Christophe Quiévreux

1996…

1998…

2000…

2003…

2005…

2006…

2008…

2008…

2010…

Where did we fail? Where did we fail?

Changing paradigms? Not really. Our environment changes. Not our objectives. And Coso is still there…

Still an undefined function? For a part. Often a transition job, not a career => too few

« heroes » or « champions » which could set the tone at the top

Lack of competence? We are strong in methodologies, weak in business knowledge & technology

Lack of shareholders support? Could be, but sometimes an easy excuse. Legitimation is key

Internal Competition ? We have competition big time. But it is a thread, not a cause of the problem.

What ’s coming up What ’s coming up

« Internal Audit mandates is becoming very large. They are expected to be everywhere. No matter the methodology ».

IT risks are high on the agenda of Audit Committees. Because they feel they loose control (cloud, social network… )

« Auditors should not look at transactions. They should ensure someone looks at it. They should have the broadest perspective ».

« Internal audit should be more involved in due diligences, M&A, and in organisational changes ».

“Internal Audit’s involvement in corporate governance processes will grow”.

Cost Effectiveness of Internal Audit will be more regarded.

One More Try One More Try

Alignment with stakeholders needs Auditing is not consulting Proficient in business and in

technology Talk straight & Courage

One More Try One More Try

Alignment with stakeholders needs Who is your ultimate buyer? What is the (real) motivation for

internal audit? Don’t stay in a « pro forma » position

(if you can)

One More Try One More Try

Auditing is not consulting Current IA definition is misleading Rather : internal audit is an assurance

activity (…), performed by professionals, who can also, occasionally, provide consulting services

One More Try One More Try

Proficient in business and in technology

Train auditors on business, not on audit

Raise the bar of quality standards Become « legitimate » to the CxO’s

to discuss/ assess their risks

One More Try One More Try

Talk straight & Courage Heros needed (e.g. Cynthia Cooper) Dare to raise red flags, to walk the

« last mile » Develop your own integrity. There is

a true north ! Recognize your conflicts of interests

(do you serve your organization or your career?)

=> Need to protect the profession

Conclusion Conclusion

Going beyond compliance (esp.in public sector) , NOT beyond assurance (vs consulting)

Provide new assurance services, beyond regulation (both on effectiveness and efficiency): Financial processes Information systems Business performance Assets protection Governance Sustainability

Need for new benchmarks (assurance against which standard?) and another revolution…