Emerging Trends and Leading Practices 2011...Emerging Trends and Leading Practices 2011 Respondents...

Post on 05-Oct-2020

5 views 0 download

Transcript of Emerging Trends and Leading Practices 2011...Emerging Trends and Leading Practices 2011 Respondents...


1 Copyright © 2011 The Institute of Internal Auditors

Emerging Trends and Leading Practices 2011

Respondents Outside North America

Executive Summary Report

Date: 4/11/2011

Number of Responses Analyzed: 656

Total number of responses collected: 1,363

1: From 2010 to 2011, the staffing levels of my internal audit function: (Respondents could only choose a single response)

Response Chart Frequency Count

Increased, by what

percentage (see below): 33.3% 217

Decreased, by what

percentage (see below): 9.8% 64

Stayed the same 56.9% 371

Not Answered 4

Valid Responses 652

Total Responses 56

Increased by: Count Decreased by: Count

1–5% 13 1–5% 3

6–10% 47 6–10% 15

11–15% 19 11–15% 9

16–20% 43 16–20% 10

21–30% 30 21–30% 12

31–40% 6 31–40% 4

41–50% 18 41–50% 3

More than 50% 16 More than 50% 4

2 Copyright © 2011 The Institute of Internal Auditors

2: From 2010 to 2011, the budget of my internal audit function:

Response Chart Frequency Count

Increased, by what percentage (see below):

39.3% 256

Decreased, by what percentage (see below):

13.1% 85

Stayed the same 47.6% 310

Not Answered 5

Valid Responses 651

Total Responses 656

Increased by: Count Decreased by: Count

1–5% 38 1–5% 12

6–10% 67 6–10% 22

11–15% 20 11–15% 12

16–20% 42 16–20% 7

21–30% 31 21–30% 8

31–40% 8 31–40% 2

41–50% 14 41–50% 4

More than 50% 10 More than 50% 4

3: How would you rate the collective knowledge of your organization’s business by your internal audit staff: (Respondents could only choose a single response)

Response Chart Frequency Count

Inadequate 2.1% 14

Limited/developing 22.6% 148

Adequate 38.1% 250

Above average 27.1% 178

Extensive 10.1% 66

Not Answered 7

Mean 3.204

Valid Responses 656

Total Responses 663

3 Copyright © 2011 The Institute of Internal Auditors

4: Which of the following staffing strategies do you employ to acquire and maintain knowledge of the business by your staff: (Respondents were allowed to choose multiple responses)

Response Chart Frequency Count

Rotational program in which experienced professionals from the business rotate into

internal auditing on an ongoing basis

30.7% 206

Active recruitment of experienced professionals with industry experience or knowledge

42.8% 287

Co-sourcing relationship with a third-party provider to leverage industry experience

24.5% 164

Internal development of existing

personnel 79.3% 531

Other, please explain (See Appendix A): 7.9% 53

I do not consider acquisition of business/industry knowledge to be a priority

2.2% 15

Valid Responses 656

Total Responses 656

5: Which of the following strategies do you employ to enhance and maintain knowledge of the business within your staff: (Respondents were allowed to choose multiple responses)

Response Chart Frequency Count

Partnering inexperienced staff with more

experienced or seasoned staff on engagements warranting knowledge of the business

64.6% 433

Hosting regular all-staff training events to learn from company executives, business unit leaders, and


38.8% 260

The CAE participates in one or more industry focused CAE groups, roundtables, or events

34.0% 228

The CAE frequently, but informally, benchmarks and networks with CAEs of peer companies in the industry

27.9% 187

Staff receive training focused on industry risks or issues that may warrant internal audit coverage

59.3% 397

Internal audit staff subscribe to industry periodicals or

other literature to stay current on risks or issues that may warrant internal audit coverage

51.2% 343

Internal auditing or the company has deployed an extensive knowledge management framework that is

drawn upon to acquire, enhance, and maintain

knowledge of the business

29.9% 200

Other, please explain (see Appendix A1): 5.2% 35

Valid Responses 656

Total Responses 656

4 Copyright © 2011 The Institute of Internal Auditors

6: If surveyed today on how well internal auditing is meeting their needs and expectations, executive management in my company would probably rate their overall satisfaction as: (Respondents could only choose a single response)

Response Chart Frequency Count

Unacceptable 0.2% 1

Poor 3.4% 22

Acceptable 32.7% 214

Good 56.3% 369

Outstanding 7.5% 49

Not Answered 1

Mean 3.676

Valid Responses 655

Total Responses 656

7: If surveyed today on how well internal auditing is meeting its needs and expectations, my audit committee would probably rate its overall satisfaction as: (Respondents could only choose a single response)

Response Chart Frequency Count

Unacceptable 0.0% 0

Poor 2.9% 19

Acceptable 27.1% 176

Good 59.4% 386

Outstanding 10.6% 69

Not Answered 6

Mean 3.777

Valid Responses 650

Total Responses 656

5 Copyright © 2011 The Institute of Internal Auditors

8: Over the past year, how much have the needs and expectations of management and the audit committee driven change in the focus or coverage of your internal audit function? (Respondents could only choose a single response)

Response Chart Frequency Count

No influence 3.4% 22

Minimal 11.2% 73

There has been some

influence, but no more than usual

46.6% 304

More than usual 30.9% 202

Extensive 8.0% 52

Not Answered 3

Mean 3.289

Valid Responses 653

Total Responses 656

9: Which of the following strategies do you employ in assessing the needs and expectations of your stakeholders? (Choose all that apply)

Response Chart Frequency Count

Formal surveys of key stakeholders to assess

expectations and internal auditing’s

performance against them

35.7% 239

Regular formal meetings with key

stakeholders to assess their expectations and internal auditing’s performance

against them

57.5% 385

Discussions with the full executive

leadership/management team of my company

in the same room to assess their collective expectations and internal auditing’s

performance against them.

34.5% 231

Ongoing informal discussions with the

chairman of the audit committee to assess

his/her expectations and internal auditing’s performance against them

45.1% 302

Discussions with the full audit committee to assess their collective expectations and

internal auditing’s performance against them

40.3% 270

Other, please explain: See Appendix B 7.8% 52

Valid Responses 656

Total Responses 656

6 Copyright © 2011 The Institute of Internal Auditors

10: In what areas is technology leveraged for ongoing internal audit activities and what tools are used?

