Page 9 - Internal Auditor M.E. (English) - June 2018
P. 9
Knowledge Update
IOSCO promotes audit quality via
audit committee oversight
The International Organization of resources to the audit, including
Securities Commissions (IOSCO) noted demonstrating an understanding of
that audit regulators globally have the business and its risks, the skill and
reported 40% of audits inspected globally expertise of audit team members, the
exhibited problems in achieving the firm’s supervisory approach, the auditor’s
fundamental objective of the audit i.e. reliance on experts and other auditors,
to provide reasonable assurance that the strategy and scope of the audit, and Managing risks and
financial reports are free of material accountability enabling growth in the
misstatement. This doesn’t mean financial - audit committees should consider fees age of innovation: 2018
reports were materially misstated, but only to the extent they are consistent Risk in Review Study
it means that auditors didn’t perform with the audit plan and a quality audit
audits in compliance with standards to - audit committees to review and
adequately support clean audit opinions. challenge things like quality and timely 81%
The proposed IOSCO paper recommends reporting, appropriateness of accounting
following that securities regulators globally treatments and estimates, systems,
should promote among audit committees of Adapters agree that the risk
to better promote audit quality: and controls, auditor independence, and management function helps
communication with the auditor.
- audit committees should develop a increase the odds of success
recommendation on the selection of - audit committees should be tasked with
auditors which should be separate from consulting third-party advice, not the
management’s recommendation, with auditor’s advice, on tricky accounting 55%
selection criteria established upfront and treatments
bids assessed against those criteria https://www.complianceweek.com/blogs/accounting-
- audit committees should consider the auditing-update/iosco-promotes-audit-quality-via-audit-
extent to which auditors devote sufficient committee-oversight of Adapters agree that the risk
What role can internal auditors play in management function’s influence
on innovation strategy and
execution
GDPR compliance?
Internal auditors ranked EU General Data the GDPR requirements, IA has the 63%
Protection Regulation (GDPR) compliance as responsibility to highlight that the lack of
a top priority in the upto its effective date compliance with the GDPR will certainly be
i.e. May 25, 2018. As penalties under the rated as high risk. of Adapters agree that the risk
GDPR can amount to 4% of global annual management function can halt
turnover, internal audit (IA) functions are Creating momentum through the specific initiatives, based on its risk
including a review of this area within their internal audit assessment
annual internal audit plans. Since IA has
a comprehensive view of the organization, The audit plan enables the identified
it plays a significant role in evaluating stakeholders to reflect on the use of
the organization’s GDPR compliance. By personal data within the organization. IA 57%
taking up the role of a strategic partner of will have an overview of awareness of staff
the data protection officer (DPO), internal for data privacy risks and will recommend
auditors can help to guide the company appropriate improvements.
strategy, raise awareness, assess the of Adapters agree that the risk
potential risks, identify gaps, and test the Demonstrating compliance management function provides
remediated procedures. IA enable the DPO to comply with the input when an innovative activity
is considered, before the planning
IA and the DPO are the perfect allies accountability principle i.e. principle stage
IA can play a key role in supporting the ensures that organizations are able
DPO to facilitate GDPR compliance. At one to demonstrate that they comply with
side, IA performs independent assessments all applicable processing principles as 58%
and reports on the effectiveness of
implemented measures through the formulated in the GDPR.
testing of controls as defined in the Reporting and stakeholder
internal audit plan and on the other side, communication are key of Adapters agree that the risk
the identification of potential weaknesses management function proposes
provides information to the DPO in order to Frequent status reporting, including risk-assessed alternatives to
orchestrate the next steps to achieve GDPR the evidence collected by IA, should specific activities
compliance. be accessible to the relevant internal
IA can enable compliance by getting stakeholders who are engaged in GDPR https://www.pwc.com/us/en/
board and senior management on board compliance. risk-assurance/risk-in-review-
In case an organization has not yet https://iapp.org/news/a/what-role-can-internal-auditors- study/assets/risk-in-review-
embarked on efforts to implement play-in-gdpr-compliance/ study-2018.pdf
JUNE 2018 INTERNAL AUDITOR - MIDDLE EAST 07
