Emerging Trends and Leading Practices 2011...Emerging Trends and Leading Practices 2011 Respondents...
Transcript of Emerging Trends and Leading Practices 2011...Emerging Trends and Leading Practices 2011 Respondents...
1 Copyright © 2011 The Institute of Internal Auditors
Emerging Trends and Leading Practices 2011
Respondents Outside North America
Executive Summary Report
Date: 4/11/2011
Number of Responses Analyzed: 656
Total number of responses collected: 1,363
1: From 2010 to 2011, the staffing levels of my internal audit function: (Respondents could only choose a single response)
Response Chart Frequency Count
Increased, by what
percentage (see below): 33.3% 217
Decreased, by what
percentage (see below): 9.8% 64
Stayed the same 56.9% 371
Not Answered 4
Valid Responses 652
Total Responses 56
Increased by: Count Decreased by: Count
1–5% 13 1–5% 3
6–10% 47 6–10% 15
11–15% 19 11–15% 9
16–20% 43 16–20% 10
21–30% 30 21–30% 12
31–40% 6 31–40% 4
41–50% 18 41–50% 3
More than 50% 16 More than 50% 4
2 Copyright © 2011 The Institute of Internal Auditors
2: From 2010 to 2011, the budget of my internal audit function:
Response Chart Frequency Count
Increased, by what percentage (see below):
39.3% 256
Decreased, by what percentage (see below):
13.1% 85
Stayed the same 47.6% 310
Not Answered 5
Valid Responses 651
Total Responses 656
Increased by: Count Decreased by: Count
1–5% 38 1–5% 12
6–10% 67 6–10% 22
11–15% 20 11–15% 12
16–20% 42 16–20% 7
21–30% 31 21–30% 8
31–40% 8 31–40% 2
41–50% 14 41–50% 4
More than 50% 10 More than 50% 4
3: How would you rate the collective knowledge of your organization’s business by your internal audit staff: (Respondents could only choose a single response)
Response Chart Frequency Count
Inadequate 2.1% 14
Limited/developing 22.6% 148
Adequate 38.1% 250
Above average 27.1% 178
Extensive 10.1% 66
Not Answered 7
Mean 3.204
Valid Responses 656
Total Responses 663
3 Copyright © 2011 The Institute of Internal Auditors
4: Which of the following staffing strategies do you employ to acquire and maintain knowledge of the business by your staff: (Respondents were allowed to choose multiple responses)
Response Chart Frequency Count
Rotational program in which experienced professionals from the business rotate into
internal auditing on an ongoing basis
30.7% 206
Active recruitment of experienced professionals with industry experience or knowledge
42.8% 287
Co-sourcing relationship with a third-party provider to leverage industry experience
24.5% 164
Internal development of existing
personnel 79.3% 531
Other, please explain (See Appendix A): 7.9% 53
I do not consider acquisition of business/industry knowledge to be a priority
2.2% 15
Valid Responses 656
Total Responses 656
5: Which of the following strategies do you employ to enhance and maintain knowledge of the business within your staff: (Respondents were allowed to choose multiple responses)
Response Chart Frequency Count
Partnering inexperienced staff with more
experienced or seasoned staff on engagements warranting knowledge of the business
64.6% 433
Hosting regular all-staff training events to learn from company executives, business unit leaders, and
others
38.8% 260
The CAE participates in one or more industry focused CAE groups, roundtables, or events
34.0% 228
The CAE frequently, but informally, benchmarks and networks with CAEs of peer companies in the industry
27.9% 187
Staff receive training focused on industry risks or issues that may warrant internal audit coverage
59.3% 397
Internal audit staff subscribe to industry periodicals or
other literature to stay current on risks or issues that may warrant internal audit coverage
51.2% 343
Internal auditing or the company has deployed an extensive knowledge management framework that is
drawn upon to acquire, enhance, and maintain
knowledge of the business
29.9% 200
Other, please explain (see Appendix A1): 5.2% 35
Valid Responses 656
Total Responses 656
4 Copyright © 2011 The Institute of Internal Auditors
6: If surveyed today on how well internal auditing is meeting their needs and expectations, executive management in my company would probably rate their overall satisfaction as: (Respondents could only choose a single response)
Response Chart Frequency Count
Unacceptable 0.2% 1
Poor 3.4% 22
Acceptable 32.7% 214
Good 56.3% 369
Outstanding 7.5% 49
Not Answered 1
Mean 3.676
Valid Responses 655
Total Responses 656
7: If surveyed today on how well internal auditing is meeting its needs and expectations, my audit committee would probably rate its overall satisfaction as: (Respondents could only choose a single response)
Response Chart Frequency Count
Unacceptable 0.0% 0
Poor 2.9% 19
Acceptable 27.1% 176
Good 59.4% 386
Outstanding 10.6% 69
Not Answered 6
Mean 3.777
Valid Responses 650
Total Responses 656
5 Copyright © 2011 The Institute of Internal Auditors
8: Over the past year, how much have the needs and expectations of management and the audit committee driven change in the focus or coverage of your internal audit function? (Respondents could only choose a single response)
Response Chart Frequency Count
No influence 3.4% 22
Minimal 11.2% 73
There has been some
influence, but no more than usual
46.6% 304
More than usual 30.9% 202
Extensive 8.0% 52
Not Answered 3
Mean 3.289
Valid Responses 653
Total Responses 656
9: Which of the following strategies do you employ in assessing the needs and expectations of your stakeholders? (Choose all that apply)
Response Chart Frequency Count
Formal surveys of key stakeholders to assess
expectations and internal auditing’s
performance against them
35.7% 239
Regular formal meetings with key
stakeholders to assess their expectations and internal auditing’s performance
against them
57.5% 385
Discussions with the full executive
leadership/management team of my company
in the same room to assess their collective expectations and internal auditing’s
performance against them.
34.5% 231
Ongoing informal discussions with the
chairman of the audit committee to assess
his/her expectations and internal auditing’s performance against them
45.1% 302
Discussions with the full audit committee to assess their collective expectations and
internal auditing’s performance against them
40.3% 270
Other, please explain: See Appendix B 7.8% 52
Valid Responses 656
Total Responses 656
6 Copyright © 2011 The Institute of Internal Auditors
10: In what areas is technology leveraged for ongoing internal audit activities and what tools are used?
Technology used
Yes No Total
Risk assessment activities
Count 394 211 605
% by Row 65.1% 34.9% 100.0%
Audit planning Count 417 200 617
% by Row 67.6% 32.4% 100.0%
Control analysis Count 352 222 574
% by Row 61.3% 38.7% 100.0%
Data analysis Count 474 109 583
% by Row 81.3% 18.7% 100.0%
Substantive
testing Count 362 204 566
% by Row 64.0% 36.0% 100.0%
Workpaper management
Count 414 194 608
% by Row 68.1% 31.9% 100.0%
Reporting Count 394 192 586
% by Row 67.2% 32.8% 100.0%
Managing findings and issues
Count 417 181 598
% by Row 69.7% 30.3% 100.0%
Performance
management for internal auditing
Count 316 273 589
% by Row 53.7% 46.3% 100.0%
Communication Count 381 207 588
% by Row 64.8% 35.2% 100.0%
Continuous audit
activities Count 325 258 583
% by Row 55.7% 44.3% 100.0%
Total Count 4246 2251 6497
% by Row 65.4% 34.6% 100.0%
7 Copyright © 2011 The Institute of Internal Auditors
10: In what areas is technology leveraged for ongoing internal audit activities and what tools are used?
