Gain Survey .pdf
À propos / Télécharger Visionner le document
Nom original: Gain Survey.pdf
Titre: Microsoft Word - Gain Survey.docx
Ce document au format PDF 1.3 a été généré par Word / Mac OS X 10.11.1 Quartz PDFContext, et a été envoyé sur fichier-pdf.fr le 06/09/2016 à 20:28, depuis l'adresse IP 88.235.x.x.
La présente page de téléchargement du fichier a été vue 335 fois.
Taille du document: 310 Ko (16 pages).
Confidentialité: fichier public
Aperçu du document
IIA GAIN® Benchmarking Study - Harmonizing Data Collection with UN RIAS Members
No.
A
A1
A2
A3
A4
A5
A6
A7
A8
A9
A10
Data
Guidance on harmonizing data collection
ORGANIZATIONAL INFORMATION
This column provides guidance and proposals for harmonizing GAIN data for RIAS.
Annual Revenues:
•
This information will normally come from the organization’s annual financial
statements. Total annual revenues includes both core and non-core
resources for the fiscal year.
Total Assets:
• Total assets at the fiscal year end, normally sourced from the financial
statements.
Annual Expenses:
• Total annual expenses, normally sourced from the financial statements.
Total employees in organization (full-time equivalents):
• Include staff on approved permanent, fixed term and temporary appointment
posts.
• Include staff on service contracts, i.e. limited duration contracts.
• Excludes personnel on individual consultancy contracts, i.e. SSA, daily paid
workers.
A key issue in harmonizing data is whether individual contractors/consultants (i.e.
SSAs) should be included in “Total employees in organization”, and the fluctuation
in contractors/consultants. As an example, WHO has over 7,000 SSAs, therefore
having a significant impact on the response to A4.
It was agreed to propose to RIAS that only staff members are included, and nonstaff, such as individual contractors/consultants, are excluded.
The methodology of counting employees should be consistent between A4 and B2.
Most recent fiscal year end (MM/DD/YYYY):
• Most RIAS members will reply with 31 December 20XX.
Most RIAS organizations will reply with a fiscal year end of 31 December.
Exceptions include OIOS, as the Secretariat has a 31 December year end, and
peacekeeping has a 30 June year end. In this case, the most appropriate selection
will be made by OIOS.
Organization Type:
• Choose “Government or Non-Profit”, private or public.
Most, if not all, RIAS members will select government/non-profit.
Is your organization subject to the US Sarbanes-Oxley Act of 2002 (SOX)? • Most, if not all, RIAS members will reply “No” to this question.
If your organization is subject to SOX, what is the level of responsibility
• If A7 is “No” this will be left blank.
handled by the internal audit activity?
Organizational Reach:
• Choose international, national or regional.
Most RIAS members will select international. UNRWA selects regional.
Organizational Structure:
• The choice is either centralized or decentralized.
This refers to the organizational demographics.
8 February 2016 IIA GAIN® Benchmarking Study - Harmonizing Data Collection within RIAS
1 | P a g e
IIA GAIN® Benchmarking Study - Harmonizing Data Collection with RIAS Members
No.
B
B1
Data
Guidance on harmonizing data collection
Internal Audit Resources
Note: Please ensure that you enter the full dollar amount - do not enter in
thousands.
Please enter the total cost of your internal audit activity broken down as The working group discussions revealed differences in costing models impacted
follows:
the data used to complete B1, which is expected given different IA business
models. The working group proposes that RIAS accepts this divergence and
emphasizes that the total internal audit costs, the final number in B1, be
considered the most relevant and comparable number for RIAS members.
Salary (gross pay only):
• Direct staff - includes the full salary cost, including benefits, for staff directly
involved in internal audit work, using FTE; and
• Indirect staff - a fair allocation of salary costs, from those staff that support
internal audit work and other oversight functions, i.e. evaluations,
investigations, etc. Use FTE. This would include the oversight director or
equivalent.
