Transcript www.resourcenter.net

Speaker: Lark Scheierman
2013 Internal Audit
Capabilities and Needs Survey
Top Priorities for Internal Auditors
Speaker: Lark Scheierman
A Reminder…
Following the webinar, all attendees will receive a link
to a copy of the presentation and recording.
During the webcast you can ask questions by clicking
on the questions link at the top of your screen.
Please provide your e-mail address for a swift reply.
There will be a Q&A session at the end of the call.
If you are having trouble hearing the audio through
the computer, separate phone lines are available.
2
© 2013
International
+44 (0) 1452 555566
United States
+1 866 966 9439
Conference ID
15266815
Speaker: Lark Scheierman
CPE Credits and Supplemental Information
We offer 2 CPE credits for this presentation. To be eligible to receive these credits, please ensure
to:
• Answer four (4) out of the five (5) polling questions throughout the duration of this webinar.
• If you qualify for CPE, you will receive the course evaluation form.
Click on the Attachments link to download the complete survey publication, view the info
graphics and watch the video.
The Attachment link also provides you the opportunity to benchmark yourself against the survey
results.
3
© 2013
Speaker: Kevin Donahue
Speakers
Susan Haseley is a Managing Director and the Global Industry Leader for
Protiviti's Healthcare and Life Sciences practice and also serves as the Dallas
Office Market Leader. Susan has over 25 years of experience in providing risk
consulting, internal audit and technology consulting services. Susan received her
bachelor's degree in Information Systems from Ohio University and an MBA from
the University of Dallas. She holds the Certified Internal Auditor (CIA), the Certified
Information Systems Auditor (CISA), the Project Management Professional (PMP)
certifications and is trained as a Six Sigma Green Belt. Susan is a member of the
Internal Auditors Association (IIA), Information Systems Audit and Control
Association (lSACA), and the Association of Healthcare Internal Auditors (AHIA).
She also is a member of AHIP, HFMA, HCCA.
[email protected]
David Brand is a Managing Director in Protiviti’s Chicago office. He leads the
global IT Audit practice for Protiviti. He has over 15 years experience working with
companies across multiple industries in the areas of IT Auditing, Computer Aided
Auditing Techniques, audit formation, risk assessments and audit committee
reporting.
[email protected]
4
© 2013
Speaker: Kevin Donahue
Speakers
Mike Fabrizius is Vice President of Audit Services for the Carolinas HealthCare
System. He is a CIA, CPA and MBA. He has been active in the Association of
Healthcare Internal Auditors (AHIA) in a variety of volunteer positions, including
Chairman of the Board of Directors in 2011. Carolinas HealthCare System provides
a full spectrum of healthcare and wellness programs throughout North and South
Carolina. Its network of more than 650 care locations includes academic medical
centers, hospitals, healthcare pavilions, physician practices, surgical and
rehabilitation centers, home health agencies, nursing homes and hospice and
palliative care.
[email protected]
5
© 2013
Speaker: Kevin Donahue
Introduction – About the Survey
• Ongoing professional development is
essential for today's internal auditors.
