Internal Audit

Audit International are privileged to share some recent insights from Dr Rainer Lenz- Head of Corporate Audit at Villeroy & Boch on his thoughts about internal audit and its Independence.

“Recently, I was invited to share some thoughts about independence of internal auditors. I am basically challenging that concept:

The IIA definition positions internal auditing as an …

“ independent , objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes.”
To be blunt, in my view, independence is largely theory. It is overrated, I think. So is objectivity. But let’s stay with the subject matter of independence. There is nothing wrong with aspiring independence. But, who cuts the hand feeding him? There are inconsistencies among talk and action. Consequently, academic authors refer to the internal auditor’s “role dilemma” and “role confusion”, acknowledging for example the difficulties of internal auditors to strike the balance between being independent from operations and, at the same time, providing added value and benefit to operations. Being both watchdog and consultant is challenging.

Some authors view internal audit as a schizophrenic management function. On one hand, it needs to be completely integrated and knowledgeable. On the other hand, it needs a measure of independence required of all auditors. Thus, internal audit may have a built in cognitive disconnect. Organizations and Chief Audit Executives (CAEs) may cope at different levels of proficiency with such inconsistent demands. Those who can do that well may live longer. Thus, “organizational hypocrisy” may serve a useful purpose.

When you ask non-executive directors and audit committee chairmen what they think, how independent internal auditors are, what will they say? I recall surveys where those members of oversight bodies state that (some) heads of internal audit are not up to the job, internal audit lacks adequate independence, and internal audit has not properly defined the role that they wish internal audit to fulfill.

That points to the “who’s your boss” question. There is no congruence between what the board wants, what the audit committee wants, and what senior management wants. Aiming at satisfying all customer groups is likely to disappoint one or the other customer in some dimension, as all may expect something different from internal audit, such that no one is fully satisfied. In other words, internal audit may face tension from its attempt to serve – let’s say – its two prime customers: managers and the audit committee. The IIA acknowledges that there may be conflicts when internal audit tries to “serve two masters”. Thus, the “who’s your boss?” issue can present problems in terms of allegiances, independence, and effectiveness.

Academic studies confirm that role ambiguity and role conflict can negatively affect the independence of internal auditors. At the same time, CEOs (often) want the CAE to have no fear or favor. It is crucial that the CAE is able to work with other stakeholders in the organization and is not afraid to voice his or her opinion even in controversial situations. That draws particular attention to the importance of the CAE’s characteristics, possibly more important than the debate around independence.

There are authors who suggest that internal auditors must be independent of senior management, so that the board is to rely on internal audit to provide the assurance it needs; otherwise, the risk is that internal audit’s reports to the board/audit committee will be filtered by senior management in such a way that only what is palatable to senior management is communicated. Investing in these relationships and having a steady and robust dialogue is critical to the internal audit function’s success, given its organizational context.

My 2 cents about independence of internal auditors in a nutshell.”

Guest Article Writer- Dr. Rainer Lenz-Head of Corporate Audit at Villeroy & Boch

Source: Lenz, R. (2016), Insights into the effectiveness of internal audit: a multi-method and multi-perspective study, LAP LAMBERT Academic Publishing, Saarbrücken, ISBN 978-3-659-85241-1

The job profile of the Data Scientist is still young, but is often searched for on the job market. They are required in many industries, such as:

• Banking and insurance 
• Trading
• Business and organizational consultancies, market researching
• Social Media, Telecommunications, online tradinging and network management
• Bio-, pharmaceutical, chemical and medical industries
• Logistics
 

 
In 2012, Tom Davenport, Professor at the Harvard Business School, has described the competence profile as following: „… a hybrid of data hacker, analyst, communicator, and trusted adviser. The combination is extremely powerful – and rare.“
In times of “big data”, Data Scientists are experts in demand, who are paid above average and enjoy great freedom in companies as “gold diggers”. Using methods of mathematics, computer science and statistics, they gain facts and knowledge from large amounts of data, the “gold of the 21st century”, and discover new business areas. In addition, they are something like interpreters. They formulate the data records into legible results and display the essential information in a comprehensible language.
Data Scientists are trained in statistics, graph theory and other mathematical fields, and are proficient in methods such as data mining, process mining, machine learning and natural language processing (NLP). Added to this is knowledge from practical computer science. Knowledge of operating systems, databases, networks and data integration tools, as well as the most important programming languages and analytics tools are mandatory. Furthermore, knowledge about the Hadoop ecosystem, social networks and other systems from the internet and big data environment is a compulsory requirement for professional practice. The competency profile is that of an all-round talent and accordingly (currently) difficult to find.
 
