Sharpening our Focus on the Road Ahead: Internal Audit in 2020 - Carolyn Saint, CIA, CPA Vice President, Internal Audit 7-Eleven, Inc - Dallas IIA
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
Sharpening our Focus on the Road Ahead: Internal Audit in 2020 Carolyn Saint, CIA, CPA Vice President, Internal Audit 7-Eleven, Inc.
Overview • Key achievements of the past decade • Where we find ourselves in 2013 • Five imperatives for the remainder of the decade • Attributes of high performing audit functions in 2020 • Five strategic risks that could derail our progress
Key Achievements From the Past Decade: • Risk-centric transformation • Enhanced stature • Enhanced controls assurance reputation • Helping our organizations navigate a decade of crises • Emerging as a source of talent
Five Key Trends in 2013 • Outlook for resources is strong • Internal audit plans realigned to reflect risks • Stakeholders focused on key risks • Requisite skills continue to evolve • Strong audit committee support
Trend 1: The Outlook for Resources is Strong • Budgets: Projected Change from 2012-2013 Increase Stable Decrease Overall 41% 50% 9% F500 39% 48% 13% • Staffing: Projected Change from 2012-2013 Increase Stable Decrease Overall 24% 71% 5% F500 29% 61% 10%
Trend 2: Internal Audit Plans Have Realigned to Reflect Risks Risk Mgt Fraud 4% Other Operational Assurance 5% 12% 24% Strategic/ Business 4% Financial – General 13% Sarbanes- Compliance Oxley 12% 14%
Trend 3: Our Stakeholders are Focused on Key Risks Audit Committee Executive Management 1 Compliance risks Strategic/business 2 Operating risks Operational 3 IT (general) risks Compliance 4 Financial risks Financial 5 Strategic risks IT- general Source: “The Pulse of the Profession: © 2012 The IIA Audit Executive Center
Trend 4: Requisite Skills For Continue to Evolve All F500 Analytical/critical thinking 77% 79% Communication skills 66% 68% Data mining and analytics 47% 51% Business acumen 41% 50% IT (general) 39% 38% Industry-specific knowledge 35% 34% Accounting 29% 35% Risk management assurance 27% 19% Source: “The Pulse of the Profession: © 2012 The IIA Audit Executive Center
Other Trends Worth Watching in 2013 • Internal audit reporting lines • Increased emphasis on emerging technology risks • CAE qualifications • Enhanced mainstream media interest in internal audit • Emerging “DC” interest in internal audit • Internal audit compensation Source: The IIA Audit Executive Center
Federal Reserve Supplemental Guidance on Internal Audit • Internal Audit quality assurance program should ensure that internal audit conform to IIA Standards • CAE should reports administratively the CEO or the audit committee should document the rationale otherwise • Internal audit should have a code of ethics that emphasizes the principles of objectivity, competence, confidentiality, and integrity, consistent with IIA Standards • The charter should define when and how the internal audit function may outsource some of its work • Internal audit should issue an opinion on the adequacy of risk management processes
Sharpening our Focus on the Road Ahead: Outlook for the Decade Ahead
Five Imperatives For the Remainder of the Decade Enhancing Securing a Enhancing Providing our “seat at the Solidifying our and assurance on proficiency table” for expertise to leveraging a risk with data operational address key continuous management mining and and strategic risks focus on risks effectiveness analytics discussions
Enhancing And Leveraging A Continuous Focus On Risks • No surprises! • Annual risk assessment = a single snapshot • Dynamic nature of risks requires constant attention
Enhancing And Leveraging A Continuous Focus On Risks • Continuous risk assessments take many forms: – Key risk indicators – “Risk assessment by walking around” • Internal audit should remain alert to: – The highest rated risks from the annual assessment – Risks with remote likelihood but high impact – Risks that are on the radar of key stakeholders
Assurance on the Effectiveness of Risk Management • “Failure of risk management” is a legacy of the current global economic crisis • Boards didn’t exercise appropriate oversight • Management took extraordinary risks for short term results • Regulatory and legislative initiatives mandate greater risk management oversight by Boards • Internal audit is a natural resource for risk management assurance
Assurance on the Effectiveness of Risk Management Yet – we are still reluctant to embrace the challenge: • 57% - No coverage planned in 2012 • 93% - Coverage comprises less than 10% of total audit plan • 04% - Average allocation of audit plan • The only good news: 33% are increasing coverage from 2011 levels