Type of tool used, if applicable
Data analysis
GRC system Security monitoring
Audit management
Other Total
Risk assessment
activities Count 238 130 86 227 80 761
% by
Row 35.5% 19.4% 12.8% 33.9% 11.9% 100.0%
Audit planning Count 194 88 39 285 94 700
% by Row
29.0% 13.1% 5.8% 42.5% 14.0% 100.0%
Control analysis Count 217 88 91 168 84 648
% by
Row 32.4% 13.1% 13.6% 25.1% 12.5% 100.0%
Data analysis Count 399 45 62 132 75 713
% by Row
59.6% 6.7% 9.3% 19.7% 11.2% 100.0%
Substantive
testing Count 253 60 60 151 86 610
% by
Row 37.8% 9.0% 9.0% 22.5% 12.8% 100.0%
Workpaper
management Count 115 68 43 288 106 620
% by Row
17.2% 10.1% 6.4% 43.0% 15.8% 100.0%
Reporting Count 105 65 39 259 125 593
% by
Row 15.7% 9.7% 5.8% 38.7% 18.7% 100.0%
Managing findings
and issues Count 121 80 59 269 130 659
% by
Row 18.1% 11.9% 8.8% 40.1% 19.4% 100.0%
Performance management for
internal auditing
Count 97 49 43 201 114 504
% by
Row 14.5% 7.3% 6.4% 30.0% 17.0% 100.0%
Communication Count 67 56 35 198 174 530
% by Row
10.0% 8.4% 5.2% 29.6% 26.0% 100.0%
Continuous audit
activities Count 168 70 70 192 90 590
% by
Row 25.1% 10.4% 10.4% 28.7% 13.4% 100.0%
8 Copyright © 2011 The Institute of Internal Auditors
11: For the following tools that you use, please identify whether these tools are commercially available, internally developed, a combination of the two, or not used, and rank your satisfaction with each of them.
(Source)
Commercially available
Internally developed
Combination of commercially available and internally developed
Not used Total
Data analysis
tools
Count 269 135 96 86 586
% by Row 45.9% 23.0% 16.4% 14.7% 100.0%
GRC systems Count 108 87 49 251 495
% by Row 21.8% 17.6% 9.9% 50.7% 100.0%
Security
monitoring tools
Count 92 94 67 238 491
% by Row 18.7% 19.1% 13.6% 48.5% 100.0%
Audit
management tools
Count 165 195 64 127 551
% by Row 29.9% 35.4% 11.6% 23.0% 100.0%
Other tools Count 118 107 54 178 457
% by Row 25.8% 23.4% 11.8% 38.9% 100.0%
Total Count 752 618 330 880 2580
% by Row 29.1% 24.0% 12.8% 34.1% 100.0%
(Level of Satisfaction)
Not satisfied at all
Needs improvement
Satisfied Extremely satisfied
Total Mean
Data analysis
tools
Count 17 201 263 21 502 2.574
% by Row 3.4% 40.0% 52.4% 4.2% 100.0%
GRC systems Count 35 130 104 7 276 2.301
% by Row 12.7% 47.1% 37.7% 2.5% 100.0%
Security monitoring tools
Count 31 128 111 7 277 2.339
% by Row 11.2% 46.2% 40.1% 2.5% 100.0%
Audit
management
tools
Count 31 168 204 24 427 2.518
% by Row 7.3% 39.3% 47.8% 5.6% 100.0%
Other tools Count 19 130 143 6 298 2.456
% by Row 6.4% 43.6% 48.0% 2.0% 100.0%
Total Count 133 757 825 65 1780 N/A
% by Row 7.5% 42.5% 46.3% 3.7% 100.0%
9 Copyright © 2011 The Institute of Internal Auditors
12: For 2011 audit activities, please indicate whether the focus of your internal audit plan has changed for the following since 2010:
Increased No change Decreased Total
Financial risks Count 277 318 34 629
% by Row 44.0% 50.6% 5.4% 100.0%
Financial reporting
controls testing
Count 228 358 46 632
% by Row 36.1% 56.6% 7.3% 100.0%
Operational risks Count 366 251 19 636
% by Row 57.5% 39.5% 3.0% 100.0%
Compliance risks Count 317 291 30 638
% by Row 49.7% 45.6% 4.7% 100.0%
Credit risks Count 176 406 42 624
% by Row 28.2% 65.1% 6.7% 100.0%
Fraud risks Count 305 297 30 632
% by Row 48.3% 47.0% 4.7% 100.0%
Catastrophic/disaster
recovery risks
Count 137 425 54 616
% by Row 22.2% 69.0% 8.8% 100.0%
Crisis management Count 144 437 42 623
% by Row 23.1% 70.1% 6.7% 100.0%
Effectiveness of risk management
Count 295 314 22 631
% by Row 46.8% 49.8% 3.5% 100.0%
Cost/expense reduction or containment
Count 212 366 47 625
% by Row 33.9% 58.6% 7.5% 100.0%
Reputational risks Count 184 402 39 625
% by Row 29.4% 64.3% 6.2% 100.0%
Mergers and acquisitions Count 103 410 98 611
% by Row 16.9% 67.1% 16.0% 100.0%
Total Count 2744 4275 503 7522
% by Row 36.5% 56.8% 6.7% 100.0%
12a: If there is a notable area not listed in question 12, please list it here and indicate whether it has increased or decreased in focus, or stayed the same. SEE APPENDIX C
10 Copyright © 2011 The Institute of Internal Auditors
13: Rate the following attributes in terms of importance and level of performance for your internal audit function: (Importance)
Not important at all
Somewhat important
Important Very important
Extremely important
Total Mean
Effectively managing
stakeholder relationships
Count 18 66 211 200 124 619 3.559
% by
Row 2.9% 10.7% 34.1% 32.3% 20.0% 100.0%
Effectively meeting stakeholder
expectations
Count 21 56 200 221 112 610 3.569
% by
Row 3.4% 9.2% 32.8% 36.2% 18.4% 100.0%
Effectively leveraging
technology
Count 29 120 225 181 51 606 3.173
% by
Row 4.8% 19.8% 37.1% 29.9% 8.4% 100.0%
Promoting customer
service focus
Count 24 124 246 152 57 603 3.156
% by
Row 4.0% 20.6% 40.8% 25.2% 9.5% 100.0%
Conformance with The IIA's Standards
Count 21 88 210 165 122 606 3.460
% by
Row 3.5% 14.5% 34.7% 27.2% 20.1% 100.0%
Risk methodology that focuses on critical risks
Count 8 39 174 223 168 612 3.824
% by Row
1.3% 6.4% 28.4% 36.4% 27.5% 100.0%
