Quality Assurance Review (QAR)

PRIMARY CONTACTS:
James B. Yard CPA, CIA, CISA (Pittsburgh), Tony P. Ielase CISA (Columbus)

Whether electing a full external assessment or a self-assessment with independent external validation, a Quality Assurance Review (QAR) allows audit committees and chief audit executives to evaluate the activities of their internal audit (IA) function and determine whether policies, procedures and practices of the function adhere to The Institute of Internal Auditors’ (The IIA) Core Principles, International Standards for the Professional Practice of Internal Auditing (Standards) and the Code of Ethics.

Our experienced professionals leverage our Internal Audit Strategic Framework to assess your internal audit function’s activities against leading practices of other internal audit functions we have observed, and provide insights and recommendations to elevate the performance and value of the function to stakeholders.

Schneider Downs’s Internal Audit Strategic Framework

Our QAR professionals are required to meet the qualification requirements as defined in Standard 1312 – qualified, independent reviewer or review team from outside the organization. The Standard defines qualified individuals as persons with the technical proficiency, business experience and educational background appropriate for the audit activities to be reviewed. For this reason, QARs are conducted by the management of our practice. In addition, many of our QAR professionals also have experience in industry within internal audit functions and have also served as a Chief Audit Executive (CAE) so they know the challenges of leading an IA function and thus will provide practical, non-theoretical recommendations where appropriate.

Quality Assurance Review Process

What does our QAR process look like?

DATA COLLECTION

  • Conduct interviews of key stakeholders (i.e., audit committee, executive management, IA team members)
  • Develop questionnaire for other stakeholders
  • Collect key documents that will support the QAR (i.e., risk assessment, IA charter, working papers, IA reports, Quality Assurance results, IA resumes, etc.)

ANALYSIS

  • Assess documentation against the IIA Standards
  • Review sample of executed audits to ensure compliance with existing IA policies and IIA Standards
  • Leverage our SD Internal Audit Strategic Framework to assess areas for improvement
  • Summarize and analyze interview/questionnaire results and develop positive themes and potential areas for improvement

REPORTING

  • Report on conformance with the IIA Standards (Generally Conforms, Partially Conforms, Does Not Conform)
  • Identify IA’s areas of strength
  • Identify areas for improvement based on stakeholder feedback and our experience with leading practice recommendations

Results include an overall assessment with conformance  against the IIA Standards, as well as a high level roadmap for the most impactful opportunities for improvement, and detailed assessment against our SD Internal Audit Strategic Framework – highlighting both strengths and value add recommendations.

Ready to get started?

Contact us to learn more about Schneider Downs Quality Assurance Review (QAR) services. QAR is just one of the many risk-based advisory services offered by Schneider Downs, explore our additional services on our Risk Advisory Services homepage.

Learn how we’ve Solved Big Problems For our clients

Big Problem: Company Impacted By Ransomware.

Big Thinking: Restore System On-site And Avoid Six-figure Ransom.

Read Case Study

Big Problem: Inefficient Tax Credit Realization.

Big Thinking: Identified A $900,000 Tax Credit, Nearly Twice As Much As Prior Years.

Read Case Study

OUR THOUGHTS ON

Have a question? Ask us!

We’d love to hear from you. Drop us a note, and we’ll respond to you as quickly as possible.

Breached?

Every moment counts. For urgent requests, contact the Schneider Downs digital forensics and incident response team at 1-800-993-8937. For all other requests, please complete the form below.

"*" indicates required fields

This field is for validation purposes and should be left unchanged.