Fordham -How effective decision-making is within the IT department - Analysis...
Internal Audit Strategic Framework
1. Internal Audit Department
Mission Statement:
To be the Assurance Provider, Problem Solver, Insight Generator and Trusted Advisor for the Company…
Tagline: “Increase profitability at the same time optimising operational costs with precision reporting”
2. Internal Audit Strategic Framework
Mission
• Charter of the
Internal Audit Entity
• Setting up a
comprehensive, low
cost Internal Audit
Methodology
• Effective Internal
Audit Process Flow
• Streamlined Policy,
SOP for efficient
financial data
capturing in the
system and business
operations.
• Maintaining
optimum and
sustainable
operational cost
measures
• Increase productivity
• Check and balance
Short Term
• Direct Planning, organising and
monitoring operational &
financial audits
• Review existing company assets
and stock control
• Ensure all inventory and stock
management system are
maintained accurately with
agreed parameter & timely
• Recommend methods to
enhance and improve control
procedures.
• Documentation of results,
evaluation, reviews, plan,
resolution by Management on
audit issues or findings.
• Preparation of audit plans &
schedule for audit and stock take
for every Operation divisions
• Obtaining documents and
information from every
operation divisions and to
communicate on improving the
productivity and internal control
Medium Term
• Setting up an effective and
workable metric for Internal
Auditing measurement
• Self appraisal by Operation
divisions and setting spot
check schedules
• Obtaining possible
improvement on
productivity and control
system from operation
divisions through feedback
and “Suggestion Box”
• To improve documentation
and reporting based on
international standard such
as ISO 9000 - Quality
management and ISO 31000
- Risk management
• To propose an advance and
high technology Internal
Audit Management System
Long Term
• Implementation of
sophisticated cost
cutting tools &
improvement on
productivity
management using
latest technology
with higher
accuracy
• Web-based Internal
Audit Methodology
(Paperless)
• Mobile Apps for
Internal Audit
Reporting
• Accurate Mobile
Apps for Real Time
Productivity view
and supports
Vision
• Assist the
Company to be the
market leader
• Assist the company
to seek and assure
investors for future
Public listing in
Stock Market
• Creation of Value
Management
• Future Business
Model
(Consultation
Services)
3. The Value Management
The Core Values
People
Progressive Relationship
Workforce will be able to put
forward skills professionally.
Dedicated and effective
workforce.
Workforce will be highly
motivated.
Appeal and attraction to Gen Y
to join and contribute.
Multitasker and multi talents.
Workforce will grow and be
the future branch supervisor
or manager.
Research & Development
Reliability
Users will fully utilize
and perform tasks
efficiently with current
systems.
Flexibility
Fast deployment
Accurate and effective
user control.
Sustainability
R&D initiatives will be
able to sustain
Organisation, business
climate and progress
with updates or
additional features
Process (Operations)
Care & Support
Priority to customer grievance.
Time keeping on Actions and
follow ups
Accurate inventory and
financial data input and output
Cost Efficiency
Efficient utility management
Avoid mistakes and errors
Avoid wastage
Green Technology
Profitable Volume Growth
Achievable sales target
Achievable operational cost
cutting measures
Purchase and Costing initiatives
Market expansion
4. Strategic Framework Measurement
StakeholderValue
CustomerValue
People R&DProcess
(Operations)
Value Management
Profitability & Productivity?
Assets and Cost Control?
Company Policy & Standard?
Data Accuracy?
Internal Audit
Strategy
The Measurements
Progressive Relationship
Reliability
Flexibility
Sustainability
Care & Support
Cost Efficiency
Profitable Volume Growth
• Strategic Risk
• Compliance Risk
• Operational Risk
• Financial Risk
• Reputational Risk
6. Strategic Risk
A possible source of loss that might arise from
the pursuit of an unsuccessful business plan. For
example, strategic risk might arise from making
poor business decisions, from the substandard
execution of decisions, from inadequate
resource allocation, or from a failure to respond
well to changes in the business environment.