Technology used

Yes No Total

Risk assessment activities

Count 394 211 605

% by Row 65.1% 34.9% 100.0%

Audit planning Count 417 200 617

% by Row 67.6% 32.4% 100.0%

Control analysis Count 352 222 574

% by Row 61.3% 38.7% 100.0%

Data analysis Count 474 109 583

% by Row 81.3% 18.7% 100.0%


testing Count 362 204 566

% by Row 64.0% 36.0% 100.0%

Workpaper management

Count 414 194 608

% by Row 68.1% 31.9% 100.0%

Reporting Count 394 192 586

% by Row 67.2% 32.8% 100.0%

Managing findings and issues

Count 417 181 598

% by Row 69.7% 30.3% 100.0%


management for internal auditing

Count 316 273 589

% by Row 53.7% 46.3% 100.0%

Communication Count 381 207 588

% by Row 64.8% 35.2% 100.0%

Continuous audit

activities Count 325 258 583

% by Row 55.7% 44.3% 100.0%

Total Count 4246 2251 6497

% by Row 65.4% 34.6% 100.0%

7 Copyright © 2011 The Institute of Internal Auditors

10: In what areas is technology leveraged for ongoing internal audit activities and what tools are used?

Type of tool used, if applicable

Data analysis

GRC system Security monitoring

Audit management

Other Total

Risk assessment

activities Count 238 130 86 227 80 761

% by

Row 35.5% 19.4% 12.8% 33.9% 11.9% 100.0%

Audit planning Count 194 88 39 285 94 700

% by Row

29.0% 13.1% 5.8% 42.5% 14.0% 100.0%

Control analysis Count 217 88 91 168 84 648

% by

Row 32.4% 13.1% 13.6% 25.1% 12.5% 100.0%

Data analysis Count 399 45 62 132 75 713

% by Row

59.6% 6.7% 9.3% 19.7% 11.2% 100.0%


testing Count 253 60 60 151 86 610

% by

Row 37.8% 9.0% 9.0% 22.5% 12.8% 100.0%


management Count 115 68 43 288 106 620

% by Row

17.2% 10.1% 6.4% 43.0% 15.8% 100.0%

Reporting Count 105 65 39 259 125 593

% by

Row 15.7% 9.7% 5.8% 38.7% 18.7% 100.0%

Managing findings

and issues Count 121 80 59 269 130 659

% by

Row 18.1% 11.9% 8.8% 40.1% 19.4% 100.0%

Performance management for

internal auditing

Count 97 49 43 201 114 504

% by

Row 14.5% 7.3% 6.4% 30.0% 17.0% 100.0%

Communication Count 67 56 35 198 174 530

% by Row

10.0% 8.4% 5.2% 29.6% 26.0% 100.0%

Continuous audit

activities Count 168 70 70 192 90 590

% by

Row 25.1% 10.4% 10.4% 28.7% 13.4% 100.0%

8 Copyright © 2011 The Institute of Internal Auditors

11: For the following tools that you use, please identify whether these tools are commercially available, internally developed, a combination of the two, or not used, and rank your satisfaction with each of them.


Commercially available

Internally developed

Combination of commercially available and internally developed

Not used Total

Data analysis


Count 269 135 96 86 586

% by Row 45.9% 23.0% 16.4% 14.7% 100.0%

GRC systems Count 108 87 49 251 495

% by Row 21.8% 17.6% 9.9% 50.7% 100.0%


monitoring tools

Count 92 94 67 238 491

% by Row 18.7% 19.1% 13.6% 48.5% 100.0%


management tools

Count 165 195 64 127 551

% by Row 29.9% 35.4% 11.6% 23.0% 100.0%

Other tools Count 118 107 54 178 457

% by Row 25.8% 23.4% 11.8% 38.9% 100.0%

Total Count 752 618 330 880 2580

% by Row 29.1% 24.0% 12.8% 34.1% 100.0%

(Level of Satisfaction)

Not satisfied at all

Needs improvement

Satisfied Extremely satisfied

Total Mean

Data analysis


Count 17 201 263 21 502 2.574

% by Row 3.4% 40.0% 52.4% 4.2% 100.0%

GRC systems Count 35 130 104 7 276 2.301

% by Row 12.7% 47.1% 37.7% 2.5% 100.0%

Security monitoring tools

Count 31 128 111 7 277 2.339

% by Row 11.2% 46.2% 40.1% 2.5% 100.0%




Count 31 168 204 24 427 2.518

% by Row 7.3% 39.3% 47.8% 5.6% 100.0%

Other tools Count 19 130 143 6 298 2.456

% by Row 6.4% 43.6% 48.0% 2.0% 100.0%

Total Count 133 757 825 65 1780 N/A

% by Row 7.5% 42.5% 46.3% 3.7% 100.0%

9 Copyright © 2011 The Institute of Internal Auditors

12: For 2011 audit activities, please indicate whether the focus of your internal audit plan has changed for the following since 2010:

Increased No change Decreased Total

Financial risks Count 277 318 34 629

% by Row 44.0% 50.6% 5.4% 100.0%

Financial reporting

controls testing

Count 228 358 46 632

% by Row 36.1% 56.6% 7.3% 100.0%

Operational risks Count 366 251 19 636

% by Row 57.5% 39.5% 3.0% 100.0%

Compliance risks Count 317 291 30 638

% by Row 49.7% 45.6% 4.7% 100.0%

Credit risks Count 176 406 42 624

% by Row 28.2% 65.1% 6.7% 100.0%

Fraud risks Count 305 297 30 632

% by Row 48.3% 47.0% 4.7% 100.0%


recovery risks

Count 137 425 54 616

% by Row 22.2% 69.0% 8.8% 100.0%

Crisis management Count 144 437 42 623

% by Row 23.1% 70.1% 6.7% 100.0%

Effectiveness of risk management

Count 295 314 22 631

% by Row 46.8% 49.8% 3.5% 100.0%

Cost/expense reduction or containment

Count 212 366 47 625

% by Row 33.9% 58.6% 7.5% 100.0%

Reputational risks Count 184 402 39 625

% by Row 29.4% 64.3% 6.2% 100.0%

Mergers and acquisitions Count 103 410 98 611

% by Row 16.9% 67.1% 16.0% 100.0%

Total Count 2744 4275 503 7522

% by Row 36.5% 56.8% 6.7% 100.0%

12a: If there is a notable area not listed in question 12, please list it here and indicate whether it has increased or decreased in focus, or stayed the same. SEE APPENDIX C

10 Copyright © 2011 The Institute of Internal Auditors

13: Rate the following attributes in terms of importance and level of performance for your internal audit function: (Importance)

