052009 thenetwork by C486He6T

VIEWS: 7 PAGES: 30

									Institute of Internal Auditors Philippines
                       st
The Network - 2009 1 Quarter                                                                  Volume 4, Issue 2




             The Network
             The official publication of The Institute of Internal Auditors Philippines
                           “Your Profession, Our Passion!”



                                        To go directly to your desired article
                   Please hold CRTL key in your keyboard + click the page number on the left side


         CONTENTS                                                                            PAGE

         Global Outstanding Performance
                                                                                             Page 2
         A Silver Medal for a Filipino Topnocher by: E.M.D. Vegamora, CIA

         Spending Friday Night Differently by: Sally Gale Tejada & Teresa
                                                                                             Page 4
         Palines

         Quality Assessment Corner by: Eloisa Acosta                                         Page 6

         Is Self-assessment With Independent Validation Right For You?
                By: Cristina Brune                                                           Page 7


         IIAP Quality Assessment 2008 Survey Result                                         Page 13


         Mandatory QAR Standards : Is Your Organization Ready?
                                                                                            Page 15



         Learning Ladder for Internal Auditors by: Duke Bajenting                           Page 17


         Summer Respite 2009 by: Mark Anthony Wycoco                                        Page 30




                                                       Page 1 of 30
Institute of Internal Auditors Philippines
                       st
The Network - 2009 1 Quarter                                                                      Volume 4, Issue 2




                         GLOBAL OUTSTANDING PERFORMANCE
                            A Silver Medal for a Filipino Topnotcher
                                             By E.M.D. Vegamora, CIA


             In 2008, The Institute of Internal Auditors (IIA) global certification program had been
             upgraded from the Paper-and-Pencil format of examination towards the Computer-
             Based Testing (CBT) format. This has been in line with the The IIA vision of being the global
             voice of the internal audit profession and providing exceptional service to its members.
             CBT, as defined by The IIA, is the delivery of its existing certification exams by computer,
             at a pre-determined, proctored site. The implementation of CBT globally strengthens The
             IIA’s commitment to serving the internal audit community throughout the world with a
             valid and reliable examination process.

             The IIA Global Certification Program covers the Certified Internal Auditor (CIA), the
             Certified Financial Services Auditor (CFSA), the Certification on Controls Self-Assessment
             (CCSA), and the Certified Government Audit Professional (CGAP). Each certification
             would signify the individual certificate holder's completion of a rigorous test of his
             professional competence, attainment of a desired level of internal audit experience,
             and adherence to global standards for ethical practice in internal auditing.

             In March 2009, the IIA-Philippines (IIA-P) received from IIA International an advisory stating
             that one of the candidates from IIA-P has been qualified by the IIA's Global Board of
             Regents, for a 2008 Silver medal award.           Ricky Navarro, Internal Auditor from the
             National Power Corporation (Napocor), is the global Silver medal winner for 2008, one of
             the William S. Smith Awards for excellent performance in the certification exams. The IIA
             Inc. further clarified that Ricky Navarro was chosen from among the 30,000 candidates
             who sat for CIA examinations worldwide during 2008.

             With the evolution to Computer-based Testing, the William S. Smith awards considers the
             individual's performance on the core exam parts (CIA Parts 1, 2 and 3). Notwithstanding
             the year-round testing, it is a requirement that the award recipients must pass each of
             the three CIA exam parts on their first attempt within one year of taking the exam. The
             IIA, Inc. standards further provide that the Gold medal award is presented to the highest-
             scoring candidate. This is then followed by the Silver medal award, for the second-
             highest scoring candidate, and followed by the Bronze medal award to the third-highest
             scoring candidates for the calendar year. The next highest scores following that of the
             Bronze medalist are the ten (10) Certificate of Excellence awardees and fifty (50)
             Certificate of Honor awardees.

             IIA, Inc. recognized Ricky Navarro in front of an international audience, at the May 2009
             International IIA Conference, recently held in South Africa. The IIA Global Headquarters
             had sponsored all of Mr. Ricky Navarro's travel expenses, accommodation, and the
             convention registration fee, which are but a fitting congratulatory gesture for our global
             Silver medalist.

             Mr. Navarro's preparation for the CIA examinations included his attendance in the CIA
             Seminar Series offered by the IIA-Philippines, conducted by various CIA resource



                                                     Page 2 of 30
Institute of Internal Auditors Philippines
                       st
The Network - 2009 1 Quarter                                                                  Volume 4, Issue 2

             speakers. Along with Ricky Navarro are 28 other successful candidates who already
             completed and passed the CBT format CIA examinations for year 2008.

             Mr. Navarro becomes part of the elite group of CIA topnotchers worldwide. He joins the
             previous CIA topnotchers from the Philippines consisting of four (4) Gold medal
             awardees, namely Ryan Vincent Chua, Elisheba M., Duchess Marie Cruz, and Duke
             Bajenting (who have been similarly recognized during previous International
             Conferences of the IIA, Inc.), as well as the previous ten (10) certificate of excellence
             awardees and thirty-one (31) certificate of honor awardees from the Philippines.

             With pride and honor for the Filipino professional, we once again give all our praises to
             God Almighty, who deserves all the glory!



             Edel Mary D. Vegamora, CIA                  Alexander T. Cordero, CIA
             CIA Country Coordinator                           Deputy CIA Country Coordinator




                                                   Page 3 of 30
Institute of Internal Auditors Philippines
                       st
The Network - 2009 1 Quarter                                                                       Volume 4, Issue 2



                              Spending Friday Night Differently
                                       By: Sally Gale Tejada & Ma. Teresa Palines




             February 20, 2009, Intercontinental Hotel, Makati City, Fridays are most anticipated by
             most, if not all of us. It's the day when everybody seems to count every ticking of the
             clock, excitedly waiting for the working hours to be officially over. That was then.
             Perhaps, this time, it's a little different. Now that the recession reached the shores of our
             neighboring countries, one would normally think that the gigantic waves brought about
             by this epidemic can hit ours sooner rather than later. Everyone has the right to have
             some doubts and feel a little worried about Fridays. “And so it's Friday, will I still have my
             work when Monday comes?” One would ask. Sounds too pessimistic? No, that's reality
             check! So, instead of heading to our respective boarding houses (our extended office)
             and do some office paperworks or worst, spending our hard-earned money in bars,
             coffee shops, or fancy restaurants, we decided to spend our Friday night differently by
             attending the Institute of Internal Auditors' (IIA) First General Membership Meeting (GMM)
             for 2009.

             This year's first GMM had a theme of : Weathering the Economic and Financial Crisis
             through Professional Excellence. It was attended by audit professionals from different
             industries in the country who rose to the challenge and realized that coming out as one
             soul is one of the major keys if we are to triumph against this economic hurricane.
             Indeed, the IIA has a different viewpoint of what kind of defense and offense we need
             before we are caught off-guard and suffer the grim consequences.

             Aside from all the chitchat with colleagues about work and the luscious dinner plate, the
             main course of the night had been served by the event's guest speaker, Dr.Jesus P.
             Estanislao, Chairman of the Institute of Corporate Directors and Institute for Solidarity in
             Asia. Dr. Estanislao emphasized the need for us to think about how to get out from the
             disastrous impact of this economic turmoil, the first step of which is to understand what
             gave birth to this event. It's wise not to pass the blame ball anymore and start to search
             for the cause of this and from there we could come up with real solutions. Governance
             is one of the basic ingredients that needs to be deeply-rooted from top to bottom if a
             company has to achieve long-term survival and to thrive in the business arena, but
             oftentimes this basic is the most disregarded. Who could forget the rise and fall of Enron?
             And now, Lehman Brothers together with many other businesses who made their exit in
             the business world will be part of history. Without sound governance culture one could
             expect a financial meltdown brewing behind the thick corporate walls. Governance
             which calls for freedom and responsibility is one of the softer sciences that Dr. Estanislao
             emphasized during the GMM. This softer science has to be combined with the hard
             sciences. As internal auditors we could play a vital role for this combination to work. It
             may be an enormous task that lies on our shoulders as members of the Internal Audit
             Activity of our respective organizations but it is where the beauty of our profession comes
             in – adding value.