Compliance Risk
Exposure to legal penalties, financial
forfeiture and material loss an
organization faces when it fails to act
in accordance with industry laws and
regulations, internal policies or
prescribed best practices.
Operational Risk
The prospect of loss
resulting from inadequate or
failed procedures, systems
or policies.
Financial Risk
Possibility that shareholders will lose money when they invest
in a company that has debt, if the company's cash flow proves
inadequate to meet its financial obligations. When a company
uses debt financing, its creditors are repaid before its
shareholders if the company becomes insolvent.
Reputational Risk
Loss resulting from damages to a firm's reputation, in lost
revenue; increased operating, capital or regulatory costs;
or destruction of shareholder value, consequent to an
adverse or potentially criminal event even if the company
is not found guilty
Risk Appetite
Risk appetite can be defined as the amount and type of risk that an organisation is willing to take in order to meet their
strategic objectives.
7. Key Benefits
• Identifies action steps for branch management to drive revenue and reduce costs
• Provides training for branch management and associates
• Fosters a culture of accountability and integrity
• Identifies leading practices and potential enhancements to branch policies / procedures and controls
• Provides opportunities to solicit feedback from branch personnel
• Identifies gaps in the brand consistency and service delivery across all branches
• Measures operational performance and provides visibility into key performance indicators, which enables management to
make informed business decisions.
• Prevents potential legal fines or penalties by proactively identifying issues
• Assists in the prevention and detection of internal and external theft
Approach What will the Management gained? Level
Cycle-based
Routine audits give branches the impression they are always being monitored
Beginner &
Intermediate
Easy to compare audit results across all branches over a set time period
Audit results can be built into performance evaluations or bonuses for branch management
Learn best practices from strong performing branch
Risk-based
Higher-risk branches are audited more often, enabling management to timely address issues impacting
branch performance
AdvancedCost effective since it requires less resources to meet the risk appetite
Provides auditors the option of not utilizing the full audit program by only reviewing high risk areas, which
may enable greater overall branch coverage
9. Stakeholder
Expectations
Understand stakeholder
expectations
Understand the industry
and the organization’s
objectives
Mission Statement
Develop mission
and set vision
Internal Audit
Strategic
Framework
Establish
Charter/Policy/SOP
Define the critical
success factors
(Metric)
The Core Values
The Value
Management
Strategic Plan
Scope/Key Control
Objective
Risk Appetite
Short Term
Medium Term
Long Term
Develop Internal
Audit Charter
The Audit Plan
Draft
The Audit Plan
Internal Audit Management System
Financial Year
Year End Closing
Stocktake
Peak Hours
10. Audit Plan, Risk &
Processes
Test 1st Branch
Implementation
Schedule & Notice
Questionnaires/key objectives/checklist
items and cross check system
Test 2nd Branch
Test 3rd Branch
Corrective Action
Exceptions
Test 4th Branch
Test 5th Branch
Test 6th Branch
Test 7th Branch
Test 8th Branch
Fieldwork
Internal Audit
Reporting
Access Needed
Skill sets
Training & Development
Final
Report
Follow up
Best Practises
Policy & SOP Review
Develop Infrastructure
& Resources
Measure Result
Metrics
Analysis
Action Plan
Grading
Corrective Action
Risk Based IA
Communication
Protocol
Audit Committee
Deliveries
Tel & Fax
Intranet
Apps Quality Assurance
(IA Evaluation)
IA Questionnaires
Management
Internal Audit
External Audit
11. 25% People
• Quality of professional staff
• Ability to address specialised and technical needs
• Understanding of the business and the global business
environment
• Interaction and communication with line management
executives
• Development of management talent for the organisation
25% Internal Audit Process Effectiveness
• Rapid and effective start-up
• Effective and timely communications
• Development and delivery of practical recommendations to
improve
• internal controls and corporate governance
• Results of auditee satisfaction questionnaires
25% Risk Management
• Timely and effective identification of key business risks
• Percentage of audit activities and resources allocated to
addressing key business risks
• Adaptability and responsiveness to emerging risks
• Understanding and fulfilment of the needs of:
– The audit committee
– Executive management
– R&D to sustain Organisation, business climate and progress.
