Comprehensive course analysis
About the course
Boost your career in executive development
In recent years, the corporate spotlight has focused increasingly on Chief Internal Auditors and on the impact and influence they and their teams can have. Their personal and professional relationships with their key stakeholders are vital to the reputation of the internal audit function and the support it receives within the organisation. This course will provide the Chief Internal Auditor with practical guidance aimed at enhancing their position and profile within their organisation, as well as the reputation and performance of their team.
The course will enable the Chief Internal Auditor to understand and develop attributes that demonstrate world-class performance, with particular emphasis on teamwork, relationships, innovation and the drive for continuous improvement.
The Chief Internal Auditor and his or her team are seen as key parts of the governance, risk and assurance framework and this course will also help the Chief Internal Auditor leverage the work of other assurance functions so as to present a more coordinated role in reporting to the relevant Board level committees (usually Audit and Risk) on strategic change and its impact on this framework.
The course will also enable Chief Internal Auditors to better deliver against increasingly demanding objectives set by their own management and Audit Committees, and frequently influenced by a wider range of stakeholders such as regulators and professional bodies. The recent guidance from the CIIA to internal audit functions in financial services and the public sector, as well as the newly updated corporate governance code from the Financial Reporting Council are evidence of this. In particular, the new CIIA Financial Services Code supplements guidance already readily available via the International Standards for Professional Internal Auditing and has implications for Chief Internal Auditors across all industries. Its role in further formalising the authority, positioning and influence of the Chief Internal Auditor, will be explored with a view to optimising its use.
- Understand how to create the most effective reporting lines and to build efficient channels of communication, both inside and outside the Boardroom
- Develop and build powerful relationships with all key stakeholders, understanding the levers and buttons which help build maximum impact and credibility within an environment of growing regulation and accountability.
- Learn how the Chief Internal Auditor (and their team) can leverage the principles of the CIIA code to work effectively across all organisations.
- Hear about and exchange “war stories” from a variety of Audit Committee and executive environments.
- Develop an approach to reflect the objectives, values and culture of the organisation.
- Understand the skills and resources required to deliver a challenging plan and what does this mean for the shape of the team.
- Learn how to get the most out of a co-source relationship, recognising the value that Audit Committee chairs now believe this can bring to all internal audit functions.
- Develop approaches to plan and audit more complex areas such as governance, culture and strategy.
Benefits of attending:
- You will improve your performance, profile and reputation as a Chief Internal Auditor.
- You will understand the challenges that new Chief Internal Auditors should expect and you will get practical guidance and real life examples of how to meet them head on.
- You will develop your skills to communicate better in the Boardroom or in key executive committee meetings, both verbally and through improved reports.
- You will learn to build a more receptive culture for internal audit.
- You will learn best practices for enhancing the performance, impact and credibility of your internal audit team.
Course outline, format of the various days and session, timetable and administration.
Class Discussion and Ice-Breaker: Introduce the course instructor and the delegates and their backgrounds. Share challenges and experiences as Chief Internal Auditors.
Outline course programme. Agree and prioritise the course objectives.
The role and position of the Chief Internal Auditor (Part 1)
- The role of the Chief Internal Auditor and how this is perceived across a range of organisations. Example Role Profiles
- The CIA and access to the Executive Committee, the Audit Committee and the Board. What challenges does a separate Board Risk Committee introduce?
Class Exercise: List and prioritise all key stakeholder relationships and go through examples of how (or whether) the Chief Internal Auditor should report in each case.
Reporting Lines for the Chief Internal Auditor and how to maintain independence.
Class Discussion: Discuss typical FS corporate structures and where does internal audit feature and report. For key executive committees, should Chief Internal Auditors attend or just receive (or present) papers?
The Chief Internal Auditor’s role in meeting Professional Standards documentation: Key documentation a Chief Internal Auditor must be familiar with and have at your fingertips?
- Authority – the role of the IA charter and the Audit Committee charter.
- Planning – the role of the audit universe, the annual audit plan and the importance of reflecting alignment with the organisation’s own risk framework.
- Fieldwork – the methodology and principles behind sample selection and testing.