They are:
– Facing greater demands to improve
organizational processes
– Ensuring proper risk management and
controls are in place
– Required to stay informed on the
changing dynamics of business and
technology
– Enjoying a broader range of career
paths and opportunities
– Innovative thinkers ready to meet a
wide range of challenges
6
© 2013
Speaker: Kevin Donahue
Introduction – About the Survey
• Protiviti conducted the survey from
September 2012 through October 2012
• The survey was divided into four major
sections:
– General Technical Knowledge
– Audit Process Knowledge
– Personal Skills and Capabilities
– Social Media and the Audit Process
7
© 2013
Speaker: Kevin Donahue
Introduction – About the Survey
• Respondents were asked to rate:
– Their competency in these areas on a
scale of 1 to 5
– Indicate whether competency was
adequate or needs improvement
• The survey also assessed the following:
– Competency levels of CAEs
– Differing needs by industries and
business size
– Three-year trends for CAEs and overall
results
8
© 2013
Speaker: Kevin Donahue
Internal Audit Capabilities and Needs Survey Publications
9
© 2013
Speaker: Kevin Donahue
Overview – Topics of Focus
General Technical Knowledge
Audit Process Knowledge
Personal Skills and Capabilities
Social Media and the Audit Process
Meeting Today's Challenges
Q&A
10
© 2013
Kevin to introduce this
survey section and
transition to the next
speaker, David Brand
General Technical Knowledge
Speaker: David Brand
General Technical Knowledge – Overall Results
"Need to
Improve"
Rank
1
2
(tie)
3
(tie)
4
(tie)
5
(tie)
12
© 2013
Areas Evaluated by Respondents
Competency
(5-pt. scale)
Social Media Applications
2.7
Recently Enacted IIA Standards: Functional Reporting Interpretation
(Standard 1110)
3.1
Recently Enacted IIA Standard: Audit Opinions and Conclusions (Standards
2010.A2 and 2410.A1)
3.1
GTAG 16: Data Analysis Technologies
2.8
Recently Enacted IIA Standard: Overall Opinions (Standard 2450)
3.1
Cloud Computing
2.7
The Guide to the Assessment of IT Risk (GAIT)
2.7
GTAG 13: Fraud Prevention and Detection in an Automated World
2.8
ISO 27000 (information security)
2.4
COSO Internal Control Framework (DRAFT 2012 version)
2.9
Practice Guide: Assessing the Adequacy of Risk Management
3.0
GTAG 6: Managing and Auditing IT Vulnerabilities
2.8
Fraud Risk Management
3.4
Speaker: David Brand
General Technical Knowledge – Three-Year Comparison: Overall Results
Rank
2013
2012
2011
IFRS
1
2
3
Social Media Applications
Recently Enacted IIA Standards: Functional Reporting
Interpretation (Standard 1110)
Recently Enacted IIA Standard: Audit Opinions and
Conclusions (Standards 2010.A2 and 2410.A1)
GTAG 16: Data Analysis Technologies
Recently Enacted IIA Standard: Overall Opinions (Standard
2450)
Social Media Applications
GTAG 13: Fraud Prevention
and Detection in an Automated
World
Cloud Computing
ISO 31000
GTAG 13: Fraud
Prevention and Detection
in an Automated World
Penalties in Administrative
Proceedings (§ 929P)
Fraud Risk Management
Six Sigma
Cloud Computing
The Guide to the Assessment of IT Risk (GAIT)
4
GTAG 13: Fraud Prevention and Detection in an
Automated World
ISO 27000 (information security)
COSO Internal Control Framework (DRAFT 2012 version)
5
Practice Guide: Assessing the Adequacy of Risk
Management
GTAG 6: Managing and Auditing IT Vulnerabilities
Fraud Risk Management
• No consistent top five items for all three years
13
© 2013
GTAG 16: Data Analysis
Technologies
Hedging by Employees and
Directors (§ 955)
GTAG 15: Information Security
Governance
Speaker: David Brand
General Technical Knowledge – Top 5 for CAEs
"Need to
Improve"
Rank
Areas Evaluated by Respondents
Competency
1
Social Media Applications
2.7
2
Recently Enacted IIA Standards: Functional Reporting
Interpretation (Standard 1110)
3.2
3
COSO Internal Control Framework (DRAFT 2012 version)
3.0
4
Recently Enacted IIA Standard: Audit Opinions and Conclusions
(Standards 2010.A2 and 2410.A1)
3.2
Cloud Computing
2.7
ISO 27000 (information security)
