Posts Tagged “audit firms”

In this final article of the series, Audit International focus on the third element of ESG- Governance risk. This differs from the first two elements – Environmental and Social – in that several governance risks have long been recognized and included in our audit plans. However, many more have recently gained prominence. Therefore, it is important that internal audit understands these risks and is well positioned to provide assurance.

Governance risks :

Some governance risks are broad in nature. Others, are very narrow. Some have little in terms of universal benchmarks, while others have well-established frameworks or regulations. Here are some of the main risks that should be considered:

– Shareholder rights and engagement – are there any limitations on certain classes of shareholders, and does the business engage effectively on important issues?
– Board structure and diversity – are there independent directors, and does the board have sufficient diversity of experience, style, and background? Increasingly, neurodiversity is a consideration, and in some countries a workers’ representative is a requirement.
– Executive compensation – is this structured to be in line with corporate objectives, and is it consistent with peers in comparison to the wages of other staff?
– Anti-bribery and corruption – many countries have a comprehensive legal framework.
– Tax transparency and policy – what is the organization’s approach to tax, and particularly the jurisdictions it operates and pays taxes in?
– Ethics and culture – a broad topic, ethics encompass all the above and more. Culture has become a hot topic over the past 15 years with the link between a strong organization-wide culture and performance becoming increasingly apparent.
– Data protection – often also included as a social risk, good information governance is relevant here as well.
– Typical impacts for the organization will be reputational, legal and regulatory, people, financial, and ultimately strategic.

Getting started – Determining the key risks :
Compared with environmental and social risk, it is much more difficult to take a holistic approach to governance risk, given the breadth of topics. However, it is likely that many activities and risks are already in your audit universe. A governance code may have been adopted by your organization, although these may only cover some of the issues described above. Understanding the relevant governance code(s) –mandatory or optional – is a good starting point. This will depend on jurisdiction(s), market listings, regulators, and industry practices. Governance codes can be principle-based or more prescriptive, and will typically define some or all of the following, often on a “comply or explain” basis:

– Clarity of purpose
– Leadership
– Integrity
– Board composition and division of responsibilities
– Board effectiveness
– Decision making
– Risk management, internal controls, and audit
– Accountability, transparency, and reporting remuneration

In understanding governance risks, you should also take into account what specific legal or regulatory requirements there are around any of these issues. This may include reporting requirements around diversity or executive pay or matters which must regularly be reported and considered by the board. Also, consider what other stakeholder expectations are relevant. This is likely to focus on investors, as they have been increasingly vocal and prepared to vote against boards that do not adequately address specific issues.

With this background information, along with your consideration of the issues highlighted earlier in this article, you can ensure your risk assessment incorporates relevant governance risks.

How internal audit can make an impact :
As always, we should leverage work done by the first and second lines in considering where we can make the biggest impact. We should consider our risk assessment alongside any new information we have about regulatory changes, emerging issues in our sector, or jurisdictions, and investor interest.

Some Examples :
– Governance framework
– Governance codes were mentioned earlier in this article. Whether your organization has adopted a code in full or developed its own framework, it will need to produce a regular (typically, annual) report of compliance with the code. Assessing the processes supporting this reporting is often a good way to execute broad audit coverage of governance risks. Such reports are expected by regulators, provide assurance to the board, and are sometimes published (at least in part in the annual report). – Therefore, it is important that they give an accurate picture.

Reports may take many forms and will often include qualitative assertions and specific data or examples. It is important that any data reported is accurate, but equally as important that narrative assertions or examples are supported by evidence. Internal audit can provide assurance over the processes to collate this evidence, ensuring it is complete and accurate and that the right oversight controls are in place. We can also review the report and verify that the conclusions reached fairly reflect the evidence available. Generally, we take a combined approach to provide comprehensive and broad assurance.

Board composition :
Board composition has been under the spotlight, and while practices have improved there is often still a lack of transparency in recruitment, objective evaluation, and diversity. This is a sensitive audit which needs to be conducted by experienced auditors. When done well, it provides real insight and impact.

