DeveloPinG the internal auDit StrateGic Plan ./ 1 IPPF – Practice uide Developing...

download DeveloPinG the internal auDit StrateGic Plan ./ 1 IPPF – Practice uide Developing the Internal

of 20

  • date post

    03-Jul-2018
  • Category

    Documents

  • view

    212
  • download

    0

Embed Size (px)

Transcript of DeveloPinG the internal auDit StrateGic Plan ./ 1 IPPF – Practice uide Developing...

  • Practice Guide

    DeveloPinG the internal auDit StrateGic Plan

    July 2012

  • www.globaliia.org/standards-guidance / C

    IPPF Practice Guide Developing the Internal Audit Strategic Plan

    Table of Contents

    Executive Summary ........................................................................................ 1

    Introduction ................................................................................................... 2

    Strategic Plan Definition and Development .................................................... 2

    Review of Strategic Plan .............................................................................. 10

    Appendix: Illustrative Example SWOT Analysis ........................................ 11

    Appendix: Illustrative Example Strategic Plan Summary ......................... 12

    Authors and Reviewer .................................................................................. 14

  • www.globaliia.org/standards-guidance / 1

    IPPF Practice Guide Developing the Internal Audit Strategic Plan

    executive SummaryFor internal audit to remain relevant, it should adapt to changing expectations and maintain alignment with the organizations objectives. The internal audit strategy is fundamental to remaining relevant playing an impor-tant role in achieving the balance between cost and value, while making meaningful contributions to the organiza-tions overall governance, risk management, and internal controls.

    A systematic and structured process can be used to devel-op the internal audit strategic plan, helping to enable the internal audit activity to achieve its vision and mission. The following steps can be used to develop the internal audit strategic plan:

    1. Understand the relevant industry(ies) and the orga-nizations objectives.

    2. Consider the International Professional Practices Framework (IPPF).

    3. Understand stakeholder expectations.

    4. Update the internal audit vision and mission.

    5. Define the critical success factors.

    6. Perform a strengths, weaknesses, opportunities, and threats (SWOT) analysis.

    7. Identify key initiatives.

    It is important for the chief audit executive (CAE) to vet the strategic plan with key stakeholders and obtain ap-proval from the board1, as this is part of the CAEs obliga-tion for periodically reporting to senior management and the board on internal audits purpose, authority, respon-

    sibility, and performance (Standard 2060: Reporting to Senior Management and the Board). It will be necessary for the strategic plan to be periodically reviewed. Factors influencing the frequency of reviewing the strategic plan include:

    Changes in the organizations strategy.

    Degree of the organizations growth and assessment of organizational maturity.

    Degree to which the organization and its senior management rely upon the internal audit activitys independent assessment and/or support regarding the management of organizational risks.

    Significant change in the availability of the internal audit activitys resources.

    Significant change in laws and/or significant changes to organizational policies and procedures.

    Degree of change in the organizations control envi-ronment.

    Key changes in an organizations leadership team and board of director composition.

    Evaluation of how the internal audit activity has qualitatively or quantitatively delivered on its strate-gic plan.

    Results of internal/external assessments of the inter-nal audit activity.

    This Practice Guide was developed to provide the CAE with guidance on how to develop an internal audit stra-tegic plan. It also highlights the IPPFs Practice Advisory 2120-2: Managing the Risk of the Internal Audit Activ-ity; while there is no way to mitigate all of the risks, an internal audit activity can proactively manage its risks by developing a strategic plan.

    1 The term board is used in this guidance as defined in the Standards glossary: A board is an organizations governing body, such as a board of directors, supervisory board, head of an agency or legislative body, board of governors or trustees of a nonprofit organization, or any other designated body of the organization, including the audit committee to whom the chief audit executive may functionally report.

