AC News Audit Committee Institute - Global
←
→
Transcription du contenu de la page
Si votre navigateur ne rend pas la page correctement, lisez s'il vous plaît le contenu de la page ci-dessous
AC News Audit Committee Institute Numéro 54 / T3 2016
Editorial
Chère lectrice, cher lecteur
Le 17 juin 2016, l’Assemblée fédérale (chambres réunies) a adopté la loi finale
relative à la troisième réforme de l’imposition des entreprises (RIE III). Celle-ci
vise à préserver et à renforcer l’attractivité de la place économique suisse
tout en tenant compte des exigences internationales. Stefan Kuhn et Oliver
Eichenberger vous présentent un aperçu des principaux aspects de cette
importante réforme. Philipp Hallauer
Responsable du
La récente étude de KPMG «Seeking Value through Internal Audit» analyse KPMG’s Audit
les attentes du Conseil d’administration et du management envers la révision Committee Institute
interne. Dans un environnement de plus en plus volatile, la révision interne
doit dépasser le cadre de ses activités traditionnelles afin de contribuer à
assurer la continuité de l’entreprise à long terme. Luka Zupan résume les
principales conclusions de l’étude.
L’examen approfondi du travail de l’organe de révision par le Comité d’audit
revêt une importance croissante. D’une part, il sert les intérêts des action-
naires, qui doivent disposer de rapports financiers fiables. D’autre part, il
permet de plus en plus aux cabinets d’audit de se différencier non pas
principalement en termes de prix, mais aussi et surtout en termes de qualité. Hélène Béguin
Philipp Hallauer explique comment le Comité d’audit peut assumer sa Membre du
responsabilité à cet égard. Conseil d’administration
KPMG Holding AG
Ces dernières années, le professeur Reto Eberle et Daniel Lengauer ont
étudié en profondeur pour le Commentaire zurichois les dispositions légales
concernant la révision en Suisse. Dans leur article, ils présentent des
conclusions importantes pour le Comité d’audit.
La réforme de l’audit au niveau de l’UE est entrée en vigueur le 17 juin 2016.
Le moment est donc venu d’examiner une nouvelle fois les principales
conséquences de cette réforme pour les entreprises suisses. Manuela Stefani
et Philipp Hallauer montrent en quoi les nouvelles règles pourraient impacter
les groupes suisses actifs au niveau international.
L’IFRS 9, la nouvelle norme comptable relative aux instruments financiers,
devra être appliquée à partir du 1er janvier 2018. A première vue, les
changements semblent peu étendus. Laura Galbiati montre toutefois qu’il
existe des différences notables par rapport à l’IAS 39 existante et qu’il
convient de se pencher dès aujourd’hui sur la mise en œuvre de l’IFRS 9.
Nous vous souhaitons une agréable et intéressante lecture et un très bel été.
Avec nos meilleures salutations
Philipp Hallauer Hélène Béguin
Sommaire Gestion des risques et conformité 4 La dernière ligne droite Troisième réforme de l’imposition des entreprises (RIE III) Internal audit and audit committee 8 Effectively managing the expectations of the audit committee from an internal audit perspective Gouvernance d’entreprise 12Internal audit Audit Committee Handbook Chapter 5 – Part 2 19Evaluation de la qualité de la révision par le Comité d’audit 22 L’organe de révision et le Comité d’audit Dernières conclusions tirées du Commentaire zurichois 26 EU Audit Reform and its impact on Swiss entities 30 Aligning talent and strategy for a future-ready board Reporting financier 33 IFRS 9 (Financial Instruments) for corporates
Audit Committee News
Numéro 54 / T3 2016 / Gestion des risques et conformité
La dernière
ligne droite
Troisième réforme de l’imposition des
entreprises (RIE III)
Depuis 2007, la Suisse subit une pression internatio-
nale croissante concernant l’imposition privilégiée
des sociétés holdings, des sociétés mixtes et des
sociétés de domicile. Cette pression est exercée
notamment par l’Union européenne et l’OCDE (voir à
cet égard l’article paru dans l’AC News 48 / T1 2015).
Pour y répondre, la Confédération et les cantons ont
entrepris de remanier la législation fiscale suisse.
Audit Committee News / Numéro 54 / T3 2016
En juin 2015, le Conseil fédéral a soumis au Parlement le par des tiers à l’étranger (comme le souhaite le Conseil na-
message relatif à la «loi fédérale sur l’amélioration des condi- tional, contrairement au Conseil des Etats) n’a toujours pas
tions fiscales en vue de renforcer la compétitivité du site en- été tranchée.
trepreneurial suisse». Le Conseil des Etats a rendu une pre-
mière décision au cours de la session d’hiver 2015. Le Règles générales relatives à la déclaration des réserves
Conseil national en a fait de même au cours de la session de latentes
printemps 2016. Dans le cadre de la procédure actuelle vi- La réglementation prévue, avec un traitement cohérent des
sant à éliminer les divergences entre les deux chambres, le arrivées et des départs depuis/vers l’étranger, offre une sé-
Conseil des Etats a confirmé sa position le 30 mai 2016. curité de planification aux contribuables et aux autorités.
