GAIN 2009 Kick-off Meeting Toelichting Questionnaire 7, 8 of 9 April 2009

GAIN 2009

Kick-off Meeting Toelichting Questionnaire

7, 8 of 9 April 2009

Dia nummer 1

Agenda

• Organisatie voor GAIN 2009; • Deelnemers GAIN 2008 • • • • • •

kennismakingsrondje; Invulinstructie questionnaire; Hoe submitten? Kosten deelname GAIN; Tijdpad GAIN 2009; Beantwoorden van vragen; Borrel (ca. 16.30 uur).

Dia nummer 2

Organisatie GAIN 2009 Doelstellingen IIA GAIN Nederland in 2009: • Opnieuw vergroting aantal deelnemers

• • • •

• Dutch Trade, Industry & Services • Dutch Financials (inclusief Insurance) • Dutch Government Ook véél aandacht voor Networking (Round Tables) Per groep minimaal 15-20 deelnemers. Professionelere communicatie via IIA Website en Audit Magazine Coördinatie uniform submitten van Questionnaire en tijdig ontvangen/beoordelen rapportage

Dia nummer 3

Leden werkgroep GAIN 2009

• Hans van Hoogenhuijze (IIA GAIN, voorzitter) • Arie Beunis (DELA, algemeen secretaris) • Louis de Bruijn (KLM, voorzitter Trade, Industry & Services) • Jantien Heimel (NUON, vice-voorzitter Trade, Industry & Services) • Thomas van Tiel (Min. van Financiën, voorzitter Government) • Scott Cheung (Credit Europe, voorzitter Dutch Financials) • Korstiaan Kegel (Allianz, vice-voorzitter Dutch Financials)

Dia nummer 4

Deelnemers 2008 Dutch Financials Friesland Bank

De Lage Landen

Rabobank Nederland

De Nederlandsche Bank

Equens

SNS Reaal

Delta Lloyd Groep

Triodos Bank

Robeco Groep

ING Group

DELA

PGGM

Credit Europe Bank

Nederlandse Waterschapsbank

Allianz Nederland

UWV

Agis Zorgverzekeringen

BinckBank

UVIT

Bank Nederlandse Gemeenten

Achmea

Staalbankiers

Ordina BPO

Demir Halk Bank Nederland

Bank Insinger de Beaufort

DAS Holding

Dia nummer 5

Deelnemers 2008 Dutch Trade&Industry

OPG Groep

TNT

NS

Akzo Nobel

KLM

Heineken

Ahold

NUON

KPN

TomTom

Vopak

DSM

Dia nummer 6

Deelnemers 2008 Dutch Government

IB-Groep

Audit Services Rotterdam

Sociale Verzekeringsbank

Dia nummer 7

Invulinstructie questionnaire 1. Eerst Profiel aanmaken


Bedrijfsinormatie ingeven  Ga naar: http://iia-survey.theiia.org/GAIN




Industriegroep en Subindustriegroep (meer dan 100) L1. First specialty group = Netherlands L2. Second specialty group = Dutch Financials Dutch Trade, Industry and Services Dutch Government L3. Third specialty group = Dutch Small Financials + ………….

2. Print ‘General instructions for the use of the GAIN Annual Benchmarking System’ 3. Print ‘Preparation Guide for the GAIN Annual Benchmarking Questionnaire’

Dia nummer 8

Invulinstructie questionnaire

Algemeen:


Nederlandse gegevens




In US $; koers 31/12/08

1 USD = 0.70937 EUR 1 EUR = 1.40970 USD








Geen duizendtekens ! Geen spaties, geen komma’s ! Geen percentages, geen valutatekens ! Overal antwoord geven ! Systeem checkt en geeft aan wat je gemist hebt. Sluit pas af na complete input. ALLE NULLEN vermelden !

Dia nummer 9

Secties Questionnaire Sectieindeling 2009 A. B. C. D. E. F. G. H. I.