Different approaches were used in the 2015 survey to allocate salary costs from
the internal oversight front office. The above bullet point now provides guidance
for consistent application for the 2016 survey.
The working group proposes 43 weeks to equal 1 FTE for purposes of calculating
sourced staff such as consultants. 43 weeks is calculated as follows:
• Total weeks available 52 weeks (365 days) – annual leave 6 weeks (30 days) -
official holidays 2 weeks (10 days) – sick leave 1 week (5 days) = 43 weeks
(215 days)
• Note time for training is not deducted.
Bonuses
• Most, if not all, RIAS members will leave this blank.
Employee benefits (if not tracked separately, averages 30% of
compensation):
Travel:
Training:
Costs of purchased services (co-source providers, outsource providers,
etc.):
The working group noted a wide range of practices in reporting the cost of
employee benefits. To harmonize this, it is proposed to include employee benefits
in “Salary (gross pay only)”, above. It was acknowledged that this approach would
further increase RIAS’ salary costs when compared to other types of organizations
“Government” and “Private”. This could be communicated to RIAS membership.
• Include: (i) travel costs of internal audit staff; and (ii) a fair allocation of front
office costs (including travel of the audit committee members) based on the
time devoted to internal audit activities.
• Include: (i) training costs of internal audit staff; and (ii) a fair allocation of
front office costs based on the time devoted to internal audit activities.
• Include: (i) individual consultants engaged to augment / deliver internal audit
engagements; (ii) staff augmentation services contracted from accounting
8 February 2016 IIA GAIN® Benchmarking Study - Harmonizing Data Collection within RIAS 2 | P a g e
IIA GAIN® Benchmarking Study - Harmonizing Data Collection with RIAS Members
No.
Data
Other (incl. Outsourced Project Work)
Allocated or overhead costs:
Total internal audit costs:
B2
Please enter the following full-time equivalent (FTE) staff information.
(Sourced staff must be entered /calculated as full-time equivalent staff)
Chief Audit Executive (in-house staff and sourced staff)
Directors/Managers “
Seniors / Supervisors “
Staff “
Total Audit Positions
Total Professional Audit Positions
Administration / Clerical
Guidance on harmonizing data collection
firms; (iii) audits contracted from accounting firms; and (iv) any other services
purchased, including such costs as software licensing costs, ACL/TeamMate,
etc.
• Include this in the above category “cost of purchased services”; this should
serve as a “plug” line for all other expenses not falling under above categories
or overhead to allow to add up to total internal audit costs below
• Different methodologies will be used to compute overhead costs.
• To obtain optimal harmonization with RIAS, a reasonable allocation of
overhead costs should be estimated. Examples of costs include rent, utilities,
security, maintenance and cleaning, IT support.
Methodologies to compute overhead costs ranged widely within the working
group, and this was also reflected in the 2015 survey for RIAS. For example, in
UNFPA a flat rate overhead cost of USD 20,000 is applied for each employee. The
working group concluded that harmonization of overhead costs will be a challenge
given the different costing/business models.
• This is an automated field in the GAIN system.
The working group proposes that RIAS accepts that there will be divergence in
some individual items in B1, such as overhead costs, and emphasizes that the
total internal audit costs be considered the most relevant and comparable
number for RIAS members.
Use a base of 43 weeks for sourced staff (i.e. consultants) to equal 1 FTE. 43
weeks is derived as follows: Total weeks available 52 weeks (365 days) – annual
leave 6 weeks (30 days) - official holidays 2 weeks (10 days) – sick leave 1 week
(5 days) = 43 weeks (215 days). Note time for training is not deducted.
• Enter FTEs for front office staff (professional) based on the time devoted to
internal audit activities.
• Enter FTEs for directors and chiefs at D1 and P5 levels.
• Enter FTEs for senior auditors, managers, etc. at P4 level.