Value proposition of internal auditing that is
well documented and communicated
Count 15 66 242 207 84 614 3.454
% by
Row 2.4% 10.7% 39.4% 33.7% 13.7% 100.0%
Internal audit plan that is aligned with the
organization’s strategic plan
Count 12 42 169 224 167 614 3.801
% by Row
2.0% 6.8% 27.5% 36.5% 27.2% 100.0%
Continuous
improvement and innovation
Count 12 72 221 225 85 615 3.486
% by
Row 2.0% 11.7% 35.9% 36.6% 13.8% 100.0%
Appropriate talent pool Count 20 55 222 213 101 611 3.524
% by
Row 3.3% 9.0% 36.3% 34.9% 16.5% 100.0%
Cost-effective and
efficient operations
Count 9 81 270 191 56 607 3.336
% by Row
1.5% 13.3% 44.5% 31.5% 9.2% 100.0%
Alignment of risk,
control, and compliance functions
Count 12 52 230 214 102 610 3.561
% by Row
2.0% 8.5% 37.7% 35.1% 16.7% 100.0%
Total Count 201 861 2620 2416 1229 7327 N/A
% by Row
2.7% 11.8% 35.8% 33.0% 16.8% 100.0%
(see Appendix D for alternative table comparing Importance and Level of Performance)
11 Copyright © 2011 The Institute of Internal Auditors
13: Rate the following attributes in terms of importance and level of performance for your internal audit function: (Level of Performance)
Inadequate Limited/ developing
Adequate Above average
Exceptional Total Mean
Effectively managing
stakeholder relationships
Count 29 109 301 151 19 609 3.036
% by
Row 4.8% 17.9% 49.4% 24.8% 3.1% 100.0%
Effectively meeting
stakeholder expectations
Count 24 112 299 144 19 598 3.037
% by
Row 4.0% 18.7% 50.0% 24.1% 3.2% 100.0%
Effectively leveraging
technology
Count 85 231 201 68 9 594 2.470
% by
Row 14.3% 38.9% 33.8% 11.4% 1.5% 100.0%
Promoting customer service focus
Count 39 151 284 101 16 591 2.838
% by
Row 6.6% 25.5% 48.1% 17.1% 2.7% 100.0%
Conformance with The IIA's Standards
Count 29 125 271 135 35 595 3.037
% by
Row 4.9% 21.0% 45.5% 22.7% 5.9% 100.0%
Risk methodology that
focuses on critical risks
Count 28 143 241 163 24 599 3.020
% by
Row 4.7% 23.9% 40.2% 27.2% 4.0% 100.0%
Value proposition of internal auditing that is
well documented and communicated
Count 35 133 276 130 26 600 2.965
% by Row
5.8% 22.2% 46.0% 21.7% 4.3% 100.0%
Internal audit plan that
is aligned with the organization’s strategic
plan
Count 29 100 257 169 48 603 3.177
% by
Row 4.8% 16.6% 42.6% 28.0% 8.0% 100.0%
Continuous improvement and
innovation
Count 27 183 261 112 20 603 2.859
% by Row
4.5% 30.3% 43.3% 18.6% 3.3% 100.0%
Appropriate talent pool Count 71 178 245 87 16 597 2.663
% by
Row 11.9% 29.8% 41.0% 14.6% 2.7% 100.0%
Cost-effective and efficient operations
Count 39 126 313 99 18 595 2.884
% by
Row 6.6% 21.2% 52.6% 16.6% 3.0% 100.0%
Alignment of risk,
control, and compliance
functions
Count 40 166 267 109 17 599 2.828
% by
Row 6.7% 27.7% 44.6% 18.2% 2.8% 100.0%
Total Count 475 1757 3216 1468 267 7183 N/A
% by Row
6.6% 24.5% 44.8% 20.4% 3.7% 100.0%
12 Copyright © 2011 The Institute of Internal Auditors
14: What do you feel are the top three risks that are or will impact your organization in 2011, and how is internal auditing positioned to assess and help the organization mitigate these risks? (Positioning, in general)
Not positioned at all Somewhat positioned Well positioned Total Mean
Risk 1 Count 68 234 255 557 2.336
% by Row
12.2% 42.0% 45.8% 100.0%
Risk 2 Count 65 242 227 534 2.303
% by
Row 12.2% 45.3% 42.5% 100.0%
Risk 3 Count 88 231 181 500 2.186
% by Row
17.6% 46.2% 36.2% 100.0%
Total Count 221 707 663 1591 N/A
% by Row
13.9% 44.4% 41.7% 100.0%
14-1: List of top risks, and how internal auditing is positioned to assess and help the organization mitigate these risks: (Respondents were limited to brief text responses)
RISK Not positioned at all Somewhat positioned Well positioned Total
Specific risks yet to be analyzed
Responses
13 Copyright © 2011 The Institute of Internal Auditors
15: For each of the following, indicate the extent to which your internal audit staff collectively possesses the required skills to address needed coverage: (Extent of Skills)
Significantly lacking
Inadequate Adequate Expert level
Not required
Total Mean
Business and
industry-
specific knowledge
Count 8 58 379 166 5 616 3.166
% by Row
1.3% 9.4% 61.5% 26.9% 0.8% 100.0%
IT (general) Count 34 165 300 112 6 617 2.823
% by
Row 5.5% 26.7% 48.6% 18.2% 1.0% 100.0%
Data mining
and analytics Count 36 166 311 84 14 611 2.794
% by Row
5.9% 27.2% 50.9% 13.7% 2.3% 100.0%
Cybersecurity and privacy
Count 60 224 252 46 37 619 2.638
% by
Row 9.7% 36.2% 40.7% 7.4% 6.0% 100.0%
Risk
management Count 8 88 369 154 2 621 3.087
% by
Row 1.3% 14.2% 59.4% 24.8% 0.3% 100.0%
Fraud auditing Count 16 130 333 116 21 616 2.994
% by Row
2.6% 21.1% 54.1% 18.8% 3.4% 100.0%
Forensics and
investigations Count 43 174 261 89 50 617 2.885
% by
Row 7.0% 28.2% 42.3% 14.4% 8.1% 100.0%
Quality control
(e.g., Six
Sigma, ISO)
Count 48 174 258 64 68 612 2.886
% by
Row 7.8% 28.4% 42.2% 10.5% 11.1% 100.0%
Strategic
initiatives and programs
Count 26 148 353 61 29 617 2.869
% by
Row 4.2% 24.0% 57.2% 9.9% 4.7% 100.0%
Interviewing Count 7 51 402 151 6 617 3.159
% by Row
1.1% 8.3% 65.2% 24.5% 1.0% 100.0%
Total Count 286 1378 3218 1043 238 6163 N/A