Avec l’introduction d’un impôt sur le bénéfice corrigé des in-
térêts, il subsiste donc une différence importante, qui devrait Règles transitoires concernant les réserves latentes en cas
être résolue au cours du mois de juin. Le délai référendaire de changement de statut / «step-up»
courra ensuite pour une durée de 100 jours. Le mécanisme du «step-up» a pour but que les réserves
latentes issues des statuts fiscaux cantonaux existants bé-
Efforts visant à maintenir la compétitivité de la place néficiant d’un taux d’imposition inférieur (p. ex. 0% pour
économique suisse une société holding au niveau cantonal) soient également
L’objectif de la RIE III est de renforcer l’attractivité fiscale de imposées à un taux inférieur au lieu du taux ordinaire plus
la Suisse, de favoriser l’acceptation internationale des princi- élevé.
pales caractéristiques du régime suisse d’imposition des
entreprises et de garantir des recettes fiscales suffisantes La disposition transitoire prévue dans la loi sur l’harmonisa-
afin de financer les activités publiques. tion fiscale permet aux entreprises d’être (toujours) impo-
sées à un taux inférieur (à un taux spécial devant être déter-
Il s’agit plus particulièrement d’assurer la sécurité juridique miné par les cantons) pendant une période de cinq ans au
et la sécurité des investissements et d’accroître la compéti- maximum, pour autant que leurs bénéfices au cours de
tivité du système fiscal suisse. Les statuts fiscaux spéciaux cette période reposent sur la réalisation des réserves
(à imposition privilégiée), dont bénéficient les sociétés hol- latentes existantes lors du changement de statut. Par rap-
dings, les sociétés mixtes et les sociétés de domicile / d’ad- port à la déclaration des réserves latentes fiscalement
ministration, ainsi que la pratique fiscale relative aux socié- neutre ou à imposition privilégiée («step-up») discutée pré-
tés principales et aux succursales financières («Swiss cédemment, cette règle présente l’avantage que les valeurs
Finance Branch») doivent être abolis. Diverses mesures de fiscales ne subissent pas de véritables changements et que,
remplacement doivent en atténuer les effets. par conséquent, aucun impôt latent ne doit être pris en
compte. L’inconvénient réside toutefois dans le fait que l’ef-
Eléments largement incontestés de la réforme fet est limité à cinq ans au maximum.
Introduction d’une «patent box» au niveau cantonal
La «patent box» proposée a pour but de soutenir les inves- Dans certains cas, il peut donc s’avérer judicieux de détermi-
tissements en Suisse via une incitation à conserver les bre- ner si un changement anticipé de statut au profit d’une impo-
vets existants (de même que les droits similaires tels que sition ordinaire avec un mécanisme de «step-up» anticipé
les inventions vraisemblablement non brevetées des petites (c.-à-d. avant la mise en œuvre de la RIE III) est possible.
et moyennes entreprises ainsi que les logiciels), à mettre au Cette possibilité doit être étudiée avec le canton concerné,
point des produits innovateurs et brevetés et à créer en des discussions importantes sur la péréquation financière in-
Suisse des postes de travail liés au développement et à tercantonale étant par ailleurs encore en cours. Un tel méca-
forte valeur ajoutée. La «patent box» comprend l’imposition nisme de «step-up» anticipé présenterait l’avantage que les
réduite (90% au maximum, selon le Conseil des Etats) des valeurs fiscales augmentées pourraient, selon la catégorie
revenus des droits de propriété intellectuelle et des droits d’actifs concernée, être amorties avec effet sur le bénéfice
similaires au niveau cantonal. au cours d’une période plus longue (généralement, dix ans
au maximum) et qu’il serait ainsi possible de bénéficier plus
Introduction facultative d’un encouragement fiscal en amont longtemps de cet effet (réduction de la charge fiscale) qu’en
de la R&D vertu de la règle transitoire. L’inconvénient réside toutefois
Les cantons doivent obtenir la possibilité de prévoir des dé- dans le fait que, selon la norme comptable applicable, des
ductions accrues au profit de la recherche et du développe- impôts latents sur les valeurs fiscales augmentées doivent
ment (R&D). Des dépenses de R&D déductibles à plus de être imputés, une augmentation du taux d’imposition effectif
100% (150% au maximum selon le Conseil des Etats) de la ne pouvant alors pas être amortie sur plusieurs années.
base imposable seraient ainsi autorisées. Il reste encore à
décider si une définition uniforme des activités éligibles doit Limitation des déductions
être donnée par la Confédération ou si les cantons doivent Les deux chambres du Parlement s’accordent sur le fait qu’il
bénéficier d’une marge de manœuvre en la matière. Par ail- doit y avoir une limitation globale de toutes les mesures fis-
leurs, la question de savoir si les cantons peuvent autoriser cales (réduction de 80% au maximum du bénéfice impo-
la déduction équivalente ou réduite des dépenses de R&D sable avant la déduction et la prise en considération des me-
Audit Committee News / numéro
Numéro 54
54 //T3
T3 2016
2016 5
sures correspondantes et avant la compensation des pertes, estimé sur le tonnage net. Alors que le Conseil national sou-
sans tenir compte du rendement net des participations), ce haite introduire cette méthode de calcul du bénéfice, le
qui offre une sécurité de planification accrue aux cantons. Conseil des Etats a décidé de continuer à promouvoir cette
mesure dans le cadre d’un projet séparé et exige le lance-
Allègements relatifs à l’impôt sur le capital ment d’une procédure de consultation ordinaire.
