effective audit planning from engagement risk assessments
play

Effective Audit Planning: From Engagement Risk Assessments To - PowerPoint PPT Presentation

Feb 26, 2023 •214 likes •946 views

Effective Audit Planning: From Engagement Risk Assessments To Building Work Programs Linh Truong Director Internal Audit, Orthofix 1 CONFIDENTIAL L INH T RUONG , CPA, CIA, CISA Currently CAE at Orthofix Former CAE Kosmos Energy

  1. Effective Audit Planning: From Engagement Risk Assessments To Building Work Programs Linh Truong Director Internal Audit, Orthofix 1 CONFIDENTIAL

  2. L INH T RUONG , CPA, CIA, CISA � Currently CAE at Orthofix � Former CAE – Kosmos Energy � Former CAE – Alon USA � Former Director of Business Process Compliance – Affiliated Computer Services (now a division of Xerox) � Founder of Energy CAE Shareforum � Speaking experience: ─ IIA’s CAE Spotlight ─ IIA’s Superconference ─ IIA/ISACA’s GRC conference ─ MISTI’s Auditworld ─ Women’s Energy Network ─ Energy CAE Shareforum (C) 2017 GoldCal LLC 2 CONFIDENTIAL

  3. O RTHOFIX � Orthofix is a global medical device company with four Business Units: ─ Biostim ─ Biologics ─ Spine Fixation ─ External Fixation � $400M in annual revenues � Founded in 1980 in Verona, Italy � Products sold in over 50 countries � 900 employees worldwide with offices in: ─ Italy ─ Germany ─ France ─ UK ─ Brazil ─ Australia ─ Puerto Rico (C) 2017 GoldCal LLC 3 CONFIDENTIAL

  4. Q UOTES ON P LANNING � “Everyone has a plan - until they get punched in the face.” ─ Mike Tyson, Boxer. � “People often complain about lack of time when the lack of direction is the real problem.” ─ Zig Ziglar (C) 2017 GoldCal LLC 4 CONFIDENTIAL

  5. Q UOTES ON P LANNING � “Have a plan. Follow the plan, and you'll be surprised how successful you can be. Most people don't have a plan. That's why it's easy to beat most folks.” ─ Paul "Bear" Bryant, football coach, University of Alabama's Crimson Tide.” “Those who plan do better than those who do not plan even though they rarely stick to their plan.” Winston Churchill, British Prime Minister (C) 2017 GoldCal LLC 5 CONFIDENTIAL

  6. T HE I NTERNAL A UDIT P ROCESS 1. Audit Assigned for Audit Plan (through Risk Assessment Process) 2. Preliminary Work 3. Development of Audit Program 4. Conducting Fieldwork 5. Documenting Results and Observations (C) 2017 GoldCal LLC 6 CONFIDENTIAL

  7. IIA S TANDARDS – E NGAGEMENT P LANNING � 2200 – Engagement Planning ─ Internal auditors must develop and document a plan for each engagement, including the engagement’s objectives, scope, timing, and resource allocations. � 2201 – Planning Considerations ─ In planning the engagement, internal auditors must consider: • The objectives of the activity being reviewed and the means by which the activity controls its performance • The significant risks to the activity, its objectives, resources, and operations and the means by which the potential impact of risk is kept to an acceptable level • The adequacy and effectiveness of the activity’s risk management and control processes compared to a relevant control framework or model • The opportunities for making significant improvements to the activity’s risk management and control processes (C) 2017 GoldCal LLC 7 CONFIDENTIAL

  8. IIA S TANDARDS – E NGAGEMENT P LANNING 2210 – Engagement Objectives Objectives must be established for each engagement � 2210.A1 – Internal auditors must conduct a preliminary assessment of the risks relevant to the activity under review. Engagement objectives must reflect the results of this assessment � 2210.A2 – Internal auditors MUST consider the probability of significant errors, fraud, noncompliance, and other exposures when developing the engagement objectives � 2210.A3 – Adequate criteria are needed to evaluate controls. Internal auditors must ascertain the extent to which management has established adequate criteria to determine whether objectives and goals have been accomplished. If adequate, internal auditors must use such criteria in their evaluation. If inadequate, internal auditors must work with management to develop appropriate evaluation criteria (C) 2017 GoldCal LLC 8 CONFIDENTIAL