% by Row
4.6% 22.4% 52.2% 16.9% 3.9% 100.0%
14 Copyright © 2011 The Institute of Internal Auditors
15a: If there is any other area not mentioned above, please list it and indicate the extent to which your internal audit staff collectively possesses the required skills to address needed coverage: (Extent of Skills, in general)
Significantly lacking
Inadequate Adequate Expert level Total Mean
Area 1: Count 10 18 33 22 83 2.807
% by Row
12.0% 21.7% 39.8% 26.5% 100.0%
Area 2: Count 3 19 16 7 45 2.600
% by
Row 6.7% 42.2% 35.6% 15.6% 100.0%
Area 3: Count 6 11 8 4 29 2.345
% by Row
20.7% 37.9% 27.6% 13.8% 100.0%
Total Count 19 48 57 33 157 N/A
% by Row
12.1% 30.6% 36.3% 21.0% 100.0%
15a-1: For areas not mentioned above, please list them and indicate the extent to which your internal audit staff collectively possesses the required skills to address needed coverage: (Respondents were limited to brief text responses)
Significantly lacking
Inadequate Adequate Expert level Total
Specific areas yet to be analyzed
Total Responses 130
15 Copyright © 2011 The Institute of Internal Auditors
16: What skill sets are you actively recruiting for, or anticipating recruiting for, in your internal audit function this year? (Choose all that apply)
Response Chart Frequency Count
Business and industry-specific knowledge
41.8% 280
IT (general) 40.6% 272
Data mining and analytics 31.2% 209
Cybersecurity and privacy 17.2% 115
Risk management 36.3% 243
Risk assessment activities 33.3% 223
Report writing 20.0% 134
Fraud auditing 25.4% 170
Forensics and investigations 18.5% 124
Quality control (e.g., Six Sigma, ISO) 14.9% 100
Strategic initiatives and programs 20.4% 137
Interviewing 11.8% 79
Other, please specify: See Appendix E 11.3% 76
Valid Responses 656
Total Responses 656
17: In addition to traditional roles and responsibilities, internal auditing is also primarily responsible for: (Choose all that apply) Response Chart Frequency Count
Risk management 45.6% 303
Ethics investigations 37.0% 246
Managing corporate hotline 16.7% 111
Financial reporting controls compliance
(e.g., the U.S. Sarbanes-Oxley Act) 36.1% 240
Regulatory compliance (general) 38.2% 254
IT security 22.0% 146
Fraud investigations 55.9% 372
Compliance with anti-bribery legislation 24.1% 160
None of the above 12.3% 82
Other, please specify (See Appendix F): 6.2% 41
Valid Responses 656
Total Responses 656
16 Copyright © 2011 The Institute of Internal Auditors
18: What is the size of your internal audit function (calculated in total full-time equivalents)? (Respondents could only choose a single response)
Response Chart Frequency Count
1–2 15.5% 99
3–6 37.2% 237
7–15 22.0% 140
16–20 5.8% 37
21–30 6.3% 40
More than 30 13.2% 84
Not Answered 19
Valid Responses 637
Total Responses 656
19: Select the annual revenue range that best fits your organization: (Respondents could only choose a single response)
Response Chart Frequency Count
Less than USD 10 million 18.5% 114
USD 10 million to less than
USD 50 million 12.2% 75
USD 50 million to less than
USD 100 million 8.8% 54
USD 100 million to less than USD 500 million
19.3% 119
USD 500 million to less than USD 1 billion
10.4% 64
USD 1 billion to less than
USD 10 billion 22.9% 141
USD 10 billion or more 8.1% 50
Not Answered 39
Valid Responses 617
Total Responses 656
17 Copyright © 2011 The Institute of Internal Auditors
20: What best describes your title or is equivalent to your current position or role within your organization? (Respondents could only choose a single response)
Response Chart Frequency Count
Chief audit executive
(CAE) 42.5% 269
Internal audit director or manager who is direct report
to CAE
25.3% 160
Other internal audit manager
or supervisor 15.3% 97
Internal audit staff with 3 or more years of internal audit
experience
10.0% 63
Internal audit staff with less
than 3 years of internal audit experience
2.2% 14
Other, please specify (below): 4.7% 30
Not Answered 23
Valid Responses 633
Total Responses 656
20-1: If not listed above, what best describes your title or is equivalent to your current position or role within your organization? Acting CIA
Audit Committee (2 responses)
Audit Director for London reporting to Head Office Audit
Operational auditor, systems auditor
CFO
Chief Compliance & Governance Officer
Consultant
COO
Currently working as accountant in HMC DOHA Qatar
Deputy Manager
Executive Director
financial control
Internal audit manager
IA Manager reporting to AC (2 responses)
Internal Audit Manager reporting to the Head of Risk and Governance
Internal control Manager with 3 or more years experience
Outsourced Internal Audit Director
Partner (2 responses)
Partner/Director Risk management & Internal Audit
Responsable de mission d'audit interne
Risk & Compliance
Risk manager (cela inclut l'audit interne)
Senior Internal Auditor
Senior International Auditor
technical advisor
VP Corporate Internal Audit
Responses 30
18 Copyright © 2011 The Institute of Internal Auditors
21: Which category best describes your organization's primary industry?
