RIAM:Overview: The Client Service Plan (CSP)
The preliminary steps in providing an Internal Audit (IA) service are in establishing the audit function. The Client Service Plan (CSP) details the method to be used to implement, manage and improve the IA function within the client. Most of the CSP is directed at managing the quality and operating conditions of IA.
The Core Objectives of the CSP
The core objectives of the CSP are:
- Market the IA service to the client's staff. We must aim for a clear understanding of the services, method of operation, and systems for improvement to be used by IA.
- Implement and resource the key controlling bodies. This includes defining the quality control teams, relevant quality circles and particularly establishing the Audit Committee.
The Audit Committee is the principal co-ordinating body of both the external and internal audit activities. The committee generally includes Internal Audit management, senior executive management and Board representatives. The committee defines and administers the "Audit Charter" and defines and oversees "The Audit Terms of Reference". It meets regularly, participates in the planning process, reviews all audit reports and ensures recommended action plans are implemented.
- Establish the Client Service Team (CST). The CST forms the core management team for the engagement and is the primary mechanism for ensuring consistency of audit personnel for a client, capturing client feedback on our performance and implementing the continuous improvement of the service provided to the client.
- Design and develop the key controlling documents. These documents are:
The Audit Charter
One of the critical documents, the Charter forms "the constitution" governing the audit committee and the audit function. It details the functions, obligations and responsibilities of the various members of the audit process.
The Terms of Reference
The second of the critical documents, the Terms of Reference establishes the protocol for action and activities of the Internal Audit function.
The Client Specific RIAM Manual
The procedures and report designs to be used must be tailored to each client. This is done in conjunction with management to ensure that both our methods and reporting standards are those required by the client. Quality starts with a client focus, and is defined in terms of the client's needs.
The Performance Guarantee
The document identifies Internal Audit Performance Guarantees and Critical Success Factors, with accompanying strategies and Performance Indicators. This is the key document against which IA is evaluated as the engagement progresses.
- Gain familiarity with the organisation's culture and management's key risk and opportunities. The key activity to achieve this is the Strengths Weaknesses Opportunities Threats and Constraints Analysis (SWOTC) conducted during the Initiation Forum. It primarilly provides information to the IA planning team to help identify the Risk Ranking criteria for planning, relevant legislation, skill requirements, and the probable areas of greatest benefit for the organisation. It forms the basis of the Organisation Risk Model developed during the Risk Based Planning phase.
- Establish the current standing of Quality Control within the organisation. Basically a Quality Audit. This is an optional exercise, following the Soin model which provides us with information on existing quality management systems used by the organisation (to allow us to better integrate IA into the existing quality control systems), and define both the current attitude to, and sophistication of, quality management. Where this has not been conducted within the organisation before, a side benefit is that the organisation's executive usually identify many opportunities for improvement from this one activity.
The review requires the involvement of the senior executive. The preferred model is Soin's under the headings:
- Planning Process
- Customer Obsession
- Improvement Cycle
- Process Management
- Total Participation
The joint activities at this stage allow Internal Audit management and the Organisation's executive to establish a rapport and develop confidence operating as a unit.
The Process of the Client Service Plan
The basic steps in the CSP are:
At Start Up
- Establish the Audit Committee
- The Audit Initiation Forum
- Tailor methods and client liaison systems
- Development of the key control documents
- Development of the internal IA marketing plan
- Establish the Client Service Team
- Identification of Internal Audit Performance Guarantees and Critical Success Factors;
- Conduct the Quality Audit
Throughout the Engagement
- Seek client feedback through formal and informal means, including regular visits by the Independent Quality Service Partner to facilitate feedback in an anonymous manner;
- Revise and improve delivery systems;
- Annual (or more regular) analysis of Internal Audit Productivity and Quality (called "Qualativity" in TQM);
- Implement IA marketing plan;
- Identification and integration of Industry Best Practice with the client's organisation;
- Monitoring of Internal Audit Performance Guarantees, Indicators and Critical Success Factors.