  9. IIA S TANDARDS – E NGAGEMENT S COPE � 2220 – Engagement Scope ─ The established scope must be sufficient to satisfy the objectives of the engagement � 2220.A1 – The scope of the engagement must include consideration of relevant systems, records, personnel, and physical properties, including those under the control of third parties � 2220.A2 – If significant consulting opportunities arise during an assurance engagement, a specific written understanding as to the objectives, scope, respective responsibilities, and other expectations should be reached and the results of the consulting engagement communicated in accordance with consulting standards (C) 2017 GoldCal LLC 9 CONFIDENTIAL

  10. E LEMENTS OF P RELIMINARY W ORK 1. Define Audit Objectives (Risk-Based) 2. Define Scope 3. Knowledge Gathering 4. Authoritative Research 5. Interview Management 6. Understand / Document Process 7. Work Program (C) 2017 GoldCal LLC 10 CONFIDENTIAL

  11. Defining Audit Objectives (C) 2017 GoldCal LLC 11 CONFIDENTIAL

  12. D EFINE A UDIT O BJECTIVES � Understanding the goals and objectives of an audit ─ Why is this audit being performed? ─ Why was it identified as a risk? ─ Why was it deemed important enough to appear in the audit plan? � The above questions can be answered with the statements (which are really saying the same thing): � Because it addresses a risk that could negatively impact the company’s ability to achieve strategic goals/objectives � The audit is a part of an audit plan that is aligned with the company’s strategic goals/objectives (C) 2017 GoldCal LLC 12 CONFIDENTIAL

  13. W HAT ARE SOME STRATEGIC OBJECTIVES ? � Recruiting/Retaining top talent � Growth (Organic / Inorganic) • Maintaining an effective Supply Chain function: • Inventory • Procurement • Regulatory Compliance: • FCPA • SOX • FDA (C) 2017 GoldCal LLC 13 CONFIDENTIAL

  14. A LIGNING A UDIT P LAN TO C OMPANY S TRATEGIC O BJECTIVES (C) 2017 GoldCal LLC 14 CONFIDENTIAL

  15. A LIGNING A UDIT P LAN TO C OMPANY S TRATEGIC O BJECTIVES Question: What about the Company’s “growth” initiatives? How can Internal Audit help with this strategic objective? (C) 2017 GoldCal LLC 15 CONFIDENTIAL

  16. A LIGNING A UDIT P LAN TO C OMPANY S TRATEGIC O BJECTIVES Answer: - Assess HR function for scalability - are HR people, processes and tools (systems) capable of • Supporting a significant increase in number of employees due to an future acquisition? • Processing a significant number of relocations or severance packages - Provide due diligence support – help M&A team assess target company. - Post-acquisition integration assessment (C) 2017 GoldCal LLC 16 CONFIDENTIAL

  17. W HAT TYPE OF ENGAGEMENT SHOULD THIS BE ? Some questions to ask to determine what the right audit engagement should be: � How mature is this function/process? � Are there any policies/procedures? � How long has this function been in place? � Has this function/process ever been assessed? � How manual/automated is this process? � Are there any management monitoring controls or feedback mechanism? � How sophisticated is leadership regarding controls or control environment? (C) 2017 GoldCal LLC 17 CONFIDENTIAL

  18. T YPES OF ENGAGEMENTS � Consulting Projects / Management Requested Special Project � Gap Assessments / Risk Assessments � Audits • Financial Audit • IT Audit • Integrated Audit • Compliance Audit • Operational Audit (C) 2017 GoldCal LLC 18 CONFIDENTIAL

  19. I NTEGRATED A UDITS - E XAMPLE � HR Audit - processes included in scope: • Talent Acquisition • Performance Evaluation • Termination Process • Compensation • Contractor Governance • Employee Data Privacy How would an Integrated Audit benefit this HR Audit? (C) 2017 GoldCal LLC 19 CONFIDENTIAL

  20. I NTEGRATED A UDITS - E XAMPLE � Termination Process • Is process to terminate access for (terminated employees) to all company systems effective/timely � Compensation • Are interfaces effective between equity compensation administration system and Accounting system ? � Contractor Governance • Is there a module to track contractors or are contractors being tracked on excel spreadsheets? � Employee Data Privacy • Are logical access / data security controls effective to prevent data privacy breaches? (C) 2017 GoldCal LLC 20 CONFIDENTIAL