             The night’s event was never completed without looking back because we will never be
             where we are if it has not been for the past. The theme last year: Reaching New Heights
             really did elevate IIA. The IIA-Philippines' former president (2008), Ms. Jane Rosales, the
             directors and officers really worked hard to achieve new heights. Winning the prestigious



                                                      Page 4 of 30
Institute of Internal Auditors Philippines
                       st
The Network - 2009 1 Quarter                                                                      Volume 4, Issue 2




             IMAP, producing some topnotchers in the CIA Examination (some are even Gold
             Medalists) are just few of the many evidences that the IIA- Philippines Chapter has
             indeed reached new heights and made a phenomenal leap. While the world looked
             back at 2008 sourly, IIA-P will always remember 2008 as a historic height of the Institution.


             The year 2009 is the year of the Ox and the IIA has no other place to go but forward. The
             theme this year: Running the Race to Excellence is the call to all internal auditors.
             Incumbent President, Reginald Nery laid down what to expect and look forward to this
             year. The race may be hard, the nights may be long, it may be weary, but we will
             succeed, we will always feel the exhilaration of victory along the race. We made it last
             year, we can also make it this year. This is the challenge. We have to work like a big
             orchestra, working in harmony, pulling together to create the sweet music of excellence.
             Mr. Reggie Nery, the conductor, his arms raised with the stick of leadership, signaling the
             whole band that the concert has begun! Let us all put our souls together and work it out
             to be the excellent orchestra of our time!




                                                     Page 5 of 30
Institute of Internal Auditors Philippines
                       st
The Network - 2009 1 Quarter                                                                    Volume 4, Issue 2


                                         Quality Assessment Corner
                                                 By: Eloisa Acosta




             The economic crisis taking its toll globally poses many challenges to management,
             business owners and regulators, including the internal audit activity of any organization.
             Beyond budget cuts and among other concerns, the far greater challenge is ensuring
             that the internal audit activity (IAA) continuous to be relevant and value-adding to its
             organization. Has the internal audit (IA) function provided management and the
             organization an effective evaluation of its governance, risk assessment & control
             processes----competently able to address and adapt to the changing business and
             economic environment?

             As has been consistently maintained in all IIA QA advocacies: “Quality is integral to
             effective management and administration. The quality proposition is critical to all aspects
             of organizational governance”; internal audit is part of that integral foundations to
             effective corporate governance. As such, submitting the IA function to an independent
             and objective quality measurement is one way of ensuring its customers/clients of a
             credible and at par, if not exceptional, performance. The next question one might ask
             would then be, am I ready? Or, what processes are involved? And, how will it affect
             future delivery of IA services?

             For this 2nd Issue of IIAP Newsletter, we are bringing back the articles of Mr. Lauro G.
             Francisco - “Mandatory QAR Standards: Is Your Organization Ready?” and that of Ms.
             Christina Brune – “Is Self-assessment With Independent Validation Right For You?”. Both
             articles were already published in the IIAP Newsletter October 2007 Issue and in the IIA
             Journal 2006 Series, respectively. These are two (2) insightful articles to help the Chief
             Audit Executives (CAE) appreciate the quality assessment process and gauge the
             internal audit function’s readiness to undergo quality check.

             For more FAQs on QA, you may visit the IIA Inc. website, just click on:
             http://www.theiia.org/guidance/quality/quality-faq/ or email quality@iia-p.org or call
             IIAP Secretariat tel. no. 813-2553.

             You might be interested to know the results of The IIA’s 2008 Quality Status Survey, click
             on http://www.theiia.org/guidance/quality/quality-status-survey/. Here, you will get to
             see at the IIA’s List of Organizations with Completed External Assessments. Wouldn’t you
             be interested to be in this list?

             IIAP conducted a similar effort and tried to gather information on compliance to IIA
             Standards on QA. You may know the result by visiting the http://www.iia-p.org/.




                                                    Page 6 of 30
Institute of Internal Auditors Philippines
                       st
The Network - 2009 1 Quarter                                                                      Volume 4, Issue 2




              Is Self-assessment With Independent Validation Right For You?
                                              BY CHRISTINA BRUNE


                 Source:
                                      IA Quality Assessments – Performing the Reviews
                                 Law Audit Wire, Volume 26 – Number 4 – July/August 2004

                              Is Self-assessment With Independent Validation Right For You?

                  Three internal audit leaders describe their experiences with this new process and how
                                            it benefited their organizations.
                                                   BY CHRISTINA BRUNE

                 The concept of “self-assessment with independent validation” was born just two
             years ago. This new quality assessment process, which meets The IIA’s International
             Standards for the President Practice of Internal Auditing’s requirement for external
             assessments at least once every five years (Attribute Standard 1312), is designed to serve
             smaller organizations with limited internal audit staff that may not have the resources to
             undergo     a full external quality assessment (QA). However, it can be used by
             organizations of any size.

                  Self-assessment with independent validation differs from a complete external QA in
             that much of the review is performed in-house. Rather than having an external team of
             approximately three people working onsite for a week or two to perform a complete
             evaluation of the internal audit organization – as is the case with an external QA – self
             assessment with independent validation typically involves only one validator working
             onsite for a few days to substantiate the findings of the self-assessment. Although the
             internal commitment of resources is greater using the self-assessment method, the
             reduced fieldwork by external personnel may result in substantial cost-savings, making
             this approach attractive to smaller organizations with tight budgets.

                 A self-assessment usually begins with the selection of a vendor or a qualified
             individual to provide the validation service for an internal audit organization. The internal
             audit group works with the validator to predetermine the scope of the review, based on
             quality review requirements and individual organizational goals. An internal team,
             formed by the chief audit executive (CAE), gathers extensive data about the internal
             auditor activity (referred to as a self-study) and shares that information with the validator.
             Then, the team performs a self-assessment of the internal audit activity, rating itself in
             terms of conformity to the Standards, and develops report of its findings. The validator
             reviews the report, conducts onsite interviews and testing to validate its findings, and
             either concurs with the CAE’s report or develops a dissenting report. The review results
             are then forwarded to senior management, the audit committee, and/or other relevant
             parties.

                 Although self-assessment with independent validation typically comes with a lower
             price tag than a full QA, it’s important to figure the internal time commitment and
             resources necessary for the self-assessment when determining if this method is actually



                                                     Page 7 of 30
Institute of Internal Auditors Philippines
                       st
The Network - 2009 1 Quarter                                                                     Volume 4, Issue 2

             more cost-effective. Robert Ferst, vice president of The IIA’s Quality Auditing Services,
             also points out that the two approaches don’t yield the same level of information, or
             results. “The shorter validation approach is effective in that it allows an internal audit
             activity to determine if it is in conformity to the Standards; however, the full QA team
             approach goes further in that best practices are looked at thoroughly, the information-
             technology function is examined in detail, and consulting services are reviewed carefully.
             The officer-interview process is also more thorough, garnering additional information and
             ultimately providing more value to the company,” he says. “Internal audit shops that
             want to go beyond conformity to the Standards tend to opt for the full external QA.”

                  As the date for compliance with Standard 1312 draws nearer (compliance is
             mandatory by Jan. 1, 2007), more organizations are looking at self-assessment with
             independent validation to determine if this process is appropriate for them. Auditwire
             recently spoke with three internal audit leaders who have used this new method to learn
             how they got started, what the process was like, and if, in hindsight, the decision to take
             this route was right for them. Perhaps their experiences will shed some light on whether
             this process would work for you.

                 GETTING STARTED

                 Don Gonzales, internal audit manager for Point Lisas Industrial Port Development
             Corp. Ltd. In Trinidad and Tobago, chose not to wait until the last minute to comply with
             The IIA’s external review standard, as some of his peers are doing. “Although some are
             choosing to wait until they have their act together before scheduling an external review
             of their processes, we elected to undergo a review early to help identify some of our
             gaps and put effective measures in place,” Gonzales says. “Down the road, we may
             decide to go with the full-blown QA.” Gonzales explains that the reduced cost and small
             size of his company (300 permanent employees with four auditors) were also motivating
             factors in his decision to begin the review process with a self-assessment.

                 When Michael Sekoni, general auditor for Accident Fund Insurance Co. of America in
             Lansing, Mich., contacted The IIA to inquire about scheduling a complete QA for his
             audit group, The Institute recommended the self-assessment with inadequate validation
             option, because, like Point Lisas, Accident Fund was small with four internal auditors.
             “That interested us, because it involved less of a time commitment and was much less
             expensive,” Sekoni says, “The IIA’s Quality Auditing Service sent a few resumes of
             potential validators, and we selected one of them. Once was accepted The IIA’s
             proposal, we received an engagement letter, which served as the contract.”