2.5
5
(tie)
14
© 2013
Speaker: David Brand
General Technical Knowledge – Three-Year Comparison: CAE Results
Rank
2013
2012
2011
1
Social Media Applications
Social Media Applications
IFRS
2
Recently Enacted IIA
Standards: Functional
Reporting Interpretation
(Standard 1110)
Cloud Computing
GTAG 13: Fraud Prevention
and Detection in an
Automated World
3
COSO Internal Control
Framework (DRAFT 2012
version)
GTAG 13: Fraud Prevention
and Detection in an
Automated World
4
Recently Enacted IIA
Standard: Audit Opinions
and Conclusions (Standards
2010.A2 and 2410.A1)
Cloud Computing
5
ISO 27000 (information
security)
GTAG 16: Data Analysis
Technologies
International Financial
Reporting Standards (IFRS)
• No consistent top five items for all three years
15
© 2013
Penalties in Administrative
Proceedings (§ 929P)
Hedging by Employees and
Directors (§ 955)
GTAG 14: Auditing Userdeveloped Applications
GTAG 15: Information
Security Governance
GTAG 3: Continuous Auditing
GTAG 12: Auditing IT
Projects
Speaker: David Brand
General Technical Knowledge – Company Size Breakdown
Rank
Small < $1B
Medium $1B-9B
Large > $10B
1
Social Media Applications
Recently Enacted IIA Standards:
Functional Reporting
Interpretation (Standard 1110)
Social Media Applications
GTAG 16: Data Analysis Technologies
Recently Enacted IIA Standard:
Audit Opinions and Conclusions
(Standards 2010.A2 and 2410.A1)
Practice Guide: Measuring
Internal Audit Effectiveness and
Efficiency
Recently Enacted IIA Standard:
Overall Opinions (Standard 2450)
Recently Enacted IIA Standard:
Audit Opinions and Conclusions
(Standards 2010.A2 and 2410.A1)
2
3
IT Governance
Social Media Applications
4
The Guide to the Assessment of IT
Risk (GAIT)
Cloud Computing
Recently Enacted IIA Standard:
Overall Opinions (Standard 2450)
Practice Guide: Assessing the
Adequacy of Risk Management
ISO 27000 (information security)
GTAG 3: Continuous Auditing
5
GTAG 13: Fraud Prevention and
Detection in an Automated World
• Circled items are consistent top five items
16
© 2013
ISO 31000 (risk management)
GTAG 14: Auditing Userdeveloped Applications
The Guide to the Assessment of
IT Risk (GAIT)
Kevin Donahue will
introduce this survey
General Technical Knowledge – Healthcare Industry Results
section and moderate by
asking Susan and Mike
questions about the survey
results.
17
© 2013
Kevin Donahue
Speaker:
Susanwill
Haseley
moderate by asking Susan
General Technical Knowledge, Overall Healthcare Industry
Response
and Mike
questions about
the survey results.
"Need to
Improve"
Rank
1
Areas Evaluated by Respondents
Competency
(5-pt. scale)
Cloud computing
2.8
GTAG 16 – Data analysis technologies
2.9
ISO 27000 (information security)
2.3
GTAG 17 – Auditing IT governance
2.8
Social media applications
3.1
Fraud Risk Management
3.7
Recently enacted IIA standards – Functional reporting interpretation
(Standard 1110)
3.3
IT governance
3.0
2
(tie)
3
(tie)
4
5
(tie)
18
© 2013
Kevin Donahue will
moderate by asking Susan
General Technical Knowledge, Healthcare Industry CAE
Response
and Mike
questions about
the survey results.
"Need to
Improve"
Rank
1
(tie)
2
(tie)
3
(tie)
19
© 2013
Areas Evaluated by Respondents
Competency
(5-pt. scale)
Recently enacted IIA standards – Functional reporting interpretation
(Standard 1110)
2.7
Social media applications
2.4
COSO internal control framework (DRAFT 2012 version)
2.6
Recently enacted IIA standard – Audit opinions and conclusions (Standards
2010.A2 and 2410.A1)
2.6
GTAG 6 – Managing and auditing IT vulnerabilities
2.4
GTAG 17 – Auditing IT governance
2.5
ISO 27000 (information security)
2.0
Recently enacted IIA standard – Overall opinions (Standard 2450)
2.8
Cloud computing
2.4
GTAG 5 – Managing and auditing privacy risks
2.9
GTAG 12 – Auditing IT projects
2.9
GTAG 15 – Information security governance
2.7
The Guide to the Assessment of IT Risk (GAIT)
2.4
IT governance
2.7
Kevin Donahue will
moderate by asking Susan
General Technical Knowledge – Two-Year Comparison
and Mike questions about
the survey results.