  21. W HAT IF ? …the organization does not have an ERA / ERM in place? (C) 2017 GoldCal LLC 21 CONFIDENTIAL

  22. Now Let’s Exercise! (C) 2017 GoldCal LLC 22 CONFIDENTIAL

  23. G ROUP E XERCISE The Company has had very high turnover and VP of HR would like to know if HR’s processes are effective in supporting the strategic objective of “Acquiring/Retaining the best talent for organization”. What processes should be in scope for our review/audit? (C) 2017 GoldCal LLC 23 CONFIDENTIAL

  24. G ROUP E XERCISE – W HAT ARE THE R ISKS ? What are the risks? (C) 2017 GoldCal LLC 24 CONFIDENTIAL

  25. G ROUP E XERCISE – W HAT ARE THE R ISKS ? 1. Company hires employees that are not competent to perform required job duties. 2. New employees are not properly trained to effectively perform job duties. 3. Company does not attract/retain candidates/employees effectively due to less than market compensation. 4. Company does not have an effective performance measurement process. 5. Company does not have an effective succession planning process. (C) 2017 GoldCal LLC 25 CONFIDENTIAL

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Applying & Utilizing Risk Assessments to Establish Work Plans & Audit Objectives IIA

Applying & Utilizing Risk Assessments to Establish Work Plans & Audit Objectives IIA

Applying & Utilizing Risk Assessments to Establish Work Plans & Audit Objectives IIA San Diego Chapters Government Seminar March 9, 2016 Lee Parravano, CPA, CIA, CGMA Internal Auditor at SDCERS 1 Discussion Topics

348 views • 15 slides
Internal Audit Risk Assessment and Audit Assessment and Audit Planning May 6, 2011 Eric Miles,

Internal Audit Risk Assessment and Audit Assessment and Audit Planning May 6, 2011 Eric Miles,

Internal Audit Risk Assessment and Audit Assessment and Audit Planning May 6, 2011 Eric Miles, Partner, CPA, CIA, CFE Ric Jazaie, CPA, CIA Ric Jazaie, CPA, CIA MOSS ADAMS LLP | 1 T d Todays Objectives Obj ti Provide an overview

597 views • 57 slides
Effective presentation of immunogenicity risk assessments and related data in regulatory dossiers

Effective presentation of immunogenicity risk assessments and related data in regulatory dossiers

Regulatory For reprint orders, please contact: reprints@future-science.com Effective presentation of immunogenicity risk assessments and related data in regulatory dossiers Paul Chamberlain* ,1 1 NDA Advisory Services, Ltd, Grove House,

649 views • 12 slides
How to manage effective risk assessments About me Safety Lead at PfP Leisure 27 million

How to manage effective risk assessments About me Safety Lead at PfP Leisure 27 million

How to manage effective risk assessments About me Safety Lead at PfP Leisure 27 million annual visits 8,000 staff Member of the NSPCC/CPSU Leisure Centre Group Ukactive Safety Group Sub editor of the HSEs Managing

378 views • 15 slides
Multistate tax Businesses must be vigilant and careful in managing their state and local tax

Multistate tax Businesses must be vigilant and careful in managing their state and local tax

including up-front sample period negotiation, detailed review and analysis of Prudently litigate tax assessments through all levels of appeal. Personal income tax, ment of certain high-risk audit positions and tax assessments when litigation

236 views • 13 slides
Farmersville, Texas Audit Presentation September 30, 2017 Presented By: Louis Breedlove, Audit

Farmersville, Texas Audit Presentation September 30, 2017 Presented By: Louis Breedlove, Audit

Farmersville, Texas Audit Presentation September 30, 2017 Presented By: Louis Breedlove, Audit Manager June 26, 2018 1 OVERVIEW OF THE AUDIT PROCESS Audit Planning and Risk Assessment Audit Standards The audit was performed in

425 views • 13 slides
Principles for Effective Stakeholder Engagement in Marine Planning Prevent | Collaborate |

Principles for Effective Stakeholder Engagement in Marine Planning Prevent | Collaborate |

Principles for Effective Stakeholder Engagement in Marine Planning Prevent | Collaborate | Resolve Developed and Presented by: Brian Manwaring Lauren Nutter Co-Authored by: Suzanne Orenstein In association with: This presentation is