                 In addition to confidentially clause, one key item that Sekoni elected to add the
             engagement contract was a statement about how the results would be relayed.
             “Typically, with an independent validation, the expectation is not for the validator to
             present to the board of directors. The CAE usually does not, “ Sekoni says. “But for us, to
             add credibility to the process, we thought it would make sense to arrange for the
             validator to present the results directly to the board, and we’re pleased we did that.”

                 In the case of Laurie Lafontaine, vice president of audit services for Allina Hospitals
             and Clinics, a $2 billion company based in Minneapolis, Minn., the decision to use self-
             assessment with independent validation was an easy one. By volunteering her internal
             auditor team to be the first to pilot to a new validation program initiated by The IIA’s Twin
             Cities [Minn.] Chapter, administrative fees for the validation were waived.




                                                     Page 8 of 30
Institute of Internal Auditors Philippines
                       st
The Network - 2009 1 Quarter                                                                   Volume 4, Issue 2

                 Her 20-person audit service group, which conducts financial, operational, information
             systems, and regulatory and compliance audits, had recently completed an internal self-
             assessment with good results when she learned of the chapter’s new program. In
             November 2003, the chapter asked The IIA to provide quality assurance training so that
             several local members would be qualified to perform independent validations. “I
             attended that training course, as did two others on my team,” Lafontaine recalls. “And
             as I was going through the course, it became clear to me that independent validation
             was going to be much less costly process for us than a full QA.”


                 SELF ASSESSMENT

                 TEAM OF ONE At Point Lisas, Senior Auditor Vanessa McPherson was selected as the
             sole auditor responsible for conducting the self-assessment. “As a certified internal
             auditor and the newest internal audit staff member in the company at that time, we felt
             she was the most qualified and most objective,” Gonzales notes.
                 McPherson used the IIA’s Quality Assessment Manual, Fourth Edition, to develop a
             work program. In addition to her regular audit workload, she interviewed key executives,
             managers, and the audit committee chairperson; looked at the budget; and examined
             audit procedures for the self-assessment. “It would have been nice to have time set
             aside solely for this project, but it was impossible to do hat,” she says.

                 “Overall, between myself and the manager of the audit department, it took us
             approximately 400 work hours to work to complete the self-assessment,” McPherson
             recalls. In hindsight, she thinks she may have used a sample size that was too large and
             devoted too much time to the self-assessment. “We really didn’t have much guidance
             as to what the scope of the self-study should have been in terms of sample size, which
             projects should be reviewed, and how many people should be interviewed,” she says. “It
             would have been nice to have information like that based on our industry and the size of
             our organization.”

                  FOCUSED PLAN After reading the entire Quality Assessment Manual, Tom Mackie,
             senior audit consultant for Accident Fund, gave the validator a review plan that spelled
             out which tools he planned to use and why. “The validator blessed that, and we began
             the self-assessment fieldwork,” Mackie recalls. “Initially, we were going to do the self-
             assessment in conjunction with other projects, but after we received the manual and
             saw that the process would take, we decided that I would devote a block of two weeks
             strictly to working on the self-assessment.”

                  “To be efficient, you really have to focus on the one project,” Accident Fund’s Sekoni
             adds. “It’s like doing any other audit. You can’t just work on it part-time and come back
             to it.” He estimates that 90 percent of the review work was done before the validator
             even came onsite. “We spent a little over 200 work hours in the self-study process and
             generated approximately 100 documents. When all of our workpapers were complete,
             we burned our documents to a CD and sent that to the validator. We also set up
             interview five or six officers of the company. including our audit committee chairman.”

                “It did take longer than we had originally expected,” Sekoni concedes, “Still, we used
             fewer hours and resources than if we had done a full-blown QA.”

                LENGTH PROBE At Allina, Lafontaine formed an internal quality assurance team that
             comprised staff from all disciplines and the CAE. Her team didn’t schedule a two-week



                                                    Page 9 of 30
Institute of Internal Auditors Philippines
                       st
The Network - 2009 1 Quarter                                                                  Volume 4, Issue 2

             block of time for the project, but manage work on it in addition to its regular workload,
             with the team meeting every four to six weeks. “So, it seemed like the process took
             forever,” she says, “but that worked for us because when you’re surveying several
             people, you have to wait a few weeks for the survey responses anyway. Overall, the self-
             review was more tome-consuming that we expected – we put in more than 500 work
             hours – but, it was a very positive experience.”

                The scope of Allina’s self-review included the audit organization’s quality assurance
             and improvement processes, and primary objectives were to:

                        Assess the effectiveness of the internal audit activity in providing assurance
                         and consulting services to the board, senior executives, and other internal
                         parties.
                        Assess compliance with The IIA’s Standards, Code of Ethics, and the audit
                         group’s own policies and procedures.
                        Indentify opportunities, often recommendations for improvement, and
                         provide counsel to the CAE and staff for improving their performance and
                         services.

             The team also relied to the Quality Assessment Manual, combining its interviews and
             surveys into comprehensive survey documents, “We did all the surveys anonymously, so
             we got a fairly good response,” Lafontaine recounts. “ I had coded them so that I knew
             from which business units they came.”

             Her team also deviated somewhat from the manual in using each of her 20 audit staff
             members to review an audit project that had been completed by somebody else. “By
             doing, that we reviewed far more projects than necessary under the requirements,” she
             says. “But, I used that approach to facilitate cross-training in the department and get
             staff members to look at a project they had not worked on to see if they could learn
             anything about the way they do their own work. That was time-consuming for us, but
             worthwhile to meet these other goals.”

             INDEPENDENT VALIDATION

             Accident Fund’s experience with the validator was a pleasant one. “The expectations of
             both parties were clearly established up front,” Sekoni says. “And the fact that the
             validator was retired was extremely helpful, because he was able to make himself readily
             available to us.”

             Although it’s customary to bring one validator onsite for a few days to test the internal
             review team’s findings, Lafontaine’s situation was uniqie in that the Twin Cities Chapter
             provided her with a three-person team of IIA-certified independent validators who
             invested a total of 44 work hours in validation efforts extending over a period of a few
             weeks. The final validation report was issued in January 2004 and, along with the initial
             internal quality assurance report, was presented to Allina’s Audit and Compliance
             Committee.

             Lafontaine says that the validators expressed great interest in learning in new procedures
             and processes to take back to their own internal audit shops. However, the validation
             process was difficult at times due to the validators’ inexperience with the health care
             industry. “Half of my department works in the health care regulatory arena,” she explains.
             “I have coders and nurses and people who pull medical records to make sure the



                                                   Page 10 of 30
Institute of Internal Auditors Philippines
                       st
The Network - 2009 1 Quarter                                                                     Volume 4, Issue 2

             documentation supports the claim or a bill to the government. So, a big chunk of the
             work we do is foreign to people who are not in the health care industry.”


             RESULTS

             Despite the validators’ lack of experience in their specific industry and self-study work
             hours that, in some cases, fair exceeded expectations, all three internal audit groups are
             pleased with their review results and believe that their decision to use self-assessment
             with independent validation was the right one for them.

             “We now have solid proof that we conform with The IIA’s Standards,” Gonzales says. “We
             also learned where we need to make improvements.”

             “One side benefit of this process is that it helped us consolidate all of our audit
             department materials into one central directory,” Mackie notes. “ It also gave us a good
             total to use for training new auditors. We’re going to use much of the documentation we
             generated to populate an intranet site where employees can learn more about what
             the internal audit department does and why.”

             Lafontaine learned that many auditors are still fearful of being audited, and auditors are
             sometimes toughest on themselves. “ I would say that my team welcomed this as a
             quality improvement step, but I found that they were nit-picking on little things that they
             wouldn’t necessarily point out in regular audits for another audit client,” she says.

             WORDS OF WISDOM

             As self-assessment with independent validation becomes more popular and the global
             infrastructure of trained validators grows, more internal audit organizations will be looking
             at this method as a way to evaluate their work and meet Standard 1312. Pioneers of this
             process offer the following recommendations for anyone considering self-assessment
             with independent validation.