2013
Cloud computing
Social media applications
GTAG 16 – Data analysis technologies
Cloud computing
ISO 27000 (information security)
Fraud risk management
Social media applications
GTAG 13 – Fraud prevention and
detection in an automated world
Fraud risk management
GTAG 3 – Continuous auditing
Recently enacted IIA standards –
Functional reporting
interpretation (Standard 1110)
GTAG 12 – Auditing IT projects
• Circled items are consistent between the two years
© 2013
GTAG 16 – Data analysis technologies
GTAG 17 – Auditing IT governance
IT governance
20
2012
Healthcare Industry-Specific Technical Knowledge
21
© 2013
Kevin Donahue will
introduce this survey
section and moderate by
asking Susan and Mike
questions about the survey
results.
Kevin Donahue will
moderate by asking Susan
Healthcare Industry-Specific Technical Knowledge – Overall
and MikeResults
questions about
the survey results.
"Need to
Improve"
Rank
© 2013
Competency
(5-pt. scale)
1
Health information exchanges
2.7
2
Value-based purchasing
2.6
3
(tie)
ICD-10 implementation
2.6
Payment bundling
2.6
Accountable care organizations
2.7
Clinical documentation
2.8
ICD-10 impact and readiness
2.5
Pay-for-performance quality standards (CMS core measures and HCAHPS)
2.7
State-specific privacy/security laws
2.7
4
(tie)
22
Areas Evaluated by Respondents
Kevin Donahue will
moderate by asking Susan
Healthcare Industry-Specific Technical Knowledge – CAE
Results
and Mike
questions about
the survey results.
"Need to
Improve"
Rank
1
(tie)
2
(tie)
3
(tie)
23
© 2013
Areas Evaluated by Respondents
Competency
(5-pt. scale)
Health information exchanges
2.4
Payment bundling
2.5
ICD-10 implementation
2.5
Pay-for-performance quality standards (CMS core measures and HCAHPS)
2.6
Physician credentialing
2.6
Value-based purchasing
2.4
Durable medical equipment
2.7
eDiscovery
2.5
HIPAA 5010
2.7
Physician alignment and employment strategies
2.6
Physician organizations
2.3
Professional fee billing
2.5
Quality of care
2.3
Kevin Donahue will
moderate by asking Susan
Healthcare Industry-Specific Technical Knowledge – Two-Year
Comparison
and Mike questions
about
the survey results.
2013
Health information exchanges
Meaningful use compliance
Value-based purchasing
Health information exchanges
ICD-10 implementation
Accountable care organizations
Payment bundling
Electronic health records
Accountable care organizations
ICD-10 readiness
Clinical documentation
Coding (CPT, ICD-9)
ICD-10 impact and readiness
Patient Protection and Affordable Care Act
provisions
Pay-for-performance quality standards
(CMS core measures and HCAHPS)
Clinical systems
State-specific privacy/security laws
• Circled items are consistent between the two years
24
© 2013
2012
Speaker: Lark Scheierman
Poll Question
• In which general technical knowledge areas do healthcare internal auditors
feel they are less competent, and need to improve the most?
A. Social Media Applications
B. Fraud Risk Management Technologies
C. Cloud Computing
Reminder: Answer 4 out of 5 questions to qualify for CPE credit.
25
© 2013
Speaker: Lark Scheierman
Poll Question
• In which general technical knowledge areas do overall CAEs feel they are less
competent, and need to improve the most?
A. Social Media Applications
B. Regulatory Compliance
C. ISO 27000
Reminder: Answer 4 out of 5 questions to qualify for CPE credit.
