The article reviews the latest benchmarking study from IIA and Protiviti of 160 heads of internal audit from around Australia and draws out three key themes of interest to those charged with oversight of internal audit and risk management.

Key points

• It is now the norm for internal audit to be independent from management. If you are not in line with the IIA’s Policy Agenda, you may be an outlier.  Given that these are simple mechanical mechanisms, we recommend benchmarking your function against these areas and taking action accordingly.
• Internal audit still struggles to demonstrate compliance with professional standards.  Given that these matters are relatively straight forward, organisations should insist that their internal audit functions and outsourced providers comply with the IIA’s International Professional Practices Framework.
• Quite rightly, strategic risk has entered the top 5 priorities for heads of internal audit, however the reality is that capabilities in this area are embryonic at best. Organisations should assess whether have this capability in-house, and if not take steps to develop it, or periodically engage professional assistance to fill this gap. The first step is to understand what strategic risk is, and this article takes some initial steps towards defining this.

Please feel free to download the article and pass it on. (Download, pdf, 3 pages, 113kB)

For more information on this publication can be found here.

Todd

Related links

Strategic risk and emerging risk capability assessment

To subscribe to this series of occasional articles and case studies, please click here.

Given the major reforms in Queensland and New South Wales in the past 18 months, we will  have a focus on their changes, which are both interesting in their own right.  Queensland has moved to a principles-based approach in a range of respects, while New South Wales is implementing what I believe to be one of the most comprehensive and best thought through approaches to these matters anywhere in the world.  Both will be watched with great interest by other jurisdictions.

On the panel with me will be policy makers NSW and Queensland as well as practitioners at the audit committee and chief auditor level in both states who will be sharing their experiences and viewpoints as they implement the new policy frameworks of approach.  We’ll also be drawing comparisons from the IIA’s policy agenda which was launched by Lindsay Tanner earlier this year as well as canvassing the different jurisdictions in the room (Commonwealth, and state and local government from each state and territory in Australia, New Zealand and abroad).

Building on last year’s debate, this session will be of great interest for those charged with leading governance within government departments and organisations, or charged with policy setting — both to get a sense of where we could / should be going, as well as hearing from those who are already doing it and some of the lessons learned from these.

I’ve promised to make the session “more Jennie Brockie than Tony Jones”  so please pose a question during the session (Tuesday May 11 from 11:15am – sessions 6D & 7D) or come and say hello over the course of the ACIIA/SOPAC Conference.

Looking forward to seeing you there.

Todd

To subscribe to this series of occasional articles and case studies, please click here.

After two years working with the Institute of Internal Auditors as their national Technical and Policy Director in Australia, I’ve had a lot of inquiries on why I was moving on, and what’s next.

Risk Magazine Magazine (Australia) published an interview with me this week – Davies Leaves on a High - which covers this in the context of the IIA.

Given that articles can only contain so much, for those who are interested in the full story, our media statement gives a bit more insight into how the last two years of focused effort fits into a long term program of structural change for the the internal audit profession for the betterment of directors, boards, shareholders and the general public.  This is available for download at the link below.

Media Statement – Todd Davies departure from IIA (pdf , 336kB)

For more information, please feel free to contact me directly.

Todd Davies FCA CIA FIIA(Aust) MAICD
(02) 9043  1719

To subscribe to this series of occasional articles and case studies, please click here.

As part of their ongoing roles, Directors and CEOs need to have a deep understanding of the strategic risks and opportunties facing their organisations.  Increasingly they are looking to their internal audit team for a view on whether their company’s risk management systems are adequate, and complete which needs an understanding of strategic risk as well as traditional areas of compliance, reporting and operations.

Strategic risk management is an area which is vital to the long term prosperity and performance of any organisation, yet it is an area which is not well understood or applied.  While auditors and managers are often comfortable with operational, reporting and compliance risk, it is often strategic risk that leads to material and irreversible business disruption. Internal audit teams are now expected to have an understanding of strategic risk and evaluate their organisation’s capabilities in this area as emphasised in Principle 7 of the ASX Corporate Governance Principles & Recommendations.

As part of the Institute of Internal Auditors ongoing work to enhance the capabilities of their members they have engaged TDA to facilitate a series of half-day public courses on strategic risk.   The course covers strategic risk as a distinct segment on the COSO framework, sources of strategic risk, strategic risk capability and a range of concepts to help understand and assess strategic risk.

Developed for Chief Audit Executives, by the end of this course, participants should be able to:

• Differentiate strategic risk from other risk types in the overall risk universe
• Recognise how strategic risk manifests itself
• Assess their organisation’s ability to identify, assess and manage strategic risk
• Identify areas of strategic risk vulnerability in their organisation
• Interact confidently with those responsible for leadership in this area.

Dates for the rest of the year are:

Melbourne: Thursday, September 10 2009

Perth: Friday, September 25 2009

Sydney: Friday, November 6 2009

For more information go to the Education & Events section of www.iia.org.au or call the IIA on (02) 9267 9155.

If you are not an internal auditor and would like a briefing session for your organisation, please contact us at info[at]todddavies.com.au or contact Todd on (0) 422 000 913.

To subscribe to this series of occasional articles and case studies, please click here.

Due to popular demand TDA is now offering advice in this area.

For more information, click here.

To subscribe to this series of occasional articles and case studies, please click here.

Strategy, risk, governance and assurance

“Corporate governance, sustainability and strategy have become inseparable.  They are inextricably linked.” Mervyn E. King

A lot of firms specialise in strategy, risk, governance or assurance, but few seem to bring them all together. In everything TDA does, we bring the other disciplines to it, whether using risk management to underpin delivery of your strategy, or getting strategic alignment with these areas.

Please click on a link below to find out more.

Governance & Leadership

• Enterprise Governance – getting everyone on the same page
• Enterprise Resilience – positioning for prosperity in the face of dramatic change
• Compliance with the ASX Corporate Governance Council Principles and Recommendations

Strategy

• Relevance regained – strategic planning for NGOs
• Strategic risk and emerging risk capability

Risk & Assurance

• Fine tuning your Internal Audit function – Internal Audit transformation & quality reviews
• Getting the most out of internal audit sourcing – outsourcing, cosourcing and partnering
• Navigating the GRC maze – understanding GRC solutions and software selection
• Getting what was promised – project assurance and project risk management

To subscribe to this series of occasional articles and case studies, please click here.