It is important not to make this about the individuals currently serving on a board, but about the effectiveness of processes around recruitment, structure, skills-determination, and performance evaluation. Consider some or all of the following:

Is there an evaluation of the skills required on the board and an up-to-date skills matrix? Is this specific enough to ensure the board members possess the right range of skills and experience but sufficiently flexible to attract a diverse pool of candidates?
Do recruitment processes include defining an ideal candidate profile, pre-determined selection criteria, and stakeholder involvement in the exercise? Are candidates sourced in a way that ensures a wide pool of candidates, recognizing that there may be a need for confidentiality?
How are conflicts of interest identified and managed?
What are the rotation policies/term limits for non-executive board members?
How is board performance evaluated? Is there a self-assessment process and a periodic independent assessment?
Is there a training plan for the board and individual board members? Is there an individual appraisal process?
Does the committee structure support effective delegation but ensure the board maintains its responsibility for strategy and oversight?
How effective is the relationship between executives and non-executives? Does the structure facilitate both support and challenge?
Is there an effective process for succession planning?
Do boards allow time for open discussions and strategic thinking, as well as formal meetings?
Some of this can be done by document review — including board papers and minutes, skill matrix, recruitment process documents, etc. But much of this will also require interviews with board members and those who support the board, such as the corporate/company secretarial or corporate governance team.

This article concludes the series on what internal audit should know about ESG risks. If you missed the first two articles, be sure to go back and read our previous blogs, to get you up to speed on our suggestions on how internal audit can approach environmental and social risks.

“Audit International are specialists in the recruitment of Auditors and various Corporate Governance Professionals including Internal Audit, Cyber Security, Compliance, IT Audit, Data Analytics etc across Europe and the US.

If you would like to reach out to discuss your current requirements, please feel free to reach us via any of the following:
Calling
– Switzerland 0041 4350 830 59 or
– US 001 917 508 5615
E-mail:
– info@audit-international.com”

Here at Audit International this week, we are are all talking about the Chartered Institute of Internal Auditors dropping their ‘Risk in Focus 2023’ report. The report compiles the results of 9 in-depth interviews, 4 round table events with 39 participants, and responses from 834 Chief Audit Executives (CAE)’s from across 15 European countries. In a nutshell, the report has some solid contributors, meaning, the top 10 areas which are concerning other CAE’s, might be worth you thinking about also – especially as you prepare your 2023 annual plan.

The Risk in Focus 2023 report has had a great refresh and shows the movement of each of the risks over the years. This year’s report shows 15 categories worth consideration:

– Mergers and acquisitions

– Health, safety and security

– Communications, reputation and stakeholder relationships

– Fraud, bribery and the criminal exploitation of disruption

– Organisational culture

– Organisational governance and corporate reporting

– Financial, liquidity and insolvency risks

– Supply chain, outsourcing and ‘nth’ party risk

– Business continuity, crisis management and disasters response

– Climate change and environmental sustainability

– Digital disruption, new technology and AI

– Changes in laws and regulations

– Macroeconomic and geopolitical uncertainty

– Human capital, diversity and talent management

– Cybersecurity and data security

The report finds that the greatest movers, in terms of focus / attention given to this particular topic by CAE’s, found the following four categories had the most increased attention and focus since 2020:

– Macroeconomic and geopolitical uncertainty

– Human capital, diversity and talent management

– Supply chain, outsourcing and ‘nth’ party risk

– Climate change and environmental sustainability

This years report also highlights the impact the war in Ukraine has had on many of the businesses and risks highlighted in the report.

For each of the risks, the report provides suggestions on how Internal Audit can help the organisation.

“Audit International are specialists in the recruitment of Auditors and various Corporate Governance Professionals including Internal Audit, Cyber Security, Compliance, IT Audit, Data Analytics etc across Europe and the US.