26
© 2013
Kevin Donahue will
introduce survey section
and transition to next
speaker, David Brand
Audit Process Knowledge
Speaker: David Brand
Audit Process Knowledge – Overall Results
"Need to
Improve" Rank
1
(tie)
2
(tie)
3
(tie)
4
(tie)
5
28
© 2013
Areas Evaluated by Respondents
Competency
(5-pt. scale)
Data Analysis Tools: Data Manipulation
3.3
Fraud: Monitoring
3.4
Auditing IT: New Technologies
2.9
Fraud: Fraud Risk Assessment
3.4
Data Analysis Tools: Statistical Analysis
3.3
Fraud: Fraud Detection/Investigation
3.4
Fraud: Management/Prevention
3.5
Computer-Assisted Audit Tools (CAATs)
3.1
Data Analysis Tools: Sampling
3.4
Speaker: David Brand
Audit Process Knowledge – Three-Year Comparison: Overall Results
Rank
2013
2012
2011
1
Data Analysis Tools: Data
Manipulation
Continuous Auditing
Continuous Auditing
Fraud: Monitoring
Auditing IT: New Technologies
2
Fraud: Fraud Risk Assessment
3
Data Analysis Tools: Statistical
Analysis
Fraud: Fraud
Detection/Investigation
Computer Assisted Audit
Tools (CAATs)
Computer-Assisted
Audit Tools (CAATs)
Continuous Monitoring
Data Analysis Tools:
Statistical Analysis
Data Analysis Tools: Data
Manipulation
Data Analysis Tools:
Data Manipulation
Data Analysis Tools:
Statistical Analysis
Auditing IT: Program
Development
Fraud: Management/Prevention
4
5
Computer-Assisted Audit Tools
(CAATs)
Data Analysis Tools: Sampling
• Circled items are consistent top five items
29
© 2013
Speaker: David Brand
Audit Process Knowledge – Top 5 for CAEs
"Need to
Improve" Rank
Areas Evaluated by Respondents
Competency
(5-pt. scale)
1
Data Analysis Tools: Data Manipulation
3.2
2
Auditing IT: New Technologies
3.1
3
Data Analysis Tools: Sampling
3.4
Computer-Assisted Audit Tools (CAATs)
3.3
Data Analysis Tools: Statistical Analysis
3.3
Fraud: Fraud Risk Assessment
3.7
4
5
30
© 2013
Speaker: David Brand
Audit Process Knowledge – Three-Year Comparison: CAE Results
Rank
2013
2012
2011
1
Data Analysis Tools: Data
Manipulation
Computer Assisted Audit
Tools (CAATS)
Continuous Auditing
Data Analysis Tools:
Statistical Analysis
2
Auditing IT: New
Technologies
Continuous Auditing
Data Analysis Tools: Data
Manipulation
Computer-Assisted Audit
Tools (CAATs)
3
4
Data Analysis Tools:
Sampling
Computer-Assisted Audit
Tools (CAATs)
Data Analysis Tools: Data
Manipulation
Data Analysis Tools:
Sampling
Continuous Monitoring
Auditing IT: Computer
Operations
Data Analysis Tools:
Statistical Analysis
Fraud: Monitoring
Data Analysis Tools:
Statistical Analysis
5
Fraud: Fraud Risk
Assessment
• Circled items are consistent top five items
31
© 2013
Speaker: David Brand
Audit Process Knowledge – Company Size Breakdown
Rank
Small < $1B
Medium $1B-9B
Large > $10B
1
Auditing IT: New
Technologies
Fraud: Monitoring
Data Analysis Tools: Statistical
Analysis
2
Data Analysis Tools: Data
Manipulation
Fraud: Fraud Risk Assessment
Data Analysis Tools: Sampling
3
Auditing IT: Security
Fraud:
Management/Prevention
Auditing IT: New Technologies
4
Fraud: Fraud Risk
Assessment
Fraud: Fraud
Detection/Investigation
Computer-Assisted Audit
Tools (CAATs)
5
Data Analysis Tools:
Statistical Analysis
Quality Assurance and
Improvement Program (IIA
Standard 1300): Ongoing
Reviews (IIA Standard 1311)
• No consistent top five items across organization size
32
© 2013
Continuous Auditing
Statistically Based Sampling
Computer-Assisted Audit Tools
(CAATs)
Fraud: Fraud
Detection/Investigation
Audit Process Knowledge – Healthcare Industry
33
© 2013
Kevin Donahue will
introduce this survey
section and moderate by
asking Susan and Mike
questions about the survey
results.