Not important at all

Somewhat important

Important Very important

Extremely important

Total Mean

Effectively managing

stakeholder relationships

Count 18 66 211 200 124 619 3.559

% by

Row 2.9% 10.7% 34.1% 32.3% 20.0% 100.0%

Effectively meeting stakeholder


Count 21 56 200 221 112 610 3.569

% by

Row 3.4% 9.2% 32.8% 36.2% 18.4% 100.0%

Effectively leveraging


Count 29 120 225 181 51 606 3.173

% by

Row 4.8% 19.8% 37.1% 29.9% 8.4% 100.0%

Promoting customer

service focus

Count 24 124 246 152 57 603 3.156

% by

Row 4.0% 20.6% 40.8% 25.2% 9.5% 100.0%

Conformance with The IIA's Standards

Count 21 88 210 165 122 606 3.460

% by

Row 3.5% 14.5% 34.7% 27.2% 20.1% 100.0%

Risk methodology that focuses on critical risks

Count 8 39 174 223 168 612 3.824

% by Row

1.3% 6.4% 28.4% 36.4% 27.5% 100.0%

Value proposition of internal auditing that is

well documented and communicated

Count 15 66 242 207 84 614 3.454

% by

Row 2.4% 10.7% 39.4% 33.7% 13.7% 100.0%

Internal audit plan that is aligned with the

organization’s strategic plan

Count 12 42 169 224 167 614 3.801

% by Row

2.0% 6.8% 27.5% 36.5% 27.2% 100.0%


improvement and innovation

Count 12 72 221 225 85 615 3.486

% by

Row 2.0% 11.7% 35.9% 36.6% 13.8% 100.0%

Appropriate talent pool Count 20 55 222 213 101 611 3.524

% by

Row 3.3% 9.0% 36.3% 34.9% 16.5% 100.0%

Cost-effective and

efficient operations

Count 9 81 270 191 56 607 3.336

% by Row

1.5% 13.3% 44.5% 31.5% 9.2% 100.0%

Alignment of risk,

control, and compliance functions

Count 12 52 230 214 102 610 3.561

% by Row

2.0% 8.5% 37.7% 35.1% 16.7% 100.0%

Total Count 201 861 2620 2416 1229 7327 N/A

% by Row

2.7% 11.8% 35.8% 33.0% 16.8% 100.0%

(see Appendix D for alternative table comparing Importance and Level of Performance)

11 Copyright © 2011 The Institute of Internal Auditors

13: Rate the following attributes in terms of importance and level of performance for your internal audit function: (Level of Performance)

Inadequate Limited/ developing

Adequate Above average

Exceptional Total Mean

Effectively managing

stakeholder relationships

Count 29 109 301 151 19 609 3.036

% by

Row 4.8% 17.9% 49.4% 24.8% 3.1% 100.0%

Effectively meeting

stakeholder expectations

Count 24 112 299 144 19 598 3.037

% by

Row 4.0% 18.7% 50.0% 24.1% 3.2% 100.0%

Effectively leveraging


Count 85 231 201 68 9 594 2.470

% by

Row 14.3% 38.9% 33.8% 11.4% 1.5% 100.0%

Promoting customer service focus

Count 39 151 284 101 16 591 2.838

% by

Row 6.6% 25.5% 48.1% 17.1% 2.7% 100.0%

Conformance with The IIA's Standards

Count 29 125 271 135 35 595 3.037

% by

Row 4.9% 21.0% 45.5% 22.7% 5.9% 100.0%

Risk methodology that

focuses on critical risks

Count 28 143 241 163 24 599 3.020

% by

Row 4.7% 23.9% 40.2% 27.2% 4.0% 100.0%

Value proposition of internal auditing that is

well documented and communicated

Count 35 133 276 130 26 600 2.965

% by Row

5.8% 22.2% 46.0% 21.7% 4.3% 100.0%

Internal audit plan that

is aligned with the organization’s strategic


Count 29 100 257 169 48 603 3.177

% by

Row 4.8% 16.6% 42.6% 28.0% 8.0% 100.0%

Continuous improvement and


Count 27 183 261 112 20 603 2.859

% by Row

4.5% 30.3% 43.3% 18.6% 3.3% 100.0%

Appropriate talent pool Count 71 178 245 87 16 597 2.663

% by

Row 11.9% 29.8% 41.0% 14.6% 2.7% 100.0%

Cost-effective and efficient operations

Count 39 126 313 99 18 595 2.884

% by

Row 6.6% 21.2% 52.6% 16.6% 3.0% 100.0%

Alignment of risk,

control, and compliance


Count 40 166 267 109 17 599 2.828

% by

Row 6.7% 27.7% 44.6% 18.2% 2.8% 100.0%

Total Count 475 1757 3216 1468 267 7183 N/A

% by Row

6.6% 24.5% 44.8% 20.4% 3.7% 100.0%

12 Copyright © 2011 The Institute of Internal Auditors

14: What do you feel are the top three risks that are or will impact your organization in 2011, and how is internal auditing positioned to assess and help the organization mitigate these risks? (Positioning, in general)

Not positioned at all Somewhat positioned Well positioned Total Mean

Risk 1 Count 68 234 255 557 2.336

% by Row

12.2% 42.0% 45.8% 100.0%

Risk 2 Count 65 242 227 534 2.303

% by

Row 12.2% 45.3% 42.5% 100.0%

Risk 3 Count 88 231 181 500 2.186

% by Row

17.6% 46.2% 36.2% 100.0%

Total Count 221 707 663 1591 N/A

% by Row

13.9% 44.4% 41.7% 100.0%

14-1: List of top risks, and how internal auditing is positioned to assess and help the organization mitigate these risks: (Respondents were limited to brief text responses)

RISK Not positioned at all Somewhat positioned Well positioned Total

Specific risks yet to be analyzed


13 Copyright © 2011 The Institute of Internal Auditors

15: For each of the following, indicate the extent to which your internal audit staff collectively possesses the required skills to address needed coverage: (Extent of Skills)

Significantly lacking

Inadequate Adequate Expert level

Not required

Total Mean

Business and


specific knowledge

Count 8 58 379 166 5 616 3.166

% by Row

1.3% 9.4% 61.5% 26.9% 0.8% 100.0%

IT (general) Count 34 165 300 112 6 617 2.823

% by

Row 5.5% 26.7% 48.6% 18.2% 1.0% 100.0%

Data mining

and analytics Count 36 166 311 84 14 611 2.794

% by Row

5.9% 27.2% 50.9% 13.7% 2.3% 100.0%

Cybersecurity and privacy

Count 60 224 252 46 37 619 2.638

% by

Row 9.7% 36.2% 40.7% 7.4% 6.0% 100.0%


management Count 8 88 369 154 2 621 3.087

% by

Row 1.3% 14.2% 59.4% 24.8% 0.3% 100.0%

Fraud auditing Count 16 130 333 116 21 616 2.994

% by Row

2.6% 21.1% 54.1% 18.8% 3.4% 100.0%

Forensics and

investigations Count 43 174 261 89 50 617 2.885

% by

Row 7.0% 28.2% 42.3% 14.4% 8.1% 100.0%

Quality control

(e.g., Six

Sigma, ISO)

