Professional Documents
Culture Documents
Forum
Internal audit updates
18 December 2012
Georgiana Iancu (Timofte), KPMG Romania
Contents
2012 KPMG Romania S.R.L., a Romanian limited liability company and a member firm of the KPMG
network of independent member firms affiliated with KPMG International Cooperative (KPMG International),
a Swiss entity. All rights reserved.
Revision of the
International Standards
for the Professional
Practice of Internal
Auditing
Revision process
2012 KPMG Romania S.R.L., a Romanian limited liability company and a member firm of the KPMG
network of independent member firms affiliated with KPMG International Cooperative (KPMG International),
a Swiss entity. All rights reserved.
2012 KPMG Romania S.R.L., a Romanian limited liability company and a member firm of the KPMG
network of independent member firms affiliated with KPMG International Cooperative (KPMG International),
a Swiss entity. All rights reserved.
2012 KPMG Romania S.R.L., a Romanian limited liability company and a member firm of the KPMG
network of independent member firms affiliated with KPMG International Cooperative (KPMG International),
a Swiss entity. All rights reserved.
Old version
New version
Interpretation:
External assessments can be in the form of a full
external assessment, or a self-assessment with
independent external validation.
2012 KPMG Romania S.R.L., a Romanian limited liability company and a member firm of the KPMG
network of independent member firms affiliated with KPMG International Cooperative (KPMG International),
a Swiss entity. All rights reserved.
Old version
New version
2012 KPMG Romania S.R.L., a Romanian limited liability company and a member firm of the KPMG
network of independent member firms affiliated with KPMG International Cooperative (KPMG International),
a Swiss entity. All rights reserved.
Old version
New version
2010Planning
2010Planning
Interpretation:
The chief audit executive is responsible for developing a
risk-based plan. The chief audit executive takes into
account the organizations risk management framework,
including using risk appetite levels set by management for
the different activities or parts of the organization. If a
framework does not exist, the chief audit executive uses
his/her own judgment of risks after consultation with
senior management and the board.
Interpretation:
The chief audit executive is responsible for developing a riskbased plan. The chief audit executive takes into account the
organizations risk management framework, including using
risk appetite levels set by management for the different
activities or parts of the organization. If a framework does not
exist, the chief audit executive uses his/her own judgment of
risks after consideration of input from senior management
and the board.
The chief audit executive must review and adjust the plan,
as necessary, in response to changes in the
organizations business, risks, operations, programs,
systems, and controls.
2012 KPMG Romania S.R.L., a Romanian limited liability company and a member firm of the KPMG
network of independent member firms affiliated with KPMG International Cooperative (KPMG International),
a Swiss entity. All rights reserved.
2012 KPMG Romania S.R.L., a Romanian limited liability company and a member firm of the KPMG
network of independent member firms affiliated with KPMG International Cooperative (KPMG International),
a Swiss entity. All rights reserved.
10
New definitions
Engagement Opinion (as noted in Standard 2410 Criteria for communicating)
The rating, conclusion, and/or other description of results of an individual internal audit engagement, relating
to those aspects within the objectives and scope of the engagement.
Overall Opinion (as noted in Standard 2450 Overall Opinions)
The overall ratings, conclusions, or other descriptions of results provided by the chief audit executive
addressing, at a broad level, governance, risk management and control processes of the organization. An
overall opinion is based on the results of a number of individual engagements and other activities for a
specific time interval.
2012 KPMG Romania S.R.L., a Romanian limited liability company and a member firm of the KPMG
network of independent member firms affiliated with KPMG International Cooperative (KPMG International),
a Swiss entity. All rights reserved.
11
2012 KPMG Romania S.R.L., a Romanian limited liability company and a member firm of the KPMG
network of independent member firms affiliated with KPMG International Cooperative (KPMG International),
a Swiss entity. All rights reserved.
12
Overview
In 2011, The IIA conducted a Job Analysis Study (JAS) for the
CIA exam. More than 40,000 internal auditors globally were
surveyed on:
2012 KPMG Romania S.R.L., a Romanian limited liability company and a member firm of the KPMG
network of independent member firms affiliated with KPMG International Cooperative (KPMG International),
a Swiss entity. All rights reserved.
14
What is changing
A new three-part exam structure
Elimination of recognition credit previously applicable to
Part 4
Realignment of the exam content outline and question
CFSA)
2012 KPMG Romania S.R.L., a Romanian limited liability company and a member firm of the KPMG
network of independent member firms affiliated with KPMG International Cooperative (KPMG International),
a Swiss entity. All rights reserved.
15
Engagement
2012 KPMG Romania S.R.L., a Romanian limited liability company and a member firm of the KPMG
network of independent member firms affiliated with KPMG International Cooperative (KPMG International),
a Swiss entity. All rights reserved.
16
Risk Management
Organizational Structure and Business Processes
Communication
Leadership
IT/Business Continuity
Financial Management
Global Business Environment
exam
Reference resources (study materials to be used)
2012 KPMG Romania S.R.L., a Romanian limited liability company and a member firm of the KPMG
network of independent member firms affiliated with KPMG International Cooperative (KPMG International),
a Swiss entity. All rights reserved.