If you would like to reach out to discuss your current requirements, please feel free to reach us via any of the following:
Calling
– Switzerland 0041 4350 830 59 or
– US 001 917 508 5615
E-mail:
– info@audit-international.com”

Audit International are aware that public sector organizations face a variety of risks, ranging from cyber threats to budget constraints to compliance concerns. While internal audit teams in the government sector might not be responsible for solving all those risks, they need to make sure that they are following through with relevant risk management protocols.

Therefore, it is essential that internal audit teams are conducting internal audit risk assessments to figure out what these risks look like.

“Risk-based auditing ensures that the internal audit activity is focusing its efforts on providing assurance and advisory services related to the organization’s top risks… This requires internal auditors to have a working knowledge of basic concepts, frameworks, tools, and techniques related to risk and risk management,” explains the Institute of Internal Auditors (IIA).

In this article, we’ll examine five tips to help public sector internal auditors build better risk-based audit plans. These include:

1) Define your goals
Before you get too bogged down in the specifics of running an internal audit risk assessment, take a step back and consider what you’re trying to accomplish. Doing so includes finding internal alignment within your audit team and with other stakeholders.

As Baker Tilly advises, internal audit teams “should meet with the various stakeholder groups – management, the audit committee, and the governing body – to explain the process, set expectations for the results and listen to any desired outcomes, as a means of adapting the approach or identifying other activities where internal audit can add value.”

2) Organize your data
Conducting an internal audit risk assessment also requires strong data practices. But before you can get to a place where you are using data analytics to identify key risks, public sector organizations often need to organize their data first.

Information might be held in a variety of systems that makes analysis inefficient, if not ineffective. Tools like TeamMate+ use a data exchange API framework to pull together data from different sources, such as governance, risk, and compliance (GRC) systems and enterprise resource planning (ERP) tools, giving you a complete picture of what’s happening within your organization.

3) Get agile
If you go through an entire risk-based audit without getting any feedback along the way, then it’s easy to get off track. For one, risks might have changed from the time the audit started to when it eventually wraps up. And when you present to stakeholder leaders at the end of the risk assessment, it can be tough to then incorporate their feedback into your internal controls and assurance processes.

Engaging in agile auditing can help. By breaking an internal audit risk assessment down into more manageable chunks — where different risk areas go from the planning to presentation stages in short sprints — public sector internal auditors may have an easier time adapting to change and incorporating feedback.

4) Go dynamic
Agile auditing creates a dynamic internal audit risk assessment. Instead of approaching these assessments as an annual occurrence, you can review public sector risks on more of an ongoing basis.

That means collaborating with other departments throughout the year to keep up with emerging risks, which is where good data-sharing practices also come in handy. Dynamic or continuous risk assessments can also result in more frequent reporting so that you can keep everyone in the loop and get their timely feedback. Having a strong internal audit risk assessment tool like TeamMate that can help you simplify risk scoring and create efficient audit reports makes a big difference.

5) Keep up with public sector requirements
Lastly, working in internal audit in the government sector means staying on top of general risks like cybersecurity and financial concerns, along with meeting specific public policy guidelines and regulations. Public sector internal auditors often turn to sources like Wolters Kluwer, which provides resources like webinars and other Expert Insights so you can learn what you need to do to strengthen internal audit as a government organization.

Following these five tips can go a long way toward creating a strong internal audit risk assessment and a better audit process overall. Even if it seems like your organization doesn’t face many risks, conducting a risk-based audit can help you stay on top of any changes to your risk level. Rather than being caught off guard, building a reliable internal audit risk assessment plan can help your organization control risk, however that takes shape.

“Audit International are specialists in the recruitment of Auditors and various Corporate Governance Professionals including Internal Audit, Cyber Security, Compliance, IT Audit, Data Analytics etc across Europe and the US.

