Audit-l is sponsored by Audit Leverage by IAD Solutions, Inc. ***************************************
A great point to start your development for KPI's is what you have already done - talk to upper management. In addition, what reports are used by management presently uses to track performance - these are wonderful reports that audit can use as baselines to track. Some institutions call these quality control charts. A frequent statement that I make to management when they ask for us to define and institute a key performance indicator is: What can I implement (as an auditor) that you as a manager should not be using already? Our existence is not to replace the monitoring of management over their own area but to expand the review to help note trends and flags that may be missed when looking at these same reports from an operational standpoint. A good example of an item we recently implemented: File Maintenance and Address Changes - management should be producing a report, reviewing it for suspicious activity, and performing sample tracing of maintenance and address changes to source docs, and ensuring a letter is sent to the clients previous address notifying of the change. As an auditor, we have applied thresholds to the process such as (1) # of address changes on a particular account over a set period, (2) number of accounts changed to a single address over that same period, (3) # of electronic transactions or loan applications that have had an address change within X period of days. In these examples you can see that a report that should already exist by management can be manipulated and compared against other activities to produce flags for audit follow-up. To further utilize the idea of KPI's, our audit enterprise-wide risk assessment and scheduling activities reflect the # of occurrences of KPI flags over the previous audit period. We may believe an area is medium risk, but the KPI's we rely on to track control areas may have produced an excessive number of flags (meaning the control process is not functioning efficiently or the thresholds are too stringent). As auditors, we may need to move up the scheduled audit. Fraud is an topic of increasing importance in our profession, but the leap to "responsibility" has not been formally made. However, auditors (like it or not) are expected to perform adequate testing or performance monitoring to address the likelihood of fraud. In fact, when fraud hits in an area that audit has been - who gets the blank stare from management and the "why didn't you find this" attitude. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Friday, April 05, 2002 8:54 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: Internal Audit key performance indicators Audit-l is sponsored by Audit Leverage by IAD Solutions, Inc. Audit Leverage is a department management software package that integrates and automates the entire audit process. This comprehensive package includes risk assessment, audit planning, budgeting, staffing, scheduling, timekeeping, automated work papers, audit findings & recommendations, reporting and audit follow-up. Audit Leverage allows auditors in the field to work off-line and dial in to synchronize their work with the Audit Leverage database on the network, enabling managers to review the work papers instantly without being at the job site. Demo available at www.auditleverage.com *************************************** In my opinion, the audit department should not be judged by the number of frauds uncovered. While the audit department is responsible to be alert for fraud, it is my understanding that looking for fraud is not the primary focus. In addition, while the audit department makes recommendations to strengthen internal controls, it is management's decision whether to implement those recommendations since they own the affected processes. Thus, the number of frauds discovered could be included as a performance measure in evaluating management, but I do not think it would be an appropriate measure of performance for the audit department. These statements are just my opinion and I welcome other opinions. Sharon Haapala <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Sent by: cc: [EMAIL PROTECTED] Subject: Re: Internal Audit key performance indicators ditnet.org 04/05/02 07:11 AM At 01:45 PM 4/5/02 +0200, you wrote: My Boss who is the CEO would like me to come up with key performance indicators against which h would measure my performance. In my proposed indicators l have included such things as no of reports, recommendations implemented, budget performance, achieving set plan etc. This to him is not sufficient and he wants me to include such things as No. of frauds unravelled compared to previous years in dollars and quantity terms, reported against those determined by audit, etc. Can you suggest more indicators for me please. I'd be very interested in hearing more ideas in this area. Some of the indicators mentioned above make me a bit nervous. I'm a university auditor, and some years I may not complete as many audits as other years, simply due to the nature of the audits - how long they take, complicated issues that might arise. Similarly, I don't find fraud every year - we're a small university that has excellent internal controls and audit trails. If I had fewer audit reports issued and no frauds, would that mean I'm doing poorly? Just food for thought - please share any info you receive. Sharon ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Sharon J. Haapala, CIA, Auditor Internal Audit Department Michigan Technological University 906-487-1994 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ If your organization would like to sponsor this discussion list send an e-mail to [EMAIL PROTECTED] for information. To unsubscribe to the Audit-l list send an e-mail to [EMAIL PROTECTED] Leave the subject line blank and include the following message in the body: Unsubscribe audit-l (yourname) Thanks, Jim Kaplan List Manager If your organization would like to sponsor this discussion list send an e-mail to [EMAIL PROTECTED] for information. To unsubscribe to the Audit-l list send an e-mail to [EMAIL PROTECTED] Leave the subject line blank and include the following message in the body: Unsubscribe audit-l (yourname) Thanks, Jim Kaplan List Manager
