Posts Tagged “internal audit”
Audit International are privileged to share some recent insights from Dr Rainer Lenz- Head of Corporate Audit at Villeroy & Boch on his thoughts about internal audit and its Independence.
“Recently, I was invited to share some thoughts about independence of internal auditors. I am basically challenging that concept:
The IIA definition positions internal auditing as an …
“ independent , objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes.”
To be blunt, in my view, independence is largely theory. It is overrated, I think. So is objectivity. But let’s stay with the subject matter of independence. There is nothing wrong with aspiring independence. But, who cuts the hand feeding him? There are inconsistencies among talk and action. Consequently, academic authors refer to the internal auditor’s “role dilemma” and “role confusion”, acknowledging for example the difficulties of internal auditors to strike the balance between being independent from operations and, at the same time, providing added value and benefit to operations. Being both watchdog and consultant is challenging.
Some authors view internal audit as a schizophrenic management function. On one hand, it needs to be completely integrated and knowledgeable. On the other hand, it needs a measure of independence required of all auditors. Thus, internal audit may have a built in cognitive disconnect. Organizations and Chief Audit Executives (CAEs) may cope at different levels of proficiency with such inconsistent demands. Those who can do that well may live longer. Thus, “organizational hypocrisy” may serve a useful purpose.
When you ask non-executive directors and audit committee chairmen what they think, how independent internal auditors are, what will they say? I recall surveys where those members of oversight bodies state that (some) heads of internal audit are not up to the job, internal audit lacks adequate independence, and internal audit has not properly defined the role that they wish internal audit to fulfill.
That points to the “who’s your boss” question. There is no congruence between what the board wants, what the audit committee wants, and what senior management wants. Aiming at satisfying all customer groups is likely to disappoint one or the other customer in some dimension, as all may expect something different from internal audit, such that no one is fully satisfied. In other words, internal audit may face tension from its attempt to serve – let’s say – its two prime customers: managers and the audit committee. The IIA acknowledges that there may be conflicts when internal audit tries to “serve two masters”. Thus, the “who’s your boss?” issue can present problems in terms of allegiances, independence, and effectiveness.
Academic studies confirm that role ambiguity and role conflict can negatively affect the independence of internal auditors. At the same time, CEOs (often) want the CAE to have no fear or favor. It is crucial that the CAE is able to work with other stakeholders in the organization and is not afraid to voice his or her opinion even in controversial situations. That draws particular attention to the importance of the CAE’s characteristics, possibly more important than the debate around independence.
There are authors who suggest that internal auditors must be independent of senior management, so that the board is to rely on internal audit to provide the assurance it needs; otherwise, the risk is that internal audit’s reports to the board/audit committee will be filtered by senior management in such a way that only what is palatable to senior management is communicated. Investing in these relationships and having a steady and robust dialogue is critical to the internal audit function’s success, given its organizational context.
My 2 cents about independence of internal auditors in a nutshell.”
Guest Article Writer- Dr. Rainer Lenz-Head of Corporate Audit at Villeroy & Boch
Source: Lenz, R. (2016), Insights into the effectiveness of internal audit: a multi-method and multi-perspective study, LAP LAMBERT Academic Publishing, Saarbrücken, ISBN 978-3-659-85241-1
The job profile of the Data Scientist is still young, but is often searched for on the job market. They are required in many industries, such as:
• Banking and insurance
• Business and organizational consultancies, market researching
• Social Media, Telecommunications, online tradinging and network management
• Bio-, pharmaceutical, chemical and medical industries
In 2012, Tom Davenport, Professor at the Harvard Business School, has described the competence profile as following: „… a hybrid of data hacker, analyst, communicator, and trusted adviser. The combination is extremely powerful – and rare.“
In times of “big data”, Data Scientists are experts in demand, who are paid above average and enjoy great freedom in companies as “gold diggers”. Using methods of mathematics, computer science and statistics, they gain facts and knowledge from large amounts of data, the “gold of the 21st century”, and discover new business areas. In addition, they are something like interpreters. They formulate the data records into legible results and display the essential information in a comprehensible language.
Data Scientists are trained in statistics, graph theory and other mathematical fields, and are proficient in methods such as data mining, process mining, machine learning and natural language processing (NLP). Added to this is knowledge from practical computer science. Knowledge of operating systems, databases, networks and data integration tools, as well as the most important programming languages and analytics tools are mandatory. Furthermore, knowledge about the Hadoop ecosystem, social networks and other systems from the internet and big data environment is a compulsory requirement for professional practice. The competency profile is that of an all-round talent and accordingly (currently) difficult to find.