The Data Scientist and the financial function within the company
The question whether a controller can assume the tasks of a Data Scientist must be clearly denied in the context of the described competence profile. The current opinion in the industry is, that it is illusory to believe that controllers could also assume the tasks of a Data Scientist. However, controllers should know the job profile of a Data Scientist as well as the possibilities and limitations of Big Data. The cooperation between the tasks of a controller and a Data Scientist is an important source for the future economic success of companies.
 
The Data Scientist and Auditing
The advancing digitization also places new challenges on internal auditing in the selection of the audit methodology. Data Science offers the possibility to consider the analytics of data masses as a test step within an audit and in this way to create an additional benefit. This means, however, that the internal audit department must also acquire expertise in data science in addition to the already acquired competences, such as finance, business management and compliance. Since an individual auditor can hardly have all the competences mentioned above, these should be at least available within the team. If necessary, remember to include an external Data Scientist.
Along the lines of internal auditing, the external auditing is placed before conditions that were changed by digitization: the flood of data, the appropriate audit methods as well as the concern of finding young recruits within the auditors underline the need for efficiency gains. The surge in job advertisements for data scientists in audit centers, as well as first attempts to use artificial intelligence in this area, underscores this.

This feature blog was written by Prof. Dr. Nick Gehrke (Zapliance)

One of the biggest issues every successful company face in today’s business world is the prevention of fraudulent activities committed by employees. Over a decade ago the Sarbanes-Oxley Act (SOX) Compliance was introduced which requires that all publicly held companies must establish internal controls and procedures for financial reporting to reduce the possibility of corporate fraud. However with increasing new technologies is this enough to protect companies in 2017?

In a recent study conducted by one of the Big4- on average global companies lost over 5% of revenue to fraudulent actions- the majority of this done by current employees. The reason for this was due to lack of internal controls and no risk management in place. Furthermore the cost to strengthen such internal controls is a considerable investment whether it be in hiring new staff such as internal auditors or specialist fraud and forensic audit professionals. However the cost of such professionals is far less than the loss of earnings suffered by companies due to fraudulent activities conducted by employees.

Companies must also face the costly burden of implementing new software such as Governance Risk and Compliance packages. Combine this with the cost of hiring new talent in the IT Audit arena to process, analyse test and review these controls.

Using new technologies such as the cloud has allowed companies to analyse risk management procedures which look for unusual patterns such as access frequencies, duplicate payments, and splitting invoices
These cloud tools automate controls that uncover these types of preventable risks, but they can also help companies develop a road-map for identifying strategic risks.
It is vital that organisations continue to develop their internal controls, invest in technology and most importantly specialized fraud and forensic audit professionals to mitigate the increasing number of preventable risks which untimely leads to higher profit margins.

How an Internal Audit function will battle cyber security issues for your company WHEN it happens in 2017?

It is no longer a question queried in a boardroom by senior management of multinationals companies. Could we be hacked? It is now an inevitable occasion of when will we be hacked and how can we combat this data breach? Given the possible exposure and risk to a company’s valuable assets and information there is a duty for the board of directors to be adequately prepared for this occasion. How can they prepare for this? One major tool available to them is an internal audit team. Internal auditing is indispensable for helping companies manage cybersecurity threats and preventative programs. Here are some suggestions on how best to prepare.

1- Ensure your audit function is adequately prepared with talent, resources and budget.
It may be the responsibility for your HR department to ensure that you have hired the “IT Audit Dream Team”. Do not hinder this by not approving budgets for hire. In the long term this will cost your company more in time and in finances. Using specialised external executive search firms such as Audit International ensure you find the right skill and industry-specific experience to best facilitate your company as this is often challenging, Therefore management should prepare their companies to prioritize developing, training, and adequately hiring resources to the internal audit team.

