#1/2011 - Internrevisorerna - Hem

More documents

Recommendations

Info

BLENDED ENGAGEMENTS mer. The customer and internal audit function agree on the nature and scope of the engagement, which generally involves two parties: the party receiving the services (the customer) and the party providing the services (the internal audit function). Examples of consulting include providing advice to process owners on how they can streamline activities to gain efficiencies, facilitating senior management’s and process owners’ assessments of business risks, and educating management and the audit committee on newly released authoritative guidance. Despite the differences between assurance and consulting services, each may include elements of the other. For example, Standard 2410: Criteria for Communicating indicates that A PRINCIPLES BASED FRAMEWORK Definition Blended engagement: An engagement that includes both an assurance component and a consulting component. Defining Characteristics 1. The objectives of both components are formalized at the beginning of the engagement. The consulting objectives are more likely to evolve during the engagement than the assurance objectives. 2. The scope of the assurance component is determined by the internal audit function; the scope of the consulting components is agreed on with the costumer. 3. The two components focus on the same business process (or function, system etc.). 4. Assurance results are communicated to the process owner and applicable users. Consulting results are communicated only to the customer and parties approved by the customer unless the internal auditor identifies significant issues that must be communicated to senior management and the board. Guiding principles 1. POINTS OF VIEW: Each stakeholder in the blended engagement process may have a different prespective on how the services provided by the internal audit function will add value and improve he organization's operations. The "points of view" of the auditor, process owner, customer, and users must be synthesized. 2. STANDARDS: Both the assurance component and the consulting component must be performes in accordance tieh The IIA's Attribute and Performance Standards. In addition, each component must be performed in accordance with the applicable IIA Implementation Standards. 10 • INTERNREVISION 1/<strong>2011</strong> assurance engagement communications must include »applicable recommendations,» which are, in substance, a type of advice. Likewise, Standard 2440.C2: Disseminating Results requires chief audit executives to communicate to senior management and the board significant governance, risk management, and control issues identified during audit consulting engagements. Accordingly, per the Standards, assurance and consulting service deliverables are not mutually exclusive. A MIX OF SERVICES Despite the differences between assurance and consulting services, the two can be blended together in a single engagement without jeopardizing audit effectiveness or objectivity. 3. SCOPE: The process owner and the customer must clearly understand the scope of the engagement and the specific assurance and consulting services to be provided. 4. COMMUNICATION: The process owner, customer, users and internal auditor must all agree on how and in what form the result of the engagement will be communicated. – The internal auditor must ensure that assurance and consulting results are clearly delineated. – The assurance results must be communicated in accordance with the protocol established by the interna laudit function, senior management, and the board. – The internal auditor must ensure that the process owner and customer know when assurance results will be relied on by users, – The internal auditor must ensure that the customer authorizes consulting results to ht shared with other parties. 5. INDEPENDENCE AND OBJECTIVITY: The internal audit function must ensure that neither independence nor objectivity is compromised on subsequent assurance and consulting engagements in areas of the organization that have been subjected to blended engagements. 6. PROFICIENCY: The audit team performing a blended engagement must collectively possess the knowledge, skills, and other competencies needed to successfully complete both the assurance component and the consulting component of the engagement. 7. DUE PROFESSIONAL CARE: Internal auditors must exercise due professional care when performing a blended engagement. They must, for example, give due consideration to eht relative complexity and extent of work needed to achieve both the assurance and consulting objectives of the engagements and the nature and timing of assurance and consulting communications.