En raison de la suppression également attendue des taux
d’imposition réduits sur le capital pour les sociétés à statut Autres mesures
privilégié, les cantons doivent avoir la possibilité d’introduire La suppression du droit de timbre d’émission sur les capitaux
des allègements relatifs à l’impôt sur le capital pour les par- propres a été retirée de l’ensemble de la réforme et doit dé-
ticipations et les brevets (y c. les droits similaires) ainsi que, sormais être traitée dans le cadre d’un projet séparé. D’autres
le cas échéant, les prêts de groupe. mesures telles que la compensation illimitée des pertes ou la
compensation des pertes finales au sein du groupe ont été
Réduction générale des taux cantonaux d’imposition des (pour le moment) totalement abandonnées. Tel est également
bénéfices le cas des mesures de compensation financière évoquées
Les cantons décident eux-mêmes de réduire leurs taux plus haut, comme l’introduction de l’imposition des gains en
d’imposition aux niveaux cantonal et communal. Cette me- capital sur les titres de la fortune privée.
sure est saluée par la Confédération et encouragée notam-
ment via une augmentation de la part cantonale au revenu Perspectives
de l’impôt fédéral direct. Certains cantons ont déjà commu- La RIE III se trouve dans la dernière ligne droite. Le Conseil
niqué leurs nouveaux taux effectifs d’imposition sur les bé- national et le Conseil des Etats sont d’accord sur un grand
néfices (p. ex. Genève: 13%, Zoug: 12%, Tessin: environ nombre de mesures. Il subsiste toutefois une divergence
17.5%) ou pris une décision dans ce sens, à l’instar du can- importante concernant l’introduction d’un impôt sur le béné-
ton de Vaud, qui a décidé dans le cadre d’une votation popu- fice corrigé des intérêts et éventuellement concernant
laire de réduire son taux d’imposition au taux effectif de l’adaptation de la procédure d’imposition partielle. A ce
13.8%. Le canton de Zurich n’a pas encore fait part de ses stade, cela signifie que soit les deux mesures seront intro-
intentions concrètes à cet égard. duites soit aucune des deux mesures ne sera introduite. A
l’issue de la procédure actuelle visant à éliminer les diver-
Eléments de la réforme discutés dans le cadre de la gences entre le Conseil des Etats et le Conseil national, les
procédure d’élimination des divergences votations finales devraient avoir lieu au mois de juin. Pour
Impôt sur le bénéfice corrigé des intérêts l’heure, une mise en œuvre par la Confédération et les can-
L’introduction d’un impôt sur le bénéfice corrigé des intérêts tons n’est pas attendue avant 2019. Si un référendum est
constitue une autre mesure proposée par le Conseil natio- lancé, un retard d’un ou deux ans n’est pas exclu.
nal. L’impôt sur le bénéfice corrigé des intérêts définit une
«charge d’intérêt» supplémentaire qui peut être déduite du En corrélation avec la RIE III, d’autres évolutions d’origine
bénéfice en raison de l’existence de capitaux propres supé- extérieure visant à accroître la transparence sont observées
rieurs à la moyenne. Cette mesure serait prévue au niveau dans le paysage fiscal suisse. Citons par exemple l’échange
de l’impôt fédéral direct et éventuellement, à titre facultatif, spontané de renseignements concernant les rulings fiscaux.
au niveau cantonal. Etant donné que la Commission écono- Celui-ci vise à transmettre spontanément les informations
mique du Conseil national ne s’est pas ralliée à la position relatives aux entreprises dans le cadre des rulings fiscaux
du Conseil des Etats concernant l’adaptation de la procé- en vigueur (p. ex. rulings concernant les statuts fiscaux privi-
dure d’imposition partielle aux fins de la compensation fi- légiés). Ces informations (récapitulation des contenus visés
nancière, le Conseil des Etats a rejeté une nouvelle fois l’im- par le ruling) sont communiquées lorsque l’Etat transmet-
pôt sur le bénéfice corrigé des intérêts. Par conséquent, le teur présume un intérêt possible d’un autre Etat (corres-
Conseil national doit maintenant décider s’il souhaite trouver pond à la norme de l’OCDE). L’échange spontané de rensei-
un compromis à ce sujet. gnements commencera en principe le 1er janvier 2018. Il est
toutefois possible que le Conseil fédéral convienne avec
Adaptation de la procédure d’imposition partielle certains Etats de l’appliquer dès 2017.
A titre de compensation financière, la Commission écono-
mique du Conseil des Etats souhaite – comme condition pour Mentionnons également le «country-by-country reporting»
approuver l’introduction d’un impôt sur le bénéfice corrigé (CbCR), c’est-à-dire l’échange de rapports pays par pays.
des intérêts – relever l’imposition partielle des dividendes is- Le CbCR favorise le flux d’informations des groupes affi-
sus des participations éligibles, introduite dans le cadre de la chant un chiffre d’affaires annuel consolidé supérieur à
RIE II, à un minimum de 60% (au niveau cantonal). Cette me- EUR 750 millions et la communication aux administrations
sure a toutefois été rejetée jusqu’ici par les deux chambres. fiscales des contre-valeurs en monnaie nationale ainsi que
l’échange d’informations entre les administrations fiscales.