Example IA Charters (IA lines) and Audit Committee Terms of Reference (IA focus)
Group Discussion: To consider the administration requirements and how to ensure they are a help and not a hindrance or a burden.
Audit Planning, the Audit Universe and other Critical information? What is the CIA role in audit planning and what management information (MI) should the Chief Internal Auditor and his/her team receive and what do you do with it?
Class Exercise: Analyse examples of the MI which is likely to be essential to the effective delivery of the audit plan.
- Important/”Nice to have”/On request?
- What do you see at your organisations?
- Consider internal and external/industry sources of MI
Recap Day 1 – Roles, Position, Stakeholders, Critical MI, Sound bites
The role and position of the Chief Internal Auditor (Part 2)
- Independence and Building Relationships:
- Non-Executive Directors (NEDs), Executives, Senior Management
- Visibility at the “top table” and the relationship with the Audit & Risk Committees
- Operating within the traditional three lines of defence model
- Other lines of defence – e.g. How to build on the role of the 1½ line? Should external auditors and regulators be seen in 4th and 5th line roles?
- Co-source partners, professional bodies and peers
Class Discussion: Relationship building – tips and tricks. Examples of success stories + failures.
Class Discussion: With an enhanced relationship with the Audit Committee, how does the Chief Internal Auditor avoid being seen as too close to the NEDs?
The IPPF and the Standards The relevance of the Standards and the changes in July 2015 and October 2016 and what they mean for CIAs.
The CIIA Financial Services Code (2013 and the 2017 update) In the UK, how has the “FS Code” affected Chief Internal Auditors and their key stakeholders?
- Is it guidance or is it required practice?
- How can the code really improve your role as Chief Internal Auditor?
- What impact has it had on executive and non-executive directors?
Class Discussion: Discussion on “the Code”. How has it changed the role of the Chief Internal Auditor? How valuable is the code outside the UK? Fit with IPPF/Standards?
Case Study: Looking at real life examples of Chief Internal Auditors’ experiences with the code
The Changing shapes of Internal Audit functions How can the Chief Internal Auditor build the most effective team structure with access to the required breadth and depth of skills and experience – and at the right price?
Class Discussion: Consider the pros and cons of different structures – centralised v decentralised; aligned by geography or line of business; in-house skills or co-source?
- Substantial growth in co-source arrangements, way beyond traditional IT audit space
- Increased range of co-source providers and their skills base.
- Increased expectations by Audit Committees as to how to access & use specialist skills.
- The pros and cons of guest auditors and secondments.
- Understanding the relative costs to your internal audit budget.
Group Discussion: IA function staffing and skills requirements to best serve your organisation.
Case Study: How can CIAs best use co-source arrangements? Consider the selection process, performance assessment, team integration and how to get the “best bang for your buck”.
Recap Day 2
Attributes of a World Class Internal Audit function
- Definition of “world class” and how it can be applied to internal audit
- Examples of applying “guidance” from experts; e.g. Kobayashi, Drennan & Pennington
- Views of IIA/Firms/IA evangelists
- Understanding the key capabilities that distinguish world class internal audit
- Performance; particularly process productivity, stakeholder satisfaction, strategic alignment and reporting for impact
- Use of balanced scorecards and other KPIs to measure performance
Group Discussion: Covering a range of examples of measures/KPIs and their relative advantages and disadvantages.
Case Study to review and critique a sample internal audit MI pack.
Class discussion: Where are you on the maturity scale? Examples of good practice. Best opportunities for early quick wins?
External Quality Assessments (EQAs) EQAs are becoming more popular, particularly as standards require them to be performed every 5 years and regulators are looking for them to be done more frequently (in Financial Services). Audit Committees are looking to support their sign off on effectiveness under the Corporate Governance code. As a Chief Internal Auditor, what should you look out for and how can you influence them?
Case Study: Undertaking an External Quality Assessment – Who does them, how are they structured and learning from the most common findings.
How a CIA should set up and maintain an effective internal audit Quality Assurance & Improvement programme?
- How to assess your own team’s effectiveness – and your own effectiveness.
- The benefits and pitfalls of feedback forms and (internal) peer reviews.