Response Chart Frequency Count
Aerospace and defense 0.8% 5
Agriculture/forestry/fisheries 1.3% 8
Communication/telecommunication
services 4.3% 27
Construction/engineering/architecture 4.4% 28
Consulting services 2.7% 17
Consumer packaged goods 1.6% 10
Distribution 0.9% 6
Educational services 2.8% 18
Energy/oil and gas 7.0% 44
Financial services/banking/real estate
23.2% 147
Gaming/lotteries 0.2% 1
Health services 2.2% 14
Hospitality/entertainment/restaurant 1.1% 7
Insurance carriers/agents 4.4% 28
Local government 1.1% 7
National/federal government 2.1% 13
Manufacturing 11.4% 72
Mining 2.5% 16
Nonprofit sector 2.5% 16
Pharmaceuticals 0.9% 6
Public accounting/accounting services 1.1% 7
State/provincial government 1.7% 11
Technology 3.5% 22
Transportation 3.0% 19
Utilities 2.8% 18
Wholesale/retail 3.0% 19
Other 7.4% 47
Not Answered 23
Valid Responses 633
Total Responses 656
19 Copyright © 2011 The Institute of Internal Auditors
22: Is your organization listed as: (Respondents could only choose a single response)
Response Chart Frequency Count
Fortune 100 5.0% 30
Fortune 250 1.2% 7
Fortune 500 8.1% 49
Fortune 1000 2.5% 15
Global 2000 3.8% 23
None of the above 79.5% 482
Not Answered 50
Valid Responses 606
Total Responses 656
23: Please select the geographic region in which you work. (For a list of countries in each region, click here.) (Respondents could only choose a single response)
Response Chart Frequency Count
Africa 7.7% 49
Asia 33.0% 209
Europe 36.7% 232
Latin America and the
Caribbean 20.5% 130
North America 0.0% 0
Oceania (includes Australia, New Zealand, Micronesia,
Melanesia, and Polynesia)
2.1% 13
Not Answered 23
Valid Responses 633
Total Responses 656
20 Copyright © 2011 The Institute of Internal Auditors
24: In which country or territory do you work? (Respondents could only choose a single response)
Response Frequency Count
United States 0.3% 2
Albania 0.2% 1
Andorra 0.2% 1
Argentina 4.7% 29
Armenia 0.2% 1
Australia 1.5% 9
Austria 0.2% 1
Azerbaijan 0.3% 2
Bahrain 0.2% 1
Belgium 1.1% 7
Benin 0.2% 1
Bosnia-Herzegovina 0.2% 1
Botswana 1.5% 9
Brazil 5.2% 32
Bulgaria 1.0% 6
Cameroon 0.3% 2
Chile 0.5% 3
China 14.1% 87
Cocos Islands 0.2% 1
Colombia 5.5% 34
Comoros 0.2% 1
Costa Rica 0.6% 4
Croatia 0.2% 1
Cyprus 1.0% 6
Czech Republic 0.3% 2
Denmark 0.2% 1
Dominican Republic 0.2% 1
Ecuador 0.8% 5
Ethiopia 0.2% 1
France 1.8% 11
France Metropolitan 0.3% 2
Germany 2.3% 14
Greece 0.2% 1
Guinea 0.3% 2
Heard McDonald Island 0.2% 1
Hong Kong, China 0.2% 1
India 1.5% 9
Indonesia 0.5% 3
Ireland 0.2% 1
Italy 6.3% 39
Isle of Man 0.2% 1
Ivory Coast 0.2% 1
Jordan 0.5% 3
Kenya 0.3% 2
LVA Latvia 0.5% 3
Lebanon 1.0% 6
Lithuania 0.2% 1
Luxembourg 0.2% 1
Malaysia 1.1% 7
Martinique 0.3% 2
Mexico 1.3% 8
Morocco 0.2% 1
Netherlands 2.9% 18
New Zealand 0.3% 2
Nigeria 0.3% 2
Norway 1.5% 9
Pakistan 1.3% 8
Peru 0.8% 5
Philippines 0.2% 1
Poland 0.8% 5
Portugal 1.0% 6
Qatar 1.9% 12
Romania 1.0% 6
Russian Federation 1.0% 6
Saudi Arabia 0.5% 3
Senegal 0.2% 1
Serbia 0.5% 3
Singapore 1.9% 12
Solomon Islands 0.2% 1
South Africa 2.3% 14
South Korea 3.9% 24
Spain 3.7% 23
St. Lucia 0.2% 1
Suriname 0.2% 1
Sweden 1.0% 6
Switzerland 2.1% 13
Taiwan 2.6% 16
The Former Yugoslav
Republic of Macedonia 0.3% 2
21 Copyright © 2011 The Institute of Internal Auditors
Turkey 0.5% 3
Ukraine 0.2% 1
United Arab Emirates 0.3% 2
United Kingdom 4.7% 29
Venezuela 0.6% 4
Zambia 0.6% 4
Zimbabwe 0.5% 3
Not Answered 30
Valid Responses 616
Total Responses 656
24a: Other country: (Respondents were limited to brief text responses)
Response Chart Frequency Count
All other responses to 24a were additional countries in which respondents work; i.e., 50 of the
respondents who selected a country in question 24 also added their responses in 24a.
Responses 50
22 Copyright © 2011 The Institute of Internal Auditors
25: Please select your Institute: (Respondents could only choose a single response)
Response Frequency Count
North American chapter in the U.S., Canada, or Caribbean
1.1% 7
IIA ARGENTINA (249) 4.6% 28
IIA AUSTRALIA (212) 2.0% 12
IIA AUSTRIA (271) 0.3% 2
IIA AZERBAIJAN (296) 0.3% 2
IIA BELGIUM (205) 1.3% 8
IIA BOTSWANA (285) 1.5% 9
IIA BRAZIL (223) 5.2% 32
IIA BULGARIA (320) 1.0% 6
IIA CAMEROON (308) 0.3% 2
IIA CHILE (275) 0.3% 2
IIA CHINA (219) 14.8% 90
IIA CHINESE TAIWAN (258) 1.6% 10
IIA COLOMBIA (123) 5.9% 36
IIA COSTA RICA (264) 0.5% 3
IIA COTE D’IVOIRE (33) 0.2% 1
IIA CYPRUS (293) 1.1% 7
IIA CZECH REPUBLIC (269) 0.3% 2
IIA DENMARK (39) 0.2% 1
IIA DOMINICAN REPUBLIC (262) 0.2% 1
IIA ECUADOR (195) 0.8% 5
IIA ETHIOPIA (270) 0.2% 1
IIA FRANCE (84) 3.0% 18
IIA GERMANY (268) 2.5% 15
IIA GREECE (286) 0.5% 3
IIA HONG KONG (CHINA) (165) 0.3% 2
IIA INDIA (186) 1.3% 8
IIA INDONESIA (228) 0.5% 3
IIA ITALY (104 6.2% 38
IIA KENYA (314) 0.5% 3
IIA KOREA (218) 4.1% 25
IIA LATVIA (297) 0.5% 3
IIA LEBANON (306) 1.3% 8
IIA LITHUANIA (303) 0.2% 1
IIA LUXEMBOURG (278) 0.2% 1
IIA MALAYSIA (133) 1.1% 7
IIA MEXICO (204) 1.1% 7
IIA MONTENEGRO (347) 0.2% 1
IIA MOROCCO (252) 0.2% 1
IIA NETHERLANDS (287) 3.0% 18
IIA NEW ZEALAND (215) 0.2% 1
IIA NIGERIA (317) 0.2% 1
IIA NORWAY (199) 1.5% 9
IIA PAKISTAN (231) 1.0% 6
IIA PERU (256) 0.8% 5
IIA PHILIPPINES (25) 0.2% 1
IIA POLAND (283) 0.7% 4
IIA PORTUGAL (253) 1.0% 6
IIA QATAR (321) 2.0% 12
IIA ROMANIA (327) 0.8% 5
IIA RUSSIA (301) 0.8% 5
IIA SAUDI ARABIA (345) 0.2% 1
IIA SERBIA (341) 0.3% 2
IIA SINGAPORE (129) 1.6% 10
IIA SOUTH AFRICA (81) 2.3% 14
IIA SPAIN (200) 3.9% 24
IIA SWEDEN (42) 1.3% 8
IIA SWITZERLAND (280) 1.1% 7
IIA FYR MACEDONIA (344) 0.3% 2
IIA TURKEY (279) 0.5% 3
IIA UGANDA (248) 0.2% 1
IIA UKRAINE (309) 0.2% 1
IIA United Arab Emirates (267) 0.3% 2
IIA United Kingdom & Ireland(21) 4.9% 30
IIA VENEZUELA (290) 0.7% 4
IIA ZAMBIA (292) 1.1% 7
IIA ZIMBABWE (222) 0.3% 2
None 1.3% 8
Not Answered 36
Valid Responses 610
Total Responses 656
23 Copyright © 2011 The Institute of Internal Auditors
Appendix A 4-1: What other strategies do you employ to acquire and maintain knowledge of the business by your staff:
Response
Reading of all key documents such as Board and management reports (2 responses)
Fresh graduates or external auditors with 1 or 2 yrs of experience then will train them on our audit
methodologies and practices
New graduates with outstanding record
Graduate rotation programme
Guest Auditor Program or collaboration with subject matter experts (7 responses); comments include:
case by case integration of professionals from the business
Employ professionals with different background to participate in internal auditing;
Invite professionals on business to participate in auditing projects
Active interaction/co-operation with subject matter experts in the business units
rotation among cross-functional teams including guest auditors with in-depth business knowledge
Hire external experts and take their working results as examples to assist internal auditors
Job rotation:
job rotation amongst auditors to spread knowledge
Rotation of professionals
1-2 month placement into a specific dept
Professional training (2 responses)
Annual technical Training program
Through training and development
External Training (8 responses)
e.g., Seminars, lectures, conferences, workshops
internal and external educational programs of experienced professionals
Corporate or on-the-job training Company knowledge program
participate in corp training opportunities
training on the job, acquiring knowledge by liaising with functional management
EXTENSIVE TRAINING PROGRAM IN &OUTSIDE ,PAK.