Introduction d’une taxe au tonnage A ce jour, 31 Etats ont signé l’accord visant à créer la trans-
La taxe au tonnage définit un calcul spécial du bénéfice des parence concernant les multinationales. Les rapports in-
entreprises de transport maritime sur la base du bénéfice diquent en particulier aux administrations fiscales dans
Audit Committee News / numéro
Numéro 54
54 //T3
T3 2016
2016 6
quels pays des bénéfices sont réalisés et des impôts payés,
RIE I I finale
ainsi que les montants correspondants. L’échange du pre-
mier CbCR (obligatoire) concernant l’exercice 2018 aura lieu
le 30 juin 2020. La transmission des informations et l’éta-
blissement du CbCR devraient commencer après l’entrée
en vigueur de la loi fédérale (au plus tard le 1er janvier 2018). Alors que l’article ci-dessus avait déjà été finalisé, les
En raison des obligations de transmission existantes pour chambres sont parvenues à un compromis. L’Assemblée
les sociétés de groupe étrangères à l’étranger, l’échange vo- fédérale (chambres réunies) a ensuite adopté la loi finale
lontaire des rapports en Suisse, basé sur les conventions de lors de la votation du 17 juin 2016. La loi finale comprend
double imposition respectives, doit déjà être possible pour notamment les éléments suivants:
les exercices 2016/17. • Introduction d’une «patent box» au niveau cantonal
(allègement de 90% au maximum)
Mesures à prendre • Possibilité de déductions accrues (150% au maxi-
Même si les statuts fiscaux privilégiés ne seront vraisembla- mum) au niveau cantonal au titre des dépenses de
blement pas abolis avant 2019 dans le cadre de la RIE III, il R&D en Suisse, les dépenses justifiées étant définies
se peut que les entreprises bénéficiant de tels statuts fis- par le Conseil fédéral
caux soient également concernées de manière anticipée et • Règles générales relatives à la déclaration des ré-
directe par les développements juridiques en raison de l’ef- serves latentes
fet précoce des mesures de transparence décidées au ni- • Règles transitoires concernant les réserves latentes
veau international. en cas de changement de statut
• Introduction d’un impôt sur le bénéfice corrigé des in-
Au vu du plan d’action de l’OCDE concernant l’érosion de la térêts au niveau fédéral
base d’imposition et le transfert de bénéfices (BEPS; Base • Possibilité pour les cantons d’introduire le bénéfice
Erosion and Profit Shifting), qui lutte contre la planification corrigé des intérêts au niveau cantonal si le canton
fiscale agressive (p. ex. en cas d’utilisation abusive des la- concerné prévoit une imposition partielle d’au moins
cunes existantes du système), il est plus que jamais recom- 60% des dividendes issus des participations éligibles
mandé au Conseil d’administration de se pencher sur la détenues dans la fortune privée
question de la planification fiscale. Celui-ci doit notamment • Limitation globale à 80% au maximum (au niveau
examiner l’application des règles fiscales spéciales qui se- cantonal) des réductions au titre de la «patent box»,
ront bientôt abolies ainsi que les nouvelles mesures fiscales de l’impôt sur le bénéfice corrigé des intérêts et des
prévues. Les structures existantes doivent être revues régu- déductions accrues au titre de la R&D ainsi que des
lièrement en fonction de l’évolution internationale. amortissements sur les réserves latentes identifiés
en cas de changement de statut
• Allègements possibles pour les cantons concernant
l’impôt sur le capital pour les participations et les bre-
vets (y c. les droits similaires) ainsi que les prêts à
des sociétés de groupe
L’introduction d’une taxe au tonnage et la suppression
Stefan Kuhn du droit de timbre d’émission sur les capitaux propres
Head of Corporate Tax seront traitées dans le cadre d’un projet séparé.
stefankuhn@kpmg.com
Olivier Eichenberger
Corporate Tax
oeichenberger@kpmg.com
L’information contenue ici est de nature générale et ne prétend en aucun cas s’appliquer à la situation d’une personne physique ou morale quelconque. Même si nous mettons tout en œuvre pour fournir une information pré-
cise en temps opportun, nous ne pouvons pas garantir que cette information est fidèle à la réalité au moment où elle est reçue ou qu’elle continuera de l’être à l’avenir. Cette information ne saurait être exploitée sans un
conseil professionnel basé sur une analyse approfondie de la situation en question. Les prescriptions réglementaires relatives à l’indépendance de l’auditeur déterminent l’étendue de la collaboration avec les clients d’audit.
© 2016 KPMG SA est une filiale de KPMG Holding SA, elle-même membre du réseau KPMG d’entreprises indépendantes rattachées à KPMG International Cooperative (“KPMG International”), une personne morale suisse. Tous
droits réservés.
Audit Committee News / numéro
Numéro 54
54 //T3
T3 2016
2016 7
Audit Committee News
Edition 54 / Q3 2016 / Risk Management & Compliance
Internal audit
and audit
committee
Effectively managing the expectations of the audit
committee from an internal audit perspective
The recent study of KPMG1 offers insights into
what members of Executive Management and the
Board of Directors including the audit committees
are expecting from the internal audit function and to
what extent these expectations are met.
1
Seeking Value through Internal Audit, KPMG Study 2016
Audit Committee News / Edition 54 / Q3 2016
By conducting more than 400 interviews with audit very transparent and clear to the firm but will matter in the
committee chairs (AC head) and Chief Financial Officers near future.
(CFO), the findings of the KPMG study “Seeking Value
through internal audit” call attention to a general “value As a result, the assurance provided by IA should not only
gap” between what the AC heads and CFOs identify as focus on assessing the design and effectiveness of the
priorities and what they are receiving from their internal current corporate governance frameworks and control-
audit functions (IA) in the form of IA reports and additional portfolios, such as Internal Control Systems (ICS) or SOX-
insights. This gap predominantly exists in the following 404, but also talk about additional considerations that can
areas: be important to stakeholders when reflecting on the future
• assessing and managing key risks of the firm; success and development of the organization.