Count 48 174 258 64 68 612 2.886

% by

Row 7.8% 28.4% 42.2% 10.5% 11.1% 100.0%


initiatives and programs

Count 26 148 353 61 29 617 2.869

% by

Row 4.2% 24.0% 57.2% 9.9% 4.7% 100.0%

Interviewing Count 7 51 402 151 6 617 3.159

% by Row

1.1% 8.3% 65.2% 24.5% 1.0% 100.0%

Total Count 286 1378 3218 1043 238 6163 N/A

% by Row

4.6% 22.4% 52.2% 16.9% 3.9% 100.0%

14 Copyright © 2011 The Institute of Internal Auditors

15a: If there is any other area not mentioned above, please list it and indicate the extent to which your internal audit staff collectively possesses the required skills to address needed coverage: (Extent of Skills, in general)

Significantly lacking

Inadequate Adequate Expert level Total Mean

Area 1: Count 10 18 33 22 83 2.807

% by Row

12.0% 21.7% 39.8% 26.5% 100.0%

Area 2: Count 3 19 16 7 45 2.600

% by

Row 6.7% 42.2% 35.6% 15.6% 100.0%

Area 3: Count 6 11 8 4 29 2.345

% by Row

20.7% 37.9% 27.6% 13.8% 100.0%

Total Count 19 48 57 33 157 N/A

% by Row

12.1% 30.6% 36.3% 21.0% 100.0%

15a-1: For areas not mentioned above, please list them and indicate the extent to which your internal audit staff collectively possesses the required skills to address needed coverage: (Respondents were limited to brief text responses)

Significantly lacking

Inadequate Adequate Expert level Total

Specific areas yet to be analyzed

Total Responses 130

15 Copyright © 2011 The Institute of Internal Auditors

16: What skill sets are you actively recruiting for, or anticipating recruiting for, in your internal audit function this year? (Choose all that apply)

Response Chart Frequency Count

Business and industry-specific knowledge

41.8% 280

IT (general) 40.6% 272

Data mining and analytics 31.2% 209

Cybersecurity and privacy 17.2% 115

Risk management 36.3% 243

Risk assessment activities 33.3% 223

Report writing 20.0% 134

Fraud auditing 25.4% 170

Forensics and investigations 18.5% 124

Quality control (e.g., Six Sigma, ISO) 14.9% 100

Strategic initiatives and programs 20.4% 137

Interviewing 11.8% 79

Other, please specify: See Appendix E 11.3% 76

Valid Responses 656

Total Responses 656

17: In addition to traditional roles and responsibilities, internal auditing is also primarily responsible for: (Choose all that apply) Response Chart Frequency Count

Risk management 45.6% 303

Ethics investigations 37.0% 246

Managing corporate hotline 16.7% 111

Financial reporting controls compliance

(e.g., the U.S. Sarbanes-Oxley Act) 36.1% 240

Regulatory compliance (general) 38.2% 254

IT security 22.0% 146

Fraud investigations 55.9% 372

Compliance with anti-bribery legislation 24.1% 160

None of the above 12.3% 82

Other, please specify (See Appendix F): 6.2% 41

Valid Responses 656

Total Responses 656

16 Copyright © 2011 The Institute of Internal Auditors

18: What is the size of your internal audit function (calculated in total full-time equivalents)? (Respondents could only choose a single response)

Response Chart Frequency Count

1–2 15.5% 99

3–6 37.2% 237

7–15 22.0% 140

16–20 5.8% 37

21–30 6.3% 40

More than 30 13.2% 84

Not Answered 19

Valid Responses 637

Total Responses 656

19: Select the annual revenue range that best fits your organization: (Respondents could only choose a single response)

Response Chart Frequency Count

Less than USD 10 million 18.5% 114

USD 10 million to less than

USD 50 million 12.2% 75

USD 50 million to less than

USD 100 million 8.8% 54

USD 100 million to less than USD 500 million

19.3% 119

USD 500 million to less than USD 1 billion

10.4% 64

USD 1 billion to less than

USD 10 billion 22.9% 141

USD 10 billion or more 8.1% 50

Not Answered 39

Valid Responses 617

Total Responses 656

17 Copyright © 2011 The Institute of Internal Auditors

20: What best describes your title or is equivalent to your current position or role within your organization? (Respondents could only choose a single response)

Response Chart Frequency Count

Chief audit executive

(CAE) 42.5% 269

Internal audit director or manager who is direct report

to CAE

25.3% 160

Other internal audit manager

or supervisor 15.3% 97

Internal audit staff with 3 or more years of internal audit


10.0% 63

Internal audit staff with less

than 3 years of internal audit experience

2.2% 14

Other, please specify (below): 4.7% 30

Not Answered 23

Valid Responses 633

Total Responses 656

20-1: If not listed above, what best describes your title or is equivalent to your current position or role within your organization? Acting CIA

Audit Committee (2 responses)

Audit Director for London reporting to Head Office Audit

Operational auditor, systems auditor


Chief Compliance & Governance Officer



Currently working as accountant in HMC DOHA Qatar

Deputy Manager

Executive Director

financial control

Internal audit manager

IA Manager reporting to AC (2 responses)

Internal Audit Manager reporting to the Head of Risk and Governance

Internal control Manager with 3 or more years experience

Outsourced Internal Audit Director

Partner (2 responses)

Partner/Director Risk management & Internal Audit

Responsable de mission d'audit interne

Risk & Compliance

Risk manager (cela inclut l'audit interne)

Senior Internal Auditor

Senior International Auditor

technical advisor

VP Corporate Internal Audit

Responses 30

18 Copyright © 2011 The Institute of Internal Auditors

21: Which category best describes your organization's primary industry?

Response Chart Frequency Count

Aerospace and defense 0.8% 5

Agriculture/forestry/fisheries 1.3% 8


services 4.3% 27

Construction/engineering/architecture 4.4% 28

Consulting services 2.7% 17

Consumer packaged goods 1.6% 10

Distribution 0.9% 6

Educational services 2.8% 18

Energy/oil and gas 7.0% 44

Financial services/banking/real estate

23.2% 147

Gaming/lotteries 0.2% 1

Health services 2.2% 14

Hospitality/entertainment/restaurant 1.1% 7

Insurance carriers/agents 4.4% 28

Local government 1.1% 7

National/federal government 2.1% 13

Manufacturing 11.4% 72

Mining 2.5% 16

Nonprofit sector 2.5% 16

Pharmaceuticals 0.9% 6

Public accounting/accounting services 1.1% 7

State/provincial government 1.7% 11

Technology 3.5% 22

Transportation 3.0% 19

Utilities 2.8% 18

Wholesale/retail 3.0% 19

Other 7.4% 47

Not Answered 23

Valid Responses 633

Total Responses 656

19 Copyright © 2011 The Institute of Internal Auditors

22: Is your organization listed as: (Respondents could only choose a single response)