• Enter FTEs for all professional staff from general services (GS) staff to P3
levels. GS staff assist with audit work, including analysis, support for
ACL/TeamMate, audit recommendation follow-up, etc.
• Enter FTEs for GS staff providing supporting to the internal audit function,
performing such tasks as travel, leave requests, etc.
8 February 2016 IIA GAIN® Benchmarking Study - Harmonizing Data Collection within RIAS 3 | P a g e
IIA GAIN® Benchmarking Study - Harmonizing Data Collection with RIAS Members
No.
B3
B4
B5
B6
B7
Data
Total Positions
Total Staff
Including sourced staff, by what percent did your staff size increase or
decrease over the prior year? (Please insert '0' for no change and a
negative number for a decrease.)
What areas of responsibility does the internal audit activity oversee
(choose all that apply)?
• General internal auditing
• IT auditing
• Fraud auditing
• Forensic Investigations
• Environment, Health, and Safety
• Compliance
• Risk management
• Ethics and business conduct
• Corporate social responsibility (sustainability)
• Other
Please allocate total professional audit staff by function (include sourced
staff). For internal auditors (including management) that do not do have
specific job functions, please allocate by the individual's area of
expertise. Total should equal total professional audit positions in B2.
• General internal auditors
• Information technology (IT) auditors
• Fraud auditors
• Environment, Health, and Safety auditors
• Other compliance auditors
• Other auditors
Total (should match Total Professional Audit Positions from B2)
Does your organization have a group dedicated to IT auditing?
Please identify the following staff information by level (FTE in-house
staff only): Level of education, average years in internal audit profession,
average years industry experience, average years of relevant non-IA
work experience, number of staff with one or more professional
certification designations
Guidance on harmonizing data collection
•
Enter change in staffing.
•
Select appropriate categories
•
Enter appropriate allocation of staff roles.
•
•
Enter “Yes” or “No”.
Enter appropriate information.
8 February 2016 IIA GAIN® Benchmarking Study - Harmonizing Data Collection within RIAS 4 | P a g e
IIA GAIN® Benchmarking Study - Harmonizing Data Collection with RIAS Members
No.
B8
B9
B10
B11
B12
B13
B14
B15
Data
Please provide the number of audit staff with the following audit-related
professional certifications (FTE in-house professional audit staff only):
• Internal Auditing (such as CIA / MIIA / PIIA)
• Information Systems Auditing (such as CISA / QiCA / CISM)
• Government Auditing / Finance (such as CGAP / CIPFA / CGFM)
• Control Self-Assessment (such as CCSA)
• Public Accounting / Chartered Accountancy (such as CA / CPA / ACCA
/ ACA)
• Management / General Accounting (such as CMA / CIMA / CGA)
• Accounting - technician level (such as CAT / AAT)
• Fraud Examination (such as CFE)
• Financial Services Auditing (such as CFSA / CIDA / CBA)
• Fellowship (such as FCA / FCCA / FCMA)
• Certified Financial Analyst (such as CFA)
• Certification in Risk Management Assurance (CRMA)
At what level do you require your internal auditors to obtain the
Certified Internal Auditor (CIA) certification?
At what level do you encourage your internal auditors to obtain the
Certified Internal Auditor (CIA) certification?
What percentage of your hiring is from the following (should add to
100%)?
What was your internal audit staff turnover for the year (numerically by
FTE)?
Including both internal and external courses, how many hours (exclude
hours for travel) of training per auditor were: Budgeted, Actually
performed
What percentage of your audit engagements are (must add to 100%):
Staffed internally, Co-sourced, Outsourced
What areas did you source in the last fiscal year? (Choose all that apply)
General internal auditing
• Information technology (IT) auditing
• Subject matter expertise
• Fraud auditing
• Other
• None
Guidance on harmonizing data collection
•
Enter appropriate information.
•
Enter appropriate response.
•
Enter appropriate response.
•
Enter appropriate response.
•
Enter appropriate response.