If you would like to reach out to discuss your current requirements, please feel free to reach us via any of the following:
Calling
– Switzerland 0041 4350 830 59 or
– US 001 917 508 5615
E-mail:
– info@audit-international.com”

Audit International take a look at what some audit partners are unfortunately forecasting- inflation hasn’t peaked yet, and is going to continue for another period of time.
Three out of four public company audit partners believe that inflationary concerns could persist well into 2023 and possibly beyond, according to a new survey by the Centre for Audit Quality (CAQ).
The CAQ’s inaugural Audit Partner Pulse Survey found that 75% of the 700 auditors surveyed anticipate that the current inflation cycle will impact their primary industry sector for more than 12 months. Seventy-seven percent believe that because of inflation, their primary sector will raise prices beyond historical trends, including 95% of those focused on consumer products and retail.
The audit partners also offered insights on the top areas of risk that companies face in the current economic environment and the actions that companies are most commonly taking to mitigate those risks.
Beyond the current economy, the auditors answered questions about environmental, social, and corporate governance (ESG), sharing firsthand observations on topics related to human capital scarcity, emerging technologies, and climate change.

Economic outlook and top economic risks
Forty percent of the audit partners said they were pessimistic — and another 4% were very pessimistic —about the U.S. economy in general over the next 12 months. Another 40% were neutral, while just 16% were optimistic. The highest level of pessimism was among auditors listing financial services as their primary sector (53%).
The audit partners participated in the survey in May. Asked to compare the future of financial prospects in their primary industry sector to the prior three months, 27% were pessimistic but 24% were optimistic. Forty-six percent were neutral. The highest level of optimism came from auditors that listed oil, gas, and chemicals as their primary sector (58%).
The audit partners were asked to select up to three economic risks facing companies over the next 12 months. The respondents most often selected inflation (62%), followed by labor shortages (52%) and supply shortages and supply chain disruptions (50%).
The top four company priorities for 2022 in the auditors’ primary sector were talent/labor (53%) and other areas closely tied to finances (growth, cost management, and financial performance).
Concern about resource scarcity
The survey asked the audit partners to what extent companies in their primary industry sector were considering nine ESG-related issues when developing their corporate strategies.
The auditors cited resource scarcity as the most common issue, with 88% saying companies were addressing it “a great deal” or “somewhat.” Sixty-six percent said the same about emerging technologies, followed by climate change (63%):
• Resource scarcity: The top company actions cited by audit partners related to human capital were an increasing flexibility in workplace location (75%) and increasing compensation (73%).
• Emerging technologies: Cybersecurity was the fourth-most cited economic risk facing companies over the next 12 months. Ninety-one percent of respondents said companies are at least moderately prepared for a cyberattack, but less than 50% thought significant progress had been made in addressing five of six specific areas mentioned in the survey.
• Climate change: While 63% of audit partners said companies are incorporating climate change into their corporate strategies, just 4% listed climate change as a top-three economic risk over the next 12 months — last among the eight choices presented.

“Audit International are specialists in the recruitment of Auditors and various Corporate Governance Professionals including Internal Audit, Cyber Security, Compliance, IT Audit, Data Analytics etc across Europe and the US.
If you would like to reach out to discuss your current requirements, please feel free to reach us via any of the following:
Calling
• Switzerland 0041 4350 830 59 or
• US 001 917 508 5615
E-mail:
• info@audit-international.com”