Absent formal professional guidance, auditors could consider using a guidance framework developed by the authors (see »A Principles-based Framework,» below) as a means of navigating the challenges associated with combining these services. Several elements of the framework merit particular attention from practitioners embarking on this effort. Defining Characteristics One key element of the principles-based framework is the »defining characteristics» of blended engagements. While on the surface the difference between assurance and consulting seems obvious, integrating the two types of services can quickly blur the lines and leave even the most seasoned internal auditor second guessing whether an engagement actually constitutes assurance, consulting, or both. The four defining characteristics of blended engagements presented in the framework clearly outline their unique features, freeing internal auditors to focus on providing value adding services. Guiding Principles Blended engagements have the most potential to add value when they are conducted in accordance with guiding principles as opposed to rigid rules. Guiding principles provide a flexible structure within which internal auditors can exercise professional judgment when making decisions about how best to accomplish engagement objectives. Although the framework’s principles conform to the Standards as they pertain to assurance and consulting services, they do not dictate specific behaviors. Instead, they allow internal auditors to customize their approach as situations warrant. Examples of blended engagements, including representative assurance and consulting components, are presented in »Illustrative Blended Engagements,» below. Practical Considerations The primary reason for conducting blended engagements is to gain efficiencies in the overall audit process without sacrificing effectiveness. However, conducting effective and efficient blended engagements does not involve simply overlaying consulting activities and assurance activities. Factors that auditors must consider include: • Consulting services that may be folded into a blended engagement often arise during the year. Sufficient time must be reserved in the annual audit plan to accommodate unforeseen consulting opportunities. • Whereas assurance service activities are relatively stan- dardized, consulting activities are not. Efficient integration of the two often requires real-time, case-by-case planning. • Like assurance activities, facilitation and training activities are conducive to up-front planning. By contrast, advisory services often evolve as new information comes to the internal auditors’ attention over the course of the engagement. Therefore, integrating facilitation and training activities with assurance activities tends to be more straightforward than integrating advisory and assurance activities. • Although the phases of an advisory consulting engagement parallel those of an assurance engagement (plan, perform, communicate, and follow up), the nature of the specific activities within each of these phases may differ significantly. Advisory consulting activities need to be integrated efficiently within each phase of the engagement. These characteristics of assurance and consulting services warrant careful consideration by internal audit functions conducting blended engagements. Due professional care must be taken to ensure that the varying needs of parties who rely on the engagement outcomes are met and that any incompatibilities in these needs, which may exist at the beginning of the engagement or arise during the course of it, are reconciled appropriately. Due professional care also must be taken to ensure that appropriate resource levels are maintained throughout each engagement and that both the assurance and consulting component can be completed timely and cost-effectively without disrupting other scheduled engagements. A WINNING COMBINATION The blending of assurance and consulting services into a single internal audit engagement shows promise of becoming a winning combination. As internal audit functions strive to simultaneously economize, add value, and comply with the- Standards, the principles-based framework provides a realistic, actionable basis for gaining efficiency by merging the profession’s two fundamental services. Paul J. Sobel, vice president, internal audit, for Mirant Corp. in Atlanta contributed to this article. COMPARISON TO IIA STANDARDS While the authors’ definition of assurance services coincides with the definition provided in the IIA Standards’ Glossary section, their definition of consulting services differs somewhat. The Glossary defines consulting services as: »Ad- INTERNREVISION 1/<strong>2011</strong> • 11
Page 1 and 2: INTERN REVISION #1/2011 Efter Inter
Page 3 and 4: INFÖR ÅRSMÖTET DAGS FÖR ÅRSMÖ
Page 5 and 6: STEGET FÖRE Bakgrundsundersökning
Page 7 and 8: RISK MANAGEMENT Artikeln publicerad
Page 9: BLENDED ENGAGEMENTS Combining assur
Page 13 and 14: ESV SVARAR PÅ FRÅGOR FRÅN INTERN
Page 15 and 16: INTERNREVISION 1/2011 • 15
Page 17 and 18: INTERNREVISIONS- DAGARNA 2011 60-å
Page 19 and 20: idrar med värde, inte bara när de
Page 21 and 22: dess inverkan på affärsprocessern
Page 23 and 24: Tours Tours Business and Management
Page 25 and 26: Amsterdam Vrije Universiteit: Execu
Page 27 and 28: London University of East London ww

#1/2011 - Internrevisorerna - Hem

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?