Organization Information Internal Audit Resources Internal Audit Oversight Risk Assessment and Audit Planning Audit Implementation / Life Cycles / Reporting Information Technology (IT) auditing Performance Management Professional Development Emerging Trends and Leading Practices

Dia nummer 10

A.Organization Information A1. Annual Revenues:

Totale opbrengstengegevens die tot het audit domein behoren: bruto premie-inkomsten, bruto rente- en beleggingsopbrengsten. A2. Total Assets:

Balanstotaal assets die tot het audit domein behoren (dus inclusief Assets under Management). A3. Annual Expenses:

Totale kostengegevens die tot het audit domein behoren, inclusief rente- en schadelasten en (eventueel) resultaat op herverzekeringen.

Dia nummer 11

A.Organization Information A4. Total employees in organization (full-time equivalents):

FTE’s gerelateerd aan bij A1 en A2 vermelde revenues & costs. A6. Is your organization: • Public / Private / Government or Non-Profit

Vul ”Public” in als je eigen organisatie of je moedermaatschappij beursgenoteerd is. A7. Is your organization subject to the US SOx 2002 ? • Yes / No

Je bent ook ‘subject to’ als je organisatie vrijwillig aan SOx voldoet, maar dan wel ‘echt’.

Dia nummer 12

A.Organization Information A8. If your organization is subject to SOX, what is the level of responsibility handled by the internal audit activity? • full responsibility over all aspects of SOX (e.g., process documentation and testing) • The internal audit activity is responsible for the testing of controls only • The internal audit activity acts in a consultative manner assisting organization management to ensure all components of SOX are completed • The internal audit activity remains independent regarding SOX and audits the process in place that is owned outside of the internal audit activity

Dia nummer 13

A.Organization Information





A9. Organizational Reach: • Keuze uit: Regional, National, International A10. Organizational Structure: • Keuze uit: Centralized of Decentralized

B. Internal Audit Resources Internal Audit Costs

B1. Please allocate the total cost of your internal audit activity: • Salary (gross pay and bonuses) Geen Sociale Lasten + Pensioenen • Employee benefits (if not tracked separately, averages 30% of salaries)

• Travel • Training

Hier Sociale lasten en pensioen ‘Echte’ reiskosten + lease-auto’s -/- reisk opleiding Kosten opleiding en permanente educatie + reiskosten opleiding

• Costs of purchased services (consultants, co-source providers, outsource providers, etc.)

• Other • Total internal audit costs:

Non salary earners die hebben meegewerkt aan je audit plan Overige DIRECTE KOSTEN, dus geen doorberekeningen voor overhead als huisvesting, pc’s e.a. Automatic sum

Dia nummer 15

B. Internal Audit Resources Staffing B2. Please enter the following FTE staff information. (Sourced staff must be entered/calculated as a full-time equivalent staff); Vul in gemiddelde FTE over periode! In-House Staff

Sourced Staff

Chief Audit Executive Directors / Managers Seniors / Supervisors Staff Total Audit Positions

Automatic Calculation

Total Professional Audit Positions

Automatic Calculation (in-house + sourced)

Automatic Calculation

Secretarial / Clerical Total Positions

Automatic Calculation

Total Staff

Automatic Calculation (in-house + sourced)

Automatic Calculation

B3. Including sourced staff, by what percent did your staff size increase or decrease over the last year (please insert ‘0’ for no change and a negative number for a decrease)? _________

Dia nummer 16

B. Internal Audit Resources Staffing B2. Chief Audit Executive Directors & Managers Seniors / supervisors Staff Secretarial/Clerical

= Directeur Interne Accountantsdienst = Audit Managers, tweede echelon bij “grotere” IAD = Leidinggevenden / teamleiders / senior medewerkers, met 5 jr ervaring en/of titel = Medewerkers (de “handjes”) = Ondersteuning/Secretariaat/Administratie

• Staffunctionarissen: vaktechniek onder ‘Seniors’, Control/HR onder ‘Secr’ • B2 en B3: ‘Sourced staff’ alleen INDIEN EN VOORZOVER meegewerkt

aan het uitvoeren van het internal audit plan !