Audit Process Knowledge – Healthcare Industry
"Need to
Improve" Rank
1
2
(tie)
34
© 2013
Kevin Donahue will
moderate by asking Susan
and Mike questions about
the survey results.
Areas Evaluated by Respondents
Data analysis tools – data manipulation
Quality assurance and improvement program (IIA Standard
1300) – External
assessment (Standard 1312)
Quality assurance and improvement program (IIA Standard
1300) – Ongoing
reviews (IIA standard 1311)
Quality assurance and improvement program (IIA Standard
1300) – Periodic
reviews (IIA Standard 1311)
Competency
(5-pt. scale)
3.4
3.4
3.4
3.4
Fraud – fraud risk assessment
3.7
3
Enterprisewide risk management
3.5
4
Fraud – monitoring
3.6
5
Assessing risk – emerging issues
3.7
Kevin Donahue will
moderate by asking Susan
Audit Process Knowledge – Healthcare Industry, CAEand
Responses
Mike questions about
the survey results.
"Need to
Improve" Rank
1
(tie)
2
(tie)
3
(tie)
35
© 2013
Areas Evaluated by Respondents
Auditing IT – new technologies
Quality assurance and improvement program (IIA Standard
1300) – External
assessment (Standard 1312)
Quality assurance and improvement program (IIA Standard
1300) – Ongoing
reviews (IIA Standard 1311)
Quality assurance and improvement program (IIA Standard
1300) – Periodic
reviews (IIA Standard 1311)
Enterprisewide risk management
Auditing IT – security
Data analysis tools – data manipulation
Presenting to the audit committee
Assessing risk – emerging issues
Computer-assisted audit tools (CAATs)
Continuous auditing
Continuous monitoring
Presenting to senior management
Self-assessment techniques
Fraud – fraud risk assessment
Competency
(5-pt. scale)
2.8
3.5
3.4
3.5
3.5
3.1
3.4
4.1
3.7
3.5
3.3
3.3
4.2
3.5
3.5
Audit Process Knowledge – Healthcare Industry
2013
Kevin Donahue will
moderate by asking Susan
and Mike questions about
the survey results.
2012
Data analysis tools – data manipulation
Computer-assisted audit tools (CAATs)
Quality assurance and improvement program (IIA Standard
1300) – External assessment (Standard 1312)
Continuous auditing
Quality assurance and improvement program (IIA Standard
1300) – Ongoing reviews (IIA Standard 1311)
Continuous monitoring
Quality assurance and improvement program (IIA Standard
1300) – Periodic reviews (IIA Standard 1311)
Data analysis tools – data manipulation
Fraud – fraud risk assessment
Data analysis tools – sampling
Enterprisewide risk management
Data analysis tools – statistical analysis
Fraud – monitoring
Marketing internal audit internally
Assessing risk – emerging issues
Fraud – auditing
Fraud – fraud detection/investigation
Fraud – fraud risk assessment
• Circled items are consistent between the two years
36
© 2013
Speaker: Lark Scheierman
Poll Question
• According to the 2013 IA Capabilities and Needs Survey, internal auditors want
to become more data-driven while implementing more automation to
strengthen effectiveness and efficiency.
• True
• False
Reminder: Answer 4 out of 5 questions to qualify for CPE credit.
37
© 2013
Speaker: Lark Scheierman
Poll Question
• In which emerging technology areas do healthcare internal auditors feel they
are less competent, and need to improve the most?
A. Fraud Risk Management Technologies
B. Auditing IT Projects
C. Data Analysis Tools: Data Manipulation
Reminder: Answer 4 out of 5 questions to qualify for CPE credit.