Enhancing Our Proficiency with Data Mining and Analytics • We operate in a data-intense environment • Data mining and analysis has emerged as a major priority for many internal audit departments • Data analysis: – Permits analysis of entire population versus statistical sample – Increases efficiency by analyzing more data in less time – Facilitates more frequent and timely assessments – Improves ability to respond to urgent events
Enhancing Our Proficiency with Data Mining and Analytics • Key considerations in the use of data mining and analytics: – Identify the uses (including types of audits) that would benefit from data analytics – Assess skills of the internal audit team, identify gaps, and remediate – Identify and acquire the best tools that address your needs – Develop standards and policies for the deployment/use of the tools – Strive for continuous improvement
Securing a “Seat at the Table” • Strategic and business risks present the greatest threat to shareholder value • Traditionally focus on financial and compliance risks • Stakeholders are seeking value from: – Focus on full portfolio of risks – Insight – Institutional knowledge
Securing a “Seat at the Table” A Seat at The Table • Comes with responsibility • Opportunity to learn and contribute • Not to identify audit leads • Take a “dish to the table” so that others can feast on our knowledge
Solidifying our Expertise to Address Key Risks • Collective knowledge must be capable of addressing the full portfolio of risks • 2000’s was the decade of financial audit expertise • Diversification of internal audit’s focus has exposed knowledge gaps: – Knowledge of the business/industry – Fraud investigation/audit capabilities – Understanding how to audit operating, strategic and business risks
Solidifying our Expertise to Address Key Risks Top 5 Risk Areas Where Stakeholders Seek Enhanced IA Capabilities 1. Data privacy and security (46%) 2. Regulations and government policies (32%) 3. Fraud and ethics (31%) 4. Large program risks (29%) 5. New product introductions (29%) Source: “Aligning Internal Audit – Are You on the Right Floor? PwC’s 2012 State of the Internal Audit Profession Study” © 2012 PricewaterhouseCoopers LLP. All rights reserved. Used with permission.
Sharpening our Focus on the Road Ahead: The High Performing Internal Audit Function of 2020
Internal Audit 2020: Attributes of a “High Performing” Department • Fully integrated into the “C-Suite” trusted advisor • A respected source of insight and foresight • A state of the art technology platform • A magnet for talent with deep business expertise • The “Third Line of Defense”
Three Lines of Defense
The Institute of Internal Auditors: Raising the Bar to Serve the Profession www.theiia.org www.globaliia.org
The IIA’s Core Purpose in North America To advance the internal audit profession and serve our members.
The IIA By The Numbers • United States: • 63,000 members in the United States • 136 chapters • 40,000 CIA’s • Globally: • 180,000 members in 190 countries • 107 institutes on 6 continents • 115,000 CIA’s • The IIA HQ • 190 staff • $42 million of revenue (a 50% increase since 2009)
Recent IIA Initiatives: Enhancing Member Services • Launched the Audit Executive Center • Introduced “Free Member Webinars” • Enhanced and rebranded annual GAM Conference • Launched Internal Auditor Magazine online (with App) • Launched Internal Auditor Magazine in Spanish • Launched www.auditchannel.tv • Launched Certification in Risk Management Assurance • Designed and launched new member websites • Engaged DC government relations firm • Expanded our media presence • Facilitated New Global and NA Strategic Plans
The IIA: What’s on The Agenda for 2013 • New version of IPPF launched in January • Further expansion of DC presence • GAM in March in Las Vegas • First digital books to launch in July • Three-part CIA exam launch in July • International Conference in July in Orlando • CRMA exam launch in July • American Center for Government Auditing: Q4
Sharpening our Focus on the Road Ahead: Five Strategic Risks That Could Derail Our Progress
Five Strategic Risks That Could Derail Our Progress • Failure to embrace professional standards • The emergence of competitive risk, controls and governance functions that “outperform” us • Failure to align with expectations of key internal audit stakeholders • High-profile failures of internal auditor integrity • Failure to concentrate on high-risk areas: “Where was internal audit?”
Conclusion • Predicting the future is easy! • Adapting to the future is tougher • As internal audit professionals – we can either define our future or our future will define us.
Questions? The Institute of Internal Auditors Carolyn D. Saint, CIA, CPA Senior Vice Chairman, IIA North American Board of Directors Vice President Internal Audit, 7-Eleven, Inc. carolyn.saint@7-11.com
You can also read