The Data Scientist and the financial function within the company
The question whether a controller can assume the tasks of a Data Scientist must be clearly denied in the context of the described competence profile. The current opinion in the industry is, that it is illusory to believe that controllers could also assume the tasks of a Data Scientist. However, controllers should know the job profile of a Data Scientist as well as the possibilities and limitations of Big Data. The cooperation between the tasks of a controller and a Data Scientist is an important source for the future economic success of companies.
The Data Scientist and Auditing
The advancing digitization also places new challenges on internal auditing in the selection of the audit methodology. Data Science offers the possibility to consider the analytics of data masses as a test step within an audit and in this way to create an additional benefit. This means, however, that the internal audit department must also acquire expertise in data science in addition to the already acquired competences, such as finance, business management and compliance. Since an individual auditor can hardly have all the competences mentioned above, these should be at least available within the team. If necessary, remember to include an external Data Scientist.
Along the lines of internal auditing, the external auditing is placed before conditions that were changed by digitization: the flood of data, the appropriate audit methods as well as the concern of finding young recruits within the auditors underline the need for efficiency gains. The surge in job advertisements for data scientists in audit centers, as well as first attempts to use artificial intelligence in this area, underscores this.
This feature blog was written by Prof. Dr. Nick Gehrke (Zapliance)
How an Internal Audit function will battle cyber security issues for your company WHEN it happens in 2017?
It is no longer a question queried in a boardroom by senior management of multinationals companies. Could we be hacked? It is now an inevitable occasion of when will we be hacked and how can we combat this data breach? Given the possible exposure and risk to a company’s valuable assets and information there is a duty for the board of directors to be adequately prepared for this occasion. How can they prepare for this? One major tool available to them is an internal audit team. Internal auditing is indispensable for helping companies manage cybersecurity threats and preventative programs. Here are some suggestions on how best to prepare.
1- Ensure your audit function is adequately prepared with talent, resources and budget.
It may be the responsibility for your HR department to ensure that you have hired the “IT Audit Dream Team”. Do not hinder this by not approving budgets for hire. In the long term this will cost your company more in time and in finances. Using specialised external executive search firms such as Audit International ensure you find the right skill and industry-specific experience to best facilitate your company as this is often challenging, Therefore management should prepare their companies to prioritize developing, training, and adequately hiring resources to the internal audit team.
2- Keep communication open with your Internal Audit Team
There is vital importance of engagement between the internal audit team and the business it serves. In order to comprehend where the cyber risks are coming from, you have to appreciate how the business works. This would include assessing firewalls, networks and apps, but also understanding the company’s processes and how it interacts with customers and sellers. Cyber security risks are moving targets. Most of the exposure lies in a company’s human element. You should ensure your internal audit teams are given a clear and thorough understanding of business operations. The only way this can really happen to keep an on-going rotation of internal audit staff into the business into various functions and units. This serves multiple purposes; it ensures retention of valuable talent in the company as they are then satisfied with their own personal career progression. It is a well-known fact in the recruitment space this is one of the key drivers for auditors to leave their role which in turn ends up costing the company time and resources to replace, train and hire new audit talent. Secondly it gives your auditors a better well rounded view of the company and thus can add more value and stay in tune with the company.
3- Ensure coordination between functions- IT and Internal Audit
Another integral part of this issue is the level of coordination between the internal audit team and other key functions and this is critical to the success of tackling your cyber issues and risks. You must ensure that your internal audit teams should be given access to other members of the IT Audit team. This can include the chief information officer and chief information security officer, as well as human resources, supply procurement, and business leaders. Coordination can make or break any important undertaking — and cybersecurity is no exception.
4- Where to start and what questions to ask first?
Below is a suggestion of where your audit committee can begin and what issues need to be addressed first.
• Currently it is important to ask, what interaction and coordination does the internal audit team have with other corporate functions (e.g., information technology, information security, operations, supply chain, human resources, etc.) related to cybersecurity matters?
• What skill sets does your internal audit team have that are related to information security? Cybersecurity? How do team members keep their skills current? How do you retain team members? Do you need to hire further talent to support them?
• Does the company perform internal and/or external system penetration testing? Are the tests announced or unannounced? What role, if any, does the internal audit team play? Is there open communication between all your functions to facilitate this?