1.28k views • 54 slides
GoJ Audit Commission Conference 2016 Tips on Reviewing a Risk-Based Audit Plan 11/8/2016 Jacque

GoJ Audit Commission Conference 2016 Tips on Reviewing a Risk-Based Audit Plan 11/8/2016 Jacque

GoJ Audit Commission Conference 2016 Tips on Reviewing a Risk-Based Audit Plan 11/8/2016 Jacque Chevers BH{L}, CA, CRMA, MSc, BSc, AAT 1 RISK ASSESSMENT Risk-Based Audit Planning Where RISK, Meets STRATEGY 11/8/2016 Jacque Chevers BH{L},

599 views • 32 slides
Section 3 Risk ASJ Stages of an Audit Audit Approaches ASJ In this approach, audit

Section 3 Risk ASJ Stages of an Audit Audit Approaches ASJ In this approach, audit

ASJ Section 3 Risk ASJ Stages of an Audit Audit Approaches ASJ In this approach, audit resources are targeted on testing large volumes of transactions and account balances without any particular focus on specified Substantive areas of

271 views • 16 slides
Alameda Health System Audit Committee Thank you for your continued engagement of Moss Adams LLP,

Alameda Health System Audit Committee Thank you for your continued engagement of Moss Adams LLP,

2019 Audit Planning Presentation Alameda Health System Audit Committee Thank you for your continued engagement of Moss Adams LLP, the provider of choice for Alameda Health System health care organizations. We are pleased to present our audit

705 views • 33 slides
Type B Risk Assessment & Reporting Findings Virginias Practices for Completing Type B Risk

Type B Risk Assessment & Reporting Findings Virginias Practices for Completing Type B Risk

Type B Risk Assessment & Reporting Findings Virginias Practices for Completing Type B Risk Assessments & Reporting Findings Presented at: Mid-America Intergovernmental Audit Forum (MAMIAF) Single Audit Workshop

622 views • 28 slides
Audit Risk Presented by: Eric Kline, CPA Quality Assurance & Technical Specialist Center

Audit Risk Presented by: Eric Kline, CPA Quality Assurance & Technical Specialist Center

Audit Risk Presented by: Eric Kline, CPA Quality Assurance & Technical Specialist Center for Audit Excellence August 6, 2015 Risk Assessment 2 Agenda Audit Risk Various Components of Audit Model Risk Ohio Auditor of

751 views • 28 slides
Procurement and Contract Audit CIPFAs Risk based approach to planning audits and the work of

Procurement and Contract Audit CIPFAs Risk based approach to planning audits and the work of

Procurement and Contract Audit CIPFAs Risk based approach to planning audits and the work of the Procurement and Contract Audit Forum [ PACAF] By : Ken Odgers By : Ken Odgers cipfa.org.uk Overview Background to the birth of PACAF;

465 views • 34 slides
11/1/2017 Overview PMRA Environmental Risk Assessments at the Environmental

11/1/2017 Overview PMRA Environmental Risk Assessments at the Environmental

11/1/2017 Overview PMRA Environmental Risk Assessments at the Environmental Assessments Pest Management Regulatory Agency Problem Formulation Exposure Presented at uOttawa Toxicity November 9 2017 Risk

405 views • 7 slides
Presentation to the Audit Committee October 2, 2012 Engagement Wayne McConnell, CPA,

Presentation to the Audit Committee October 2, 2012 Engagement Wayne McConnell, CPA,

Presentation to the Audit Committee October 2, 2012 Engagement Wayne McConnell, CPA, Concurring Partner Team Jonathan Ellis, CPA, Engagement Partner Members Godwin Okoye, CPA, Director Olaniyi Oyedele, CPA, Audit Supervisor

166 views • 15 slides
M A R O A - F O R S Y T H C U S D # 2 MIDDLE SCHOOL FACILITY PLANNING Community Engagement

M A R O A - F O R S Y T H C U S D # 2 MIDDLE SCHOOL FACILITY PLANNING Community Engagement

M A R O A - F O R S Y T H C U S D # 2 MIDDLE SCHOOL FACILITY PLANNING Community Engagement Session #2 10.23.19 Charge: To provide the BEST middle school educational environment, in the most cost-effective manner. COMMUNITY ENGAGEMENT