•
Enter appropriate response.
•
Enter appropriate response. The percentage is based on number of
engagements.
Enter appropriate response.
•
8 February 2016 IIA GAIN® Benchmarking Study - Harmonizing Data Collection within RIAS 5 | P a g e
IIA GAIN® Benchmarking Study - Harmonizing Data Collection with RIAS Members
No.
B16
B17
B18
B19
B20
B21
C
C1
C2
C3
Data
What percentage of the areas selected in B15 were sourced?
• General internal auditing
• Information technology (IT) auditing
• Subject matter expertise
• Fraud auditing
In the last fiscal year, how many total hours did you receive in sourced
internal audit services? (This number, when converted to FTE, should
correspond with the Sourced Staff column in B2)
Do you see your reliance on co-sourcing / outsourcing:
• Increasing over the next three years
• Decreasing over the next three years
• Staying the same over the next three years
What were the total internal audit hours worked on the most recently
completed external audit (i.e., direct assistance - the total number of
hours requested by your external auditors to provide in external audit
assistance):
Estimate the total external audit hours (both internal audit and external
audit combined) worked on the most recently completed external audit:
What were the total external audit fees associated with the most
recently completed external audit:
Internal Audit Oversight
How long has your internal audit activity been in place?
The CAE reports administratively to:
• Audit Committee, or equivalent
• General / Legal Counsel
• Chief Executive Officer (CEO)
• President or Government Agency Leader
• Chief Financial Officer (CFO)
• Chief Operating Officer (COO)
• Chief Risk Officer (CRO)
• Controller
• Other
The CAE reports functionally to:
• Audit Committee, or equivalent
• General / Legal Counsel
Guidance on harmonizing data collection
•
Enter appropriate response.
•
Enter appropriate response.
•
Enter appropriate response.
•
Enter appropriate response.
•
Enter appropriate response.
•
Enter appropriate response.
•
•
Enter appropriate response.
Enter appropriate response.
•
Enter appropriate response.
8 February 2016 IIA GAIN® Benchmarking Study - Harmonizing Data Collection within RIAS 6 | P a g e
IIA GAIN® Benchmarking Study - Harmonizing Data Collection with RIAS Members
No.
C4
C5
C6
C7
C8
Data
• Chief Executive Officer (CEO)
• President or Government Agency Leader
• Chief Financial Officer (CFO)
• Chief Operating Officer (COO)
• Chief Risk Officer (CRO)
• Controller
• Other
What title best corresponds to the Chief Audit Executive position in the
organization?
• Vice President
• Executive Director
• Director
• Manager
• Chief Audit Executive
• Officer
• Inspector General
• General Auditor
• Other
Do you have an audit committee, or its equivalent?
How many people sit on your audit committee, or equivalent?
Who chairs your audit committee, or equivalent?
• Chairman of the Board of Directors (or equivalent)
• Other independent Board of Directors member
• Chief Executive Officer (CEO) or Government Agency Leader
• Other individual outside the organization
• Chief Financial Officer (CFO)
• Chief Audit Executive (CAE)
• Other
• Not applicable
What areas of expertise does your audit committee possess (choose all
that apply)?
• Financial
• Business management
• Legal
• Industry-specific knowledge
Guidance on harmonizing data collection
•
Enter appropriate response.
•
•
•
Enter appropriate response.
Enter appropriate response.
Enter appropriate response.
•
Enter appropriate response.
8 February 2016 IIA GAIN® Benchmarking Study - Harmonizing Data Collection within RIAS 7 | P a g e
IIA GAIN® Benchmarking Study - Harmonizing Data Collection with RIAS Members
No.
C9
C10
C11
C12
C13
Data
• Operational
• Information technology
• Fraud/forensics
• Internal/external audit
How many times per year does the Chief Audit Executive meet with the
audit committee (at a minimum)?
How many cumulative total hours are the audit committee meetings per
year?