Response Chart Frequency Count

Fortune 100 5.0% 30

Fortune 250 1.2% 7

Fortune 500 8.1% 49

Fortune 1000 2.5% 15

Global 2000 3.8% 23

None of the above 79.5% 482

Not Answered 50

Valid Responses 606

Total Responses 656

23: Please select the geographic region in which you work. (For a list of countries in each region, click here.) (Respondents could only choose a single response)

Response Chart Frequency Count

Africa 7.7% 49

Asia 33.0% 209

Europe 36.7% 232

Latin America and the

Caribbean 20.5% 130

North America 0.0% 0

Oceania (includes Australia, New Zealand, Micronesia,

Melanesia, and Polynesia)

2.1% 13

Not Answered 23

Valid Responses 633

Total Responses 656

20 Copyright © 2011 The Institute of Internal Auditors

24: In which country or territory do you work? (Respondents could only choose a single response)

Response Frequency Count

United States 0.3% 2

Albania 0.2% 1

Andorra 0.2% 1

Argentina 4.7% 29

Armenia 0.2% 1

Australia 1.5% 9

Austria 0.2% 1

Azerbaijan 0.3% 2

Bahrain 0.2% 1

Belgium 1.1% 7

Benin 0.2% 1

Bosnia-Herzegovina 0.2% 1

Botswana 1.5% 9

Brazil 5.2% 32

Bulgaria 1.0% 6

Cameroon 0.3% 2

Chile 0.5% 3

China 14.1% 87

Cocos Islands 0.2% 1

Colombia 5.5% 34

Comoros 0.2% 1

Costa Rica 0.6% 4

Croatia 0.2% 1

Cyprus 1.0% 6

Czech Republic 0.3% 2

Denmark 0.2% 1

Dominican Republic 0.2% 1

Ecuador 0.8% 5

Ethiopia 0.2% 1

France 1.8% 11

France Metropolitan 0.3% 2

Germany 2.3% 14

Greece 0.2% 1

Guinea 0.3% 2

Heard McDonald Island 0.2% 1

Hong Kong, China 0.2% 1

India 1.5% 9

Indonesia 0.5% 3

Ireland 0.2% 1

Italy 6.3% 39

Isle of Man 0.2% 1

Ivory Coast 0.2% 1

Jordan 0.5% 3

Kenya 0.3% 2

LVA Latvia 0.5% 3

Lebanon 1.0% 6

Lithuania 0.2% 1

Luxembourg 0.2% 1

Malaysia 1.1% 7

Martinique 0.3% 2

Mexico 1.3% 8

Morocco 0.2% 1

Netherlands 2.9% 18

New Zealand 0.3% 2

Nigeria 0.3% 2

Norway 1.5% 9

Pakistan 1.3% 8

Peru 0.8% 5

Philippines 0.2% 1

Poland 0.8% 5

Portugal 1.0% 6

Qatar 1.9% 12

Romania 1.0% 6

Russian Federation 1.0% 6

Saudi Arabia 0.5% 3

Senegal 0.2% 1

Serbia 0.5% 3

Singapore 1.9% 12

Solomon Islands 0.2% 1

South Africa 2.3% 14

South Korea 3.9% 24

Spain 3.7% 23

St. Lucia 0.2% 1

Suriname 0.2% 1

Sweden 1.0% 6

Switzerland 2.1% 13

Taiwan 2.6% 16

The Former Yugoslav

Republic of Macedonia 0.3% 2

21 Copyright © 2011 The Institute of Internal Auditors

Turkey 0.5% 3

Ukraine 0.2% 1

United Arab Emirates 0.3% 2

United Kingdom 4.7% 29

Venezuela 0.6% 4

Zambia 0.6% 4

Zimbabwe 0.5% 3

Not Answered 30

Valid Responses 616

Total Responses 656

24a: Other country: (Respondents were limited to brief text responses)

Response Chart Frequency Count

All other responses to 24a were additional countries in which respondents work; i.e., 50 of the

respondents who selected a country in question 24 also added their responses in 24a.

Responses 50

22 Copyright © 2011 The Institute of Internal Auditors

25: Please select your Institute: (Respondents could only choose a single response)

Response Frequency Count

North American chapter in the U.S., Canada, or Caribbean

1.1% 7

IIA ARGENTINA (249) 4.6% 28

IIA AUSTRALIA (212) 2.0% 12

IIA AUSTRIA (271) 0.3% 2

IIA AZERBAIJAN (296) 0.3% 2

IIA BELGIUM (205) 1.3% 8

IIA BOTSWANA (285) 1.5% 9

IIA BRAZIL (223) 5.2% 32

IIA BULGARIA (320) 1.0% 6

IIA CAMEROON (308) 0.3% 2

IIA CHILE (275) 0.3% 2

IIA CHINA (219) 14.8% 90

IIA CHINESE TAIWAN (258) 1.6% 10

IIA COLOMBIA (123) 5.9% 36

IIA COSTA RICA (264) 0.5% 3

IIA COTE D’IVOIRE (33) 0.2% 1

IIA CYPRUS (293) 1.1% 7


IIA DENMARK (39) 0.2% 1


IIA ECUADOR (195) 0.8% 5

IIA ETHIOPIA (270) 0.2% 1

IIA FRANCE (84) 3.0% 18

IIA GERMANY (268) 2.5% 15

IIA GREECE (286) 0.5% 3

IIA HONG KONG (CHINA) (165) 0.3% 2

IIA INDIA (186) 1.3% 8

IIA INDONESIA (228) 0.5% 3

IIA ITALY (104 6.2% 38

IIA KENYA (314) 0.5% 3

IIA KOREA (218) 4.1% 25

IIA LATVIA (297) 0.5% 3

IIA LEBANON (306) 1.3% 8

IIA LITHUANIA (303) 0.2% 1

IIA LUXEMBOURG (278) 0.2% 1

IIA MALAYSIA (133) 1.1% 7

IIA MEXICO (204) 1.1% 7

IIA MONTENEGRO (347) 0.2% 1

IIA MOROCCO (252) 0.2% 1

IIA NETHERLANDS (287) 3.0% 18

IIA NEW ZEALAND (215) 0.2% 1

IIA NIGERIA (317) 0.2% 1

IIA NORWAY (199) 1.5% 9

IIA PAKISTAN (231) 1.0% 6

IIA PERU (256) 0.8% 5


IIA POLAND (283) 0.7% 4

IIA PORTUGAL (253) 1.0% 6

IIA QATAR (321) 2.0% 12

IIA ROMANIA (327) 0.8% 5

IIA RUSSIA (301) 0.8% 5

IIA SAUDI ARABIA (345) 0.2% 1

IIA SERBIA (341) 0.3% 2

IIA SINGAPORE (129) 1.6% 10

IIA SOUTH AFRICA (81) 2.3% 14

IIA SPAIN (200) 3.9% 24

IIA SWEDEN (42) 1.3% 8

IIA SWITZERLAND (280) 1.1% 7

IIA FYR MACEDONIA (344) 0.3% 2

IIA TURKEY (279) 0.5% 3

IIA UGANDA (248) 0.2% 1

IIA UKRAINE (309) 0.2% 1

IIA United Arab Emirates (267) 0.3% 2

IIA United Kingdom & Ireland(21) 4.9% 30

IIA VENEZUELA (290) 0.7% 4

IIA ZAMBIA (292) 1.1% 7

IIA ZIMBABWE (222) 0.3% 2

None 1.3% 8

Not Answered 36

Valid Responses 610

Total Responses 656

23 Copyright © 2011 The Institute of Internal Auditors

Appendix A 4-1: What other strategies do you employ to acquire and maintain knowledge of the business by your staff:


