KPMG Internal Audit: What's on the Horizon? Abstract. KPMG outlines internal audit's constant need to look for new risks and threats. Internal Auditors can ensure organizations are protected examining the following areas. Flexibility: The world is changing at a phenomenal pace. Internal audit plans must be regularly reviewed and challenged to ensure they remain relevant. If a plan looks the same as it did 12 months ago, alarm bells should be ringing. •Effective challenge: Internal audit must be the control conscience of the organization. The team should be clear in articulating what is needed from an assurance perspective and make sure their voice is heard, encouraging debate and securing the right resource and specialist skills. •Innovate: With demands to do more for less, innovation is key. Enhanced self-assessment processes or detailed control surveys are two examples. Embedding more and better use of technology is becoming the norm, ranging from data analytics to continuous audit initiatives. •Refresh: Teams are taking a fresh look at their integrated governance, risk and control frameworks. Are roles clearly defined, and do activities fit seamlessly? Assurance mapping is just one example: do you have a clear picture of how all of your assurance activities are working together? •Engage: Internal audit have a unique opportunity, and responsibility, to identify emerging risks and support the board and risk teams as part of an effective, integratedgovernance, risk and assurance cycle. Now is not the time to be a bystander. •Be brave:Assurance spends must be managed efficiently just as in any other part of the business. However, when resource and budget constraints become the primary driver of assurance activity, something is wrong and concerns must be raised. Threats to information security are becoming more and more complex. The following IT issues can cause issues with security that internal audit should be aware of: data leakage, new technologies and any system change. Keeping up with change is another important aspect of Internal Audit. With new markets emerging come newer risks. With this Internal Auditors must ask themselves the following questions:Have business needs raced ahead of control design? Is risk management appropriately embedded? Has the need for independent program assurance been assessed? Do systems and controls deviate from the group standard? Is there an impact from negative economic policies or purely political risks, for example, contentious elections, political violence? Can local expertise be relied upon to deal with complex legislation, adverse regulatory changes and administrative requirements? Are the language and cultural skills of existing internal audit staff up to the task? Treasury and funding risks are also a concern of Internal Audit. Treasury management systems need to be constantly monitored to ensure they are effective at detecting risk. Businesses also need to ensure they can recover from a disaster and cope with a crisis. Internal Audit can assist with this by ensuringbusiness impact analysis is adequate, testing plans to ensure sufficiency , ensuring all group operations fully aligned, test crisis management to restrict reputational damage
With Fraud still on the increase internal audit needs to stay alert. Ways Internal Audit can better monitor fraud is by assessing if the business is aware or in denial offraud risks, implementinga fraud risk management strategy, reviewing the existence and adequacy of fraud policies, staff training and awareness, reviewing the fraud reporting structure.
Increasing corporate transparency and reporting for regulatory needs have led to more new information being shared on a regular basis. Internal audit should look at what information, away from finance, is being published. All risks, whether reputational, regulatory or other, must be factored into the annual audit plan. Where reporting and monitoring are off system, single entry, and spreadsheet based, there is frequently a higher risk of error. Internal audit should consider whether the team involved in preparing reports and disclosures have training and experience in the relevant field. Investing in joint venture operations fundamentally changes the demands on internal audit. Internal audit has plays a role in this by ensuringvisibility over the processes and controls in the joint venture, monitoring that there is limited interaction between staff at headquarter and the staff based in the joint venture. Internal Auditors must ensure a proper Anti-corruption Policy is emplaced in a company. Auditors must have detailed knowledge of what an organization has done and have you developed a comprehensive plan to test the design and effectiveness of anti-corruption controls, assess anti-corruption risks and the actions to mitigate those risks, ensure the business has a well-developed set of 'red flag' criteria, adequate.
Uploaded by ChancellorPolarBearPerson614 on coursehero.com