2- Keep communication open with your Internal Audit Team
There is vital importance of engagement between the internal audit team and the business it serves. In order to comprehend where the cyber risks are coming from, you have to appreciate how the business works. This would include assessing firewalls, networks and apps, but also understanding the company’s processes and how it interacts with customers and sellers. Cyber security risks are moving targets. Most of the exposure lies in a company’s human element. You should ensure your internal audit teams are given a clear and thorough understanding of business operations. The only way this can really happen to keep an on-going rotation of internal audit staff into the business into various functions and units. This serves multiple purposes; it ensures retention of valuable talent in the company as they are then satisfied with their own personal career progression. It is a well-known fact in the recruitment space this is one of the key drivers for auditors to leave their role which in turn ends up costing the company time and resources to replace, train and hire new audit talent. Secondly it gives your auditors a better well rounded view of the company and thus can add more value and stay in tune with the company.
3- Ensure coordination between functions- IT and Internal Audit
Another integral part of this issue is the level of coordination between the internal audit team and other key functions and this is critical to the success of tackling your cyber issues and risks. You must ensure that your internal audit teams should be given access to other members of the IT Audit team. This can include the chief information officer and chief information security officer, as well as human resources, supply procurement, and business leaders. Coordination can make or break any important undertaking — and cybersecurity is no exception.

4- Where to start and what questions to ask first?
Below is a suggestion of where your audit committee can begin and what issues need to be addressed first.
• Currently it is important to ask, what interaction and coordination does the internal audit team have with other corporate functions (e.g., information technology, information security, operations, supply chain, human resources, etc.) related to cybersecurity matters?
• What skill sets does your internal audit team have that are related to information security? Cybersecurity? How do team members keep their skills current? How do you retain team members? Do you need to hire further talent to support them?
• Does the company perform internal and/or external system penetration testing? Are the tests announced or unannounced? What role, if any, does the internal audit team play? Is there open communication between all your functions to facilitate this?
• What types of prevention, detection, and reaction/response testing does the internal audit team perform in the threat and vulnerability management life cycle? Again do you have sufficient in-house talent to tackle all these problems? Are you supporting your team enough to support this in terms of team resources and talent?
• What role, if any, does the internal audit team play during a breach? Regular meetings and coordination could play an integral part in highlighting how these functions can support each other if a breach occurs which may then lead to quicker resolution of the problem.
• What role, if any, does the internal audit team play after a breach has occurred?
• Who performs cyber-related investigations within the organization?- Do you outsource this responsibility and if so would it be worth hiring an in-house function to address these issues.

According to a new study of more than 1,600 chief audit executives (CAEs), senior management and board members released by professional services specialist PwC yesterday, internal audit functions that have very effective leadership perform better and add greater value to their businesses.
The Big 4’s study found that more than 50% of participating stakeholders now believe internal audit is contributing significant value to the business.This is a significant increase on the same study conducted last year. It is also hoped that internal auditors will add considerable value and leadership within a company in the 5 years after joining.

The value of leadership

There is close correlation between strong leadership and internal audit’s ability to add value and deliver high performance,To continue fostering internal audit functions to become more trusted advisors within their organizations, stakeholders should promote strong internal audit leadership while audit executives work to elevate the performance and perceptions of their respective functions.

PwC also identified five characteristics consistently exhibited by the most effective internal audit leaders that all CAEs should adopt:

1)
Create and follow through on a vision.
PwC found that very effective internal audit leaders possess a strong vision that aligns with both a company’s strategic direction and stakeholders’ expectations. These leaders translate their visions into strategic plans and invest in capabilities in support of their vision, especially data analytics and technological tools that allow them to innovate on process.

2)
Source and retain the right talent.
According to PwC’s study, CAEs identified talent shortages as the most significant barrier to increasing their contributions as leaders. Additionally, as business transformation continues to evolve, additional new skills are needed. PwC says the most effective internal audit leaders exhibit two talent behaviors that stand out from the pack: a focus on mentorship and talent development, and an ability to source the right talent when needed.
PwC says very effective internal audit leaders also have a “no hierarchy in the room” policy, which facilitates staff development through open discussion and working as a team to solve problems. Fully 73 percent of these leaders use co-sourcing as part of their talent strategies.

3)
Empower the internal audit function.
Organizational position and the support of stakeholders plays an important role in the effectiveness of internal audit leaders. PwC found that 78 percent of very effective internal audit leaders are vice presidents or hold senior positions in their organization. Additionally, PwC found stakeholders are gravitating toward more senior leadership talent to fill the CAE role, noting their responsibility to empower the CAE by setting a culture that supports the importance of a strong control environment.
Demonstrate executive presence. Underscoring the need for leadership talent in the CAE role, PwC found that 90 percent of very effective internal audit leaders excel in demonstrating executive presence. They bring bold perspectives and think broadly about the company. PwC notes that internal audit leaders must inform, educate and influence stakeholders as well as earn their trust. One of the trickier challenges internal audit leaders face is communicating with a variety of internal and external stakeholders who each have different expectations of the function.