• What types of prevention, detection, and reaction/response testing does the internal audit team perform in the threat and vulnerability management life cycle? Again do you have sufficient in-house talent to tackle all these problems? Are you supporting your team enough to support this in terms of team resources and talent?
• What role, if any, does the internal audit team play during a breach? Regular meetings and coordination could play an integral part in highlighting how these functions can support each other if a breach occurs which may then lead to quicker resolution of the problem.
• What role, if any, does the internal audit team play after a breach has occurred?
• Who performs cyber-related investigations within the organization?- Do you outsource this responsibility and if so would it be worth hiring an in-house function to address these issues.
According to a new study of more than 1,600 chief audit executives (CAEs), senior management and board members released by professional services specialist PwC yesterday, internal audit functions that have very effective leadership perform better and add greater value to their businesses.
The Big 4’s study found that more than 50% of participating stakeholders now believe internal audit is contributing significant value to the business.This is a significant increase on the same study conducted last year. It is also hoped that internal auditors will add considerable value and leadership within a company in the 5 years after joining.
The value of leadership
There is close correlation between strong leadership and internal audit’s ability to add value and deliver high performance,To continue fostering internal audit functions to become more trusted advisors within their organizations, stakeholders should promote strong internal audit leadership while audit executives work to elevate the performance and perceptions of their respective functions.
PwC also identified five characteristics consistently exhibited by the most effective internal audit leaders that all CAEs should adopt:
Create and follow through on a vision.
PwC found that very effective internal audit leaders possess a strong vision that aligns with both a company’s strategic direction and stakeholders’ expectations. These leaders translate their visions into strategic plans and invest in capabilities in support of their vision, especially data analytics and technological tools that allow them to innovate on process.
Source and retain the right talent.
According to PwC’s study, CAEs identified talent shortages as the most significant barrier to increasing their contributions as leaders. Additionally, as business transformation continues to evolve, additional new skills are needed. PwC says the most effective internal audit leaders exhibit two talent behaviors that stand out from the pack: a focus on mentorship and talent development, and an ability to source the right talent when needed.
PwC says very effective internal audit leaders also have a “no hierarchy in the room” policy, which facilitates staff development through open discussion and working as a team to solve problems. Fully 73 percent of these leaders use co-sourcing as part of their talent strategies.
Empower the internal audit function.
Organizational position and the support of stakeholders plays an important role in the effectiveness of internal audit leaders. PwC found that 78 percent of very effective internal audit leaders are vice presidents or hold senior positions in their organization. Additionally, PwC found stakeholders are gravitating toward more senior leadership talent to fill the CAE role, noting their responsibility to empower the CAE by setting a culture that supports the importance of a strong control environment.
Demonstrate executive presence. Underscoring the need for leadership talent in the CAE role, PwC found that 90 percent of very effective internal audit leaders excel in demonstrating executive presence. They bring bold perspectives and think broadly about the company. PwC notes that internal audit leaders must inform, educate and influence stakeholders as well as earn their trust. One of the trickier challenges internal audit leaders face is communicating with a variety of internal and external stakeholders who each have different expectations of the function.
Partner with the business in meaningful ways.
The most effective internal audit leaders set themselves apart by partnering with the business in meaningful ways. PwC says internal auditors should be able to stand out in three specific behaviors to become a very effective leader:
Develop relationships built on trust.
Build partnerships across the lines of defense to play greater roles in coordinating risk management across functions.
Use those connections to raise their level of engagement across the organization, taking on leadership roles in working with management, compliance, legal and other assurance functions to develop an integrated assurance strategy.
PwC notes that some very effective internal audit leaders have taken to renaming the internal audit function (e.g., to audit services) to rebrand it as a collaborative functions that partners with the business.
Seeing clear and strategically
“It’s through close alignment with various stakeholders and owning internal audit’s role as a leadership function within the organization that can allow internal audit to help their companies keep up with the changing business and risk landscape,” Pett said. “But all this can’t be said and done without a clear vision, supported by a strategic plan and enabled with top talent.
For the full article click http://www.cio.com/article/3042157/leadership-management/5-characteristics-of-exceptional-internal-audit-leaders.html
Audit International has learned that for Auditors and best practices, rotation is key! For publicly traded companies, the audit process is among the more arduous and mundane of all corporate responsibilities.