B3. •Met gezond verstand afronden, 1 feb of 1 mrt mag 1 jaar zijn (en omgekeerd)

r 17

B. Internal Audit Resources B8. Please identify the following staff information by level (FTE in-house staff only):

•Zie B2 •Alleen in house !

Level of education sought for position

Average years in internal audit profession

Average years of industry experience (primary industry of organization)

Number of staff with one or more professional certification designation(s)

KIES EEN CERTIFICATE UIT DE LIJST VAN B6 + TOELICHTING

ALLEEN INTERNAL AUDITERVARING !!

BINNEN DE BETREFFENDE SPECIALTY GROUP, BIJV. FINANCIALS, OOK IN ANDERE FUNCTIES !!

AANTAL PERSONEN, DUS: Mr XXX RA CIA = 1

Chief Audit Executive Directors / Managers Seniors / Supervisors Staff

Dia nummer 18

B. Internal Audit Resources B9. Please provide the total number of audit staff with the following audit-related professional certifications (FTE in-house professional audit staff only): NEDERLANDSE EQUIVALENTEN














CIA / MIIA / PIIA CISA / QiCA CIPFA / CGAP / CGFM CCSA CA / CPA / ACCA / ACA CMA / CIMA / CGA CAT / AAT CFE CFSA / CIDA / CBA FCA / FCCA / FCMA) CFA QAR Other

RO RE MGA RA/ CAA

• Alleen in-house • Welke titels komen hoe vaak voor, dus Mr X RA CIA = 2

Dia nummer 19

B. Internal Audit Resources B13. What was your internal audit staff turnover for the year (numerically by FTE)? • Placed inside organization (andere functie binnen organisatie of groep) • Voluntarily left organization (andere functie buiten organisatie) • Retirements (pensioen) • Other (bijvoorbeeld ontslag of overlijden) • Total Beperk het gebruik van other !!!

Dia nummer 20

B. Internal Audit Resources Sourcing B14. What percentage of your audit engagements are (must add to 100%): • Staffed internally: ______ eigen internal auditors • Co-sourced: _______ joint audits met combinatie

• Outsourced: _______

eigen/externe auditor(s) audits volledig uitgevoerd door externe auditor(s)

B15. What areas do you source (choose all that apply)? • General internal auditing m.n. operational / financial auditing • Information Technology (IT) auditing • Subject matter expertise • Fraud auditing • Other • None

Dia nummer 21

B. Internal Audit Resources Sourcing B16. What percentage of the following general areas are sourced? • General internal auditing: ____% • Information Technology (IT) auditing: _____% • Subject matter expertise: ____% • Fraud auditing: ____%

% van totale urenbesteding in die categorie door Internal Audit ! B17. In the last fiscal year, how many total hours did you receive in sourced internal audit services? _______

Totaal co-sourced + outsourced (alleen externe uren/kosten)

Dia nummer 22

B. Internal Audit Resources Relationship with External Auditors For the following questions, do not include any statutory audits. B19. What were the total internal audit hours worked on the most recently completed external audit: ________ Bijv. SAS 70, Sox testing, subsidieverklaring B20. How many of the total internal audit hours worked were related to the testing of controls over financial reporting: _______ = Alleen Sox testing B21. Estimate the total external audit hours (both internal audit and external audit combined) worked on the most recently completed external audit: _______ B22. What were the total external audit fees associated with the most recently completed external audit: ________

‘De laatste’, dus alleen als voorbeeld? Vragen zijn niet duidelijk, maar probeer de relatie tussen uren en kosten reëel te houden.