  • 2 / www.globaliia.org/standards-guidance

    IPPF Practice Guide Developing the Internal Audit Strategic Plan

    This guidance will be particularly effective as a guide for first-time strategic plan preparation for an internal audit activity. It also provides a good review for a strategic plan that has been in place and might need to be refreshed.

    introductionThe International Professional Practices Framework (IPPF) is the conceptual framework that organizes au-thoritative guidance promulgated by The Institute of In-ternal Auditors (IIA). The IPPF includes the Definition of Internal Auditing, Code of Ethics, International Standards for the Professional Practice of Internal Auditing (Stan-dards), and strongly recommended guidance such as this Practice Guide.

    According to The IIAs definition: Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organizations op-erations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, con-trol, and governance processes.

    In order to adhere to the IPPF, internal audit practitioners would benefit from applying a strategic approach toward developing a strategic plan for achieving their internal audit vision and mission statements, thereby positioning themselves to meet the expectations of stakeholders.

    Strategic Plan Definition and Development Definition of Strategy Strategy is a means of establishing the organizations pur-pose and determining the nature of the contribution it in-tends to make while predefining choices that will shape decisions and actions. Strategy for the internal audit ac-tivity enables the allocation of financial and human re-sources to help achieve these objectives as defined in the activitys vision and mission statements (which contrib-ute to the achievement of the organizations objectives). This benefits the internal audit activity through its unique configuration of resources aimed at meeting stakeholder expectations.

    The strategy itself is part of the set of matters to be re-ported to senior management and the board. This respon-sibility falls under the scope of Standard 2060: Reporting to Senior Management and the Board, which establishes that the chief audit executive must report periodically to senior management and the board on the internal audit activitys purpose, authority, responsibility, and perfor-mance relative to its plan.

    A systematic and structured process can be used in devel-oping the strategic plan to enable the internal audit activ-ity to achieve its vision and mission statements. The fol-lowing steps are one approach for developing the internal audit strategic plan:

  • www.globaliia.org/standards-guidance / 3

    IPPF Practice Guide Developing the Internal Audit Strategic Plan

    The starting point for developing the internal audit stra-tegic plan should be obtaining a thorough understanding of the organizations objectives and the industry (or indus-tries) in which it operates. For the internal audit activity to deliver value, it should contribute to the achievement of the organizations strategic, operational, reporting, and compliance objectives while providing assurance that the organization maintains an ethical environment and cul-

    ture of accountability. Therefore, it is imperative that the internal audit activity have an in-depth understanding of the applicable industries (including the applicable regula-tions and laws) and the organizations objectives.

    Review the organizations strategic plans prior to interviewing stakeholders.

    Industry &Objectives

    Standards &Guidance

    StakeholderExpectations

    Vision &Mission

    CriticalSuccessFactors

    SWOTAnalysis

    Key Initiatives

    Industry &Objectives

    Standards &Guidance

    StakeholderExpectations

    Vision &Mission

    CriticalSuccessFactors

    SWOTAnalysis

    Key Initiatives

    The CAE should consider the IPPF when developing the internal audit strategic plan. The values the internal au-dit activitys personnel should adopt are contained within the frameworks Standards and Code of Ethics (along with their organizations own values).

    Attribute Standards:

    1000: Purpose, Authority, and Responsibility

    1110: Organizational Independence

    1120: Direct Interaction with the Board

    1200: Proficiency and Due Professional Care

    1210: Proficiency

    1230: Continuing Professional Development

    1300: Quality Assurance and Improvement Program

    1311: Internal Assessments

    1312: External Assessments

    Performance Standards:

    2000: Managing the Internal Audit Activity

    2010: Planning

    2020: Communication and Approval

    2030: Resource Management

    2040: Policies and Procedures

    2050: Coordination

    2060: Reporting to Senior Management and the Board

    2110: Governance

    2120: Risk Management

    2201: Planning Considerations

    2210: Engagement Objectives

    2230: Engagement Resource Allocation

    2300: Performing the Engagement

    2310: Identifying Information

    2320: Analysis and Evaluation

    2410: Criteria for Communicating

    2420: Quality of Communications

    2500: Monitoring Progres