1.24k views • 85 slides
The Trendlines Group Financial Highlights Q3 2019 Steve Rhodes Todd Dollinger Haim Brosh

The Trendlines Group Financial Highlights Q3 2019 Steve Rhodes Todd Dollinger Haim Brosh

The Trendlines Group Financial Highlights Q3 2019 Steve Rhodes Todd Dollinger Haim Brosh Chairman and CEO Chairman and CEO Chief Financial Officer 7 November 2019 SGX:42T OTCQX: TRNLY Agenda Corporate highlights Financial

454 views • 18 slides
Creating opportunities for customers and shareholders Peter Hackel, CFO 7 December 2017

Creating opportunities for customers and shareholders Peter Hackel, CFO 7 December 2017

Creating opportunities for customers and shareholders Peter Hackel, CFO 7 December 2017 Disclaimer This presentation contains certain forward-looking statements that reflect the current views of management. Such statements are subject to known

661 views • 38 slides
Wash out, splint/ex-fix and do electively Mani Kahn MD No disclosures Zura rushing to

Wash out, splint/ex-fix and do electively Mani Kahn MD No disclosures Zura rushing to

Wash out, splint/ex-fix and do electively Mani Kahn MD No disclosures Zura rushing to definitively fix an ankle in the middle of the night. Can we really trust his judgement? Hollywood elite! NCIS New Orleans, 2017 Open ankle fractures

517 views • 24 slides
ICSI Abstract, Full-Paper and Presentation submissions 1.0 Sign up / Register 2.0 Sign in 3.0

ICSI Abstract, Full-Paper and Presentation submissions 1.0 Sign up / Register 2.0 Sign in 3.0

ICSI Abstract, Full-Paper and Presentation submissions 1.0 Sign up / Register 2.0 Sign in 3.0 Manage submissions 3.1 New Submission 3.2 List Submission 3.3 Edit Submission 3.4 Upload Abstract/Full Paper/Presentation File Example for Upload

357 views • 9 slides
Welcome! 1 Follow AAQEP on Social Media twitter.com/aaqep1 #AAQEP19 linkedin.com/company/aaqep

Welcome! 1 Follow AAQEP on Social Media twitter.com/aaqep1 #AAQEP19 linkedin.com/company/aaqep

Welcome! 1 Follow AAQEP on Social Media twitter.com/aaqep1 #AAQEP19 linkedin.com/company/aaqep 2 Quality in Context: Tackling the Tough Questions Housekeeping Emergency Exits Restrooms Room locations: Medallion Ballroom,

611 views • 32 slides
Nitrogen dynamics in the Caatinga Rmulo S. C. Menezes, Ph. D. Associate Professor, Universidade

Nitrogen dynamics in the Caatinga Rmulo S. C. Menezes, Ph. D. Associate Professor, Universidade

Nitrogen dynamics in the Caatinga Rmulo S. C. Menezes, Ph. D. Associate Professor, Universidade Federal de Pernambuco E-mail: romuloscmenezes@gmail.com Main topics to to be be discussed Introduction about Caatinga N stocks and impacts of

785 views • 50 slides
Utilizing Gaze Detection to Simulate the Affordances of Paper in the Rapid Serial Visual

Utilizing Gaze Detection to Simulate the Affordances of Paper in the Rapid Serial Visual

Utilizing Gaze Detection to Simulate the Affordances of Paper in the Rapid Serial Visual Presentation Format Gustav quist 1 , Staffan Bjrk 2 and Mikael Goldstein 3 1 Uppsala University, Department of Linguistics, PO Box 527 751 20 Uppsala,

299 views • 5 slides
Long-Term Goal: Monitoring Driver Behavior /++01.23( !$2&"4-"#+5(

Long-Term Goal: Monitoring Driver Behavior /++01.23( !$2&"4-"#+5(

MSP - CRSS A SSESSMENT OF DRIVER S DISTRACTION USING PERCEPTUAL EVALUATIONS , SELF ASSESSMENTS AND MULTIMODAL FEATURE ANALYSIS J INESH J AIN C ARLOS B USSO September 6th, 2011 busso@utdallas.edu MSP - CRSS Long-Term Goal: Monitoring Driver

488 views • 21 slides

More recommend