Is a private session with the Chief Audit Executive and the audit
committee or chair:
• A regular agenda item
• Available on request
• Both a regular agenda item and available on request
• Not a practice
• Not applicable
Does your audit committee have a written charter?
Please select the responsibilities below that your audit committee fulfills
(choose all that apply):
• Selects the external auditor and reviews the audit fees and the
engagement letter
• Reviews the external auditor's overall audit plan
• Reviews preliminary annual and interim financial statements
• Reviews results of engagements performed by external auditors,
including management letter
• Approves the charter of the internal audit activity
• Reassesses and approves a new internal audit activity charter
annually
• Reviews and approves the internal audit activity's plans and resource
requirements
• Directly communicates with the chief audit executive who regularly
attends and participates in meetings
• Reviews evaluations of risk management, control, and governance
processes as reported by the internal
• auditors
Guidance on harmonizing data collection
•
Enter appropriate response.
•
Enter appropriate response.
•
Enter appropriate response.
•
•
Enter appropriate response.
Enter appropriate response.
8 February 2016 IIA GAIN® Benchmarking Study - Harmonizing Data Collection within RIAS 8 | P a g e
IIA GAIN® Benchmarking Study - Harmonizing Data Collection with RIAS Members
No.
Data
Ensures that engagement results are given due consideration and
receive distributions of financial
• engagement communications by the internal auditors
• Reviews policies on unethical and illegal procedures
• Reviews financial statements to be transmitted to regulatory
agencies
• Participates in the selection of accounting policies
• Reviews the impact of new or proposed legislation or regulations
Please select the items that the Chief Audit Executive reviews with the
audit committee (choose all that apply):
• Not applicable - our organization does not have an audit committee
Administration:
• Financial and resource budgets
• Financial variance analysis (actual versus budgeted expenses)
• Productivity measures
• Benchmark comparisons versus other companies
• Organizational structure
• Coordination of internal and external audit plans
Risk Management:
• Risk assessment system
• Overall assessment of the corporate control environment
• Coverage of key organizational risks
• Fraud risks
• Assessment of fraud control environment
Operations:
• Overall audit plan
• Percentage of audit plan completed
• Status of audits performed, outstanding issues, etc. ("Audit
Dashboard")
• Results of monitoring programs concerning compliance with laws,
codes of conduct, and ethics
• Significant findings from engagements
Does the internal audit activity provide professional development and
training to new and existing audit committee members?
Is the audit committee subject to review?
Guidance on harmonizing data collection
•
C14
C15
C16
•
Enter appropriate response.
•
Enter appropriate response.
•
Enter appropriate response.
8 February 2016 IIA GAIN® Benchmarking Study - Harmonizing Data Collection within RIAS 9 | P a g e
IIA GAIN® Benchmarking Study - Harmonizing Data Collection with RIAS Members
No.
Data
Yes, a self-assessment is performed on a periodic basis
Yes, an audit is performed on a periodic basis
Yes, both self-assessments and audits are performed on a periodic
basis
• No
• Not applicable
Is the audit committee charter subject to review?
• Yes, a self-assessment is performed on a periodic basis
• Yes, an audit is performed on a periodic basis
• Yes, both self-assessments and audits are performed on a periodic
basis
• No
• Not applicable
Risk Assessment and Audit Planning
How many audits did you plan in the last fiscal year?
Guidance on harmonizing data collection
•
•
•
C17
D
D1
•
•
D2
How many audits in your audit plan did you perform in the last fiscal
year (exclude any unplanned audits)?
•
D3
How many unplanned audits did you perform in the last fiscal year?
•
D4
What percentage of your audit plan is the following (must sum to 100%):
• Assurance engagements
•
•
Consulting engagements
•
•
Management requests
•
Enter appropriate response.
Enter the number of engagements from the internal audit plan consisting of
those engagements that were intended to be started and to be completed in
current year.