                    Involve the audit committee in this process, and allow committee members to
                     help determine who gets hired as the validator.
                    Internally market the idea of doing a quality assessment, and let staff know what
                     the process means to the internal audit group and the organization as a whole.
                    Obtain The IIA’s Professional Practices Framework and the Quality Assessment
                     Manual and review them thoroughly before you begin.
                    Consider including additional goal or concerns in the standard engagement
                     contract.
                    If possible, select a validator with experience in your industry and one who can
                     provide benchmark data and best practice information.
                    Work with the validator upfront to determine the objectives and scope of the
                     project.
                    Determine if you’re going to schedule a specific block of time for the project or
                     do the self-review alongside your normal workload.
                    Be prepared to do a thorough self-assessment, and budget enough for the self-
                     study.
                    Consider the internal resources required for the self-assessment when determining
                     whether this method is actually more cost-effective than a full QA.
                    Select an appropriately sized sample to review.



                                                    Page 11 of 30
Institute of Internal Auditors Philippines
                       st
The Network - 2009 1 Quarter                                                                   Volume 4, Issue 2

                    Be open to having your work scrutinized.
                    If you’re a start-up or large audit shop, consider opting for a full external QA by
                     an independent team.

             Most of all, those who have been thorough the process says it’s important to enter this
             engagement openly and with the intent to learn how to improve your internal audit
             activity. Don’t just do it to satisfy requirements or check a box.




                                                    Page 12 of 30
Institute of Internal Auditors Philippines
                       st
The Network - 2009 1 Quarter                                                                     Volume 4, Issue 2


                                                                        IIAP Quality Assessment
                                                                             IIAP Quality Assessment
                                                                                       2008 Survey Result Result
                                                                                              2008 Survey
             Below is a tabulation only from the collected respondents to IIAP’s initial efforts to survey
             the status of QA compliance among local business. The survey had been distributed
             during the Asian CAE Forum in May 2008, the QA Public Run Seminar conducted last
             September 2008 and the Annual Convention in Subic last Oct 2008. The Institute aims to
             improve this report in the future; hopefully with the support from the CAEs and
             Management of local business in order to successfully benchmark Philippine business with
             international standards such as the IIA Inc. on Quality.

             1. Industry category of the respondents:
                                       Classification                          Count          % to Total

                  Agriculture                                                     1             1.7%

                  Construction                                                    4             6.9%

                  Manufacturing                                                   7             12.1%

                  Transportation, Communication & Utility Services               12             20.7%

                  Wholesale & Retail Trade                                        2             3.4%

                  Financial, Insurance & Real Estate                             18             31.0%

                  Services                                                       13             22.4%

                  Others                                                          1             1.7%

                             Total Valid/Collected Response                      58             100%



             2. PSE listing of the respondents:
                                       Classification                          Count          % to Total

                  PSE-listed companies                                           22             37.9%

                  Not PSE-listed                                                 36             62.1%

                             Total Valid/Collected Response                      58             100%



             3. Do you have a Quality Assessment & Improvement Program (QAIP) in your
             organization:
                                         Response                              Count          % to Total

                  Yes, with QAIP                                                 24             41.4%

                  No QAIP                                                         7             12.1%



                                                        Page 13 of 30
Institute of Internal Auditors Philippines
                       st
The Network - 2009 1 Quarter                                                                  Volume 4, Issue 2


                  On-going development                                         1             1.7%

                  No Reply                                                    26            44.8%

                             Total Valid/Collected Response                   58             100%



             4. Have you had an external quality assessment performed in your internal audit activity?
                                         Response                           Count          % to Total

                  Yes                                                         12            20.7%

                  No                                                          21            36.2%

                  No Reply                                                    25            43.1%

                             Total Valid/Collected Response                   58             100%



             4. How was your external quality assessment performed?
                                         Response                           Count          % to Total

                  As full external quality assessment                         10            83.3%

                  As a peer review                                             2            16.7%
                  As a self assessment with independent validation             0              0%
                  (SAIV)
                             Total Valid/Collected Response                   12             100%



             5. What is the primary reason that an external quality assessment has not been
             conducted?
                                         Response                           Count          % to Total

                  Do not have the necessary budget                             4            19.0%

                  Do not have the required time                                2             9.5%
                  Audit committee/senior management do not see the             5            23.8%
                  value
                  Still within the 5-year cycle                                3            14.3%

                  Others*                                                      5            23.8%

                  No Reply                                                     2             9.5%

                             Total Valid/Collected Response                   21             100%


                 * Respondents specified as “Other Reasons” – organization’s global QAIP, on-going
                   preparations and/or transition to risk-based audit.



                                                        Page 14 of 30
Institute of Internal Auditors Philippines
                       st
The Network - 2009 1 Quarter                                                                    Volume 4, Issue 2



                 Mandatory QAR Standards : Is Your Organization Ready?

                 The IIA’s International Standards for the Professional Practice of Internal Auditing
                 (ISPPIA) or called the Standards states in the 1300 series that internal auditing
                 functions should be subjected to both internal and external quality assessments.
                 These quality assessments are designed to provide reasonable assurance to the
                 internal audit activity’s various stakeholders that it :

                        Performs in accordance with its charter, which should be consistent with the
                         Standards and Code of Ethics,
                        Operates in an effective and efficient manner, and
                        Is perceived by those stakeholders as adding value and improving the
                         organization’s operations,

             The adaptation of quality assessment reviews especially through the engagement of an
             independent external reviewer is a concrete manifestation of the internal audit activity’s
             commitment to effectively and efficiently fulfill its evolving role as business partner or
             consultant by providing the Board, management and other stakeholders with
             independent & objective assurance on governance, risk management and controls, and
             to consistently add value to the organization on a continuing basis.

             Focus on compliance to the Standards’ requirement on QA & IP was especially
             heightened when effective January 1, 2002, internal audit activities were required to
             undertake ongoing and periodic internal assessments. In addition, at least one external
             assessment is required every five years commencing on said date.


             WHAT ARE REVIEWS CONSIDERED MANDATORY?

             All IIA members are certified internal auditors (CIAs) agree to abide by the Code of
             Ethics, and the Code of Ethics requires internal auditors perform internal auditing services
             in accordance with the Standards. Therefore, the Standards should be considered
             mandatory by the more than 73,000 internal auditors who are CIAs or members of The
             Institute. Even for internal auditors who are not members of The Institute, use of the
             Standards us considered mandatory if their organizations are covered by the Code of
             Corporate Governance.

             GETTING STARTED

             The number of engagement for quality assurance assessments is expected to rise rapidly
             over the next few years. For organizations that have not gone through the external
             quality assurance process, the following steps can help you get started:

                 1. Read the Standards and the Code of Ethics, and think about them in the light of
                    your internal audit activity or organization. Are any immediate changes needed?
                    An advance review of the Standards can already help you determine if
                    improvements are needed even before your review team arrives. Pay special
                    attention to the standards about quality assurance and improvements.
                 2. Review the Practice Advisories, especially those related to quality assurance. The
                    Practice Advisories are available to IIA members at no cast, in the Guidance




                                                    Page 15 of 30
Institute of Internal Auditors Philippines
                       st
The Network - 2009 1 Quarter                                                                     Volume 4, Issue 2

                      section of the IIA Website, at www.theiia.org. While non-members of The Institute
                      may avail of printed copies at reasonable costs.
                 3.   Discuss with internal auditors from the other organizations about their experiences
                      with quality assurance reviews. IIA meetings, seminars and other fora can be
                      great opputunites to receive first-hand information about how the review process
                      works.
                 4.   Contact organizations that might be willing to perform your quality assurance
                      review. Consider several types of reviews, including quality assurance reviews
                      provided by The Institute, reviews provided by accounting firms and other
                      certified consultants. Be sure to validate if they are certified to conduct external
                      quality assurance.
                 5.   Consider purchasing a quality assurance review manual or sending a staff
                      member to attend a seminar on quality assurance reviews. Review manuals and
                      training courses offer step-by-step instructions on all aspects of quality assurance
                      reviews, from planning the review to post-review activities. (The 6th Edition of the
                      QA Manual costs $200 for members if purchased in IIA Inc.’s bookstore in Florida.
                      Including freight and duties, it will cost over P10,000. Also available in CD-ROM at
                      $ 150, member’s rate)
                 6.   For even more in-depth training on review processes, consider volunteering to
                      serve on a quality assurance review team. Volunteers of IIA review teams and
                      review teams of other organizations can gain first-hand experience in the review
                      process. They also have unique opportunities to see how the internal auditing
                      process works other organizations, and expenses are paid by the organization
                      under review. Requirement for participation in an external quality assessment
                      conducted by IIA Philippines is attendance to a Quality Assurance Seminar
                      conducted either by IIA Inc. or IIA Philippines.
                 7.   The important thing is to get started as soon as possible. Demand for quality
                      assurance reviews is expected to rise rapidly. We anticipate not only a rise in
                      prices but shortage of certified QA practitioners.