Dia nummer 23

C. Internal Audit Oversight Chief Audit Executive = Directeur IAD of vergelijkbare functie (hoogste functie binnen IAD nemen)

C2. The CAE reports administratively to:


Administratively = Puur hiërarchisch, voor “de declaraties en de potloden”

C3. The CAE reports functionally to:


Functionally




Audit Committee, or equivalent General / Legal Counsel Chief Executive Officer (CEO) President or Government Agency Head Chief Financial Officer(CFO) Chief Operating Officer (COO) Chief Risk Officer (CRO) Controller Other











= Functioneel, inhoudelijk, CAE beoordelaar, beloning bepalend AC sec of voorzitter AC Hoofd Juridische Zaken (?) Voorzitter Raad van Bestuur op hoogste niveau in organisatie op hoogste niveau in organisatie op hoogste niveau in organisatie groepscontroller

Dia nummer 24

C. Internal Audit Oversight Audit Committee C6. Do you have an audit committee, or its equivalent? • Yes / No


Voor concerns is de NL-situatie relevant voor een positief antwoord.




Indien er alleen een ‘concern-AC’ bestaat dat nadrukkelijk ook de NL auditactiviteiten meeneemt in haar toezicht, is het antwoord toch ‘Ja’.




Indien in NL een platform/commissie bestaat dat in de geest acteert als een ‘echt’ AC, dan kan vraag C6 met ‘Ja’ beantwoord worden. De overige vragen onder C dienen analoog hieraan te worden beantwoord.

Dia nummer 25

C. Internal Audit Oversight Audit Committee C7. How many people sit on your audit committee, or equivalent?

Alleen RvC-leden (= ‘non executives’ van Board of Directors), dus geen gasten als de RvB-leden, interne accountant en/of externe accountant. C8. Who chairs your audit committee, or equivalent? • Chairman of the Board of Directors (or equivalent) • Other independent Board of Directors member • Chief Executive Officer (CEO) or Government Agency Head • Other individual outside of the organization • Chief Financial Officer (CFO) • Chief Audit Executive (CAE) • Other • Not applicable

Nederland: Angelsaksische landen:

Vz RvC Ander RvC-lid Vz RvB

Raad van Bestuur / Raad van Commissarissen Board of Director met Executive en Non Executive members

Dia nummer 26

D. Risk Assessment and Audit Planning D1. Do you have a defined audit universe? (yes/no) ‘Ja’, indien het audit universum (in algemene termen) is gedefinieerd

D3. How many audits did you plan in the last fiscal year? ________ D4. How many audits did you actually perform in the last fiscal year (exclude management requests not in original audit plan)? ________ Schatting of, indien mogelijk, een berekening maken van de dekkingsgraad

Dia nummer 27

D. Risk Assessment and Audit Planning D5. How many unplanned audits did you perform in the last fiscal year? (nieuw in 2009) D7. What percentage of total hours built into your audit plan is categorized as unallocated time for future, unplanned, or ad-hoc audit requests? (nieuw in 2009)

Dia nummer 28

D. Risk Assessment and Audit Planning D6. What percentage of your audit plan is the following (must sum to 100%):
Assurance engagements Financial en operational audits


Consulting engagements

Specifieke opdrachten voor beoordeling van design van processen & procedures, risk management; meedraaien in stuur- en werkgroepen




Management requests

Verzoeken van het management die aan het op risico-analyse gebaseerde audit plan worden toegevoegd





Fraud investigations Follow-up audits




TOTAL

Specifiek gericht op implementatie van verbeteracties n.a.v. een eerdere audit Automatic calculation

Dia nummer 29

D. Risk Assessment and Audit Planning Organization / Internal audit activity Risk Assessment D15. Internal audit activities can utilize risk categories in their risk assessment process and may also use these categories to communicate the results of the risk assessment to management and the audit committee. Do you utilize risk categories in your risk assessment? YES/NO

Voorbeelden: financial risk, operational risk, legal risk, reputation risk, compliance/integrity risk, strategic risk. D16. How many risk categories do you use? _______ D17. What percentage of your risk categories are covered by your audit plan? _______

Onduidelijk hoe die beantwoord moet worden. Schatting van welke Altijd ---  Nooit.