17
Other considerations
Review materials
According to the IIA, the preparation of review materials is
independent from the exam development process.
The final content outline has been released to the review
providers effective October 10, 2011.
Candidates should check with review providers for updated
materials.
Current candidates
For candidates that did not pass any exams and candidates
that passed part of the exams, the IIA provides a tool that helps
identify their options going forward. The Transition Planning
Tool can be accessed from IIAs website, under the
Certification tab.
Key things to consider:
Four part exam will end on December 31, 2013 (English
version);
Part 1 and 2 will be recognizable under the new structure.
2012 KPMG Romania S.R.L., a Romanian limited liability company and a member firm of the KPMG
network of independent member firms affiliated with KPMG International Cooperative (KPMG International),
a Swiss entity. All rights reserved.
18
Overview
What is CRMA
The Certification in Risk Management Assurance (CRMA) is the
newest certification program offered by the IIA. The certification
will assist you in demonstrating the ability to:
Provide assurance on core business processes in risk
management and governance;
Educate management and the audit committee on risk and
risk management concepts;
Start date
The first exams will be offered beginning July 1, 2013. The
registration for the exam will be available starting May 1, 2013.
The exam will be offered in English.
2012 KPMG Romania S.R.L., a Romanian limited liability company and a member firm of the KPMG
network of independent member firms affiliated with KPMG International Cooperative (KPMG International),
a Swiss entity. All rights reserved.
20
Requirements
Eligibility requirements
University degree (four years) or two years of University level
education plus three years of professional experience;
2012 KPMG Romania S.R.L., a Romanian limited liability company and a member firm of the KPMG
network of independent member firms affiliated with KPMG International Cooperative (KPMG International),
a Swiss entity. All rights reserved.
21
Process
Candidates will need to submit an application form that provides
detailed information regarding:
Education;
Current certifications held;
Professional experience in CRMA Domains:
Assessing/Assurance of Risk Management Activities;
Risk Management Fundamentals;
Elements of Risk Management;
Control Theory and Application;
Business Objectives and Organizational Performance.
Candidates must obtain a minimum of 155 points on the
application in order to earn the designation prior to the launch of
the CRMA exam.
22
Exam syllabus
2012 KPMG Romania S.R.L., a Romanian limited liability company and a member firm of the KPMG
network of independent member firms affiliated with KPMG International Cooperative (KPMG International),
a Swiss entity. All rights reserved.
23
Overview
In November 2010, COSO announced a project to review and update the 1992 Internal Control-Integrated
Framework. COSOs goal in updating the framework is to increase its relevance in the increasingly
complex and global business environment.
In addition to updating the Framework, COSO is developing a compendium of approaches and examples
that illustrate how the principles set forth in the Framework can be applied in designing, implementing and
conducting internal control over external financial reporting.
Project timetable
2010 Assess and survey stakeholders
2011 Design and Build
2012 Public exposure and assessment
2013 Issuance of updated guidance
2012 KPMG Romania S.R.L., a Romanian limited liability company and a member firm of the KPMG
network of independent member firms affiliated with KPMG International Cooperative (KPMG International),
a Swiss entity. All rights reserved.
25
The Internal Control Integrated Framework was published in 1992. It gained wide acceptance
following financial control failures of early 2000s.
2012 KPMG Romania S.R.L., a Romanian limited liability company and a member firm of the KPMG
network of independent member firms affiliated with KPMG International Cooperative (KPMG International),
a Swiss entity. All rights reserved.
26
Major changes
2012 KPMG Romania S.R.L., a Romanian limited liability company and a member firm of the KPMG
network of independent member firms affiliated with KPMG International Cooperative (KPMG International),
a Swiss entity. All rights reserved.
27
2012 KPMG Romania S.R.L., a Romanian limited liability company and a member firm of the KPMG
network of independent member firms affiliated with KPMG International Cooperative (KPMG International),
a Swiss entity. All rights reserved.
28
Control environment
Risk assessment
Control activities
1.
2.
3.
4.
5.
Enforces accountability
6.
7.
8.
9.
Monitoring activities
2012 KPMG Romania S.R.L., a Romanian limited liability company and a member firm of the KPMG
network of independent member firms affiliated with KPMG International Cooperative (KPMG International),
a Swiss entity. All rights reserved.
29
Control Activities
Information & Communication
Monitoring Activities
Retains the requirement of five components for an effective system of internal control
Retains important role of judgment in designing, implementing, and conducting internal control, and
in assessing effectiveness of internal control
2012 KPMG Romania S.R.L., a Romanian limited liability company and a member firm of the KPMG
network of independent member firms affiliated with KPMG International Cooperative (KPMG International),
a Swiss entity. All rights reserved.
30
Thank You!
Presentation by Georgiana Iancu (Timofte)
Senior Manager, Internal Audit Services, KPMG
Romania
atimofte@kpmg.com
Tel. 0743 139 405
2012 KPMG Romania S.R.L., a Romanian limited liability company and a member firm of the KPMG
network of independent member firms affiliated with KPMG International Cooperative (KPMG
International), a Swiss entity. All rights reserved.
The KPMG name, logo and "cutting through complexity" are registered
trademarks or trademarks of KPMG International Cooperative ("KPMG
International").