The Characteristics of Highly Successful Internal Auditors
Nobody knows it better than us here at Audit International that Internal auditors are a rare breed. To perform well in their jobs, they must have a set of skills and characteristics that are typically uncommon in one person. For example, they need to be analytical with laser-like focus, while also being “people-persons” with great communication skills. They need to be rule-followers, while also having the creativity and curiosity to blaze new trails. No one ever said it was easy, but becoming a top internal auditor takes dedication, hard work, and, as Liam Neeson said in the movie Taken: “a particular set of skills.”
We recently set out to identify the skills and characteristics good internal auditors must possess to perform well in their jobs. We found that some, like curiosity and integrity, are typically characteristics that are just part of our personality or not. Others, like technological know-how and communication abilities can be learned and honed through professional development and training courses. Others lie somewhere in the middle.
This is by no means an exhaustive list. There are many other skills and attributes not listed here, such as knowledge of the business, project management capabilities, and relationship building that are important to thriving as an internal auditor. Yet these are the qualifications chief audit executives, senior managers, and board members cite most often as the key abilities they are looking for in good internal auditors.
Regardless of how we acquire them, and in no particular order, here are the top six characteristics internal auditors should possess:
1) Great Communication Skills
It’s no secret that internal auditors need to be excellent communicators to execute their jobs well, however, that requirement has only increased as the COVID-19 pandemic closed offices and employees were forced to work from their homes. Now internal auditors must often conduct audits remotely, interviewing process owners and others through phone calls and video conferencing. It’s one thing to assess body language, tone, and facial expressions from across a desk or conference table, but quite another to read those important non-verbal cues during a Zoom call or over some other digital communication platform.
It doesn’t stop there. Internal auditors have many constituencies to serve. From their audit customers to senior management and the board, they must be able to navigate many relationships within the organization and sometimes bridge seemingly conflicting views on what’s important to the company. That takes great communication skills and any internal auditor that doesn’t possess them will likely falter in their roles.
2) Unyielding Curiosity
Good internal auditors ask why? Great internal auditors keep asking “why?” Like a child who follows up one question of “why?” with “OK, but why?” top internal auditors keep asking questions until they fully understand the issues at hand. They are not easily swayed with a pat answer or put off the trail with an explanation that doesn’t quite add up. Their natural curiosity keeps them pushing until they find the answers and explanations that satisfies them—in other words, when there are no more “why” questions to ask.
Such intellectual curiosity doesn’t just serve good internal auditors well in the pursuit of fraud and wrongdoing, either. It helps them fully understand how controls, processes, and business units work, so they can make recommendations to improve them.
3) Technological Savvy
Increasingly, the job of the internal auditor relies on technological tools, such as data analytics, cloud-based application platforms, and data visualization. Indeed, the internal auditor of the future will likely also need to be an expert—or at least proficient—in such areas as artificial intelligence, machine learning, and technologies still out on the horizon. For this reason, internal auditors who don’t embrace new technologies and learn enough about them to at least begin to experiment with new ways of doing things will be left behind. While it’s important to embrace the more recent technologies that internal audit is increasingly coming to rely on to execute its duties, a digital revolution is taking place in just about every facet of the organization. To complete audits of nearly any process or function will require a working knowledge of increasingly complex technologies. It’s true too, that the top risks in any organization typically involve areas like cybersecurity, data governance, and information security, all of which require internal auditors to be tech savvy..
4) Ability to Work Independently and on a Team
It might seem contradictory to say that internal auditors must be able to work on their own, but then also be good team players, but it’s true, and the remote work scenarios brought on by the pandemic have only made it truer. Internal audit has always required a good bit of independent work, but the amount has increased with remote audits and auditors working from home. The ability to work independently relies on such underlying skills as self-motivation, self-management, and accountability. Without daily meeting in the conference room and the chief audit executive looking over their shoulders, internal auditors must be resourceful and reliable to keep projects humming along. That doesn’t mean they no longer have to be able to work well with others. More recent work models, particularly agile audit, require lots of interaction and coordination. This harkens back to the importance of communication abilities, but good internal auditors are also team players.
5) Drive to Be Life-long Learners
I once asked a chief audit executive: What is the single most important thing you look for when you are hiring a new member of your internal audit team? Without hesitation, he said: “I look for someone who is always looking to learn new things.” He explained that internal auditors must be generalists and specialists at the same time. Their jobs will take them to many places and expose them to new knowledge all the time..
The fact that internal auditors get exposure to lots of different aspects and units of the business is certainly one of the benefits of the job, but it comes with challenges. They must be able to constantly digest new information and learn new parts of the business. No two audits are ever the same and without the desire to learn something new, it will be difficult for an internal auditor to approach each new assignment with the sponge-like ability to absorb new knowledge and come up to speed quickly on a process or function.
6) Integrity and Courage
Perhaps above all else, integrity and courage must be at the core traits of a high-performing internal auditor. There will be times when internal auditors are asked to look the other way or ignore some faulty control or management wrongdoing, and they must simply be able to resist the urge. It’s never easy to confront someone who isn’t doing the right thing and bring it to light, but it’s a trait that top internal auditors all possess.
One more thought on integrity and courage: We often think of these things in terms of big crises and scandals, where the internal auditor stands up to an accounting fraud that is taking place in the organization or a CEO who is up to no good. Yet it more often integrity and courage will be called up for small things, where someone is looking to cut a corner or isn’t treating others with respect. This is when integrity, along with a good moral compass can help an internal auditor push past a roadblock and get an audit back on track.
Just Add Hard Work
So, call them what you may: characteristics, skills, qualifications, or abilities, but working on these six things will go a long way toward excelling as an internal auditor. Of course, they aren’t enough in themselves to ensure a quick rise through the ranks of the internal audit team. That requires hard work and dedication to the job. But they will certainly put you on the right track.
“Audit International are specialists in the recruitment of Auditors and various Corporate Governance Professionals including Internal Audit, Cyber Security, Compliance, IT Audit, Data Analytics etc across Europe and the US.
If you would like to reach out to discuss your current requirements, please feel free to reach us via any of the following:
Calling
• Switzerland 0041 4350 830 59 or
• US 001 917 508 5615
E-mail:
• info@audit-international.com”