Enter the number of engagements from the original audit plan that were
either (i) fully completed or (ii) where fieldwork was completed by the end of
the year.
Enter the number of audit engagements not included in the original audit
plan for which audit work was completed by the end of the year.
Enter the percentage of time spent on assurance engagements, excluding
management request as long as they are not requests for high risk areas. This
includes those requests from management for “high risk areas to audit” as
opposed to requests for a pure non-assurance “advisory review” of some
sort.
Enter the percentage of time spent on consulting engagement, excluding
management requests. This may include: review of the Financial Statements,
review of new policies and procedures or changes thereto, design of new
systems, review of / comments on corporate strategies and projects,
attendance to steering committees or management meetings, etc.
Enter the percentage of time spent on management requests, including such
projects as ad hoc requests for non- assurance projects, T
8 February 2016 IIA GAIN® Benchmarking Study - Harmonizing Data Collection within RIAS 10 | P a g e
IIA GAIN® Benchmarking Study - Harmonizing Data Collection with RIAS Members
No.
Data
•
•
Fraud investigations
•
Enter the percentage of the audit plan dedicated to fraud investigations.
Follow-up audits and activities
•
Enter the percentage of the audit plan dedicated to follow-up audits from a
previous engagement and to recommendation follow-up.
Enter the percentage of the audit plan dedicated to unplanned/adhoc
requests, planned reserve projects. This should reflect time not actually
schedule in the initial audit plan
D5
What percentage of total hours built into your audit plan is categorized
as unallocated time for future, unplanned, or ad-hoc audit requests?
D6
What percentage of management requests made were actually
accomplished?
What type of audit plan do you utilize?
• Long-term audit plan with minimal revisions
• Long-term audit plan with periodic updates
• Annual audit plan with minimal revisions
• Annual audit plan with periodic updates
• Rotational short-term audit plan
• We do not utilize an audit plan
If you utilize a long-term audit plan, how many years are covered by the
plan?
Does your internal audit activity have a formal risk assessment process?
How often do you complete your risk assessment?
What are the significant risk factors utilized when performing your risk
assessment (choose all that apply)?
• Not applicable - we do not complete a risk assessment
• Degree of manual intervention / degree of automation
• Confidence in management
• Extent of major change (reorganization, new product line, etc.)
• Sensitivity (e.g., image, public relations, etc.)
• Employee turnover
• Fraud significance / potential
• Inherent risk
• Environmental factors
• Competitive pressures
• Complexity of activities
• Always
D7
D8
D9
D10
D11
Guidance on harmonizing data collection
•
•
Enter appropriate response.
• Enter appropriate response.
The working group proposes that:
• “updates” be interpreted to include such things as delays in engagements,
cancellations, swapping one field office for another; and
• “Long-term” includes multi-year audit plans.
•
Enter appropriate response.
•
•
•
Enter appropriate response.
Enter appropriate response.
Enter appropriate response.
8 February 2016 IIA GAIN® Benchmarking Study - Harmonizing Data Collection within RIAS 11 | P a g e
IIA GAIN® Benchmarking Study - Harmonizing Data Collection with RIAS Members
No.
D12
D13
D14
E
E1
Data
• Sometimes
• Never
• Control environment
• Time since last audit
• Continuous auditing - risk and controls assessments
• Degree of financial materiality
• Velocity
• Aggregation of risks
• Volume of transactions
• Other
Does your audit activity complete engagement-level risk assessments?
Is your engagement-level risk assessment tied to the annual entity-wide
risk assessment?
Is the annual entity-wide risk assessment updated periodically with the
results of the engagement-level risk assessments?
Audit Implementation / Life Cycles / Reporting
What percentage of your actual audit staff time (including sourced staff)
was devoted to (should add to 100%):
• Assurance engagements
Guidance on harmonizing data collection
•
•
Enter appropriate response.
Enter appropriate response.
•
Enter appropriate response.