38
© 2013
Kevin Donahue will
introduce survey section
and transition to next
speaker, David Brand
Personal Skills and Capabilities
Speaker: David Brand
Personal Skills and Capabilities – Overall Results
"Need to Improve"
Rank
1
3.5
2
(tie)
Negotiation
3.4
Persuasion
3.5
3
(tie)
High-Pressure Meetings
3.5
Presenting (public speaking)
3.5
Strategic Thinking
3.8
Developing Other Board Committee Relationships
3.2
Using/Mastering New Technology and Applications
3.6
Leadership (within the Internal Audit profession)
3.5
Time Management
3.7
5
(tie)
© 2013
Competency
(5-pt. scale)
Dealing with Confrontation
4
40
Areas Evaluated by Respondents
Speaker: David Brand
Personal Skills and Capabilities – Three-Year Comparison: Overall Results
Rank
2013
2012
2011
1
Dealing with Confrontation
Developing Outside
Contacts/Networking
Dealing with Confrontation
Negotiation
Negotiation
Persuasion
Persuasion
2
Presenting (public speaking)
High-Pressure Meetings
3
4
Presenting (public speaking)
Strategic Thinking
Developing Other Board
Committee Relationships
Using/Mastering New
Technology and Applications
5
Leadership (within the Internal
Audit profession)
Time Management
• Circled items are consistent top five items
41
© 2013
Dealing with Confrontation
Negotiation
Presenting (public
speaking)
Leadership (within the IA
profession)
High Pressure Meetings
Developing Outside
Contacts/Networking
Speaker: David Brand
Personal Skills and Capabilities – Top 5 for CAEs
"Need to
Improve"
Rank
Areas Evaluated by Respondents
Competency
1
Dealing with Confrontation
3.8
2
Developing Other Board Committee Relationships
3.5
Developing Outside Contacts/Networking
3.7
Negotiation
3.7
Using/Mastering New Technology and Applications
3.6
Time Management
3.8
Persuasion
3.8
Strategic Thinking
4.0
3
4
5
42
© 2013
Speaker: David Brand
Personal Skills and Capabilities – Three-Year Comparison: CAE Results
Rank
2013
2012
2011
1
Dealing with Confrontation
Presenting (public speaking)
Developing other Board
Committee Relationships
Developing Other Board
Committee Relationships
Developing Outside
Contacts/Networking
Developing Outside
Contacts/Networking
Time Management
2
3
Developing Other Board
Committee Relationships
Developing Outside
Contacts/Networking
Negotiation
Using/Mastering New
Technology and Applications
Persuasion
Using/Mastering New
Technology and Applications
Leadership (within the IA
profession)
Negotiation
4
Time Management
Presenting (public speaking)
Dealing with Confrontation
5
Persuasion
Strategic Thinking
• Circled items are consistent top five items
43
© 2013
Time Management
Strategic Thinking
Speaker: David Brand
Personal Skills and Capabilities – Company Size Breakdown
Rank
1
Small < $1B
Medium $1B-9B
Dealing with Confrontation
Dealing with Confrontation
2
High-Pressure Meetings
Developing Other Board
Committee Relationships
Persuasion
3
Negotiation
Negotiation
Persuasion
Developing Outside
Contacts/Networking
4
Large > $10B
Developing Other Board
Committee Relationships
Presenting (public speaking)
Developing Audit Committee
Relationships
Strategic Thinking
Leadership (within the Internal
Audit profession)
Negotiation
Dealing with Confrontation
Persuasion
Time Management
Coaching/Mentoring
Presenting (public speaking)
Presenting (public speaking)
5
High-Pressure Meetings
Time Management
Strategic Thinking
44
© 2013
Using/Mastering New
Technology and Applications
• Circled items are consistent top five items
Leadership (within your
organization)
High-Pressure Meetings
Presenting (small groups)
Using/Mastering New
Technology and Applications
Kevin Donahue will
introduce this survey
Personal Skills and Capabilities – Healthcare Industrysection and moderate by
asking Susan and Mike
questions about the survey
results.
45
© 2013
Kevin Donahue will
moderate by asking Susan
Personal Skills and Capabilities – Healthcare Industryand Mike questions about
the survey results.