A major European Commission framework contract for audit services has been won by a grouping of three Russell Bedford member firms. The group, led by Lubbock Fine (London), includes Equation (Paris) and Domus (Berlin).

Russell Bedford International is a global network of independent firms of accountants, auditors, tax advisers and business consultants. Ranked amongst the world’s leading accounting and audit networks, Russell Bedford is represented by some 460 partners, 5000 staff and 280 offices in more than 90 countries in Europe, the Americas, the Middle East, Africa and Asia-Pacific.

The substantial contract is to provide financial audit services to the EC in relation to research grants under the Seventh Framework Programme for Research and Technological Development (FP7). Such research grants are typically extended to universities, higher education establishments, not-for-profit organisations and companies, including SMEs.

Continue reading »

Baker Tilly is to join RSM International network. Baker Tilly is to become accountancy network RSM International’s UK member firm.

The firm will formally join the network later this year following completion of their current notice period with existing network Baker Tilly International.

During the transition period, the firm will continue to trade as Baker Tilly, but will make it clear that it is an independent member of RSM International, after which the firm will then adopt the global network name and corporate identity.

Continue reading »

The new audit reforms have been passed in the European parliament on Thursday last. The European politicians voted in favor of the reforms that will see large-listed companies putting their audit contracts out to tender once every 10 years.

Under the new rules listed companies are required to change their auditors every ten years. A company may be eligible to get this period extended by a further ten years if tenders are carried out, and by 14 years if the company appoints more than one firm to carry out the audit. There is also a 70% cap on fees from non-audit work.

Continue reading »

The RSA Insurance Group is to put a cap on the amount of non-audit fees that their auditors can earn. The capped amount will be 25% of the total audit fee.

KPMG which are the company’s current auditors earned a total of £7.2m in 2013, of which £2.2m was for non-audit services. Some £1.3m of those non-audit services related to the identification of financial and claims irregularities in RSA’s Ireland division.

Previous to the appointment of KPMG as auditors, rival Big4 firm Deloitte was the company’s auditors. In 2012 Deloitte earned &15.7m, of which £9.5m related to non-audit services.

Continue reading »

Ernst and Young has strengthened it advisory practice through the recruitment of former KPMG partner Mark Hutchinson.

Hutchinson joined KPMG firstly in 1992 when he started his career. He left the big 4 firm 2 years later to join CME KHBB and returned again to KPMG in 1997. In 1999 he left and became partner at Circus Communications before joining Paeson Consulting. He then returned again to KPMG where his last role was a partner and head of management consulting.

Continue reading »