State of the internal audit profession in 2016
- Understanding what the major global consulting firms are saying/predicting
- Sources of guidance from within your industry
- Use guidance from other professional bodies (CIIA, COSO, IRM, ISACA, ICAEW)
Global hot spots for internal audit in 2017
- Including key areas such as Culture, Conduct and Cyber
Audit Committee priorities Guest Speaker – Malcolm Himsworth, formerly HIA at British Arab Commercial Bank and the Derbyshire Building Society and Audit Committee member for CAF Bank.
Recap Day 3
Audit Reporting Writing for Impact – tips and tricks for quicker and more impactful reporting. How best to identify themes and present them at exec and Audit Committee level. How to build and present opinions – and how to balance exec and Board’s expectations.
Case Study: How the Audit Report can (at times) “be the greatest barrier to getting things fixed” – review and discuss a sample of real audit reports and Committee papers.
Group Discussion: To consider the relative merits of what to report, where to report it and who should receive full reports, executive summaries, etc.
Action Tracking – follow-up and tracking of issues, actions and, most importantly, outcomes
Grading audit reports and issues - High/Medium/Low? Red/Amber/Green? – join the debate to discuss the pros and cons and how the Chief Internal Auditor must take the lead
Group discussion: Looking at diverse examples of definitions at issue and report level
How to audit complex areas, such as governance, culture and strategy? All audits conducted should include aspects of governance and risk and control culture within their scope. In addition, there may be opportunities to carry out overarching organisation-wide reviews of governance and/or culture.
Group Discussion: Key principles of how to perform these types of reviews and what guidance is readily available.
Case Study: How to approach the audit of governance.
The updated UK FRC Corporate Governance code – What does it mean for the CIA?
In the UK, the latest relevant updates (Sept 2014 and April 2016) by the Financial Reporting Council (FRC) put pressure on boards to enhance disclosure in their annual report and focuses on two areas of particular interest for CIAs:
- Companies should robustly assess principal risks and how they are being mitigated
- Companies should monitor their risk management and internal control systems and, at least annually, carry out a review of their effectiveness, and report on that review.
Group Discussion: Understanding the enhanced impact that the code has had on the scope and nature of reporting by the Chief Internal Auditor to the Audit Committee and the Board as a result of the updated code. Early feedback/examples and assess the impact outside the UK.
Recap Day 4
Auditing Change Projects
- An insight to the world of change management and the challenge of auditing change projects in-flight.
- Understanding the CIA’s critical role in major projects and initiatives that are key to organisation’s objectives.
- Understanding project language and how to use the project infrastructure to challenge, report and escalate issues. Benefits and pitfalls of being involved early. Avoiding being asked to “sign off”. The role of post mortems & how to go about them.
Case Study: Using a real life example of a major systems implementation, some typical issues and challenges and an innovative reporting approach which can fit multiple projects.
Building a more effective and efficient internal audit function Management and the Board frequently look for more and ideally without increasing long term costs. There are an increasing range of tried and tested techniques and systems in place to help deliver these efficiencies. These are not new but are still not common and include:
- Continuous auditing
- Data Analytics
- Combined Assurance and the use of Assurance Maps
- Control Risk Self-Assessment
- Risk & Control workshops
Group Discussion: Each of these techniques and systems can be the subject of more extensive courses. The Group discussion will therefore focus on a selection of relevant examples and the extent to which these are operating or could be introduced within the delegates’ own firms. We will also look at the key sources of guidance and how to keep up to date with developments in these important initiatives.
Case Study: To review, critique and help redesign an assurance map
- Summary of main areas covered throughout the programme
- Review course objectives
- Questions and aspects for further discussion
- Next steps
- Course Evaluation by participants and close.
David is a respected Head of Internal Audit with over thirty years’ experience in internal audit and risk management, gained from executive assurance and consulting roles with a range of major organisations. David has worked as Head of Internal Audit for several large financial services firms, in...
Videos and materials
Read more about Business Analytics
Because of COVID-19, many providers are cancelling or postponing in-person programs or providing online participation options.
We are happy to help you find a suitable online alternative.