In this intensive, highly interactive two-day seminar we will review best practices in Internal Audit planning so that the work of the Internal Audit function is focused on the right areas. You will cover, in detail, how to develop a business focused, objective-based audit plan that will zero in on business issues of key importance and maximise the value of expended audit resources. Throughout the course, best practice will be shared alongside useful tools and techniques to help ensure that the IA plan is demonstrably focusing on the right areas. You will learn how to incorporate the organisation’s key data into the plan and, as a result, establish the audit strategy of the future. You will focus on designing a planning methodology that emphasises outcome rather than output. This course will enable you to focus on adding real value to the organization by creating a concrete annual audit plan which is totally business-focused.
What you will learn
1. Are you using questions of value and value add into the planning process:
- Linking the IA plan with a desire to add value in practical terms
- Improving your ability to articulate the value of an IA audit, as well as the cost of an audit, so that there is a better match between these
- This will include thinking through different Internal Audit products such as Investigation, Audit and Review so that the work done is proportionate
2. Who should be engaged and what are the best practice questions that should be asked?
- Which Senior Managers – does the order matter?
- How to handle the Audit Committee and thinking about other board members as well
- What to do with view from Middle management and IA staff
3. Leveraging other sources of intelligence
4. How to balance the multiple sources of information that could inform a plan in a way that can be explained and justified, whilst not simply following the latest fads. For example:
- Past IA reports
- Risk registers
- Other Compliance information
- Other sources (newspapers, best practice IA)
5. Best practice ways of linking the IA plan to key risk areas, whilst delivering core assurance areas:
- Developing/validating your audit universe
- Where should key risks on the risk register feature?
- How to handle core compliance needs in a way that might lead to greater ownership of these areas by other parts of the organization
6. Killer questions and follow up questions to help ensure that you don’t get too many ‘turkeys’ on the plan:
- Recognizing the hidden pitfalls in typical discussions about risks and areas to audit
- Developing a way of understanding the factors influencing stakeholder views of areas to audit and learning how to influence those factor
- Great follow-up questions to ensure you don’t simply audit areas where the reaction might be – in the end – “we already knew that”
7. Implications and action plans
8. How to address differences between Senior Management and the Audit Committee in relation to what they would like IA to do:
- Many heads note that their senior managers most like business oriented audits which identify efficiencies or cost savings or advisory work on key projects
- In contrast some Audit Committees are more concerned with core assurance areas – compliance and financial controls and favor advisory work less
- Learn practical ways to work through any of these difficulties constructively
9. How to effectively address the question “Do you have enough resource?” in a way that gets a constructive debate going, without being a too overt plea for resource
10. Clear and simple ways to present IA coverage in terms of:
- The depth and breadth of past work
- Key compliance and control areas in terms of key controls coverage and cycle times
- The depth of work planned in the current year
- The areas that are and are not being covered
11. Best practices around longer term planning horizons, the annual plan and ad hoc audit work:
- Is a longer-term plan advisable especially in the context of the many fast moving risks that arise nowadays?
- How much of the plan should be presented as fixed versus flexible?
- What are best practice ways of accommodating new requests without turning this into a time-consuming and bureaucratic process?
12. Ways to use the planning process as a way of deepening the relationship between the head of audit and senior stakeholders:
- Recognizing the unique opportunity that the annual planning process presents to understand the needs and concerns of key stakeholders
- Recognizing the spin off benefits that can arise from the planning process beyond the audit plan itself – for example, insights into the effectiveness of risk management and compliance
13. Application of all of the insights through small group work, to develop a tailored plan of action that will suit your organisation – without turning any improvements into an industry
14. Sharing priority plans