Академический Документы
Профессиональный Документы
Культура Документы
Audit:
Whats on
the horizon?
kpmg.co.uk
Being nimble is a critical attribute for all internal audit teams. There is
an ongoing responsibility to survey the landscape to look for new, or
heightened, risks and ensuring scarce resources are directed to the areas
that matter most.
As we approach the end of 2011,
a powerful combination of factors means
the ability to adapt is more important than
ever. Economic uncertainty, the fragility of
the technology on which we depend, the
search for new ways of working to drive
efciency, new market and product
opportunities, regulation, human
behaviour and the pace of organisational
change, are all contributing to the
increased velocity of emerging risks that
can threaten business stability.
With this in mind we have pulled
together a summary of common risks
impacting how internal audit teams
are looking at their future plans.
Teams are also challenging established operating models to re-dene how they
provide assurance and add value to the organisations they serve. The areas being
targeted include:
Flexibility: The world is changing at
a phenomenal pace. Internal audit plans
must be regularly reviewed and
challenged to ensure they remain
relevant. If a plan looks the same as it
did 12 months ago, alarm bells should
be ringing.
Effective challenge: Internal audit must
be the control conscience of the
organisation. The team should be clear
in articulating what is needed from an
assurance perspective and make sure
their voice is heard, encouraging debate
and securing the right resource and
specialist skills.
Innovate: With demands to do more for
less innovation is key. Enhanced self
assessment processes or detailed
control surveys are two examples.
Embedding more and better use of
technology is becoming the norm,
ranging from data analytics to continuous
audit initiatives.
The ongoing global turbulence and sheer velocity of business change means some of
the issues faced may be new and uncharted, but the responsibility is no different:
internal audit must support the strategic and risk management teams to understand
the consequences of todays and tomorrows business operations, what might go
wrong and where internal audit can best support business objectives.
Paul Sawdon
Partner, UK Head of Internal Audit
2011 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member rm of the KPMG network of independent member rms afliated with
KPMG International Cooperative, a Swiss entity. All rights reserved.
Internal Audit:
Whats on the horizon?
IT change and external threats
Threats to information security are more sophisticated and emerging faster. Now, organisations and individuals are
being specically targeted for attack and motivations arise for many reasons including from organised crime and political
beliefs. This, combined with the pace of change and adoption of new technologies make all things IT an imperative.
Data leakage have you classied data according to its sensitivity and can you identify where all your data is and who has
access to it? Think about how the business is protecting itself against data leakage incidents, monitoring to detect where they
may have occurred, creating effective incident response processes and updating your approach when a new threat arises.
New technologies cloud computing, server virtualisation, near eld communication and micro-payment systems are racing
forward. Have you identied the risks and audit needs associated with a new technology, planned or recently implemented,
for example: security; maintenance; vulnerability; contamination; backup/recovery?
Understanding your specic cyber threat internal audit must consider the specic threat; does your industry, prole,
nature of operations or relationships put you at a higher risk? If the answer is yes, direct the audit plan to focus on security.
Any system change IT changes do not always need to be exotic. A new inventory system going wrong can have
signicant value implications. Make sure internal audit is providing assurance at the right time.
Skills and resources IT risks are complex and mercurial. Assurance has to be in place, delivered by teams with the right
skills. Leaving black holes in the audit plan because of potential skills gaps must be avoided.
Keeping up with
business change
2011 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with
KPMG International Cooperative, a Swiss entity. All rights reserved.
Companies continue to invest in improving their antifraud controls, yet the level of internal and external fraud
is still rising. Potential questions for internal audit include:
Has the business mapped the fraud threat landscape
against a changing controls environment?
Is the business aware or in denial of the risk?
Response to Financial
Reporting Council (FRC)
paper on risk
Non-nancial disclosures
2011 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with
KPMG International Cooperative, a Swiss entity. All rights reserved.
2011 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with
KPMG International Cooperative, a Swiss entity. All rights reserved.
Contact us
Paul Sawdon
Partner, UK Head of Internal Audit
T: +44 (0)20 7311 8169
E: paul.sawdon@kpmg.co.uk
David Defroand
Partner
T: +44 (0)20 7311 8161
E: david.defroand@kpmg.co.uk
Anthony Kennedy
Partner
T: +44 (0)20 7694 2875
E: anthony.kennedy@kpmg.co.uk
Jenny Morgan
Partner
T: +44 (0)121 232 3873
E: jenny.morgan@kpmg.co.uk
Andrew Sayers
Partner
T: +44 (0)20 7694 8981
E: andrew.sayers@kpmg.co.uk
Stephen Spellman
Partner
T: +44 (0)20 7694 3544
E: stephen.spellman@kpmg.co.uk
The information contained herein is of a general nature and is not intended to address the circumstances of any particular
individual or entity. Although we endeavour to provide accurate and timely information, there can be no guarantee that such
information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such
information without appropriate professional advice after a thorough examination of the particular situation.
2011 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member rm of the KPMG network
of independent member rms afliated with KPMG International Cooperative, a Swiss entity. All rights reserved.
The KPMG name, logo and cutting through complexity are registered trademarks or trademarks of KPMG International.
www.kpmg.co.uk