• providing insights into emerging risks that can threaten
operations in the future; and Such reflections and insights can for example include
• providing insights into how the organization is focusing on the following matters:
generating sustainable profits. • Effectiveness on how the firm’s strategy is being rolled-
out by the auditees and if they are on track.
In general, the interviewed stakeholders consider the • How goals are being met in relation to generating
ground-level risk assessment of IA to be, at best, adequate. sustainable revenue streams.
In other words “the job gets done”. However if it comes to • How processes are aligned within the organization in
more comprehensive detection and response to emerging terms of efficiency and effectiveness.
risks, only one in ten respondents believes that this is • Efficiency and effectiveness of the alignment to the
addressed satisfactorily by their IA function. Particularly, the functionalities of the IT-systems.
respondents mention that IA functions do not provide • How potentials for cost-saving are identified, followed-up
enough of a “surprise” effect; that being things which are and put into practice.
new to the stakeholders and which they have not • To what extent modern tools such as mass-data-analysis
considered to be of relevance so far. are being used to gather better insights and provide a
more comprehensive view on relevant topics, e.g.
Look beyond existing risk paths workflows that require a lot of manual intervention.
This leaves a great opportunity for additional value to be • How key projects are progressing and to what extent they
provided by the IA function as part of its assurance are meeting the desired objectives.
assignment. IA needs to become more proactive in • What the auditee’s performance is compared to similar
identifying and mitigating the current key risks of the functions within the organization.
organization. It should also more prominently outline • What type of risks are being bottom-up fed into the
possible opportunities and dangers that might not yet be organization and could become key risks in the future.
Audit Committee News / numéro
Edition 54
54/ /Q3
T3 2016 9
More effective coordination between assurance To facilitate this collaboration, greater efficiency and
functions effectiveness is required. This is where technology comes
In this context the survey shows that nearly half of the into play.
companies currently track risk through a compliance
function, half as many through their legal function and only Use of technology to enable fresh perspectives
nine percent through an Enterprise Risk Management It’s no longer useful to use phrases like “technology is the
Function. Stakeholder responses also indicated that they future”. If companies are not fully integrating technological
care more about how IA was responding to risk, especially advancements in every aspect of the business, no degree
emerging risk, than about what function was accountable of strategic prowess is going to make a measurable impact.
for risk tracking. How IA is conducting its audits is no exception to this
matter. The full potential of data analytics has been recently
This suggests that a stronger alignment of IA with other outlined in a 2015 KPMG study.2
assurance functions within the organization, as for example
Compliance, Legal or Risk Management, is needed when it The study points out how interpreting data patterns will be
comes down to developing the strategic audit plan and an effective key differentiator for organizations in the future
preparing the scope of specific audits. and how a good Data & Analytics (D&A) strategy has the
potential to improve the financial performance. This is done
Although remaining independent from the organization, by by creating value through tapping on the unused growth
not taking on managerial ownership for managing risk, IA potential, controlling key risks and optimizing performance.
should seek to get more preliminary insights and Currently, more than 63 percent of companies actually use
intelligence from the other risk tracking and facilitating some sort of D&A technology. However, the approach is
functions. mostly isolated or specifically focusing on ad-hoc instances
only. This rather statistic method in using data analytics will
In other words, a combined assurance view should be drop to less than 50 percent in the next three years, while
emphasized by the assurance functions. This would allow the use of enterprise-wide risk-focused D&A capabilities will
the stakeholders to have a more comprehensive, overall
view on the current corporate governance state of the
organization and to understand if key risks are adequately
addressed in terms of monitoring and auditing. 2
Clarity on Data Analytics, KPMG Publication 2015
Where do companies address their enterprise-wide risk?
Legal function ERM
9%
45% 26%
Compliance function
12%
IA
Source: Seeking value through Internal Audit, KPMG International, 2016
Audit Committee News / numéro
Edition 54
54/ /Q3
T3 2016 10jump from 35 percent to 47 percent. This enterprise-wide
Conclusion
risk-focused D&A promises to have a more holistic
perspective on risks and allows for a common understanding
across the various assurance functions regarding, for
example, the magnitude of a specific risk or issue.
With the global economy being in a decade of
KPMG believes that if the IA function gave way to operating challenges and uncertainties, the key stakeholders of
through an integrated, organization-wide technology organizations are seeking an approach to IA that
platform, then the incorporation of risk assessment, D&A, goes beyond reviewing past activities. They want an
knowledge and experience would advance the potential of IA function that is insightful, forward-looking, and
IA to deliver significant benefits and added-value not only for which is not afraid to go beyond preserving current
the stakeholders, but for the whole organization. assets, instead focuses on creating value on a
departmental, divisional, or organizational level.
The potential for making value real through technology is
enormous, especially if IA were able to integrate a higher To meet these expectations, IA leaders must strive to
percentage of data analytics procedures into its audit migrate to more advanced stages of maturity. This
approach. An integrated approach to using D&A throughout includes evolving the basic auditing processes and
the audit process (for example, analytics-driven continuous skills towards an approach of creating value and
auditing, dynamic audit planning, audit scoping and bringing insights for an organization. At the same time,
planning, audit execution and reporting) would provide IA leaders should implement stronger use of company-
greater insights and value. wide data mining and analysis tools and a more
effective and efficient coordination and cooperation
Particular examples of such benefits would be a more with other assurance functions within the organization.
effective monitoring of risk indicators that could lead to the The skill sets and competencies of the IA team may
identification of emerging risks, assessing adequate risk have to be adapted to enable the IA function to deliver
coverage and facilitating data-driven decisions that provide the expected value to its stakeholders.
actionable insights into the strategic drivers of the business.