It claims the precious time spent and attention of senior management and executives and is neither strategic nor contributory to company profits or shareholder value. And in the Sarbanes-Oxley era of more regulated corporate governance—in the wake of Enron, MCI WorldCom, and other such scandals—the audit process has only grown in intensity, prompting an exodus of senior in-house accounting and financial executives to private companies.
But despite the enhanced governance requirements of the last ten years, audit quality continues to slip. The Public Company Accounting Oversight Board is still finding deficiencies in audits conducted by the Big Four. In a recent Wall Street Journal article, the chief auditor at the PCAOB stated, “When we look at an audit, the rate of failure has been in a range of around 35 to 40 percent.”
Competition in the audit market has all but disappeared. In the U.K., the Big Four accounting firms hold the auditing business for 99 percent of FTSE 100 companies. In the U.S., those same four companies collected over 94 percent of all auditing fees in 2010.
In the interests of improving audit quality, preventing against early 2000s-style corporate scandals and protecting the investor, regulatory authorities across the globe are looking at both the audit market and the relationship between company and auditor and are putting in place mandatory audit rotation. That is, a legal requirement that companies put up for tender and potentially change their auditor every number of years. The EU has already enacted such regulation, requiring most companies to put their audit business up for bid every 10 years. And there is a growing clamor for similar regulation in the U.S.
We will have to wait and see if this regulation improves the working life of internal auditors.
For jobs with some of the leading international consulting firms across the world as well as tier one multinationals, please contact Audit International on 0041 4350 830 95 or else email your current cv to firstname.lastname@example.org
Recent numbers reported that Euro zone employment levels are once again rising which in turn is adding further hope that EU recovery is well underway. Figures released by the EU statistics office show that the 18 countries in the Eurozone reported a marginal increase of 0.1 percent quarter on quarter in the 3 months to March which is also a growth rate of 0.2% up for the year.
Within Germany specifically , the euro zone employment numbers demonstrated a slightly larger increase of 0.3 percent on the quarter and 0.8 percent on the year.
Other countries however such as Portugal are unfortunatley still showing negative trends in terms of the labour markets.
Troubled Greece as also slowed its annual fall to 0.5 percent from 2.6 percent in the last quarter of 2013 which again is giving some additional signs of condifence that the worst may well be behind them.
Amid the good news and talk of recovery the other side is that there are still some 18 million people in the region who are without employment- a figure that governments are working what seems like tirelessly to reduce.
Separately, data showed that net trade made a positive contribution to growth in April as the trade surplus increased to 15.7 billion euros ($21.38 billion), from 14.0 billion in the same period of 2013.
“ Audit International- the leading international firm for Internal Auditor Jobs”
Stay up to date with Audit International
To stay up to date with our latest jobs, news and updates on what’s happening in the audit market follow us on twitter and our LinkedIn company page.
With audit standard setters and policy makers having such different views on how auditor reporting should be done could put global consistency at risk and perhaps result in investors not getting the information they need.
Continue reading »
The range of businesses that are exempt from having an audit may be increased. This will ultimately result in the quality of company accounts deteriorating, experts have warned.
Changes to the EU’s Accounting Directive that were voted through European Parliament earlier this year, could see member states considerably increase the size of businesses that do not require audited financial statements.
Continue reading »
The past financial crisis that many economies all over the world experienced prompted a renewed interest in the role and importance of auditing. The future of auditing will therefore be closely tied to the continuous ripples of effects that the world is still experiencing due to the financial crisis. However, it is to be expected that this industry would continue to grow in prevalence in the business world.
Now, more and more companies are realising that the audit and assurance professions are vital to an organisation. In fact, many companies who, in the past, did not conduct audits now find the need to do so. They are realising the need to go back to the basic management principles so they can identify problematic management practices and rectify them; audit plays a key role in this as only a true and effective audit can conduct effective fraud detection and risk management procedures within a company. Firms are thus advised to staff an internal audit department or to outsource audit work to specialist providers just to meet its auditing requirements.
Continue reading »
The global consulting firm Protiviti has published a new study on how the internal audit function is changing at companies around the world as internal audit teams collaborate with more parts of the organization while also trying to maintain their independence.
The report, Partnering Effectively Across the Organization, is volume nine of a larger series of reports from Protiviti on Internal Auditing Around the World. It explores the ways in which internal audit executives are connecting with others across their companies and gaining greater efficiency and greater visibility into organizational risks to help others in the business to manage and mitigate them.
Continue reading »