4)
Partner with the business in meaningful ways.
The most effective internal audit leaders set themselves apart by partnering with the business in meaningful ways. PwC says internal auditors should be able to stand out in three specific behaviors to become a very effective leader:
Develop relationships built on trust.
Build partnerships across the lines of defense to play greater roles in coordinating risk management across functions.
Use those connections to raise their level of engagement across the organization, taking on leadership roles in working with management, compliance, legal and other assurance functions to develop an integrated assurance strategy.
PwC notes that some very effective internal audit leaders have taken to renaming the internal audit function (e.g., to audit services) to rebrand it as a collaborative functions that partners with the business.

5)
Seeing clear and strategically
“It’s through close alignment with various stakeholders and owning internal audit’s role as a leadership function within the organization that can allow internal audit to help their companies keep up with the changing business and risk landscape,” Pett said. “But all this can’t be said and done without a clear vision, supported by a strategic plan and enabled with top talent.

For the full article click http://www.cio.com/article/3042157/leadership-management/5-characteristics-of-exceptional-internal-audit-leaders.html

Audit International, the leading specialists in Internal and External Audit Recruitment across Europe, the US and Asia have known that in 2014 PwC’s total fee income was £2.539bn, some £224m ahead of Deloitte (£2.315bn) according to the Financial Reporting Council’s 2014 Key Facts and Trends in the Accountancy Profession.

PwC also earned the highest fee income from audit (£571m) and from non-audit work for audit clients (£332m). This compares with Deloitte’s audit fee income of £486m.

Third-placed KPMG had total fee income of £1.874bn of which audit contributed £438m. Therefore, the research shows that mentioned two firms were well ahead of their Big Four firm rivals.

Meanwhile, EY earned £1.868bn, including £341m from audit services. Compared to the mid-tier firms and even if the next three largest firms (Grant Thornton, BDO and Baker Tilly) were to merge, the combined total of their fee income would still be £727m less than EY’s.

However, during 2014 the mid-tier saw a major boost to their overall fee income which on average grew by 15.1% compared to the Big Four’s 4.3%. Their audit fee income rose by 9.5% (Big Four 0.1). Their non-audit work for non-audit clients also grew on average by 18.7% compared to the Big Four’s 6.3%.

The Financial Reporting Council’s statistics show that all the firms’ audit fee income is shrinking as a percentage of overall fee income. This is more gradual among the Big Four where the percentage has gone down from 24% in 2010 to 21% in 2014. In the same period the mid-tier firms have seen their audit percentage drop from 34% to 28%.

 

For jobs with some of the leading international consulting firms across the world as well as tier one multinationals, please contact Audit International on 0041 4350 830 95 or else email your current cv to info@www.audit-international.com

Audit International, the leading specialists in Internal and External Audit Recruitment across Europe, the US and Asia have known that The Institute of Internal Auditors and the Association of Chartered Certified Accountants have signed a memorandum of understanding aimed at advancing internal auditing and accounting practices globally.

The main part of the collaboration is a one-time challenge exam open to ACCA members toward receiving the IIA’s Certified Internal Auditor, or CIA, certification.

The CIA certificate, launched in 1973, identifies the individual as a committed and competent professional and provides recognition and status among peers and principal stakeholders.

Recently, IIA president and CEO Richard F. Chambers said “We are eager to make the challenge exam available to qualified ACCA members because earning the CIA represents an important level of achievement for internal audit practitioners,” He also added: “The rigorous requirements for ACCA membership reflect the high standards of professional attainment that we expect of all of our CIA certificate holders.”

The ACCA certification identify members as qualified accountants and show their commitment to high ethical standards, professional values, and lifelong learning. To get the ACCA is mandatory to pass ACCA qualification exams and a professional ethics module, a three-year practical experience requirement and more.

We have also learnt that ACCA-member recipients of the CIA will have to meet continuing professional education requirements beginning in January 2017 to retain the certification.

Finally, has been known that the organizations will help build awareness of respective initiatives and programs, including the ACCA’s recognition of the IIA’s International Standards for the Professional Practice of Internal Auditing.