Training for special skills/specialized topics (2 responses)
traineeships
Relationship management allocation of business units across the team
expose all staff to the different parts of the business;
We pay for staff to write CIA exams. Challenging work
Temporary cost cutting programme
Regular brainstorming among staff in groups of assigned tasks. Share of knowledge to expand auditors
thought process and enhance knowledge base.
24 Copyright © 2011 The Institute of Internal Auditors
Follow new areas and reingineerings.
Ministry of Finance and National Planning recruit for all government ministries
Presentations from the business key managers
Listening to staff across the organisation at all levels, discussing business plans and projects with key staff.
There is a need to supplement the team with legal/reg knowledge to effectively perform regulatory
compliance audits.
Use expertise from Head Office
joint projects
Participation in projects, participation in committees.
Missions conjointes avec d'autres professionnels (joint missions with other professionals)
Within our diverse group, we recently set up focus teams - to gain indepth understanding of the business,
its benchmarks, business applications etc - to move the team away from being a "collection of generalists".
Launch special audit projects on organizational operation
As an old-brand state-owned enterprise, we pay relatively less attention to this area
Generate tables of working with users to better understand the business
Cluster with other companies and with other business of the sector
Self-empowerment
All staff, ordinarily is considered to evaluate all processes subject at hand.
Benchmarking sector entities
Active participation in all relevant issues (committees, management meetings, etc.)
Interaction with other areas through multidisciplinary teams.
Cross training with process management and documentation of evidence of travel and knowledge of the processes.
Back Responses 55
25 Copyright © 2011 The Institute of Internal Auditors
Appendix A1
5-1: What other strategies do you employ to enhance and maintain knowledge of the business within your staff:
Response
(b) occurs case-by-case, (c) (d) valid for CAD and IA-Managers
interlectures given by staff
on the job
since we are part of a group of companies, we benchmark activities with companies within the group.
Implemented a risk database by business process & function
Crosscountry department meetings
Recruit only experienced specialists
Relationship management responsibility allocated across the team
External Training IIA ISACA etc.
IIA´s Course
Certifications, CIA, CCSA, PMP, CISA,...ETC
Participate in CISI Operational Risk Syllabus and Exam Questions, CISI Forums
Préparation des examens (exam preparation)
MORE EMPHASIS ON CIA&CISA
Networking (4 responses):
we usually make discussions with staff of others companies to acquire knowledge
Linkedin audit groups
Industry discussion Groups
The CAE frequently, but informally, benchmarks and networks with CAEs of peer companies in
the industry
training on the job by third party provider
ongoing close interaction with the business
Use Ministerial strategic plans and other policy documents
In House training and discussion (2 responses)
external resource
Extensive training and partnering with Legal and Ethics & Compliance team
Joint audit with colleagues from other part of the world, use guest auditors
short term attachment at relevant operation
Personal development targets connected with this area; - demand in work programs and
scoping/objective discussions that staff evidence their industry logic/understanding.
Development and monitoring of risk management of all company processes.
26 Copyright © 2011 The Institute of Internal Auditors
Take part in the monitoring of important control points of business
We developed a program for updating internal audit staff
Active participation in the risk analysis with the Managements
Intensive reading standards that define procedures
None, the internal audit function has a very limited budget.
Use legal methods to acquire disclosed operational information of the organization
Journée d'échanges avec d'autres structures (day trading with other structures)
Back Responses 36
Appendix B
9-1: What other strategies do you employ in assessing the needs and expectations of your stakeholders?
Informal meetings (11 responses); comments include:
A lot of informal interaction with business unit leaders and areas
informal discussions with senior management to assess his/her expectations.
Informal meetings with key stakeholders to assess their expectations and internal auditing’s performance against them
informal one to one with Individual Managers
Meetings and communications with the audit of the parent (sic, translation) to assess their expectations
monthly discussions with CFO
Team meetings to gather team members impression from audits. We have stopped using surveys since they are biased and do not give the full picture on the situation. Face 2 face discussions have improved the situation.
AC Chairman requires annual assessment of IA's effectiveness from each AC member, through a survey
Audit Committee has asked for increased work and assurance regarding regulatory compliance. It is difficult to determine whether we are identifying and escalating the right matters without legal knowledge.
audit on European funding is agreed upon with the European Commission's audit services
Annual risk mapping (2 responses); comments include:
Making of a risk map last year, through interviews with key company executives
compliance driven issues
Discuss with CEO
Dotted line to Group Audit Committee via Group Audit
ERM workshop conduct by IA to Stewardship group
Risk assessment
Periodic evaluation of internal controls
27 Copyright © 2011 The Institute of Internal Auditors
Getting audit concerns of the owners and determining what are the issues they have currently and regularly
IA new in this country so doing outreach to explain role to all public sector execs
In continental Europe no Audit Committee acc. to U.S. standards in place / Audit reports to the Management Board
Call for a meeting with client department at the beginning of the year, listen to their needs and expectations, and sign a “two-way commitment agreement”; distribute and collect questionnaire at the end of the year to
review the working result and check new demands.
information exchange at all audit committee meetings
Internal & External IIA Quality Assurance Review
INTERNAL AUDITING IS MANDATORY DEVIATION TO IT IS PRESENTED BEFORE PUBLIC ACCOUNTS COMMITTEE FOR REVIEW
Internal evaluation within the Group
Participation in various strategy meetings
public sector
regular one-on-one discussions with all members of the executive board
Regulatory requirements / expectations
Ongoing relationship with the Directorate General
Sensitisation workshops
transparent reporting with feedback
when we start an auditing job we meet with the chairman to assess his expectation or worries with the business
Workshops
Internal auditing and reporting
No evaluation models
no audit committee
No direct contact with Stakeholders and audit committee
Evaluate the IA function’s work by assess their performance
Draft internal audit charter for the organization
Those who make the arrangement and we are accountable to shall evaluate.