             After going through their first external assurance review, many audit executives wished
             they had arranged for a review much earlier. But it is never too late! Getting a complete,
             objective review of your internal auditing function at this time is better than not going
             through it at all! Getting started now will ensure that you are headed on the road to
             providing world-class internal auditing services for your organization.


                                        The Time for Quality Assessment is Now!

             Some parts of this article is excerpted from the CAE Bulletin, an electronic publication by
             the Institute of Internal Auditors, Inc. published in conjunction with the CAE Services
             program for the chief audit executives.




                                                     Page 16 of 30
Institute of Internal Auditors Philippines
                       st
The Network - 2009 1 Quarter                                                                       Volume 4, Issue 2

             LEARNING LADDER FOR INTERNAL AUDITORS

             Many internal audit organizations in the Philippines have expressed to adopt a
             systematic training framework for internal auditors. This paper discusses a conceptual
             framework which is hoped to spur discussions and further study so that eventually a
             baseline training model for general application can be developed. This subject
             framework is modular in nature, that it defines the kind of training all internal auditors are
             expected to take as well as modules that will help auditors in specific stages of their
             careers.
             Contents
                 1.0 Objectives of the IIAP Learning Ladder
                 2.0 Segments of the Internal Audit Profession
                 3.0 Evolving Roles of the Internal Auditor
                 4.0 The Internal Auditor Toolkit
                 5.0 The Junior Internal Auditor Module
                 6.0 The Senior Internal Auditor Module
                 7.0 The Audit Supervisor Module
                 8.0 The Chief Audit Executive Module
                 9.0 Concluding Statements

             1.0 Objectives of the IIAP Learning Ladder
                 The IIAP Learning Ladder addresses needs on three levels: individual auditors, audit
                 organizations, and the internal audit professional practice.
                 1.1 Objectives for the Internal Auditor
                     Defining a skills baseline – By identifying the fundamental skills expected of the
                     audit practitioner, the Learning Ladder will provide the auditor a baseline to
                     begin measuring his skills. This would allow the auditor to quickly map his
                     capabilities versus expectations for his tenure or role.
                     Creating a training program - The Ladder will signal the auditor whether he should
                     take the training tagged to different tenures or roles. This will allow him to create
                     individual training map relevant to his specific learning needs.
                 1.2 Objectives for the Audit Organization
                     Facilitating group skills assessment – The Learning Ladder will assist organizations in
                     understanding what skill sets are present or missing in an organization. This will
                     assist the audit organizations in mapping their auditors versus their over-all targets
                     for group learning.
                     Benchmarking talent pool – The Learning Ladder can provide a consistent
                     framework to compare member organizations in their development of internal
                     audit talent. Organizations can compare training statistics based on the training
                     targets set out in the Learning Ladder.
                     Developing and promoting audit talent – Organizations can use the Learning
                     Ladder as one tool to assess their employees’ development and their readiness to
                     take on more responsibilities.



                                                     Page 17 of 30
Institute of Internal Auditors Philippines
                       st
The Network - 2009 1 Quarter                                                                     Volume 4, Issue 2

                 1.3 Objectives for the Internal Audit Profession in the Philippines
                     Assessing key training gaps – The IIAP can use the Learning Ladder Framework to
                     identify training areas that require significant intervention. The demand for
                     specific modules in the Learning Ladder, along with feedback from members,
                     can assist the organization in deciding where to focus its training efforts.
                     Identifying centers of excellence – The internal audit practice in the Philippines
                     can use the framework to identify member organizations who are performing
                     exceptionally well on training and development. Through benchmarking
                     activities, IIAP can leverage the experience of these organizations to help others
                     who want to meet their training objectives as well.
             2.0 Overview of the Approach
                 Creating the Learning Ladder involves completing four distinct steps: understanding
                 different segments of the internal audit profession, identifying skills relevant to each
                 segment, creating the Learning Ladder by specifying the training relevant to the skills
                 identified, and monitoring the training progress of participating members.
                 2.1 Understanding different segments of internal auditors
                     Internal auditing is a broad profession and there are different types of internal
                     auditors. As a first step in creating the Learning Ladder, this paper is identifying
                     four segments of internal auditors: the junior internal auditor, the senior internal
                     auditor, the audit supervisor, and the chief audit executive.
                 2.2 The Junior Internal Auditor (Internal Auditor)
                     The role of the Junior Internal Auditor (or simply called Internal Auditor in some
                     organizations) is the point of entry for most professionals who begin a career in
                     internal auditing. Because internal auditing is managed as a sub-group under
                     Finance and Accounting (F&A) in some organizations, the Junior Internal Auditor
                     could also be taking the role as an entry point for a broader F&A career.
                     Tenure
                      A Junior Internal Auditor would typically be a professional joining the organization
                     out of university. Normally, he would spend up to two to three years in the role
                     before being promoted to Senior Internal Auditor or rotating to other areas of the
                     F&A function. Some Internal Auditors, especially those that are transitioning from
                     another company or another functional unit, may have prior work experience,
                     but these would typically be limited.
                     Responsibilities and Key Skills
                     The role is designed for the Junior Internal Auditor to learn both the specifics of
                     the internal auditor’s toolkit and the broader skills he will need to progress in his
                     career. Thus, his job description would ideally foster the development of
                     fundamental internal auditing, finance, communications, and perhaps business
                     skills.
                     As the junior member of the team, the Internal Auditor would be immersed in
                     analysis with the end goal of becoming comfortable handling large data sets
                     and manipulating them for analysis. This would entail the use of analytical tools to
                     focus on areas where controls may have broken down. Financial analysis would
                     likewise be used to assess the potential risk that control weaknesses represent.




                                                       Page 18 of 30
Institute of Internal Auditors Philippines
                       st
The Network - 2009 1 Quarter                                                                       Volume 4, Issue 2

                     This analytical thinking implies a related skill which is being comfortable with the IT
                     tools available for his work. This means that the Junior Internal Auditor must be
                     trained in basic IT tools such as Excel and perhaps in other advanced proprietary
                     software that the organization is using. Because analysis requires data, the
                     Internal Auditor must possess a good understanding of information systems and
                     databases.
                     The Junior Internal Auditor must also be knowledgeable with the basic tools of the
                     Internal Audit profession. For example, he would need to understand sampling
                     theory and be able to apply sampling methods in his work. Application of key
                     testing tools, such as vouching, tracing, and related skills is likewise necessary.
                     While the bulk of his time would be spent carrying out audit testing under the
                     guidance of his more senior peers, the Internal Auditor also interacts with audit
                     clients. This means basic communication skills, especially in interviewing and
                     active listening are imperative.
                 2.3 The Senior Internal Auditor
                     While the role of the Junior Internal Auditor is exciting and stimulating for
                     professionals who are beginning their careers, it is not sufficient to support the
                     long-term development of internal auditors. The role of the Senior Internal Auditor
                     expands the responsibilities of the Internal Auditor and prepares him for
                     leadership within the Internal Audit , F&A organization, or his filed of expertise.
                     Tenure
                     Most Senior Internal Auditors are promoted from the role of Junior Internal Auditor.
                     The audit professional typically spends two to three years in this role, so by the
                     time he moves on to the next role, the Senior Internal Auditor would have spent
                     anywhere from four to six years as an auditor (two to three years as a Junior and
                     another two to three years as a Senior).
                     Because internal auditing is closely linked with operations, there is an alternative
                     career option for internal audit professionals for his post-Senior Internal Auditor
                     role. This is the typical route taken by professionals who shift to Internal Auditing
                     from a different functional unit within an organization. For example, logistics
                     managers could bring years of operational experience to supply chain audits or
                     accounting managers can bring their expertise to internal audits that are linked
                     to critical balance sheet and income statement accounts.
                     Appointing Senior Internal Auditors from other functional units can create initial
                     difficulties during transition. But the benefits are significant for both the
                     professional and the organization. On one side, the transitioning Senior Internal
                     Auditor expands his professional development and creates an entry point for a
                     potential shift to a permanent internal audit or F&A career. On the other side, the
                     internal audit organization acquires skills sets that it could not quickly develop
                     internally. It also brings in an expert on specific company processes – an asset
                     that is particularly valuable during the early stages of audit planning or during
                     surprise audits.
                     Responsibilities and Key Skills
                     The Senior Internal Auditor takes off from the analytical focus of the Junior Internal
                     Auditor role into a leadership role within the audit team. The Senior Internal
                     Auditor supervises the Junior Internal Auditor, leads interactions with clients, and
                     takes a big role in managing the engagement and releasing the audit report.