All in all, a holistically integrated technology platform would
optimize both business performance and the risk mitigation 3
Pulse of the Profession Survey, The Institute of Internal Auditors (IIA) 2013
process of the organization. 4
Transforming Internal Audit Through Critical Thinking, KPMG Publication 2014
IA profile demands wider skill sets
As for the existing desire to move toward such a technology-
enabled approach, when asked about the key skills needed
in IA, the respondents concluded that technology
(62 percent) is second only to communication (67 percent)
in importance, while critical thinking and judgment ranked
third (52 percent).
This confirms the trends already outlined in a study by the
Institute of Internal Audit (IIA)3 in 2013 when analytical and
critical thinking combined with good communication skills Luka Zupan
and strong data mining skills were captured as the top skills Head Internal Audit, Risk & Compliance (IARCS)
desired from internal auditors.4 lzupan@kpmg.com
The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information, there can be
no guarantee that such information is accurate as of the date it is received, or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough
examination of the particular situation. The scope of any potential collaboration with audit clients is defined by regulatory requirements governing auditor independence.
© 2016 KPMG AG is a subsidiary of KPMG Holding AG, which is a member of the KPMG network of independent firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss legal entity. All rights reserved.
Audit Committee News / numéro
Edition 54
54/ /Q3
T3 2016 11Audit Committee News
Edition 54 / Q3 2016 / Corporate Governance
Internal
audit
Audit Committee Handbook
Chapter 5 – Part 2
This chapter is the second part of the chapter
covered in the Audit Committee News – Edition 53.
Audit Committee News / Edition 54 / Q3 2016Oversight of the internal audit function committee is essential. The committee should have
In providing oversight over the internal audit function, the processes in place to facilitate confidential exchanges with
audit committee should, inter alia: the internal auditor, with regular meetings scheduled
• ensure that the internal auditor has direct access to the between the audit committee and the head of internal audit.
board chairman and to the audit committee and is Many audit committee chairs go further and maintain
accountable to the audit committee; informal contact with the internal auditor between meetings.
• review and assess the annual internal audit work plan;
• receive a report on the results of the internal auditors The audit committee should also do its utmost to ensure
work on a periodic basis; that internal audit has:
• review and monitor management’s responsiveness to the • sufficient status, respect and support within the
internal auditor’s findings and recommendations; institution;
• meet with the head of internal audit at least once a year • unrestricted access to all records, assets, personnel and
without the presence of management; and premises;
• monitor and assess the role and effectiveness of the • authorisation to obtain whatever information and
internal audit function in the overall context of the explanations are considered necessary by the head of
company’s risk management system. internal audit; and
• adequate human and other resources to perform its work
Ensuring internal audit has direct access to the audit effectively.
committee
A significant challenge for internal audit lies in Assessing the annual internal audit work plan
understanding its responsibility to both the audit committee The internal auditor should prepare an audit plan based on
and management. The internal auditor is “employed” by the organisation’s assurance needs. This plan should address
management and yet reviews management’s conduct. In how all the organisation’s key systems and processes will be
addition, the internal auditor reports to the audit committee audited during the audit cycle, together with the resources
and yet is not line-managed on a day-to-day basis by the to be applied – normally expressed in “man days”. Areas of
audit committee (although the committee has a significant greater risk might be addressed at the beginning of the audit
role in appointing the internal auditor). cycle and then revisited later in the cycle.
Falling into a detailed, and not terribly helpful, analysis of As an audit plan is unlikely to cover all areas of risk within a
“straight line” versus “dotted line” reporting is all too easy. single year, the plan for any given year should place its work
The fundamental point is that internal audit has, for all in the context of work done in the preceding year and
practical purposes, a dual reporting relationship where the projected for the succeeding year. The audit committee and
head of internal audit reports to executive management management may take a different view of timing and
(ideally the CEO) for assistance in establishing direction, priorities, which should be resolved through discussion.
support, and administrative matters; and to the audit
committee for strategic direction, reinforcement, and Assurance mapping
accountability. The audit committee should review the risk map and audit
plan to satisfy itself that appropriate audit coverage will be
Normally, the audit committee would approve the internal devoted to all the organisation’s assurance needs. If internal
audit terms of reference; approve the audit function’s risk audit is not covering a particular risk area – or not covering it
assessment, audit plan, and budget; receive reports from in sufficient depth – then other means of assurance should
the head of internal audit on the results of internal audit be in place, whether that be assurance from the business
activities or other matters that the head of internal audit operations, head office functions or other independent
determines necessary; approve the appointment, removal, assurance providers.
evaluation, and compensation of the head of internal audit;
and determine whether there are scope or budgetary When the audit committee is satisfied with the audit plan, it
limitations that impede the internal audit function in carrying should recommend the plan to the board for approval, if its
out its work. By contrast, the administrative reporting line to terms of reference so require. Once the plan has been
the CEO would typically include budgeting and approved, the audit committee should monitor the auditor’s
management accounting; human resource administration; progress against it during the year.
internal communications; and internal administrative matters
such as expense approvals, leave approvals and logistics. Internal auditors may carry out additional work at the
request of management (including investigations), provided
The precise reporting arrangements may differ from such work does not compromise the objectivity of the audit
organisation to organisation; however, it is important that service or achievement of the audit plan. The audit
internal audit always retain a degree of independence from committee should satisfy itself that the objectivity of
management so that it can carry out its duties objectively. internal audit has not been affected by the extent and nature
For this reason a clear line of responsibility to the audit of other work carried out.
