< Home > Audit Benchmarking

Audit Benchmarking

Benchmarking the internal audit function against world class best practice

1.       Background

Whatever the pedigree of your Internal audit function, the objectives will be the same - to add the greatest value to your organisation, and provide assurance to the Board and the Audit Committee (if you have one).

What you need is a proven way of assessing your function and comparing it with the best practices in the world. You can then create an action plan to focus attention on the areas that will make the greatest difference.

Our proven approach will provide you with hundreds of best practice ideas and proven techniques, based on our extensive benchmarking database, probably the most comprehensive in the world, incorporating, as it does, information from over 2500 Internal Audit functions across the globe.

2.       Requirements

To evaluate all aspects of the function against worldwide best practice

3.       Approach

Using the Business Risk Management Ltd database of Internal Audit best practice - based on 2500 organisations across all sectors - assess every aspect of the internal audit function, highlighting, in each case, areas where best practice is currently adopted and areas of opportunity. A comprehensive report will be prepared and issued to the Audit Director. Meetings with key audit personnel (and customers if required) will be incorporated.

3.       Scope

2-3 days review + 1.5 -2 days for report and discussions

The Audit Role

The audit charter and terms of reference
The scope of the function
The approach taken to market the function
The role of the function (and how this is evolving)
The risk focus of the function (and the relative roles of other assurance providers)
Audit reputation
The role in the Corporate Governance Process

Documentation to have available

Charter, terms of reference etc
Audit manual
Brochure
Marketing documentation (if any)
Objectives
Mission statement
Customer surveys

The Internal Audit function

Structure and reporting lines
Partnering
Perceptions of Internal Audit
Audit personnel- numbers, skills, experience etc
Measuring the value added
Functional costs
Movements of people
Relationships with other assurance providers

Documentation to have available

Key performance indicators or other measures used
Comments by management, director survey results
Partnered services and reports produced
Budgets and costs
Qualifications, skills assessments, Training records
Records of starters and leavers in last 12 months

Audit Planning and execution

Audit planning - how strategic and tactical plans are developed
Audit programme development
Risk assessment
Audit assignment planning and control
The Sources of Audit work
Management requests
The use of technology - Audit automation, Computer assisted audit techniques etc
Fieldwork techniques

Documentation to have available

Audit plans - strategic and tactical
Audit programmes (3 or 4 recent examples)
Records of assignments
Planning system
2 or 3 recent assignment files

The Audit Committee Relationship

The Audit Committee relationship
Evaluating the audit committee requirements
Requests
Audit committee reporting
Issues reviewed with the Audit Committee
Chief Executive and senior management contacts

Documentation to have available

Audit committee reports (last 2-3)

Audit Coverage and direction

Fraud and the Internal Audit role
External audit relationship
Audit of subsidiaries
Geographic and Business Unit coverage
Coverage of specialist areas (Treasury, IT security etc)
Scope and frequency of assignments
Non-audit work
The future direction of the function
The challenges faced

Documentation to have available

Management reports
Outline of investigations
Ideas for change
External audit reports

Audit reports

Structure
Format
Number of pages
Distribution
The executive summary
The main report
Action plans
Timescales for finalisation
Method of issue
Use of graphics
Recommendations implemented
Repeat findings
Content and wording
Etc

Documentation to have available

5 or 6 reports as diverse topics as possible