                                                       Page 19 of 30
Institute of Internal Auditors Philippines
                       st
The Network - 2009 1 Quarter                                                                      Volume 4, Issue 2

                     Compared with the Junior Internal Auditor, the most significant difference in the
                     role of the Senior Internal Auditor is the leadership in audit engagement. As a
                     result, he will be responsible for the key engagement task that include planning
                     the audit, assigning roles and monitoring progress, leading discussions with audit
                     clients, and releasing the audit reports. His role, therefore, calls for a good mix of
                     technical, communication, and collaboration skills.
                     The Senior Internal Auditor will be acquiring project management skills during his
                     tenure. But enhancement of such skills requires certain abilities like planning the
                     audit effectively by quickly focusing on the critical control risks; obtaining a good
                     understanding of the business unit or process under review and their
                     dependencies on other sections of the organization; and anticipating key audit
                     tasks and deploying the audit team to pursue those tasks. While the engagement
                     is ongoing, the Senior Internal Auditor must have a good picture of audit progress
                     and emerging issues and simultaneously be in charge of managing the day-to-
                     day logistics of the audit engagement.
                     While the Senior Internal Auditor manages the audit team internally, he is also at
                     the same time manages the direct audit contacts. This means providing regular
                     updates to the business unit managers and line personnel, that is working with
                     them to ensure the smooth delivery of audit information in both ways, and
                     ensuring that the audit team’s planning is aligned with the business unit’s
                     operating goals and schedules.
                     Aside from project management skills, the Senior Internal Auditor will also acquire
                     and exhibit effective communication skills. Because of constant interaction with
                     the organization under review, the Senior Internal Auditor needs to deliver audit
                     updates in a clear and collaborative manner. Several situations would require
                     explaining the intricacies of the audit process and articulating appropriate
                     responses to questions from the business unit. With regards to written
                     communication, the Senior Internal Auditor would be drafting the audit reports so
                     that his ability to write clearly and accurately must be aptly developed.
                     Finally, the Senior Internal Auditor shall serve as a role model for the more junior
                     members of the team and to coach them effectively throughout the
                     engagement. The Senior Internal Auditor ideally must create a coaching plan for
                     the members of his team and provide them with development feedback at
                     appropriate stages of the engagement. This role aspect also implies motivating
                     the audit team members and stretching their capabilities in an effective manner.
                     The expectations from the Senior Internal Auditor are similar regardless of whether
                     he rose internally within the audit group or moved from another unit within the
                     organization. However, Senior Internal Auditors who move from a different
                     functional unit would typically spend their first few months in the role building the
                     skill sets expected of the Junior Internal Auditor. Given their previous work
                     experience, they normally progress through this phase quickly and soon take on
                     the full responsibilities of the Senior Internal Auditor.
                 2.4 The Audit Supervisor
                     Both the Junior Internal Auditor and the Senior Internal Auditor are expected to
                     demonstrate skills that are directly related to the execution of the audit –
                     planning, testing, and releasing the audit reports. In contrast, the Audit Supervisor
                     typically does not carry out any of these tasks. Instead, his role focuses on
                     maintaining a smooth relationship with the leadership of the business unit being
                     reviewed and enabling the audit team to perform at the best level possible.



                                                     Page 20 of 30
Institute of Internal Auditors Philippines
                       st
The Network - 2009 1 Quarter                                                                     Volume 4, Issue 2

                     Tenure
                     Audit Supervisors would typically be professionals with extensive experience in
                     internal auditing (above five or six years) or senior managerial experience in other
                     sections of the F&A department or in operational units in some cases. In most
                     organizations, the role is a middle management position and could be a step on
                     the way to being Chief Audit Executive or to a leadership role within a high-profile
                     or critical organizational unit.
                     Responsibilities and Key Skills
                     To be effective, the Audit Supervisor would need to quickly build strong
                     relationships with the business unit or processes he would most likely be working
                     with in his engagement. This implies the ability to network effectively across the
                     organization and develop rapport with key organizational leaders.
                     Aside from this need to establish broad relationships, the Audit Supervisor will play
                     a key role in ensuring that the audit engagement is carried out smoothly and
                     effectively. Internally, the audit team depends on the Audit Supervisor to resolve
                     issues that can potentially hamper the timely delivery of the audit. His role may
                     include convincing the business unit to share information on time, ensuring key
                     audit contacts allot time for the audit, and monitoring that the audit team’s work
                     load remains manageable and sustainable.
                     In the discharge of the Audit Supervisor’s responsibilities, he would harness
                     management skills at a level that allows him to potentially supervise multiple
                     audits. The need to release bottlenecks during the audit process also requires
                     good negotiation skills.
                     Beyond managing the internal audit team, the Audit Supervisor leads the
                     stakeholder relationship management during the audit engagement. First, this
                     role implies the ability to create a reasonable stakeholder map and understand
                     the motivations and incentives of the business unit personnel and leaders who are
                     involved in the audit; second, the ability to manage conflict, which is not unusual
                     given the differences in agenda that may arise between the audit team and the
                     business unit; finally, strong communication skills at a level that allows him to
                     convince the business unit of the need to implement the audit team’s
                     recommendations.
                 2.5 The Chief Audit Executive
                     All three roles described so far are grounded on the audit engagement – that is,
                     the Junior Internal Auditor, the Senior Internal Auditor, and the Audit Supervisor
                     spend the bulk of their time in activities that are related to specific audit
                     engagements. In contrast, the Chief Audit Executive typically does not get
                     involved in specific engagements. Instead, the Chief Audit Executive is expected
                     to provide over-all leadership and direction to the internal audit group and
                     provide guidance to senior executives on controls and risks.
                     Tenure
                     Because of the broad scope of the role, the Chief Audit Executive is expected to
                     have significant experience in internal audit, in the broader finance function, or in
                     other areas of business operations. In most cases, Chief Audit Executives would
                     have over 8 to 10 years of work experience, including leadership roles in other
                     areas of finance or the broader business operations.
                     Responsibilities and Key Skills



                                                       Page 21 of 30
Institute of Internal Auditors Philippines
                       st
The Network - 2009 1 Quarter                                                                     Volume 4, Issue 2

                     Most of the skills requirement for the Chief Audit Executive are similar to have are
                     those of other organizational or business unit leaders. The Chief Audit Executive
                     leads the development of an organizational vision to inspire working teams in the
                     audit organization. The Chief Audit Executive also leads the creation of an audit
                     strategy and in some cases a strategy for managing the organization’s most
                     important risks.
                     Once an audit strategy is in place, the Chief Audit Executive needs to identify
                     and deploy resources. From within the Internal Audit function, this implies the
                     ability to develop auditors into effective professionals who are capable of
                     delivering the objectives aligned with the audit strategy. Skills like coaching and
                     feedback-giving, role modeling, training are involved in these roles.
                     Moreover, identifying resource requirements to deliver a strategy also means the
                     Chief Audit Executive would have to build partnerships outside of Internal Audit.
                     As a result, he must be equipped with persuasive communication skills, effective
                     ability to negotiate, and broad networking capabilities.
                 2.6 Implications for the Training Ladder
                     The description of the four segments of internal auditor is not comprehensive.
                     There may be a lot of differences in the way these roles are identified and
                     described across audit organizations. But thinking about the profession along
                     these lines is useful for the IIAP and audit organizations in the design of training
                     plans adaptable to varying needs of the Internal Auditor across his professional
                     career.
                     These modules are described in subsequent sections.
             3.0 Evolving Roles of the Internal Auditor
                 The previous section segmented the Internal Audit profession into different types of
                 Internal Auditor based on tenure and responsibilities. An alternative way to
                 understand the Internal Audit professional is to map the different roles in a career
                 path and determine the specific skills requirement to be effective in that role. There
                 are three broad roles for the internal auditor: audit execution, audit management,
                 and audit leadership. These broad roles will be matched with the segmentation
                 structure of the internal audit profession to identify the modular training that Internal
                 Audit professionals are encouraged to follow.
                 3.1 Audit Execution
                     The fundamental role of the Internal Audit organization is to carry out audits. In
                     the course of his professional career, the Internal Auditor may perform risk
                     management, advise business units on developing information systems, train
                     other auditors, or perform several other tasks. But it is in executing audits that an
                     auditor makes his mark – from planning the engagement to releasing the report
                     and everything in between.
                     Audit execution involves the following activities:
                     a. Releasing the pre-audit communication: Auditors release pre-audit
                        communication (also called an audit memo or an audit notice) to inform
                        business units that will be audited within a specific period. In this pre-audit
                        communication, the audit team explains the objectives, scope, and other
                        details of the audit to the business unit. It formally opens the interaction
                        between the audit team and the business unit to client.