Audit Committee News / numéro
Edition 54
54/ /Q3
T3 2016 13Internal audit reports and monitoring management’s agreed audit recommendations. An implementation plan
response detailing the recommendation, the required action, priority,
While internal audit reports to management (preferably the person responsible and timescale is a good method of
CEO) on a day-to-day basis, audit committees have a fulfilling this objective.
responsibility for oversight and therefore need to determine
appropriate communication channels and reporting Internal audit should have a systematic process of follow-up
arrangements with internal audit. Some audit committees to obtain appropriate assurance that management has taken
want to see every audit report, some a summary of every timely and effective action. It should promptly advise the
report, and others a periodic summary. Progress reports, audit committee of its findings and further action required.
comparing audit activity against the audit plan, are also
useful. The board, advised by the audit committee, should
ultimately be responsible for either ensuring that
It is important that the audit committee considers significant management takes prompt and effective action on those
individual audit findings or recommendations, though it audit reports which call for it; or recognising and accepting
need not be concerned with more detailed findings unless the risks of management not taking action.
the committee considers it valuable to do so. It is good
practice for internal auditors to prioritise their findings
against agreed standards. This indicates the importance of
each audit recommendation and the urgency of any required
action.
The audit committee should concentrate on gaining
assurance that the organisation’s risk management, control
and governance arrangements are adequate and effective.
For this purpose, the committee should ensure that there is
an adequate system to monitor the implementation of
Audit Committee News / numéro
Edition 54
54/ /Q3
T3 2016 14What is internal
audit telling the audit
committee?
An audit committee might reasonably question what The underlying cause of such wording might be that
assurance it’s receiving when confronted with audit people are afraid of bringing bad news either to the audit
reports drafted along the following lines: committee or, more likely, they’re afraid of trying to get it
past the executive team.
“Significant improvements have been made in this area
in the last 12 months. However, the management “Wider variations in base rate and potential dynamic
agenda reflects a number of issues whose resolution margin shifts to reflect market positioning would mean
would enable further, necessary improvements to be that the business would be more exposed to rate
made.” increases than decreases”.
This is compromise wording. Such reports are not This is preventative wording. Many audit committee
uncommon. However, if an audit committee ever members might legitimately have a problem
receives a summary like this, it may legitimately ask understanding what this means; yet all it is saying is that
itself what on earth it means. For example: having done the business in question is vulnerable to a rise in interest
extensive testing and comparison to best practice, the rates. Preventative wording is designed to prevent the
internal auditor wants to say, “the management of reader understanding the issue. Can it really have any
controls in this area is poor”. However, management other purpose?
believe (say) that the area in question was poorly
managed some time ago, but a lot of work has been Internal audit does not want the audit committee to
done during the year and therefore there is no value in understand because they might ask difficult,
internal audit raising issues that they are already both inconvenient questions that will be embarrassing or
aware of, and dealing with (albeit slowly). They will maybe just tedious to answer. Or maybe, no one can do
express incredulity that internal audit should want to anything about the issue anyway so why make trouble?
make a fuss about a well-known issue. Hence the Whatever the motivation, whether it is conscious or
compromise wording: carefully crafted to maintain pride subconscious, internal audit are reporting to the audit
on both sides. committee in a way designed to elicit a reduced reaction.
Preventative wording is extremely dangerous and audit
The audit committee might reasonably conclude that the committees should be alert to it.
head of internal audit is too weak, or too junior, or too
bullied and does not feel able to say what he or she “In the last six months, we have issued 74 reports of
really thinks. which 27 were rated as significant. These are split by
division in the table below. A further chart showing traffic
“Whilst a number of improvements have been made in light ratings etc., etc”.
this area, further change is required if its management is
to become world-class.” This is death by statistics. An audit committee can look
at all of this information yet be unable to draw a single,
This is told you so wording. It means that if controls fail, meaningful insight from any of it. Of course, this form of
some financial catastrophe looms and the audit reporting can be valuable where internal audit is doing
committee turns to the head of internal audit and asks, standard processes at multiple locations, such as retail
“Why wasn’t I warned?” she or he can reply, “I told you store audits. But, where one piece of work is not directly
so. We reported it to you. Wasn’t it clear? You could have comparable with another, it is just filler. The underlying
asked for more details if you had any questions or even cause is that the internal audit function wants to
requested the full report.” demonstrate progress but has no idea how to
demonstrate value.
Audit Committee News / numéro
Edition 54
54/ /Q3
T3 2016 15“In camera” meetings with the head of internal audit
The audit committee
Many audit committees want to meet the head of internal
audit in a private session where management is not
present. This approach allows the audit committee to ask
may want to ask
questions on matters that might not have been specifically
addressed by the internal audit function’s formal work
programme – nevertheless, the head of internal audit might,
questions around
as a result of his work, have valuable views and opinions.
A private session allows the head of internal audit to provide
candid, often confidential, comments to the audit
relationships,
committee on such matters.
Typically there should be few items to discuss. Ideally all
attitudes and
key matters relating to internal audit should have been
addressed in a candid and robust manner by management,
the audit committee and the head of internal audit during
resources, such as:
the formal audit committee meeting. The audit committee
can use the private session as a follow-up if members were
not satisfied with the answers given at the audit committee
meeting or if they thought discussions had been too
guarded or uneasy. However, such matters should have • How strong is the relationship between the internal
been fully aired at the audit committee meeting and audit function and management/operations?
generally should not need to be readdressed in the private • Does internal audit receive appropriate cooperation
session. from operational and head office management?