Have meetings with key stakeholders and reassess their expectations and IA’s work
Back
28 Copyright © 2011 The Institute of Internal Auditors
Appendix C 12a: If there is a notable area not listed in question 12, please list it here and indicate whether it has increased or decreased in focus, or stayed the same.
Response
IT-related (15 responses):
IT systems security increased in focus
IT risk as part of operational risk has an increased focus. On one hand the regulatory
Information Security requirements are set more stricter. On the other hand IT maintenance was limited due to crisis years.
IT Security - Increased. Management's view was that if the Pentagon systems can be breached
then so can ours.
personal data protection risk has increased; customer's right protection risk has increased.
Increased: - Technology Risk
I.T. Audit – increased
IT risk
IT Security has increased.
IT Risks Increased
IS/IT security and data protection: increased
Information risk, increased
Data Security Risk is very much increased.
I would reinforce Information Security under Operational Risk
IT Risks - Increased Information Security Risks – Increased
increased IT system control - increased
Change Management (4 responses); comments include:
Change Management has increased
Change risks have increased focus
Fraud-related (4 responses): Fraud risks - recession related controls around cash management necessitated more audits
than before recession
Fraud risks increased
External & Internal FRAUD, Investigations, KYC, AML...
Risk and Fraud Prevention
Market risks (3 responses); comments include:
Market Risk (Investment Banking) increased
Market risk has increased
Internal controls (2 responses):
Internal Controls – Increased
Internal Control Systems
Project management/risks (3 responses):
Project Management has increased
project risks have increased focus
increase in program or project management auditing
Social responsibility (5 responses): Environmental risks (increased)
Social responsibility (including environmental) has increased
Social responsibility – increased
Economic responsibility audit has increased in focus.
Economic responsibility audit and assessment for control of energy saving and emission
reduction have increased in focus.
29 Copyright © 2011 The Institute of Internal Auditors
Money laundering (2 responses):
Money laundering – increased
Money laundering and terrorist financing
Auditing third parties and service provider in a context of increased outsourcing
We were acquired by a UK firm and will no longer have to be SOX compliant.
Internal and external information risk - increased
AUDITOR GENERAL OFFICE IS SUPPOSED TO BE THE MAIN ACCOUNTABILITY DEPARTMENT.PUBLIC
ACCOUNTS COMMITTEE HAS PRESSURE ON DEPARTMENT THROUGH AUDITOR GENERAL OFF TO IMPROVE AND ENHANCE INTERNAL AUDIT.
conformity audits: increased
strategic risks (board)
Strategic Risk
Strategic auditing (increased)
Strategy
Business Performance Strategic reviews both have gone up substantially
Corporate governance strategy
Focus on Corporate Governance has increased
We have conducted audit of Country Governance.
audit activity priorities on European funding follow different schemes
Audit on special PROJECTS, increased
Business risk review (increased)
Increased: Outsourcing Risk
Tax compliance for REIT's (Real Estate Investment Trust) – increased
Tax-risk has increased
Restructuring impact - Increased
IA quality assessment
Anti-Corruption requlation compliance - Increased
Italian compliance with 231 Decree Law
HUMAN RESOURCES MANAGEMENT ITS RISK
Human resources
Mideast, Japanese.
30 Copyright © 2011 The Institute of Internal Auditors
We are piloting audit of soft controls.
corporate culture = increased awareness and increased focus
Information & resources risks - No change
Effectiveness of management of resources
We are implementing a new audit methodology
BASEL II Activities
The function and coverage of auditing is expanding
Construction cost restraint evaluation analysis
Operational control increased in focus
Decreased working quantity
Trade negotiations / contracts with customers
Finance increased
Your alternatives in question 12 will not provide a meaningful information on priorities: many lines must be ticked as "no change" - on the background, that they had no significance in 2010, and will not
be significant in 2011.
Plus de sujets "innovants" et proches du coeur de métier de l'entreprise ex : utilisation des
technologies tiers par la R&D. (More subjects "innovative" and close to the core business of the
company eg use of technology by third parties for R & D.)
Revue du cadre de control interne : plus de missions (review internal control framework: more
missions)
Plus de missions en termes de revue de projets (More missions in terms of review of projects)
Audits combinés systèmes ISO/contrôle interne augmentent. Audits systèmes environnemental aussi. Nouveau système de comptabilité: défi spécifique Risques de fraude: point d'attention continu
(Combined audits ISO systems / internal controls increases. Environmental auditing systems as well.
New accounting system: Fraud risks specific challenge: continuous point of attention)
Plus de missions pour la surveillance des activités du Front Office Trésorerie (More missions to monitor activities of the front office cash)
Back to Question 12 Responses 78
31 Copyright © 2011 The Institute of Internal Auditors
Appendix D
13: Rate the following attributes in terms of importance and level of performance for your internal audit function:
Not important at all
Somewhat important
Important Very important
Extremely important
Total
Effectively
managing stakeholder
relationships
Count 18 66 211 200 124 619
% by Row 2.9% 10.7% 34.1% 32.3% 20.0% 100.0%
Inadequate Limited/ developing
Adequate Above average
Exceptional Total
Count 29 109 301 151 19 609
% by Row 4.8% 17.9% 49.4% 24.8% 3.1% 100.0%
Not important at all
Somewhat important
Important Very important
Extremely important
Total
Effectively meeting stakeholder
expectations
Count 21 56 200 221 112 610
% by Row 3.4% 9.2% 32.8% 36.2% 18.4% 100.0%
Inadequate Limited/ developing
Adequate Above average
Exceptional Total
Count 24 112 299 144 19 598
% by Row 4.0% 18.7% 50.0% 24.1% 3.2% 100.0%
Not important at all
Somewhat important
Important Very important
Extremely important
Total
Effectively
leveraging
technology
Count 29 120 225 181 51 606
% by Row 4.8% 19.8% 37.1% 29.9% 8.4% 100.0%
Inadequate Limited/ developing
Adequate Above average
Exceptional Total
Count 85 231 201 68 9 594
% by
Row 14.3% 38.9% 33.8% 11.4% 1.5% 100.0%
Not important at all
Somewhat important
Important Very important
Extremely important
Total
Promoting customer service
focus
Count 24 124 246 152 57 603
% by Row 4.0% 20.6% 40.8% 25.2% 9.5% 100.0%
Inadequate Limited/ developing
Adequate Above average
Exceptional Total
Count 39 151 284 101 16 591
% by Row
6.6% 25.5% 48.1% 17.1% 2.7% 100.0%
32 Copyright © 2011 The Institute of Internal Auditors
