7. Governance, risk management and compliance (GRC)
“A system of people, processes and technology that
enables an organization to understand and prioritize
stakeholder expectations; set business objectives
that are congruent with values and risks; achieve
objectives while optimizing risk profile and protecting
value; operate within legal, contractual, internal,
social and ethical boundaries; provide relevant,
reliable and timely information to appropriate
stakeholders; and enable the measurement of the
performance and effectiveness of the system.”
Norman Marks
9. Optimizing Internal Audit
• Update the Internal Audit Charter as needed
• Ensure that the Internal Audit function is
independent from the Top Management
• Conduct quality assurance assessment for the
internal audit function
• Risk assessment should be qualitative, participative,
real-time, and strategically focused
10. Considerations when outsourcing IA
! Improve the quality of the internal audit function
! Reduce the cost of the internal audit function
Three options should be evaluated:
• Is the in-house function fit for purpose?
• Is outsourcing a value-adding solution?
• Is a better option to cosource where skills can be
improved or cost saving made?
11. Understanding the risks of outsourcing
" Does the provider have sufficient knowledge of the
functions and departments of the organization?
" Will internal Audit staff be embedded within the
organization?
" Will the internal audit provider be able to sustain an
effective internal audit over the lifetime of the
contract?
" Is there a conflict of interest?