•
•
•
Consulting engagements
Fraud investigations
•
•
•
Management requests
•
•
Follow-up audits and activities
•
•
External audit assistance
•
Enter the best estimate of the actual time spent on assurance engagements,
including planning, fieldwork and reporting. Include time invested by audit
firms/individual consultants hired to augment / perform audits.
Enter the best estimate of the actual time spent on consulting activities.
Enter the best estimate of the actual time spent on fraud related work. Enter
zero if fraud work is carried out by an investigations function. Note that
assessing fraud risk is included as an integral part of assurance/consulting
work.
Enter the best estimate of the actual time spent addressing management
requests.
Enter best estimate of the actual time spent on recommendations follow-up
review or follow-up audits.
Enter best estimate of the actual time spent assisting the UN Board of
Auditors (or external auditor) or other special audits. For example, in UNFPA
limited assistance was provided to UN BoA, consisting of a small number of
meetings during the course of the external audit, without any specific
requests for assistance.
8 February 2016 IIA GAIN® Benchmarking Study - Harmonizing Data Collection within RIAS 12 | P a g e
IIA GAIN® Benchmarking Study - Harmonizing Data Collection with RIAS Members
No.
E2
E3
E4
E5
Data
Guidance on harmonizing data collection
•
Other audit time (e.g., audit planning, development of audit tools,
audit plan maintenance)
•
•
Non-audit time - training
•
•
Non-audit time – other (e.g., staff meetings, staff development, and
general administration)
•
•
Holidays/vacation/sick time
•
What was the distribution of total time (as a percentage) on typical
audits (should add to 100%)?
• Planning
• Fieldwork
• Reporting
On average, how many days does it take to complete the following tasks
(should be measured in working/business days):
• Planning
• Fieldwork
• Reporting
• Follow-up
On average, how many days lapse between the end of fieldwork and the
issuance of (should be measured in working/business days):
• Draft Reports
• Final Reports
•
Enter best estimate of the actual time spent on: (i) the annual risk
assessments (business units, business processes, IT); (ii) development and
maintenance of the annual audit plan; (iii) development and maintenance of
the audit schedule. (iv) development / update of audit programmes; and (v)
implementation / maintenance of the audit management system.
Enter best estimate of the actual time spent on internal and external training
activities.
Enter best estimate of the actual time spent on staff meetings and other
support to internal audit (including procurement of staff augmentation
services and staff recruitment)
Enter estimate as an average of 9 weeks per person - six weeks leave plus two
weeks of official holidays and one week of sick leave.
Calculated based on the standard time allocation for planning, field work and
reporting activities for the different types of audits performed.
•
Calculated based on the standard time allocation for planning, field work and
reporting activities for the different types of audits performed. Use working
days.
•
Calculated based on actual number of days a draft/final report is issued after
fieldwork is completed (field works includes when staff completes and
documents all planned audit work, following its return from the field mission,
or completes and documents “testing” for desk-based audits), based on a
report tracking sheet.
Enter appropriate response.
Please indicate whether or not your internal audit activity utilizes the
•
following audit tools and techniques on an audit engagement (choose all
that apply):
• Analytical review
• Balanced scorecard or similar framework
• Benchmarking
• Computer-assisted audit techniques (CAAT)
8 February 2016 IIA GAIN® Benchmarking Study - Harmonizing Data Collection within RIAS 13 | P a g e
IIA GAIN® Benchmarking Study - Harmonizing Data Collection with RIAS Members
No.
E6
E7
E8
E9
E10
E11
F
F1
Data
• Continuous auditing
• Control self-assessment
• Data mining
• Flowchart software
• Process modeling software
• Statistical sampling
• Quality assessment review tools
• Total quality management techniques
• Six sigma methodologies
• Electronic workpaper software
• None of the above
Do you provide the following regarding engagement reporting (choose
all that apply)?
