Internrevision i svenska myndigheter : En studie utifrån de tre ansvarslinjerna

Schönberg, Caroline, Karlsson, Maja

January 2014

Syftet med denna uppsats är att beskriva och analysera svenska myndigheters internrevision för att kunna dra slutsatser om i vilken ansvarslinje de befinner sig i dagsläget samt att föra en diskussion kring internrevisionens oberoende. I denna uppsats har en kvalitativ studie genomförts. Med hjälp av semi-strukturerade intervjuer på sex olika myndigheter med krav på internrevision har empiri insamlats som tillsammans med teoretisk referensram ligger till grund för analys och slutsatser. Studien visar att svenska myndigheters internrevision befinner sig i den tredje ansvarslinjen. Vissa variationer inom den tredje ansvarslinjen kan urskiljas på grund av dels otydliga riktlinjer för internrevisorerna för att kunna bibehålla ett oberoende i samband med råd och stöd och dels på grund av bristfälliga kunskaper i den andra ansvarslinjen avseende hur ansvaret ska fördelas. / The purpose of this essay is to describe and analyze internal audit of the Swedish authorities internal audit in order to draw conclusions about which of The Three Lines of Defense they are positioned in at the present time, and to include a discussion about internal audit’s independence. In this essay, a qualitative study has been conducted. Using data from semi-structured interviews conducted at six different authorities with requirements for internal audit, empirical evidence has been collected. This empirical evidence, together with a theoretical framework constitutes the basis for analysis and conclusions. The study showed that the internal audit of the Swedish authorities is positioned in the third line of defense. Some variations in the third line of defense could be distinguished due to unclear guidelines for internal auditors to maintain independence in connection with advice and support, and also due to insufficient knowledge in the second line of defense regarding how responsibility should be allocated.

Authority

independence

internal audit

internal auditor

internal control

internrevisionsförordning (2006:1228)

The Three Lines of Defense Model

De tre ansvarslinjerna

de tre försvarslinjerna

intern styrning och kontroll

internrevision

internrevisionsförordning (2006:1228)

internrevisor

myndighet

oberoende

[pt] PROPOSTA DE FRAMEWORK PARA O USO DE ROBOTIC PROCESS AUTOMATION NAS AUDITORIAS INTERNAS DE BANCOS BRASILEIROS / [en] ROBOTIC PROCESS AUTOMATION FRAMEWORK PROPOSAL FOR INTERNAL AUDIT IN BRAZILIAN BANKS

ANA PAULA CONCEICAO TEIXEIRA PENNA

18 May 2020

[pt] A Automação Robótica de Processos (RPA) surge como uma nova tecnologia advinda da indústria 4.0, focada na automação de tarefas humanas repetitivas, rotineiras e baseadas em regras. Ela promete eliminar esses processos que consomem mais tempo, sem substituir os sistemas de TI existentes. Consequentemente, reduziria custos e riscos operacionais; e melhoraria a eficiência, os processos internos e a experiência do cliente. Além disso, a RPA tem o potencial de revolucionar a auditoria tradicional, pois minimizaria as atividades tenocráticas, que apresentam baixo valor agregado, e permitiria que os auditores se concentrassem mais em atividades que exijam raciocínio analítico e julgamento profissional. Assim, levaria à ampliação da cobertura dos testes e do monitoramento de transações, aumentando a performance e a qualidade da auditoria contínua. Devido ao exposto, a RPA está sendo vista como um ativo estratégico para enfrentar os desafios da transformação digital. Por ser uma nova tendência, a literatura científica sobre o tema ainda é escassa, mas está crescendo rapidamente. E, nos últimos dois anos, foi amplamente adotada em muitas organizações e instituições financeiras com sucessos e fracassos. Portanto, considerando o modelo das três linhas de defesa, este estudo tem como objetivo propor um framework para implantação da RPA na auditoria interna de bancos brasileiros. / [en] Robotic Process Automation (RPA) emerges as a new 4.0 industry technology focused on the automation of repetitive, routine, rule-based human tasks. It promises to eliminate the most time-consuming processes without replacing existing IT systems. Consequently, reducing costs and operational risks as it improves efficiency, internal processes, and customer experience. Moreover, it has the potential to disrupt the traditional audit model as it minimizes mechanical low added value activities, enabling auditors to concentrate more on assignments that require thinking skills and professional judgment. Thus, it would lead to the expansion of testing and monitoring analytics coverage, enriching continuous audit quality and performance. Due to the above, RPA is being seen as a strategic asset to face the challenges of digital transformation. Since it is a new trend, there is limited literature on the subject, but growing fast. And, in the last couple of years, it has been widely adopted in many industries and financial organizations with successes and failures. Therefore, considering the three lines of defense model, this paper aims to propose an RPA framework for internal audit in Brazilian banks.

[pt] RPA

[pt] BANCOS NACIONAIS

[pt] MODELO DAS TRES LINHAS DE DEFESA

[pt] ROBOTIC PROCESS AUTOMATION

[pt] AUDITORIA CONTINUA

[pt] TRANSFORMACAO DIGITAL

[pt] INDUSTRIA 4 0

[pt] AUDITORIA INTERNA

[en] RPA

[en] BRAZILIAN BANKS

[en] THREE LINES OF DEFENSE MODEL

[en] ROBOTIC PROCESS AUTOMATION

[en] CONTINUOUS AUDITING

[en] DIGITAL TRANSFORMATION

[en] INDUSTRY 4 0

[en] INTERNAL AUDIT