Dia nummer 30

D. Risk Assessment and Audit Planning Audit Engagement Risk Assessments D18. Does your audit activity complete engagement-level risk assessments? • Always / Sometimes / Never

Hier gaat het om een risico-analyse per onderzoek. D19. How do you gather information for the engagement-level risk assessments (choose all that apply)? • Questionnaires / Interviews / Process documents and flowcharts / Other / Not applicable

Dia nummer 31

E. Audit Implementation/Life cycles/Reporting INVULLEN OP BASIS VAN URENREGISTRATIE, ANDERS ZO GOED MOGELIJK SCHATTEN

E1. What percentage of your audit staff time (including sourced staff) was devoted to (should add to 100%): • • • • • • • • • •

Assurance engagements Consulting engagements Fraud investigations Management requests Follow-up audits External audit assistance Non-chargeable time – training Non-chargeable time – other Absences TOTAL

_________ _________ _________ _________ _________ _________ _________ _________ _________ _________ (automatic sum)

ZIE EERDER VOOR ONDERSCHEID

E2. What was the distribution of total time (as a percentage) on typical audits (should add to 100%)? • •

Planning Fieldwork

_________ _________

•

Reporting

_________

•

TOTAL

_________ (automatic sum)

= VOORBEREIDING TOT AAN BEGINGESPREK = VELDWERK TOT EN MET SLOTGESPREK EN

AFSTEMMING BEVINDINGEN/CONCLUSIES = RAPPORTAGEFASE INCLUSIEF AFSTEMMING RAPPORTAGE

Dia nummer 32

E. Audit Implementation/Life cycles/Reporting E3. On average, how many calendar days does it take to complete the following tasks (should be measured in working/business days): • • • •

Planning Fieldwork Reporting Follow-up

• TOTAL

_________ _________ _________ _________

ZIE EERDER

ALLEEN ALS DAT KORT NA AUDIT PLAATSVINDT, GEEN KWARTAALGEWIJZE FOLLOW-UP MONITORING

_________ (automatic sum)

E4. On average, how many calendar days lapse between the end of fieldwork and the issuance of (should be measured in working/business days): • Draft Reports: ________ • Final Reports: ________

Dia nummer 33

E. Audit Implementation/Life cycles/Reporting E9. Did you identify any audit recommendations in the last fiscal year? Yes/No

Zal normaliter JA zijn E10. How many audit recommendations were identified in the last fiscal year? ______

Aantal aanbevelingen/verbeteracties in totaal E11. How many major audit findings were identified in the last fiscal year? _______

Conclusies met hoge significantie (prioriteit) E12. How many repeat findings did you identify in the last fiscal year? _________

Gelijke aanbevelingen/verbeteracties in meerdere audits/rapporten

Dia nummer 34

E. Audit Implementation/Life cycles/Reporting Continuous Auditing E15. Does your organization currently perform continuous auditing? •

Yes / No, but we plan to start this year / No

E16. Who is responsible for continuous auditing in your organization? •

Internal audit / Management / Both internal audit and management / Other / Not applicable




Continuous auditing is a new and evolving methodology used to automatically perform control and risk assessments on a more frequent basis.




Continuous auditing changes the audit paradigm from periodic reviews of a sample of transactions to ongoing audit testing of 100 percent of transactions. It becomes an integral part of modern auditing at many levels.




Technology is the key to enabling such an approach; new data warehousing and data mining techniques to receive, process and report large sums of data on a continuing basis, thus fueling the need for continuous monitoring and auditing.