 

For jobs with some of the leading international consulting firms across the world as well as tier one multinationals, please contact Audit International on 0041 4350 830 95 or else email your current cv to info@www.audit-international.com

Audit International, the leading specialists in Internal and External Audit Recruitment across Europe, the US and Asia have known that KPMG retains audit crown in latest Adviser Rankings in terms of overall stock market client numbers with 404 accounts, according to the latest research from Adviser Rankings.

According to the Corporate Advisers Rankings Guide, in the latest quarterly BDO retained the lead on London’s junior market by client numbers – ahead of KPMG, by just one client, while BDO managed to ease on to the podium through the collective worth of its clients.

Both Smith & Williamson and Crowe Clark Whitehill made solid additions to their rosters, in eighth and tenth place, respectively.

Regarding to the largest audit companies, PwC remained the largest auditor of FTSE 100 businesses with 39 clients, nearly double that of Deloitte, which moved into third position.

Finally, in the industrials sector, Welbeck Associates entered the rankings in joint 11th position with three clients while in oil & gas Nexia Smith & Williamson retain 8th position with five clients, after a gain of one.

 

For jobs with some of the leading international consulting firms across the world as well as tier one multinationals, please contact Audit International on 0041 4350 830 95 or else email your current cv to info@www.audit-international.com

Audit International, the leading specialists in Internal and External Audit Recruitment across Europe, the US and Asia have known that the global leader firm providing audit, consulting, financial advisory, risk management, tax, and related services to select clients Deloitte, has promoted 75 new partners and added 35 new equity partners in the largest ever annual intake to the firm’s UK partnership.

Taking into account that nearly a third of the newly promoted partners are female (ten of whom were equity partners) at the minute, 17% of all Deloitte’s partners are women, up from 15% in 2014. The firm, has made a commitment that 25% of its partners will be female by 2020. A quarter of its executives and board members are female.

Chief executive and senior partner at Deloitte UK David Sproul, announced the launch of a new ‘return-to-work’ scheme which aims to attract more senior female leaders back into the workforce. Mr Sproul declared: “It is positive that this year, a higher proportion of our new partners are women” He also said:  “We are committed to continuing to do more to create more opportunities in Deloitte for women at a senior level.”

Mentioned ‘return-to-work’ scheme will run from September to December. It will offer a 12-week paid internship to women who have been out of the workforce for between three and six years. In the first year, it will be open to Deloitte alumni and the ambition is for 80% of participants to take up longer-term roles with the firm at the end of their internship.

At the beginning of the year, Deloitte’s US arm appointed Cathy Englebert as its first female chief executive. The American Institute of Certified Public Accountants hailed the appointment as a “momentous occasion for the profession”.

 

For jobs with some of the leading international consulting firms across the world as well as tier one multinationals, please contact Audit International on 0041 4350 830 95 or else email your current cv to info@www.audit-international.com

Audit International, the leading specialists in Internal and External Audit Recruitment across Europe, the US and Asia have known The Institute of Internal Auditors (IIA) recently released nine new and updated practice advisories that provide guidance to internal auditors and chief audit executives on managing an effective quality assurance and improvement program.

Mentioned advisories focus on parts of the IIA’s International Standards for the Professional Practice of Internal Auditing that deal with maintaining, establishing, and reporting on a quality assurance and improvement program. According to the IIA, these mandatory programs are intended to build confidence in internal audit’s work performed in accordance with the standards.

See below the nine practice advisories:

1- Quality Assurance and Improvement Program

2- Internal Assessments

3- External Assessments

4- External Assessments: Self-Assessment with Independent Validation

5- Independence of External Assessment Team in the Private Sector

6- Independence of the External Assessment Team in the Public Sector

7- Reporting Results of the Quality Assurance and Improvement Program

8- Use of “Conforms with the International Standards for the Professional Practice of Internal Auditing”

9- Disclosure of Non-conformance with the International Standards for the Professional Practice of Internal Auditing

IIA members can access all of the institute’s practice advisories

These modifications and all the changes to the updated advisories are designed to provide enhanced recommended guidance to chief audit executives, whether relating to the results of internal and external assurance reviews, or disclosing non-conformance with the standards.

 

For jobs with some of the leading international consulting firms across the world as well as tier one multinationals, please contact Audit International on 0041 4350 830 95 or else email your current cv to info@www.audit-international.com