The role of internal audit is

in the midst of attention.

Dramatic changes in market
conditions have spurred the
need to identify process
improvement opportunities
and minimize any possible
surprises. Dynamic business
environment, industries
standards and regulatory
requirements make it
necessary to establish a
reliable control environment,
including the need for
establishing or improving the
operations of internal audit
function.

The rapid changes in regulation and the
global business marketplace have had
a signifcant impact on organizations.
The internal audit function, had such
a function been established, has been
heavily focused on internal controls
over fnancial reporting, and in some
cases with limited attention paid to
assessment and/or validation of internal
organizational changes. As a result
of the changes, there are increased
requests around risk management
activities by executives, board
members, shareholders, and regulators
leading more organizations to realize
the need to establish or revitalize their
internal audit function-focusing far
beyond internal controls over fnancial
reporting.
Transformational shift
A transformational shift toward a
comprehensive risk-centric approach
signifcantly expands the scope of
responsibilities and complexities of the
internal audit function. Expectations
are high. There is a much greater
emphasis on improving governance
and oversight functions as well as
providing an assessment of risk
management processes and the
control environment. Companies are
recognizing the dramatic impact and
beneft of an internal audit function
that is agile, properly resourced,
effectively managed, and aligned with
company goals, which can improve risk
management and control processes
and drive better effciencies.
Moving forward with the
right approach
Companys management is demanding
more from internal auditors while
necessary skill sets may be lacking.
Without properly resourced and
effectively established function that
includes items often overlooked the
audit committees and management
can lose confdence in the head of
the internal audit function and the
internal audit function itself. With so
much at stake, the right approach to
establishing or revitalizing an internal
audit function is critical to its success.
KPMG team of highly experienced
internal audit professionals, aided by
proprietary tools and methodologies,
are committed to helping internal
audit better fulfll their responsibilities
and bring added value to the
organization. Our professionalists
help organizations to move forward
with the right approach which
requires understanding of the
interdependencies among a broader
set of governance, risk, and compliance
functions across the enterprise.
Phase 1
Establish
governance
framework
Develop
operational
guidance
Establish
executive/
board
reporting
Perform
enterprise
risk
assessment
Internal
audit plan
development
Establishing an Internal Audit Function
Internal Audit Methodology
InTErnAl AuDIT, rIsK & COMPlIAnCE sErvICEs
Establishing or revitalizing Internal Audit
ADvIsOry
Phase 2 Phase 3 Phase 4 Phase 5
kpmg.com.mk
KPMG offers a comprehensive approach that coordinates a series of steps and
activities designed to meet the increased requirements of todays internal audit
function. It also takes advantage of KPMGs proprietary Global Internal Audit
Methodology.
Key phases involved in developing a new or improved internal audit function
include:
Establish a governance framework includes gaining an understanding
of the organization and existing governance structure and aligning this
understanding with the expectations of the various stakeholders. It also
involves establishing the internal audit governance structure and framework
and establishing formal oversight of the internal audit function.
Develop operational guidance calls for establishing the operational
framework of internal audits as well as developing standardized tools and
templates for use in the operations of the internal audit function.
Establish executive/board reporting requires determining reporting
requirements with key stakeholders and developing related protocols. It also
entails developing the necessary reporting tools and formalizing the reporting
process.
Perform enterprise risk assessment involves developing risk criteria
and performing risk assessment. It requires identifying enterprise risks and
facilitating discussions on how these risks threaten business objectives.
Additionally, it involves associating risks to key business processes and
communicating results and validating fndings to develop the basis for the
internal audit plan.
Internal audit plan development leads to creating a risk-based internal audit
plan and includes determining timing and resource requirements. It entails
developing and sharing a draft plan with the function sponsor before obtaining
audit committee approval. Once approval is granted, this step also requires
maintaining and updating the internal audit plan on a regular basis.
Contact us
For additional information related
to our services, please contact:
Lozina Alexieva
Partner, Advisory
Tel: +389 2 3135 220
lalexieva@kpmg.com
Kiril Estatiev
senior Manager, Advisory
risk & Compliance
Tel: +389 2 3135 220
kestatiev@kpmg.com
The information contained herein is of a general nature and is not intended to address the circumstances of
any particular individual or entity. Although we endeavor to provide accurate and timely information, there
can be no guarantee that such information is accurate as of the date it is received or that it will continue to
be accurate in the future. No one should act on such information without appropriate professional advice
after a thorough examination of the particular situation.
KPMG and the KPMG logo are registered trademarks of KPMG International Cooperative (KPMG
International), a Swiss entity.
2010 KPMG DOOEL Skopje is a Macedonian
limited liability company and a member firm of
the KPMG network of independent member
firms affiliated with KPMG International
Cooperative (KPMG International), a Swiss
entity. All rights reserved. Printed in Macedonia.