyn Saint, CIA, CPA Vice President, Internal Audit 7-Eleven, Inc - Dallas IIA
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
Sharpening our
Focus on the Road
Ahead: Internal
Audit in 2020
Carolyn Saint, CIA, CPA
Vice President, Internal Audit
7-Eleven, Inc.
Overview • Key achievements of the past decade • Where we find ourselves in 2013 • Five imperatives for the remainder of the decade • Attributes of high performing audit functions in 2020 • Five strategic risks that could derail our progress
Sharpening our Focus on the Road Ahead: Achievements from The Past Decade
Key Achievements From the
Past Decade:
• Risk-centric transformation
• Enhanced stature
• Enhanced controls
assurance reputation
• Helping our organizations
navigate a decade of crises
• Emerging as a source
of talent
Sharpening our Focus on the Road Ahead: Where We Find Ourselves in 2013
Five Key Trends in 2013 • Outlook for resources is strong • Internal audit plans realigned to reflect risks • Stakeholders focused on key risks • Requisite skills continue to evolve • Strong audit committee support
Trend 1: The Outlook for
Resources is Strong
• Budgets:
Projected Change from 2012-2013
Increase Stable Decrease
Overall 41% 50% 9%
F500 39% 48% 13%
• Staffing:
Projected Change from 2012-2013
Increase Stable Decrease
Overall 24% 71% 5%
F500 29% 61% 10%
Trend 2: Internal Audit Plans Have
Realigned to Reflect Risks
Risk Mgt Fraud 4% Other Operational
Assurance 5% 12% 24%
Strategic/
Business 4%
Financial –
General 13%
Sarbanes-
Compliance Oxley 12%
14%
Trend 3: Our Stakeholders are
Focused on Key Risks
Audit Committee Executive Management
1 Compliance risks Strategic/business
2 Operating risks Operational
3 IT (general) risks Compliance
4 Financial risks Financial
5 Strategic risks IT- general
Source: “The Pulse of the Profession: © 2012 The IIA Audit Executive Center
Trend 4: Requisite Skills For
Continue to Evolve
All F500
Analytical/critical thinking 77% 79%
Communication skills 66% 68%
Data mining and analytics 47% 51%
Business acumen 41% 50%
IT (general) 39% 38%
Industry-specific knowledge 35% 34%
Accounting 29% 35%
Risk management assurance 27% 19%
Source: “The Pulse of the Profession: © 2012 The IIA Audit Executive CenterOther Trends Worth Watching in 2013 • Internal audit reporting lines • Increased emphasis on emerging technology risks • CAE qualifications • Enhanced mainstream media interest in internal audit • Emerging “DC” interest in internal audit • Internal audit compensation Source: The IIA Audit Executive Center
Federal Reserve Supplemental Guidance on Internal Audit • Internal Audit quality assurance program should ensure that internal audit conform to IIA Standards • CAE should reports administratively the CEO or the audit committee should document the rationale otherwise • Internal audit should have a code of ethics that emphasizes the principles of objectivity, competence, confidentiality, and integrity, consistent with IIA Standards • The charter should define when and how the internal audit function may outsource some of its work • Internal audit should issue an opinion on the adequacy of risk management processes
Sharpening our Focus on the Road Ahead: Outlook for the Decade Ahead
Five Imperatives For the
Remainder of the Decade
Enhancing Securing a
Enhancing Providing
our “seat at the Solidifying our
and assurance on
proficiency table” for expertise to
leveraging a risk
with data operational address key
continuous management
mining and and strategic risks
focus on risks effectiveness
analytics discussionsEnhancing And Leveraging A
Continuous Focus On Risks
• No surprises!