25% Value Added to the Business
• Protection of shareholder value through an improved control
environment
• Enhanced shareholder value through:
– Cost reductions
– Reduced revenue leakage
– Reduced working capital
– Enhanced cash flow
Internal Audit Balanced Scorecard
12. Sample Internal Audit Reporting
Internal Audit Report 2016 Branch: A Date: 15/9/2016 IA Team: Jeremy
Value Management: People Progressive Relationship Management/Audit Committee
No Checklist Item Findings/Issues Internal Audit
Recommendation
Risk Factor
Category
Feedback by Branch
Head
Grading Action Plan
1. Workforce will
be able to put
forward skills
professionally
Some staff not sure
their job functions.
Upon interview, they
claimed the Manager
have not brief them
properly
Branch staff should
be re-brief and to
list down their job
functions and
scope.
Reputational Risk-
customer might
complain of poor
service and will go
for competitors
The staff actually just
started working. We
will train him and list
out the job functions
and scope accordingly.
Value Management: Process (Operations) Care & Support Management/Audit Committee
No Checklist Item Findings/Issues Internal Audit
Recommendation
Risk Factor
Category
Feedback by Branch
Head
Grading Action Plan
1. Accurate
inventory and
financial data
input and
output
Poor recording of
stock. Item YH (Serial
No. ZZ) was key in as
Honda EX5 thus
creating inaccurate
Inventory recoding in
the system. Refer
Appendix 1 (Photo
illustration)
Inventory Clerk will
need to clarify the
mistake and to
ensure such mistake
will not occur in the
future. Always
double check the
DO
Operational Risk-
Failure to provide
accurate inventory
report will
jeopardise the
Company Financial
Policy
The staff promised not
to repeat the mistake.
Nonconformity
Need
Improvement
Internal Audit
Recommendation
Observation
Show cause
Effective
Adequate
Unsatisfactory
Poor
Nonconformity
Need
Improvement
Internal Audit
Recommendation
Observation
Show cause
Effective
Adequate
Unsatisfactory
Poor
Comment:
Comment:
13. Sample Analysis I Result
Branch A Branch B
Branch C Branch D
Common Audit Findings
• Lack of written procedures.
• Inefficient and ineffective processes
or procedures
• Improper use of General Ledger
accounts.
• Insufficient documentation to
support travel claims.
• Petty-cash policies are not being
adhered to.
• Miscalculation of Goods and Services
Tax (GST) receivable
• Lack of Inventory Controls
• Failure to Comply with Contracts or
Agreements
• Lack of Procedures to Mitigate Risk
• Inadequate IT Physical Security
• Non-compliance with Revenue
Processing Policy
• Failure to Secure Sensitive Data
5%
10%
10%
30%
45%
Effective Adequate Unsatisfactory
Poor Nonconformity
80%
10%
8%1%1%
Effective Adequate Unsatisfactory
Poor Nonconformity
1%1%
19%
19%60%
Effective Adequate Unsatisfactory
Poor Nonconformity
50%
40%
8%1%1%
Effective Adequate Unsatisfactory
Poor Nonconformity
14. Sample Analysis 2 Result
80%
10%
8% 1%1%
Effective Adequate Unsatisfactory Poor Nonconformity
Branch B
20%
20%
30%
20%
10%
People
Effective Adequate
Unsatisfactory Poor
Nonconformity
67%
17%
13%1%2%
Process (Operations)
Effective Adequate
Unsatisfactory Poor
Nonconformity
40%
30%
20%
5%5%
Research & Development
Effective Adequate Unsatisfactory
Poor Nonconformity
15. Sample Auditor Evaluation Score
Excellent
90%
Good
5%
Poor
5%
BRANCH A
Excellent
95%
Good
3%
Poor
2%
BRANCH B
Excellent
70%
Good
20%
Poor
10%
BRANCH C
Excellent
45%
Good
33%
Poor
22%
BRANCH E
Excellent
60%
Good
30%
Poor
10%
BRANCH D
Excellent
33%
Good
56%
Poor
11%
BRANCH F