Catching Fraud During a Recession Through Superior Internal Controls. FICPA s 25 th Annual Accounting Show. J. Stephen Nouss September 29, 2010

Size: px
Start display at page:

Download "Catching Fraud During a Recession Through Superior Internal Controls. FICPA s 25 th Annual Accounting Show. J. Stephen Nouss September 29, 2010"

Transcription

1 Catching Fraud During a Recession Through Superior Internal Controls FICPA s 25 th Annual Accounting Show J. Stephen Nouss September 29,

2 Session Objectives Fraud Facts (2008 Association of Certified Fraud Examiners, Inc.) Risks COSO Framework Internal Controls COSO Monitoring Controls Enterprise Risk Management (ERM) Internal Audit Possible Governance Considerations Potential Benefits from Focusing on Process Improvement 2

3 How Occupational Fraud is Committed Breakdown of All Occupational Fraud Schemes Frequency 3

4 How Occupational Fraud is Committed Breakdown of All Occupational Fraud Schemes Median Loss 4

5 How Occupational Fraud is Committed Median Duration of Fraud Based on Scheme Type 5

6 Detection of Fraud Schemes Initial Detection of Occupational Frauds 6

7 Detection of Fraud Schemes Initial Detection Method of Frauds in Small Businesses 7

8 Victim Organizations Organization Type of Victim Median Loss 8

9 Victim Organizations Methods of Fraud Small Business vs. All Cases 9

10 Victim Organizations Frequency of Anti-Fraud Controls 10

11 Victim Organizations Primary Internal Control Weakness Observed by CFE 11

12 Victim Organizations Internal Controls Modified or Implemented in Response to Fraud 12

13 The Perpetrators 13

14 Examples of Risk E N V I R O N M E N T R I S K Catastrophic Competitor Loss Sovereign/Political Sensitivity Legal Shareholder Regulatory Relations Industry Capital Financial Availability Markets P R O C E S S R I S K OPERATIONS RISK Customer Satisfaction Human Resources Product Development Efficiency Capacity Performance Gap Cycle Time Sourcing Obsolescence/Shrinkage Compliance Business Interruption Product/Service Failure Environmental Health and Safety Trademark/Brand Name Erosion EMPOWERMENT RISK Leadership Authority/Limit Outsourcing Performance Incentives Change Readiness Communications INFORMATION PROCESSING/ TECHNOLOGY RISK Relevance Integrity Access Availability Infrastructure INTEGRITY RISK Management Fraud Employee Fraud Illegal Acts Unauthorized Use Reputation Price Liquidity Credit FINANCIAL RISK Interest Rate Currency Equity Commodity Financial Instrument Cash Flow Opportunity Cost Concentration Default Concentration Settlement Collateral I N F O R M A T I O N F O R D E C I S I O N M A K I N G R I S K OPERATIONAL Pricing Contract Commitment Performance Measurement Alignment Regulatory Reporting FINANCIAL Budget and Planning Accounting Information Financial Reporting Evaluation Taxation Pension Fund Investment Evaluation Regulatory Reporting STRATEGIC Environmental Scan Business Portfolio Valuation Performance Measurement Organization Structure Resource Allocation Planning Life Cycle 14

15 The COSO ERM Framework The original COSO Internal Control Integrated Framework started out as a tool to help organizations ensure that they had procedures in place to consistently achieve their objectives in the following categories: Effectiveness and efficiency of operations Reliability of financial reporting Compliance with applicable laws and regulations 15

16 COSO Control Environment Integrity and Ethical Values Sound integrity and ethical values, particularly of top management, are developed and understood and set the standard of conduct for financial reporting. Board of Directors The board of directors understands and exercises oversight responsibility related to financial reporting and related internal control. Management's Philosophy and Operating Style Management's philosophy and operating style support achieving effective internal control over financial reporting. 16

17 COSO Control Environment, cont'd Organizational Structure The company's organizational structure supports effective internal control over financial reporting. Financial Reporting Competencies The company retains individuals competent in financial reporting and related oversight roles. Authority and Responsibility Management and employees are assigned appropriate levels of authority and responsibility to facilitate effective internal control over financial reporting. Human Resources Human resource policies and practices are designed and implemented to facilitate effective internal control over financial reporting. 17

18 COSO Risk Assessment Financial Reporting Objectives Management specifies financial reporting objectives with sufficient clarity and criteria to enable the identification of risks to reliable financial reporting. Financial Reporting Risks The company identifies and analyzes risks to the achievement of financial reporting objectives as a basis for determining how the risks should be managed. Fraud Risk The potential for material misstatement due to fraud is explicitly considered in assessing risks to the achievement of financial reporting objectives. 18

19 COSO Control Activities Integration with Risk Assessment Actions are taken to address risks to the achievement of financial reporting objectives. Selection and Development of Control Activities Control activities are selected and developed considering their cost and their potential effectiveness in mitigating risks to the achievement of financial reporting objectives. Policies and Procedures Policies related to reliable financial reporting are established and communicated throughout the company, with corresponding procedures resulting in management directives being carried out. Information Technology Information technology controls, where applicable, are designed and implemented to support the achievement of financial reporting objectives. 19

20 COSO Information and Communication Financial Reporting Information Pertinent information is identified, captured, used at all levels of the company, and distributed in a form and timeframe that supports the achievement of financial reporting objectives. Internal Control Information Information used to execute other control components is identified, captured, and distributed in a form and timeframe that enables personnel to carry out their internal control responsibilities. Internal Communication Communications enable and support understanding and execution of internal control objectives, processes, and individual responsibilities at all levels of the organization. External Communication Matters affecting the achievement of financial reporting objectives are communicated with outside parties. 20