13 continued:
Rate the following attributes in terms of importance and level of performance for your internal audit function:
Not important at all
Somewhat important
Important Very important
Extremely important
Total
Conformance with
The IIA's
Standards
Count 21 88 210 165 122 606
% by Row 3.5% 14.5% 34.7% 27.2% 20.1% 100.0%
Inadequate Limited/ developing
Adequate Above average
Exceptional Total
Count 29 125 271 135 35 595
% by
Row 4.9% 21.0% 45.5% 22.7% 5.9% 100.0%
Not important at all
Somewhat important
Important Very important
Extremely important
Total
Risk methodology that focuses on critical risks
Count 8 39 174 223 168 612
% by
Row 1.3% 6.4% 28.4% 36.4% 27.5% 100.0%
Inadequate Limited/ developing
Adequate Above average
Exceptional Total
Count 28 143 241 163 24 599
% by Row
4.7% 23.9% 40.2% 27.2% 4.0% 100.0%
Not important at all
Somewhat
important Important
Very
important
Extremely
important Total
Value proposition of
internal auditing that is well documented and
communicated
Count 15 66 242 207 84 614
% by Row
2.4% 10.7% 39.4% 33.7% 13.7% 100.0%
Inadequate Limited/ developing
Adequate Above average
Exceptional Total
Count 35 133 276 130 26 600
% by
Row 5.8% 22.2% 46.0% 21.7% 4.3% 100.0%
Not important at all
Somewhat important
Important Very important
Extremely important
Total
Internal audit plan that is aligned with the
organization’s strategic plan
Count 12 42 169 224 167 614
% by
Row 2.0% 6.8% 27.5% 36.5% 27.2% 100.0%
Inadequate Limited/ developing
Adequate Above average
Exceptional Total
Count 29 100 257 169 48 603
% by
Row 4.8% 16.6% 42.6% 28.0% 8.0% 100.0%
33 Copyright © 2011 The Institute of Internal Auditors
13 continued:
Rate the following attributes in terms of importance and level of performance for your internal audit function:
Not important at all
Somewhat important
Important Very important
Extremely important
Total
Continuous improvement and
innovation
Count 12 72 221 225 85 615
% by Row 2.0% 11.7% 35.9% 36.6% 13.8% 100.0%
Inadequate Limited/ developing
Adequate Above average
Exceptional Total
Count 27 183 261 112 20 603
% by Row
4.5% 30.3% 43.3% 18.6% 3.3% 100.0%
Not important at all
Somewhat important
Important Very important
Extremely important
Total
Appropriate talent pool
Count 20 55 222 213 101 611
% by Row 3.3% 9.0% 36.3% 34.9% 16.5% 100.0%
Inadequate Limited/ developing
Adequate Above average
Exceptional Total
Count 71 178 245 87 16 597
% by
Row 11.9% 29.8% 41.0% 14.6% 2.7% 100.0%
Not important at all
Somewhat important
Important Very important
Extremely important
Total
Cost-effective and efficient operations
Count 9 81 270 191 56 607
% by Row 1.5% 13.3% 44.5% 31.5% 9.2% 100.0%
Inadequate Limited/ developing
Adequate Above average
Exceptional Total
Count 39 126 313 99 18 595
% by
Row 6.6% 21.2% 52.6% 16.6% 3.0% 100.0%
Not important at all
Somewhat important
Important Very important
Extremely important
Total
Alignment of risk, control, and compliance
functions
Count 12 52 230 214 102 610
% by Row
2.0% 8.5% 37.7% 35.1% 16.7% 100.0%
Inadequate Limited/ developing
Adequate Above average
Exceptional Total
Count 40 166 267 109 17 599
% by
Row 6.7% 27.7% 44.6% 18.2% 2.8% 100.0%
Back
34 Copyright © 2011 The Institute of Internal Auditors
APPENDIX E
16-1: What other skill sets are you actively recruiting for, or anticipating recruiting for, in your internal audit function this year?
Accounting (3 responses)
Actuarial & Investment expertise
Auditing Administration
Specific areas, like ALM
External audit
Audit management (replacement HIA)
Audit of soft controls
auditing experience/competency (3 responses); comments include:
Experience in internal audit according to the IPPF
Auditing Process
CIA OR BACHELOR OF ACCOUNTS
Enough coverage
contract management
Internal control
Auditing Coordinator
engineering audit
engineering tech
Marchés (Markets)
Finance-related (9 responses):
Financial Auditing (3 responses)
finances
Finance & Accounting
FINANCE
Financier
MacroEconomics, Money market's tools.
Financial analyst (
fresh graduates to be trained internally
Governance
GST expertise
Hire attitude, train for Skills
IFRS
Implantación SCIIF (Implementation of SCIIF)
Language skills (4 responses):
English, portugues
French
Mandarin
legal and fulfillment
legal background
35 Copyright © 2011 The Institute of Internal Auditors
Not recruiting (17 responses); comments include:
No recruitment allowed
No recruitments this year
There is no intention at this time to recruit owing to financial constraints
Temporary stop in recruitment because of cost cutting and reorganization
none due to hiring freeze
None we have them all
None. We use co-sourcing.
none specific - recruiting not specific for one area
n'importe, on ne trouve plus de candidats, d'ou la diminution des effectifs
International audit standards
polyvalence et expertise fonction des oportunités (versatility and expertise as opportunities arise)
Prevention of Labor Risk and Health
public financial control
Accomplishment of audit in specific cycles
Operational Review (2 responses)
External resources are hired when there is lack of expertise (eg. tax or IT)
soft skill
Tax compliance
Testing of controls
SOX, Basil
Audit – Development of projects
Medical, the company is an EPS
Implantación SCIIF
Sales part
strong integrated competency
As an old-brand state-owned enterprise, we pay relatively less attention to this area
Back Responses 74
Appendix F
17-1: What else is internal auditing also primarily responsible for? Response
231/01 legislation (2 responses)
Fraud related (7 responses):
Anti-fraud program
continuous staff fraud monitoring regime
Corruption Prevention
development of the antifraud program
Fraud prevention
Fraud Awareness training
Managing Whistleblowing Program
36 Copyright © 2011 The Institute of Internal Auditors
Attestations for regulatory purposes
BCP
Conflict Of Interest Questionnaire
Reviewing risk management reports from management before Board presentation
coordinator for risk management
Corporate governance initiatives (2 responses)
Governance Review
Fulfillment of strategic initiatives
Information Security /Data protection/ DATA MANAGEMENT (3 responses)
Development of the corporate code of ethics.
Due diligence
Financial Audit
former sur le cotrôle interne, sur les risqué (training on internal control and on risk)
efficiency of internal control
Fulfillment of Basil (sic, translation)
internal consulting
Internal Quality auditing (Processes)
Liaison role re all above.
Loan review activity
Business operations
OVER ALL INTERNAL & EXTERNAL CONTROL ENVIRONMENT
performance improvement
Work with external auditors (3 responses):
relationship with external auditors
Coordinating work of External Auditors
staff loan to external auditor to reduce costs and fees
Operational Risk
Reputational risk
raise awareness and provide support for good governance and advice
Sustainability
They Should Cover All The Above.
Probity and self-discipline assessment
Back Responses 42