                                                     Page 22 of 30
Institute of Internal Auditors Philippines
                       st
The Network - 2009 1 Quarter                                                                     Volume 4, Issue 2

                     b. Creating an audit plan: It cannot be overemphasized that the success of the
                        engagement depends to a large extent on the effectiveness of the audit
                        plan. In the audit plan, the auditors (mostly the Senior Internal Auditor or audit
                        leader) lay out detailed steps needed to complete the audit. An effective
                        audit plan identifies the key deliverables and provides a good benchmark to
                        subsequently measure progress during execution.
                     c. Conducting pre-audit analysis: In order to become more effective onsite, the
                        audit team carries out pre-audit analysis on critical aspects of the process or
                        business unit under review. At this stage, the objective is primarily to improve
                        the audit team’s understanding of the process and provide early indications
                        of where the most significant control risks reside.
                     d. Gathering information: Before arriving onsite and during the first few days of
                        field work, the audit team will focus on gathering information on the business
                        unit or the process under review. The team looks for information from a variety
                        of sources: databases, personnel interviews, process walk-through, and
                        simulation or modeling.
                     e. Executing audit tests and conducting core analyses: During performance of
                        the audit, the audit team will use the collected information to test the
                        soundness of controls and conduct other relevant analyses. This step is the
                        core of the audit execution that allows auditors to make conclusions on the
                        state of internal controls.
                     f.   Articulating audit issues and recommendations: As a result of audit testing
                          and analyses, the audit team will identify weaknesses in controls and advise
                          the business unit on how best to address the gaps. This is where the internal
                          audit team can provide value to the business unit and build foundations for a
                          lasting relationship with line personnel.
                     g. Releasing the audit report: The audit team consolidates the key audit findings
                        in a coherent report that is distributed to the personnel in charge of executing
                        the audit recommendations, as well as to the relevant senior managers. The
                        audit report will also contain the overall assessment of the state of controls as
                        well as the audit rating, where applicable. In most cases, this formally signals
                        the close of the engagement.
                 3.2 Audit Management
                     While audit execution would be the auditor’s focus in the early years of his career,
                     his responsibilities later shifts from executing distinct sections of the engagement
                     to actually managing the audit engagement. This transition typically happens
                     between Senior Internal Auditor and Audit Supervisor roles. During this time, the
                     audit professional ordinarily realizes not only expectations pertaining to managing
                     his own deliverables but of other people as well.
                     a. Reviewing audit documents: The most classic activity associated with
                        management is reviewing the tangible outputs of the audit engagement like
                        the audit plan, the issues and recommendations, and the communications
                        before, during, and after the audit onsite. In contrast to the core audit team
                        who actually creates the tangible audit output, a professional managing the
                        audit is expected to add value by improving on the work of others and
                        ensuring conformance to output standards.
                     b. Coaching the audit team and providing feedback: Among the most
                        important yet regularly overlooked aspect of audit management is coaching



                                                    Page 23 of 30
Institute of Internal Auditors Philippines
                       st
The Network - 2009 1 Quarter                                                                      Volume 4, Issue 2

                          the audit team so that it performs at a level satisfying both to the team and
                          audit stakeholders. For the professional managing the audit, this implies
                          understanding the learning objectives and development gaps of each
                          auditor at the commencement of the audit. It also requires effective
                          feedback during the audit and even after its closing.
                     c. Managing resources and resolving issues: The professional who manages the
                        audit is expected to release any bottlenecks that may prevent the audit
                        team from delivering the audit on time. By personally resolving issues, the
                        audit team’s time is freed up to focus on audit execution.
                     d. Managing stakeholders: As the most senior ranked audit personnel onsite, the
                        Audit Supervisor leads in developing close collaboration with the business unit
                        officers, especially its middle managers and unit leaders. The Audit Supervisor
                        also manages the flow of communication through multiple channels – from
                        the audit team to the Chief Audit Executive, from the business unit to the
                        senior management, from the audit team to the business unit, from the Chief
                        Audit Executive to the senior management, as among the examples.
                     e. Proposing an over-all assessment and audit score: While the audit team
                        gathers the information to support the audit findings, the Audit Supervisor
                        usually leads the audit team in proposing an over-all assessment and audit
                        score for at least two reasons. First, as the senior professional on the ground,
                        he brings the benefit of his experience to help the group arrive at a
                        reasonable consensus on the over-all assessment. Second, he will
                        subsequently lead the communication of the audit score to the business unit
                        and its senior managers thus fully understanding the nuances of the
                        assessment is a basic requisite.
                     f.   Conducting follow-up on audit recommendations: The release of the audit
                          report signals the close of the engagement and the members of the audit
                          team usually move on to other audits. But in order to improve controls, the
                          internal audit organization needs to monitor the implementation of the audit
                          recommendations. This monitoring activity is usually the responsibility of the
                          professional who manages the audit engagement although this may be
                          delegated to a central monitoring team.
                 3.3 Audit Leadership
                     While the activities involved in audit execution and audit management relate to
                     specific audits, leading the internal audit organization involves activities that span
                     across audit engagements and affect all auditors within the audit group. The
                     effectiveness of the internal audit group’s leadership also has a significant impact
                     on the reputation of the internal audit function and its ability to influence the
                     organization.
                     a. Developing an internal audit strategy: Like other functional or business units,
                        the internal audit function performs best when it is executed against a clearly
                        defined and well-understood internal audit group strategy. In order for the
                        strategy to be acceptable to business units, it must be aligned with the overall
                        strategy of the organization. The leadership of the internal audit function (the
                        Chief Audit Executive and the audit managers or supervisors) must be
                        positioned to be at the forefront of developing and refining a coherent
                        strategy for the organization.




                                                     Page 24 of 30
Institute of Internal Auditors Philippines
                       st
The Network - 2009 1 Quarter                                                                      Volume 4, Issue 2

                     b. Executing an effective recruitment and development plan: Internal audit is a
                        service function and the success of the internal audit group depends heavily
                        on the quality of the professional staff. The leader of the audit function is
                        responsible for creating a plan to recruit audit professionals and ensuring a
                        development pace that addresses their career growth and maturity and
                        advancing the internal audit function’s competency. In most cases, this role
                        aspect may even involve ensuring that auditors move into rewarding roles
                        when leaving the audit function.
                     c. Building the reputation of the internal audit function: One of the most
                        important, yet often intangible, aspects of leadership in an internal audit
                        group is building the reputation of the internal audit function. This often
                        requires the Chief Audit Executive to network effectively across the
                        organization, build the audit group’s profile by being involved in relevant
                        decision making, and prove the function’s value by effectively advising senior
                        management on issues about risk and control.
                     d. Developing a network of external partners: In order to ensure that the internal
                        audit function learns from the experience and knowledge of professionals
                        outside of the organization, the Chief Audit Executive is expected to develop
                        professional contacts outside the organization. This aspect of the role may
                        involve being active in the professional association, participating in external
                        benchmarking projects, or simply networking regularly with peers in the
                        profession.
             4.0 The Internal Audit Toolkit
                 Given the segments of Internal Audit professionals identified and the developmental
                 roles that the Internal Auditor will take, a toolkit of skills that allows each segment of
                 the profession to execute a role and develop into the next level could be an
                 important and valuable reference. The toolkit describes the skill sets and capabilities.
                 In the sections that follow, these skills are mapped to specific training modules that
                 an internal audit professional can take to develop his capabilities.