"Need to
Improve"
Rank
1
2
(tie)
3
(tie)
46
© 2013
Areas Evaluated by Respondents
Competency
Presenting (public speaking)
3.7
High-pressure meetings
3.5
Dealing with confrontation
3.6
Persuasion
3.7
Using/mastering new technology and applications
3.7
Kevin Donahue will
moderate by asking Susan
Personal Skills and Capabilities – Healthcare Industry,
CAE
and
MikeResponses
questions about
the survey results.
"Need to
Improve"
Rank
1
(tie)
2
3
(tie)
47
© 2013
Areas Evaluated by Respondents
Coaching/mentoring
Negotiation
High-pressure meetings
Dealing with confrontation
Presenting (public speaking)
Competency
Persuasion
3.9
3.2
3.2
3.5
3.5
3.4
Strategic thinking
Using/mastering new technology and applications
3.5
3.2
Developing audit committee relationships
3.5
Creating a learning internal audit function
Developing other board committee relationships
Developing rapport with senior executives
Developing outside contacts/networking
Leadership (within your organization)
Leadership (within the internal audit profession)
Leveraging others’ expertise
Presenting (small groups)
Time management
3.9
3.2
3.7
3.5
3.6
3.6
3.7
4.0
3.5
Kevin Donahue will
moderate by asking Susan
Personal Skills and Capabilities – Healthcare Industryand Mike questions about
the survey results.
2013
2012
Presenting (public speaking)
Developing outside
contacts/networking
High-pressure meetings
Leadership (within your
organization)
Dealing with confrontation
Negotiation
Persuasion
Dealing with confrontation
Using/mastering new technology
and applications
Persuasion
High-pressure meetings
• Circled items are consistent between the two years
48
© 2013
Speaker: Lark Scheierman
Poll Question
• Which area is the highest priority for improvement for healthcare internal
auditors in 2013?
A. Public Speaking
B. Negotiation
C. Developing Contacts/Networking
Reminder: Answer 4 out of 5 questions to qualify for CPE credit.
49
© 2013
Kevin Donahue will
introduce survey section
and transition to next
speaker, David Brand
Social Media Risk and the Audit Process
Speaker: David Brand
Social Media Risk and the Audit Process
51
© 2013
Speaker: David Brand
Social Media Risk and the Audit Process
What does the social media policy address?
52
© 2013
Speaker: David Brand
Social Media Risk and the Audit Process
53
© 2013
Speaker: David Brand
Social Media Risk and the Audit Process
54
© 2013
Speaker: David Brand
Social Media Risk and the Audit Process
55
© 2013
Speaker: David Brand
Healthcare Industry Results – Social Media Risk
Rank
56
© 2013
Social Media Risk Levels
Competency
(10-pt. scale)
1
Regulatory/compliance violations
7.8
2
Brand/reputational damage
7.3
3
Data security (company information)
6.5
4
Data leakage (employee personal information)
6.1
5
Viruses and malware
5.3
Speaker: David Brand
Social Media Risk and the Audit Process – Lessons Learned
• Social media is probably one of the newest and most exciting
areas that auditors are diving into
• It’s a new medium by which a lot of organizations have a variety of
exposures that are arising
57
© 2013
Speaker: Kevin Donahue
Meeting Today’s Challenges – Points for Discussion
• Do you agree with these findings?
• What areas are you weakest in related to
the following topics?
– Social Media and the Audit Process
– General Technical Knowledge
– Audit Process Knowledge
– Personal Skills and Capabilities
• Are there other professional competencies
that you want to improve upon?
• What other comments or questions do you
have?
58
© 2013
Questions and Answers
59
© 2013
Kevin will moderate the
questions received from
the audience, selecting
questions for Mike, Dave
and Susan to address. We
will e-mail you the
questions received from
the audience so you can
review them in advance.
Speaker: Lark Scheierman
Thank you for joining us!
[email protected]
[email protected]
Managing Director
Managing Director
Protiviti – Dallas
Protiviti – Chicago
+1 (469) 374-2435
+1 (312) 476-6401
[email protected]
Vice President of Audit Services for the Carolinas
HealthCare System
Past Board Chair, AHIA – Denver
+1 (704) 512-5928
60
© 2013
61
© 2013 Protiviti Inc.
CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party.