• Annual risk
assessment = a
single snapshot
• Dynamic nature of
risks requires
constant attentionEnhancing And Leveraging A
Continuous Focus On Risks
• Continuous risk assessments take
many forms:
– Key risk indicators
– “Risk assessment by walking around”
• Internal audit should remain alert to:
– The highest rated risks from the
annual assessment
– Risks with remote likelihood but high impact
– Risks that are on the radar of key stakeholdersAssurance on the Effectiveness
of Risk Management
• “Failure of risk management” is a legacy of
the current global economic crisis
• Boards didn’t exercise appropriate oversight
• Management took extraordinary risks for
short term results
• Regulatory and legislative initiatives mandate
greater risk management oversight by Boards
• Internal audit is a natural resource for risk
management assuranceAssurance on the Effectiveness
of Risk Management
Yet – we are still reluctant to embrace
the challenge:
• 57% - No coverage planned in 2012
• 93% - Coverage comprises less than 10% of
total audit plan
• 04% - Average allocation of audit plan
• The only good news: 33% are increasing
coverage from 2011 levelsEnhancing Our Proficiency with
Data Mining and Analytics
• We operate in a data-intense environment
• Data mining and analysis has emerged as a major
priority for many internal audit departments
• Data analysis:
– Permits analysis of entire population versus
statistical sample
– Increases efficiency by analyzing more data in less time
– Facilitates more frequent and timely assessments
– Improves ability to respond to urgent eventsEnhancing Our Proficiency with
Data Mining and Analytics
• Key considerations in the use of data mining
and analytics:
– Identify the uses (including types of audits) that would
benefit from data analytics
– Assess skills of the internal audit team, identify gaps,
and remediate
– Identify and acquire the best tools that address your needs
– Develop standards and policies for the deployment/use of
the tools
– Strive for continuous improvementSecuring a “Seat at the Table” • Strategic and business risks present the greatest threat to shareholder value • Traditionally focus on financial and compliance risks • Stakeholders are seeking value from: – Focus on full portfolio of risks – Insight – Institutional knowledge
Securing a “Seat at the Table” A Seat at The Table • Comes with responsibility • Opportunity to learn and contribute • Not to identify audit leads • Take a “dish to the table” so that others can feast on our knowledge
Solidifying our Expertise to
Address Key Risks
• Collective knowledge must be capable of addressing
the full portfolio of risks
• 2000’s was the decade of financial audit
expertise
• Diversification of internal audit’s focus has exposed
knowledge gaps:
– Knowledge of the business/industry
– Fraud investigation/audit capabilities
– Understanding how to audit operating, strategic and
business risksSolidifying our Expertise
to Address Key Risks
Top 5 Risk Areas Where Stakeholders Seek
Enhanced IA Capabilities
1. Data privacy and security (46%)
2. Regulations and government policies (32%)
3. Fraud and ethics (31%)
4. Large program risks (29%)
5. New product introductions (29%)
Source: “Aligning Internal Audit – Are You on the Right Floor? PwC’s 2012 State of the Internal Audit
Profession Study” © 2012 PricewaterhouseCoopers LLP. All rights reserved. Used with permission.Sharpening our Focus on the Road Ahead: The High Performing Internal Audit Function of 2020
Internal Audit 2020: Attributes of a “High Performing” Department • Fully integrated into the “C-Suite” trusted advisor • A respected source of insight and foresight • A state of the art technology platform • A magnet for talent with deep business expertise • The “Third Line of Defense”
Three Lines of Defense
The Institute of Internal Auditors: Raising the Bar to Serve the Profession www.theiia.org www.globaliia.org
The IIA’s Core Purpose in
North America
To advance the internal
audit profession and
serve our members.The IIA By The Numbers
• United States:
• 63,000 members in the United States
• 136 chapters
• 40,000 CIA’s
• Globally:
• 180,000 members in 190 countries
• 107 institutes on 6 continents
• 115,000 CIA’s
• The IIA HQ
• 190 staff
• $42 million of revenue (a 50% increase since 2009)Recent IIA Initiatives:
Enhancing Member Services
• Launched the Audit Executive Center
• Introduced “Free Member Webinars”
• Enhanced and rebranded annual GAM Conference
• Launched Internal Auditor Magazine online (with App)
• Launched Internal Auditor Magazine in Spanish
• Launched www.auditchannel.tv
• Launched Certification in Risk Management Assurance
• Designed and launched new member websites
• Engaged DC government relations firm
• Expanded our media presence
• Facilitated New Global and NA Strategic PlansThe IIA: What’s on The Agenda for 2013 • New version of IPPF launched in January • Further expansion of DC presence • GAM in March in Las Vegas • First digital books to launch in July • Three-part CIA exam launch in July • International Conference in July in Orlando • CRMA exam launch in July • American Center for Government Auditing: Q4
Sharpening our Focus
on the Road Ahead:
Five Strategic Risks
That Could Derail Our
ProgressFive Strategic Risks That
Could Derail Our Progress
• Failure to embrace professional standards
• The emergence of competitive risk, controls and
governance functions that “outperform” us
• Failure to align with expectations of key
internal audit stakeholders
• High-profile failures of internal
auditor integrity
• Failure to concentrate on
high-risk areas: “Where was
internal audit?”Conclusion • Predicting the future is easy! • Adapting to the future is tougher • As internal audit professionals – we can either define our future or our future will define us.
Questions? The Institute of Internal Auditors Carolyn D. Saint, CIA, CPA Senior Vice Chairman, IIA North American Board of Directors Vice President Internal Audit, 7-Eleven, Inc. carolyn.saint@7-11.com
You can also read