                        Segment          Audit Execution         Audit Management            Audit Leadership
                     Junior            Controls theory
                     Internal          Core business
                     Auditor            processes
                                       Interviewing
                                        techniques
                                        (fundamental)
                                       Information
                                        sourcing
                                       Data
                                        manipulation
                                       Audit sampling
                                       Audit testing
                                       Financial
                                        statement
                                        analyses
                                       Analytical
                                        modeling
                                       Issue and



                                                     Page 25 of 30
Institute of Internal Auditors Philippines
                       st
The Network - 2009 1 Quarter                                                                  Volume 4, Issue 2

                                          recommendation
                                          sheets
                                         Verbal
                                          communication
                                          (fundamental)
                                         IT applications
                                          (fundamental)
                     Senior              Written audit        Engagement
                     Internal             communications        management
                     Auditor              (pre-audit, audit    Coaching
                                          reports)              (fundamental)
                                         Audit test design    Collaboration models
                                         Audit planning       Negotiating
                                         Verbal                (fundamental)
                                          communication        Motivational
                                          (advanced)            techniques
                                         IT applications       (fundamental)
                                          (advanced)           Team dynamics
                     Audit                                     Communications           Staffing and
                     Supervisor                                 review                    development
                                                               Coaching (advanced)       planning
                                                               Negotiations             Networking
                                                                (advanced)               Consulting
                                                               Conflict management       techniques
                                                               Motivational
                                                                techniques
                                                                (advanced)
                                                               Stakeholder mapping
                                                                and analyses
                                                               Scoring and
                                                                assessment framework
                                                               Monitoring framework
                     Chief Audit                                                         Staffing and
                     Executive                                                            development
                                                                                          planning
                                                                                         Networking
                                                                                         Strategy
                                                                                          development
                                                                                         Public and
                                                                                          external
                                                                                          communication


             5.0 The Junior Internal Auditor Module


                           Courses                                     Topics Covered
               Introduction to Controls            Core concepts in controls, risk, auditing
                                                   Development of internal auditing as a profession
               The Prototype Business              Common business processes (purchasing, logistics,
                                                    production, sales and marketing, accounting)
                                                   Typical audit risks in each process


                                                      Page 26 of 30
Institute of Internal Auditors Philippines
                       st
The Network - 2009 1 Quarter                                                                      Volume 4, Issue 2

               Verbal Communications 1             Fundamentals of effective verbal communications
                                                   Presentation techniques
                                                   Interviewing techniques
                                                   Active listening techniques
               Data Sourcing and Analyses          Fundamental data sources in internal auditing
                                                   Introduction to databases
                                                   Manipulating large data sets
                                                   Fundamental analytical techniques
               Audit Sampling                      Probability theory
                                                   Sampling theory
                                                   Sampling models
                                                   Interpreting results

               Audit Testing 1                     Core concepts in audit testing
                                                   Key audit testing techniques
               Written Communications 1            Fundamentals of effective written communications
                                                   Issues sheets
                                                   Recommendation sheets
                                                   Work papers
               IT Auditing 1                       Core concepts in IT systems
                                                   Fundamental techniques in IT auditing
               Financial Statement Analysis        Core concepts in financial reporting
                                                   Fundamental financial statement analysis techniques


             6.0 The Senior Internal Auditor Module


                           Courses                                       Topics Covered
               Written Communications 2            Audit reports
                                                   Other audit documents
               Verbal Communications 2             Creating effective presentations
                                                   Leading workshops and discussions
                                                   Communicating under stress
               Audit Testing 2                     Audit testing framework (linking audit tests to controls,
                                                    objectives, and risks)
                                                   Designing effective audit tests / audit programs
               Audit Planning                      Audit planning framework
                                                   Risk assessment (engagement specific)
                                                   Audit plan models
               IT Auditing 2                       Advanced techniques in IT auditing
                                                   Controls consulting in IT development
               Project Management                  Defining deliverables, timelines, and responsibilities
                                                   Project management templates
                                                   Using electronic project management tools
                                                   Project monitoring techniques
               Working in Teams                    Collaboration techniques
                                                   Motivational techniques
                                                   Analyzing team dynamics
                                                   Intra-group communication
               Effective Negotiations              Objectives of negotiations
                                                   Negotiation techniques


                                                      Page 27 of 30
Institute of Internal Auditors Philippines
                       st
The Network - 2009 1 Quarter                                                                    Volume 4, Issue 2

               Coaching Fundamentals              Understanding short-term development needs
                                                  Creating an engagement-specific development plan
                                                  Feedback giving


             7.0 The Audit Supervisor Module


                           Courses                                      Topics Covered
               Written Communications 3             Reviewing communications
                                                    Editing and proofreading
               Advanced Negotiations and            Core concepts in intra-personal dynamics
               Conflict Management                  Negotiations under stress
                                                    Anticipating and managing conflicts
               Coaching, Motivation, and            Understanding long-term development needs
               Personnel Development                Creating an employee development plan
                                                    Developing a strong monitoring program
                                                    Motivational techniques
               Stakeholder Analysis                 Formal and information organizations
                                                    Identifying key stakeholders
                                                    Understanding stakeholder objectives and motivations
               Networking for Success               Objectives of networking
                                                    Benefits of networking
                                                    Networking techniques
               The Auditor as Consultant            Consulting roles for auditors
                                                    Managing consulting engagements
               Score!                               Scoring frameworks
                                                    Scoring models
                                                    Scoring communications


             8.0 The Chief Audit Executive Module


                           Courses                                      Topics Covered
               Strategy for the Internal Audit      Core concepts in strategy
               Function                             Developing an internal audit strategy
                                                    Getting organizational alignment on the audit strategy
               Verbal Communications 3              Public speaking techniques
                                                    Creating compelling presentations
               The CAE Forum or Recurring           Emerging issues
               Roundtable Discussions               Collaboration opportunities
                                                    Developments in the profession


             9.0 Concluding Statements
                 As a final note, this Learning Ladder for Internal Auditors document is admittedly may
                 be subject to further enhancements. The internal audit profession is increasingly
                 progressing and its dynamic nature continues to be fluid in facing off the ever
                 changing conditions in the global and local landscape of business and other
                 organizational backdrops. Needless to say, the developmental and training needs of
                 internal audit professional must rise along with these movements or cope up with



                                                     Page 28 of 30
Institute of Internal Auditors Philippines
                       st
The Network - 2009 1 Quarter                                                                   Volume 4, Issue 2

                 emerging challenges. At the very least, this Learning Ladder hopes to instill awareness
                 on these realities and provide a helpful reference for internal auditors to start or
                 persist with their professional growth based on a structured and evolutionary-based
                 framework.



             This article is authored by Duke Bajenting,, 2008 Chairperson of the IIAP’s Professional
             Development Committee, and currently pursuing a Master’s degree in Finance at the
             London Business School; and edited by Larry Francisco, Internal Audit Manager at
             Manila Electric Company and 2009 IIAP Vice President in-charge of Professional
             Development..




                                                    Page 29 of 30
Institute of Internal Auditors Philippines
                       st
The Network - 2009 1 Quarter                                                                         Volume 4, Issue 2




                                               Summer Respite 2009
                                             by: Mark Anthony Wycoco


             Everybody is excited and upbeat about summer…what to do? Where to go? What to
             wear? To young people, you are not “in” when you don’t have traces from beaching &
             swimming. Everybody has to go somewhere and have fun during the summer.

             In reality, it is in the finding joy in simple pleasures that make is feel great and feel good
             about ourselves. Changing the pace of our hectic schedule and slowing down will
             nourish the spirit.

             To enjoy the sun and the warm days of summer, the IIAP Secretariat went on a 2 day
             respite last April 5-6, 2009 at Punta Riviera, Bolinao, Pangasinan.

             The group enjoyed the beach , the pool and the relaxing ambiance of the resort
             because of its lovely garden and the side trip to Light House , Patar Beach and to
             Enchanted Cave which offered another refreshing dip to its cool water.

             Looking forward to another memorable bonding moment next summer with IIAP team…
             GO IIAP!




                                                      Page 30 of 30

								
To top