New regulations, emerging risks, and changing expectations are impacting internal audit teams. Audit departments are looking for new approaches to deliver strategic leadership, co-ordinated assurance, and new stakeholder expectations. In this webinar, we’ll explore the evolving role of internal audit, and how organizations are using integrated GRC solutions like RSA Archer to drive greater visibility, improve agility, and increase overall effectiveness.
Panelists include:
Kirk Hogan, Chief Operating Officer, Iceberg
Patrick Potter, GRC Strategist, RSA
4. Patrick Potter
@pnpotter1017
Kirk Hogan
@KW_Hogan
1. TODAY’S INTERNAL AUDIT CHALLENGES
• Rapidly changing risk environment
• Audit teams are slow, audit plans are static
• Audit engagements are past-looking (vs. forward looking)
• Limited budget & resources
• Compliance-driven vs. risk-driven
5. Patrick Potter
@pnpotter1017
Kirk Hogan
@KW_Hogan
WHAT POSES THE GREATEST CHALLENGE?
Source: KPMG’s Audit Committee Institute –“Is Everything Under
Control?” 2017 Global Audit Committee Pulse Survey
41%
Effectiveness of the risk
management program 34% Legal/regulatory compliance
28%
Managing cyber
security risks 28%
Maintaining the control
environment
24%
Tone at the top &
organizational culture
6. Patrick Potter
@pnpotter1017
Kirk Hogan
@KW_Hogan
HOW CAN INTERNAL AUDIT MAXIMIZE VALUE?
Source: KPMG’s Audit Committee Institute –“Is Everything Under
Control?” 2017 Global Audit Committee Pulse Survey
56%
Expand audit plan on key
areas of risk (e.g. cyber,
operational, technology)
53% Maintain flexibility in the
audit plan
49%
Expand the audit plan on
effectiveness of risk
management processes
8. Patrick Potter
@pnpotter1017
Kirk Hogan
@KW_Hogan
3. HOW CAN WE EVOLVE?
ü Integrate IA + GRC
ü Leverage the 2nd Line of Defense
ü Dynamic / Agile risk-driven audit plans
ü Continuous control monitoring
ü Data Analytics
9. Patrick Potter
@pnpotter1017
Kirk Hogan
@KW_Hogan
WHAT IS INTEGRATED GRC?
Business
Continuity
Management
Vendor Risk
Management
Enterprise
Legal
Management
IT Risk
Management
Corporate
Compliance
Audit
Management
Operational
Risk
Management
Integrated risk management…
recognizes the interconnected
nature of operational risk across
an enterprise
10. Patrick Potter
@pnpotter1017
Kirk Hogan
@KW_Hogan
1st Line of Defense 2nd Line of Defense 3rd Line of Defense
LEVERAGE THE 2ND LINE OF DEFENSE
Adapted from ECIIA/FERMA Guidance on the 8th EU company Law Directive, article 41
Management
Controls
Internal
Control
Measures
Internal Audit
Financial Control
Security
Risk Management
Quality
Inspection
Compliance
Senior Management
Governing Body / Board / Audit Committee
ExternalAudit
Regulator
11. Patrick Potter
@pnpotter1017
Kirk Hogan
@KW_Hogan
AGILITY
(PWC 2017 State of the Internal Audit Profession Study)
“To meet business expectation, Internal Audit needs to be able
to execute more agile audits. Speed and flexibility are key–
getting the work done and reported quickly; less of audits
running on for weeks.”
–Mike Taylor, Head of Global Internal Audit, Experian plc
12. Patrick Potter
@pnpotter1017
Kirk Hogan
@KW_Hogan
AGILITY
Source: CBOK Practitioner Survey, 2015
63%
of CAEs update audit
plans no more than
twice per year
15%
have ‘highly flexible’
plans
31%
don’t update risk
assessments
21%
deploy continuous risk
assessments
13. Patrick Potter
@pnpotter1017
Kirk Hogan
@KW_Hogan
BENEFITS OF AGILE IA
Source: PWC 2017 State of the Internal Audit Profession Study
73%
change course and
evaluate risk at the
speed required by the
business
63%
have increased the
frequency of audit plan
development and
modification
47%
Have increased the
use of data mining &
data analytics for
continuous
monitoring of trends
and potential impacts
of disruption
14. Patrick Potter
@pnpotter1017
Kirk Hogan
@KW_Hogan
VISIBILITY & REPORTING
Source: Deloitte’s Global Chief Audit Executive Survey, 2016
Static Word Processing Reports Static Presentations Dynamic Visualization Tools Dynamic Analytics Tools
How will you communicate – today vs. future?
Today Future
15. Patrick Potter
@pnpotter1017
Kirk Hogan
@KW_Hogan
RECAP: INTERNAL AUDIT CHALLENGES
• Rapidly changing risk environment
• Audit teams are slow, audit plans are static
• Audit engagements are past-looking (vs. forward looking)
• Limited budget & resources
• Compliance-driven vs. risk-driven
18. Patrick Potter
@pnpotter1017
Kirk Hogan
@KW_Hogan
BENEFITS OF AUDIT + GRC
Cross business lines &
organizational boundaries for
Collaboration
Define & enforce risk
ownership through
Accountability
Automate processes for
Efficiencies
Consolidate data and
enable risk Analytics
& Visibility