Reading of all key documents such as Board and management reports (2 responses)

Fresh graduates or external auditors with 1 or 2 yrs of experience then will train them on our audit

methodologies and practices

New graduates with outstanding record

Graduate rotation programme

Guest Auditor Program or collaboration with subject matter experts (7 responses); comments include:

case by case integration of professionals from the business

Employ professionals with different background to participate in internal auditing;

Invite professionals on business to participate in auditing projects

Active interaction/co-operation with subject matter experts in the business units

rotation among cross-functional teams including guest auditors with in-depth business knowledge

Hire external experts and take their working results as examples to assist internal auditors

Job rotation:

job rotation amongst auditors to spread knowledge

Rotation of professionals

1-2 month placement into a specific dept

Professional training (2 responses)

Annual technical Training program

Through training and development

External Training (8 responses)

e.g., Seminars, lectures, conferences, workshops

internal and external educational programs of experienced professionals

Corporate or on-the-job training Company knowledge program

participate in corp training opportunities

training on the job, acquiring knowledge by liaising with functional management


Training for special skills/specialized topics (2 responses)


Relationship management allocation of business units across the team

expose all staff to the different parts of the business;

We pay for staff to write CIA exams. Challenging work

Temporary cost cutting programme

Regular brainstorming among staff in groups of assigned tasks. Share of knowledge to expand auditors

thought process and enhance knowledge base.

24 Copyright © 2011 The Institute of Internal Auditors

Follow new areas and reingineerings.

Ministry of Finance and National Planning recruit for all government ministries

Presentations from the business key managers

Listening to staff across the organisation at all levels, discussing business plans and projects with key staff.

There is a need to supplement the team with legal/reg knowledge to effectively perform regulatory

compliance audits.

Use expertise from Head Office

joint projects

Participation in projects, participation in committees.

Missions conjointes avec d'autres professionnels (joint missions with other professionals)

Within our diverse group, we recently set up focus teams - to gain indepth understanding of the business,

its benchmarks, business applications etc - to move the team away from being a "collection of generalists".

Launch special audit projects on organizational operation

As an old-brand state-owned enterprise, we pay relatively less attention to this area

Generate tables of working with users to better understand the business

Cluster with other companies and with other business of the sector


All staff, ordinarily is considered to evaluate all processes subject at hand.

Benchmarking sector entities

Active participation in all relevant issues (committees, management meetings, etc.)

Interaction with other areas through multidisciplinary teams.

Cross training with process management and documentation of evidence of travel and knowledge of the processes.

Back Responses 55

25 Copyright © 2011 The Institute of Internal Auditors

Appendix A1

5-1: What other strategies do you employ to enhance and maintain knowledge of the business within your staff:


(b) occurs case-by-case, (c) (d) valid for CAD and IA-Managers

interlectures given by staff

on the job

since we are part of a group of companies, we benchmark activities with companies within the group.

Implemented a risk database by business process & function

Crosscountry department meetings

Recruit only experienced specialists

Relationship management responsibility allocated across the team

External Training IIA ISACA etc.

IIA´s Course

Certifications, CIA, CCSA, PMP, CISA,...ETC

Participate in CISI Operational Risk Syllabus and Exam Questions, CISI Forums

Préparation des examens (exam preparation)


Networking (4 responses):

we usually make discussions with staff of others companies to acquire knowledge

Linkedin audit groups

Industry discussion Groups

The CAE frequently, but informally, benchmarks and networks with CAEs of peer companies in

the industry

training on the job by third party provider

ongoing close interaction with the business

Use Ministerial strategic plans and other policy documents

In House training and discussion (2 responses)

external resource

Extensive training and partnering with Legal and Ethics & Compliance team

Joint audit with colleagues from other part of the world, use guest auditors

short term attachment at relevant operation

Personal development targets connected with this area; - demand in work programs and

scoping/objective discussions that staff evidence their industry logic/understanding.

Development and monitoring of risk management of all company processes.

26 Copyright © 2011 The Institute of Internal Auditors

Take part in the monitoring of important control points of business

We developed a program for updating internal audit staff

Active participation in the risk analysis with the Managements

Intensive reading standards that define procedures

None, the internal audit function has a very limited budget.

Use legal methods to acquire disclosed operational information of the organization

Journée d'échanges avec d'autres structures (day trading with other structures)

Back Responses 36

Appendix B

9-1: What other strategies do you employ in assessing the needs and expectations of your stakeholders?

Informal meetings (11 responses); comments include:

A lot of informal interaction with business unit leaders and areas

informal discussions with senior management to assess his/her expectations.

Informal meetings with key stakeholders to assess their expectations and internal auditing’s performance against them

informal one to one with Individual Managers

Meetings and communications with the audit of the parent (sic, translation) to assess their expectations

monthly discussions with CFO

Team meetings to gather team members impression from audits. We have stopped using surveys since they are biased and do not give the full picture on the situation. Face 2 face discussions have improved the situation.

AC Chairman requires annual assessment of IA's effectiveness from each AC member, through a survey

Audit Committee has asked for increased work and assurance regarding regulatory compliance. It is difficult to determine whether we are identifying and escalating the right matters without legal knowledge.

audit on European funding is agreed upon with the European Commission's audit services

Annual risk mapping (2 responses); comments include:

Making of a risk map last year, through interviews with key company executives

compliance driven issues

Discuss with CEO

Dotted line to Group Audit Committee via Group Audit

ERM workshop conduct by IA to Stewardship group

Risk assessment

Periodic evaluation of internal controls

27 Copyright © 2011 The Institute of Internal Auditors

Getting audit concerns of the owners and determining what are the issues they have currently and regularly

IA new in this country so doing outreach to explain role to all public sector execs

In continental Europe no Audit Committee acc. to U.S. standards in place / Audit reports to the Management Board

Call for a meeting with client department at the beginning of the year, listen to their needs and expectations, and sign a “two-way commitment agreement”; distribute and collect questionnaire at the end of the year to

review the working result and check new demands.

information exchange at all audit committee meetings

Internal & External IIA Quality Assurance Review


Internal evaluation within the Group

Participation in various strategy meetings

public sector

regular one-on-one discussions with all members of the executive board

Regulatory requirements / expectations

Ongoing relationship with the Directorate General

Sensitisation workshops

transparent reporting with feedback

when we start an auditing job we meet with the chairman to assess his expectation or worries with the business


Internal auditing and reporting

No evaluation models

no audit committee

No direct contact with Stakeholders and audit committee

Evaluate the IA function’s work by assess their performance

Draft internal audit charter for the organization

Those who make the arrangement and we are accountable to shall evaluate.