• Highlight repeat findings in audit reports
• Rate observations and findings
• Rank observations and findings based on likelihood and significance
• Include management action plans
• Provide an overall "score" for the audit
• Provide an overall opinion on the audit
• Include positive findings
• None of the above
Do you have a formal process in place to monitor observations and
findings?
As part of your monitoring process on observations and findings, do you
test the implementation of corrective action taken by the organization?
What are the average days outstanding for open items? (should be
measured in working/business days)
Does internal audit provide senior management and the board/audit
committee with a periodic written report expressing an opinion on the
organization's internal control environment?
Does internal audit provide senior management and the board/audit
committee with a periodic written report expressing an opinion on the
organization’s risk management environment?
Performance Management
Do you have a formal quality assurance and improvement program?
Guidance on harmonizing data collection
•
Enter appropriate response.
•
Enter appropriate response.
•
Enter appropriate response.
•
Enter appropriate response.
•
Enter appropriate response.
•
Enter appropriate response.
•
Enter appropriate response.
8 February 2016 IIA GAIN® Benchmarking Study - Harmonizing Data Collection within RIAS 14 | P a g e
IIA GAIN® Benchmarking Study - Harmonizing Data Collection with RIAS Members
No.
F2
F3
F4
F5
Data
What is your internal audit activity's status with regard to internal
assessments?
• Our internal audit activity performs ongoing reviews of the
performance of the internal audit activity
• Our internal audit activity performs periodic reviews performed
through self-assessment or by other persons within the organization,
with knowledge of internal audit practices and The IIA's Standards
• Our internal audit activity does not have a formal internal
assessment process
What tools does your internal audit activity utilize in performing internal
audit assessments (choose all that apply)?
• Engagement supervision
• Checklists and other means to provide assurance that processes
adopted are being followed
• Project budgets
• Timekeeping systems
• Audit plan completion and summary reports
• Cost recoveries
• In-depth interviews and surveys of stakeholder groups
• Benchmarking of the internal audit activity’s practices and
performance metrics against relevant leading practices of the
internal audit profession
• Not applicable - we do not perform internal audit assessments
Are the results of internal assessments shared with (choose all that
apply):
• Senior management
• Audit committee
• Board of directors
• External auditors
• Other appropriate persons outside the activity
• No one
• Not applicable
Has your organization had an external quality assessment in the last 5
years?
Guidance on harmonizing data collection
•
Enter appropriate response.
•
Enter appropriate response.
•
Enter appropriate response.
•
Enter appropriate response.
8 February 2016 IIA GAIN® Benchmarking Study - Harmonizing Data Collection within RIAS 15 | P a g e
IIA GAIN® Benchmarking Study - Harmonizing Data Collection with RIAS Members
No.
F6
F7
F8
F9
Data
If no, please explain why you have not had an external quality
assessment performed:
• Audit oversight (executive management, audit committee, Chief
Audit Executive) does not see value in an
• external assessment
• Not considered a priority
• Costs too much
• Internal audit activity is new and an external assessment is not yet
required
• Outside parties (regulators, external auditors, etc.) are evaluating
the internal audit activity and another assessment is not necessary
• Other
Was your external assessment:
• An independent and external assessment
• A self-assessment with independent validation
• Not applicable
Do you plan to have an external quality assessment performed every:
• 1-2 years
• 3-4 years
• 5 years
• Other
• Not applicable
Who are the results of the external assessments shared with (choose all
that apply)?
• Senior management
• Audit committee
• Board of Directors
• External auditors
• Other appropriate persons outside the activity
• No one
• Not applicable
Guidance on harmonizing data collection
•
Enter appropriate response.
•
Enter appropriate response.
•
Enter appropriate response.
•
Enter appropriate response.
8 February 2016 IIA GAIN® Benchmarking Study - Harmonizing Data Collection within RIAS 16 | P a g e
Sur le même sujet..
collection
audit
assessment
enter
study
staff
benchmarking
appropriate
harmonizing
external
management
internal
other
total
response