• Have any requests for information been denied or
The private session should focus on areas where the head otherwise obstructed?
of internal audit can provide additional, candid, and often • Is the internal audit function subject to undue
confidential, comments to the audit committee on other pressure from any source?
matters. The private session gives the audit committee an • How constructive is the relationship between the
opportunity to explore such matters in a frank and open internal audit function and external audit?
forum. In addition, the audit committee may have more • What is management’s attitude towards risk
knowledge than the head of internal audit on other matters, management and internal controls?
and this session allows the audit committee an opportunity • Are adequate people and other resources devoted to
to air such issues. key areas of the business and control functions?
Overall, private sessions can play an important role in the
development of a trusting and respectful relationship
between the audit committee and the head of internal audit.
Audit Committee News / numéro
Edition 54
54/ /Q3
T3 2016 16Assessing the internal audit function’s performance work plan, receive periodic reports on the results of the
The audit committee should monitor the performance and internal auditor’s work and monitor management’s
effectiveness of internal audit on an annual basis. This responsiveness to the internal auditor’s findings and
should include any matters affecting the audit function’s recommendations.
independence and objectivity.
When agreeing appropriate performance measures for
Self-assessment by the head of internal audit is a useful internal audit, the audit committee should recognise that
assessment tool, but it should not be the sole means of such measures need to be adapted to each organisation’s
assessing the effectiveness of internal audit. The audit circumstances. The following diagram illustrates some of
committee should draw its own conclusions based on its the more common measures used to monitor the
experience and contact with internal audit as well as the performance of internal audit.
views of others such as the CFO, divisional heads and
external audit. In evaluating the work of internal audit, the The key steps in a typical internal audit annual cycle are
audit committee should review the annual internal audit discussed at Appendix 1.
• Access to suitably
skilled resources • Budget approved for
when required each review prior to
• Qualifications of the commencement
team • Unbudgeted costs
• Number of training not incurred without
days completed approval
• Actual vs budgeted • Monthly actual vs
headcount budgeted costs
People Finance
Quality Efficiency
• Auditee satisfaction • Number of reports
review issued per auditor
• Annual client • Percentage of audit
satisfaction review vs non-audit work
• Number of iterations • Timeliness of key
of internal audit deliverables e.g.,
reports TOR, draft report,
• External reviews final report
• Use of appropriate
enabling technologies
Audit Committee News / numéro
Edition 54
54/ /Q3
T3 2016 17Appendix 1
The key steps in an annual cycle
Produce the annual • Create an annual internal audit plan for Exit meeting • Prior to formal reporting, an exit meeting
work approval by the audit committee, should be held with the relevant
programme typically as part of an indicative 3 or business sponsor and other employees
5 year plan linked to a wider risk/audit as agreed
universe • The purpose of the meeting is to:
• Identify resource requirements, – confirm that expectations have been
including relevant subject matter and met;
industry experience to add value to the – highlight and re-confirm the findings of
process, and associated budgets the review;
• Agree the timeline for performing – validate the findings; and
individual assignments in the agreed – where appropriate, obtain
plan management’s acceptance and
• Additional reviews may be required: the support for the recommendations
approach needs to be nimble to respond made, including their commitment to
to the needs of the audit committee and actions with clear dates for
the executive team implementation
• Consideration should also be given at
this stage to the interaction with risk
management activities and the specific Reporting • Prepare a draft report to be issued to
linkage of risk and assurance management within an agreed number
of working days of completion of each
audit and finalise the report, again within
Plan individual • For each allocated audit assignment, an agreed time frame of receipt of
assignments terms of reference should be agreed in management responses
advance • Report in accordance with standard
• Staff requirements should be confirmed template
and communicated to the team • Determine who should attend and
reasonably far in advance of the work to present at stakeholder and audit
help continuity committee meetings
• Planning meetings with the nominated
business sponsor and business process
owners, information gathering and Issue resolution • Following the issue of final reports,
briefing of team members prior to each tracking monitor agreed upon management
assignment action plans and subsequent reporting
to senior management and the audit
committee
Perform fieldwork • Fieldwork should commence with an • Clear protocols for follow up work as
opening meeting involving all relevant and when needed
team members so that:
– expectations are understood; and
– the objectives, scope, techniques and Overall • Defined audit charter
emphasis of the review are clear. considerations • A defined strategy
• A “no surprises” approach is • An ongoing awareness of key business
fundamental. The nominated business risks and how this drives audit
sponsor should be informed of issues as • Clear role defined on related activities
they arise e.g., investigations/ad hoc assignments
• Ways of working should be defined and • Agreed communication protocols
consistently applied and measured • Clear business case/cost analysis and
(including the business responsibilities) monitoring
• Variations to timelines or budgets • Ways of working protocols
should be monitored and flagged as • KPIs to track progress and delivery
soon as they are identified to key • Stakeholder satisfaction surveys
sponsors
The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information, there can be
no guarantee that such information is accurate as of the date it is received, or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough
examination of the particular situation. The scope of any potential collaboration with audit clients is defined by regulatory requirements governing auditor independence.
© 2016 KPMG AG is a subsidiary of KPMG Holding AG, which is a member of the KPMG network of independent firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss legal entity. All rights reserved.
Audit Committee News / numéro
Edition 54
54/ /Q3
T3 2016 18Vous pouvez aussi lire