Have meetings with key stakeholders and reassess their expectations and IA’s work


28 Copyright © 2011 The Institute of Internal Auditors

Appendix C 12a: If there is a notable area not listed in question 12, please list it here and indicate whether it has increased or decreased in focus, or stayed the same.


IT-related (15 responses):

IT systems security increased in focus

IT risk as part of operational risk has an increased focus. On one hand the regulatory

Information Security requirements are set more stricter. On the other hand IT maintenance was limited due to crisis years.

IT Security - Increased. Management's view was that if the Pentagon systems can be breached

then so can ours.

personal data protection risk has increased; customer's right protection risk has increased.

Increased: - Technology Risk

I.T. Audit – increased

IT risk

IT Security has increased.

IT Risks Increased

IS/IT security and data protection: increased

Information risk, increased

Data Security Risk is very much increased.

I would reinforce Information Security under Operational Risk

IT Risks - Increased Information Security Risks – Increased

increased IT system control - increased

Change Management (4 responses); comments include:

Change Management has increased

Change risks have increased focus

Fraud-related (4 responses): Fraud risks - recession related controls around cash management necessitated more audits

than before recession

Fraud risks increased

External & Internal FRAUD, Investigations, KYC, AML...

Risk and Fraud Prevention

Market risks (3 responses); comments include:

Market Risk (Investment Banking) increased

Market risk has increased

Internal controls (2 responses):

Internal Controls – Increased

Internal Control Systems

Project management/risks (3 responses):

Project Management has increased

project risks have increased focus

increase in program or project management auditing

Social responsibility (5 responses): Environmental risks (increased)

Social responsibility (including environmental) has increased

Social responsibility – increased

Economic responsibility audit has increased in focus.

Economic responsibility audit and assessment for control of energy saving and emission

reduction have increased in focus.

29 Copyright © 2011 The Institute of Internal Auditors

Money laundering (2 responses):

Money laundering – increased

Money laundering and terrorist financing

Auditing third parties and service provider in a context of increased outsourcing

We were acquired by a UK firm and will no longer have to be SOX compliant.

Internal and external information risk - increased



conformity audits: increased

strategic risks (board)

Strategic Risk

Strategic auditing (increased)


Business Performance Strategic reviews both have gone up substantially

Corporate governance strategy

Focus on Corporate Governance has increased

We have conducted audit of Country Governance.

audit activity priorities on European funding follow different schemes

Audit on special PROJECTS, increased

Business risk review (increased)

Increased: Outsourcing Risk

Tax compliance for REIT's (Real Estate Investment Trust) – increased

Tax-risk has increased

Restructuring impact - Increased

IA quality assessment

Anti-Corruption requlation compliance - Increased

Italian compliance with 231 Decree Law


Human resources

Mideast, Japanese.

30 Copyright © 2011 The Institute of Internal Auditors

We are piloting audit of soft controls.

corporate culture = increased awareness and increased focus

Information & resources risks - No change

Effectiveness of management of resources

We are implementing a new audit methodology

BASEL II Activities

The function and coverage of auditing is expanding

Construction cost restraint evaluation analysis

Operational control increased in focus

Decreased working quantity

Trade negotiations / contracts with customers

Finance increased

Your alternatives in question 12 will not provide a meaningful information on priorities: many lines must be ticked as "no change" - on the background, that they had no significance in 2010, and will not

be significant in 2011.

Plus de sujets "innovants" et proches du coeur de métier de l'entreprise ex : utilisation des

technologies tiers par la R&D. (More subjects "innovative" and close to the core business of the

company eg use of technology by third parties for R & D.)

Revue du cadre de control interne : plus de missions (review internal control framework: more


Plus de missions en termes de revue de projets (More missions in terms of review of projects)

Audits combinés systèmes ISO/contrôle interne augmentent. Audits systèmes environnemental aussi. Nouveau système de comptabilité: défi spécifique Risques de fraude: point d'attention continu

(Combined audits ISO systems / internal controls increases. Environmental auditing systems as well.

New accounting system: Fraud risks specific challenge: continuous point of attention)

Plus de missions pour la surveillance des activités du Front Office Trésorerie (More missions to monitor activities of the front office cash)

Back to Question 12 Responses 78

31 Copyright © 2011 The Institute of Internal Auditors

Appendix D

13: Rate the following attributes in terms of importance and level of performance for your internal audit function:

Not important at all

Somewhat important

Important Very important

Extremely important



managing stakeholder


Count 18 66 211 200 124 619

% by Row 2.9% 10.7% 34.1% 32.3% 20.0% 100.0%

Inadequate Limited/ developing

Adequate Above average

Exceptional Total

Count 29 109 301 151 19 609

% by Row 4.8% 17.9% 49.4% 24.8% 3.1% 100.0%

Not important at all

Somewhat important

Important Very important

Extremely important


Effectively meeting stakeholder


Count 21 56 200 221 112 610

% by Row 3.4% 9.2% 32.8% 36.2% 18.4% 100.0%

Inadequate Limited/ developing

Adequate Above average

Exceptional Total

Count 24 112 299 144 19 598

% by Row 4.0% 18.7% 50.0% 24.1% 3.2% 100.0%

Not important at all

Somewhat important

Important Very important

Extremely important





Count 29 120 225 181 51 606

% by Row 4.8% 19.8% 37.1% 29.9% 8.4% 100.0%

Inadequate Limited/ developing

Adequate Above average

Exceptional Total

Count 85 231 201 68 9 594

% by

Row 14.3% 38.9% 33.8% 11.4% 1.5% 100.0%

Not important at all

Somewhat important

Important Very important

Extremely important


Promoting customer service


Count 24 124 246 152 57 603

% by Row 4.0% 20.6% 40.8% 25.2% 9.5% 100.0%

Inadequate Limited/ developing

Adequate Above average

Exceptional Total

Count 39 151 284 101 16 591

% by Row

6.6% 25.5% 48.1% 17.1% 2.7% 100.0%

32 Copyright © 2011 The Institute of Internal Auditors

13 continued:

Rate the following attributes in terms of importance and level of performance for your internal audit function:

Not important at all

Somewhat important

Important Very important

Extremely important


Conformance with

The IIA's


Count 21 88 210 165 122 606

% by Row 3.5% 14.5% 34.7% 27.2% 20.1% 100.0%

Inadequate Limited/ developing

Adequate Above average

Exceptional Total

Count 29 125 271 135 35 595

% by

Row 4.9% 21.0% 45.5% 22.7% 5.9% 100.0%

Not important at all

Somewhat important

Important Very important

Extremely important


Risk methodology that focuses on critical risks

Count 8 39 174 223 168 612

% by

Row 1.3% 6.4% 28.4% 36.4% 27.5% 100.0%

Inadequate Limited/ developing

Adequate Above average

Exceptional Total

Count 28 143 241 163 24 599

% by Row

4.7% 23.9% 40.2% 27.2% 4.0% 100.0%

Not important at all


important Important




important Total

Value proposition of

internal auditing that is well documented and


Count 15 66 242 207 84 614

% by Row

2.4% 10.7% 39.4% 33.7% 13.7% 100.0%

Inadequate Limited/ developing

Adequate Above average

Exceptional Total

Count 35 133 276 130 26 600

% by

Row 5.8% 22.2% 46.0% 21.7% 4.3% 100.0%

Not important at all

Somewhat important

Important Very important

Extremely important


Internal audit plan that is aligned with the

organization’s strategic plan

Count 12 42 169 224 167 614

% by

Row 2.0% 6.8% 27.5% 36.5% 27.2% 100.0%

Inadequate Limited/ developing

Adequate Above average

Exceptional Total

Count 29 100 257 169 48 603

% by

Row 4.8% 16.6% 42.6% 28.0% 8.0% 100.0%

33 Copyright © 2011 The Institute of Internal Auditors

13 continued:

Rate the following attributes in terms of importance and level of performance for your internal audit function:

Not important at all

Somewhat important

Important Very important

Extremely important


Continuous improvement and


Count 12 72 221 225 85 615

% by Row 2.0% 11.7% 35.9% 36.6% 13.8% 100.0%

Inadequate Limited/ developing

Adequate Above average

Exceptional Total

Count 27 183 261 112 20 603

% by Row

4.5% 30.3% 43.3% 18.6% 3.3% 100.0%

Not important at all

Somewhat important

Important Very important

Extremely important


Appropriate talent pool

Count 20 55 222 213 101 611

% by Row 3.3% 9.0% 36.3% 34.9% 16.5% 100.0%

Inadequate Limited/ developing

Adequate Above average

Exceptional Total

Count 71 178 245 87 16 597

% by

Row 11.9% 29.8% 41.0% 14.6% 2.7% 100.0%

Not important at all

Somewhat important

Important Very important

Extremely important


Cost-effective and efficient operations

Count 9 81 270 191 56 607

% by Row 1.5% 13.3% 44.5% 31.5% 9.2% 100.0%

Inadequate Limited/ developing

Adequate Above average

Exceptional Total

Count 39 126 313 99 18 595

% by

Row 6.6% 21.2% 52.6% 16.6% 3.0% 100.0%

Not important at all

Somewhat important

Important Very important

Extremely important


Alignment of risk, control, and compliance


Count 12 52 230 214 102 610

% by Row

2.0% 8.5% 37.7% 35.1% 16.7% 100.0%

Inadequate Limited/ developing

Adequate Above average

Exceptional Total

Count 40 166 267 109 17 599

% by

Row 6.7% 27.7% 44.6% 18.2% 2.8% 100.0%


34 Copyright © 2011 The Institute of Internal Auditors


16-1: What other skill sets are you actively recruiting for, or anticipating recruiting for, in your internal audit function this year?

Accounting (3 responses)

Actuarial & Investment expertise

Auditing Administration

Specific areas, like ALM

External audit

Audit management (replacement HIA)

Audit of soft controls

auditing experience/competency (3 responses); comments include:

Experience in internal audit according to the IPPF

Auditing Process


Enough coverage

contract management

Internal control

Auditing Coordinator

engineering audit

engineering tech

Marchés (Markets)

Finance-related (9 responses):

Financial Auditing (3 responses)


Finance & Accounting



MacroEconomics, Money market's tools.

Financial analyst (

fresh graduates to be trained internally


GST expertise

Hire attitude, train for Skills


Implantación SCIIF (Implementation of SCIIF)

Language skills (4 responses):

English, portugues



legal and fulfillment

legal background

35 Copyright © 2011 The Institute of Internal Auditors

Not recruiting (17 responses); comments include:

No recruitment allowed

No recruitments this year

There is no intention at this time to recruit owing to financial constraints

Temporary stop in recruitment because of cost cutting and reorganization

none due to hiring freeze

None we have them all

None. We use co-sourcing.

none specific - recruiting not specific for one area

n'importe, on ne trouve plus de candidats, d'ou la diminution des effectifs

International audit standards

polyvalence et expertise fonction des oportunités (versatility and expertise as opportunities arise)

Prevention of Labor Risk and Health

public financial control

Accomplishment of audit in specific cycles

Operational Review (2 responses)

External resources are hired when there is lack of expertise (eg. tax or IT)

soft skill

Tax compliance

Testing of controls

SOX, Basil

Audit – Development of projects

Medical, the company is an EPS

Implantación SCIIF

Sales part

strong integrated competency

As an old-brand state-owned enterprise, we pay relatively less attention to this area

Back Responses 74

Appendix F

17-1: What else is internal auditing also primarily responsible for? Response

231/01 legislation (2 responses)

Fraud related (7 responses):

Anti-fraud program

continuous staff fraud monitoring regime

Corruption Prevention

development of the antifraud program

Fraud prevention

Fraud Awareness training

Managing Whistleblowing Program

36 Copyright © 2011 The Institute of Internal Auditors

Attestations for regulatory purposes


Conflict Of Interest Questionnaire

Reviewing risk management reports from management before Board presentation

coordinator for risk management

Corporate governance initiatives (2 responses)

Governance Review

Fulfillment of strategic initiatives

Information Security /Data protection/ DATA MANAGEMENT (3 responses)

Development of the corporate code of ethics.

Due diligence

Financial Audit

former sur le cotrôle interne, sur les risqué (training on internal control and on risk)

efficiency of internal control

Fulfillment of Basil (sic, translation)

internal consulting

Internal Quality auditing (Processes)

Liaison role re all above.

Loan review activity

Business operations


performance improvement

Work with external auditors (3 responses):

relationship with external auditors

Coordinating work of External Auditors

staff loan to external auditor to reduce costs and fees

Operational Risk

Reputational risk

raise awareness and provide support for good governance and advice


They Should Cover All The Above.

Probity and self-discipline assessment

Back Responses 42