Bron: IIA Inc

Dia nummer 35

G. Performance management Zie ook de IIA professional practices standards Standard 1300 – Quality Assurance and Improvement Programs G1. Do you have a formal quality assurance and improvement program? •

Yes / No

Hier wordt gedoeld op een QA en improvement program voor de Internal Audit-functie Standard 1311 – Internal Assessments G2. What is your internal audit activity’s status with regard to internal assessments (choose all that apply):

• Our internal audit activity performs ongoing reviews of the performance of the internal audit activity • Our internal audit activity performs periodic reviews performed through self-assessment or by other persons within the organization, with knowledge of internal audit practices and The IIA’s Standards • Our internal audit activity does not have a formal internal assessment process

Dia nummer 36

G. Performance management Standard 1312 – External Assessments G6. Has your organization had an external quality assessment in the last 5 years?

• Yes / No External Quality Assessment Review (QAR) in last three years:
Deze vraag heeft te maken met een externe quality assurance review van de Internal Audit-functie zelf.


Bedoeld wordt een separate quality review door een externe partij, anders dan de gebruikelijke review van een individueel dossier door de controlerende externe accountant in het kader van diens jaarrekeningcontrole (dus ook een review door een separate group audit)




Het toezicht door AFM / DNB / PVK telt als zodanig niet mee.

G8 en G10 t/m G14 alleen invullen als er een externe QAR heeft plaatsgevonden

Dia nummer 37

G. Performance management Standard 1311 – Internal Assessments G15. Do you use the phrase: “Conducted in accordance with the Standards” in your audit reports and communications?

• Yes / No / Not applicable

Deze zinssnede mag alleen worden gebruikt wanneer een QAR heeft plaatsgevonden met positief resultaat.

Dia nummer 38

H. Professional development Information Technology H9. Generally speaking, which of the following basic IT knowledge categories do your internal auditors possess (choose all that apply)? • • • • • • • • • • •

Software used in applications Operating system software Network software Perimeter defenses Intrusion detection Authentication controls Application controls Understanding IT risks Audit software tools Microsoft Office Suite None of the above

Het gaat hier om alle internal auditors, dus niet specifiek om de IT auditors

Dia nummer 39

I. Emerging Trends and Leading Practices Risk Identification: I 1. From your perspective, what are the key risks facing your organization today? I 2 From your perspective, what are the key risks your organization will face in the next three years? I 3. Has management shared with you any key risks or issues facing the organization that you have not already indicated above? et cetera

Leading Practices: I 9. Please identify any areas within your internal audit activity where you believe you have implemented leading practices or innovative processes: I 10. May we contact you to obtain additional information and insight regarding the practices you have implemented? (yes/no)

Open vragen, weinig guidance mogelijk.

Dia nummer 40

Kosten deelname GAIN

• • •

Geen: alleen data verstrekken GAIN E-mail report $ 225 Extra Specialty Group $ 125 Totaal $ 350 Extra of anders: • GAIN CD Report • Additional copy CD report • GAIN Paper Report

$ 255* $ 30 $ 200*

*including shipping charges

Dia nummer 41

Opslaan








Sla de questionnaire steeds op na een onderdeel Na een periode van inactiviteit gooit het systeem je eruit, dus ook tussendoor opslaan ! Altijd wijzigingen afzonderlijk opslaan Met ‘save & continue’ wordt het scherm opgeslagenen ga je naar een volgend scherm Summary screen geeft ‘true’ and ‘false’ statements Per scherm “Mark as completed’  kan pas nadat gesaved is Als alles is marked completed, kun je pas submitten

Zie verder ‘General instructions’

Tijdpad GAIN 2009


29 april 2009:

Deadline submitten ingevulde questionnaires




20 mei 2009:

Ontvangst rapportages en (zelf)analyse




9, 10, 11 juni 2009: Evaluatie bijeenkomsten Uitwisseling ervaringen, onderling bespreking resultaten, noodzakelijke correcties opsporen (afspreken GAIN Round table-onderwerpen)




22, 23, 24 september 2009: Round Tables




5 november 2009: GAIN-middag Presentatie van de uitkomsten van de verschillende groepen

Dia nummer 43

Deadline Submissions

DEADLINE SUBMISSIONS 28, 29 april 2009 Ontvangst rapportages Week 21 (18 , 19 of 20 juni 2009)

Dia nummer 44