21 Monitoring Ongoing and Separate Evaluations Ongoing and/or separate evaluations enable management to determine whether internal control over financial reporting is present and functioning. Reporting Deficiencies Internal control deficiencies are identified and communicated in a timely manner to those parties responsible for taking corrective action, and to management and the board as appropriate. 21

22 What is Internal Audit today? The IIA defines internal audit as: an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes. The key question every internal auditor must answer is: "What objectives are we to address?" 22

23 COSO: Guidance on Monitoring Internal Control Systems (January 2009) Supported Conclusions Regarding Control Effectiveness The Monitoring Process 23

24 The COSO ERM Framework The COSO ERM Framework: 1 2 Adds the "Strategic" objective Broadens the "Financial Reporting" objective to all Reporting, and Enhances the components to more effectively address objective setting and risk assessment

25 The ERM value proposition Focuses management attention on the truly important risks risks with potential to significantly impact earnings or even endanger company survival Makes ALL risks known to management, rather than some risks Develops a strategic, company-wide approach to risk management and mitigation using all the available tools: derivatives, insurance, internal controls and strategic action Integrates risk management into critical decision-making processes, such as strategic planning 25

26 The ERM value proposition continued Identifies the risks inherent in current strategy and business model before the competition to provide sustainable competitive advantage Determines risk appetite of the company in context of management & community expectations 26

27 The Simplicity of ERM In the end, effectively controlling those risks boils down to four key steps: Set objectives What do you want to accomplish? Identify and prioritize risks What events/actions could significantly prevent the organization from achieving those objectives? Plan and execute a response Avoid, reduce, share, or accept the risk (or a combination) Monitor and continuously re-evaluate Develop a plan to ensure that the conclusions above are still relevant and operating as intended 27

28 The Universe of Objectives Every successful organization lives within an operational world that includes four critical elements: Strategic intent (i.e., what we want to accomplish and when) Operational reality (i.e., the processes, people and technology we employ to achieve the strategic vision) Reporting needs and requirements (i.e., internal and external reporting) Legal and regulatory compliance requirements (i.e., what we can and cannot do, when and where) 28

29 The Universe of Risks Every organization faces risks on three primary fronts: In their environment (e.g., competitors, governments, lenders, regulators, innovators, etc.) In their operations (e.g., production quality, efficiency, information systems, employee capabilities and integrity, etc.) In the information they use and/or publish that is critical for making decisions (e.g., production planning, product pricing, purchase commitments, budgeting, financial reporting, etc.) 29

30 ERM capability maturity Basic Determine risk treatment strategies Establish business risk inventory Align business unit risks with objectives Create common language for risks, control activities and monitoring Communicate risk taking expectations to senior managers 30

31 ERM capability maturity Intermediate Basic ERM plus Quantify key risks to best extent possible Identify key risk metrics to report on Create risk policy and procedure manual Analyze risks' root cause and impact Integrate effects of risk types 31

32 ERM capability maturity Advanced Intermediate ERM plus Strategic planning Annual budget process Stakeholder communications Management scorecards Remuneration 32

33 ERM approach Keep it simple to succeed Leverage other risk management initiatives Utilize a quantitative and standard questionnaire Interview all key stakeholders to ensure all perspectives are captured the first time Incorporate known organization and industry risks up front Focus on pervasive risks first (top-down) 33

34 Example of "Basic" ERM Approach Leverage Other Risk Assessment Initiatives Quantitative Questionnaire Qualitative Questionnaire -Top 3 Objectives -Risks to Achieve Interviews Add Additional Risks - From Exec Management - From Industry and -Outside Initial Risk Universe Narrow to Common Theme Risks based on review of risk universe Risk Ranking Meeting with Management Based on Significance/Likelihood of Risk, Risk Appetite and How Well Doing Today Develop Cost/Benefit Analysis and Work Plan Present to Audit Committee Re-ranking of Risks 2010 Audit Plan Address Pervasive Risks 34

35 The role of Internal Audit Provide assurance on risk management processes Provide assurance that risks are correctly evaluated Evaluate risk management processes Evaluate the reporting of key risks Review the management of key risks Source: the IIA's position paper, The Role of Internal Auditing in Enterprise-wide Risk Management 35

36 The role of Internal Audit with safeguards Facilitate identification and evaluation of risks Coach management in responding to risks Coordinate ERM activities Consolidate the reporting on risks Maintain and develop the ERM framework Champion establishment of ERM Develop risk management strategy for board approval Source: the IIA's position paper, The Role of Internal Auditing in Enterprise-wide Risk Management 36

37 The role of Internal Audit Play an important role in monitoring ERM but do not have primary responsibility for its implementation or maintenance Assist management and the board or audit committee in the process by: Monitoring Examining improvements Evaluating Reporting Recommending 37

38 The role of Internal Audit Do not.. Set the risk appetite Impose risk management processes Management assurance on risks Make decisions on risk management or responses Implement risk responses on management's behalf Become accountable for risk management 38

39 ERM best practices and lessons learned Do Establish a Risk Management Committee and Charter Identify a risk champion supported by the CEO Understand that ERM is a journey and not a project Provide a holistic definition of business risk Include consultants, but do not let them drive ERM 39

40 ERM best practices and lessons learned Do not Underestimate the impact of existing culture Undersell ERM as a business risk assessment Implement ERM as a part-time job Take on too much at one time 40

41 Improving The Nature of Certain Controls Possible Governance Consideration Has the company tagged its key controls by attribute (i.e., preventative vs. detective and automated vs. manual)? What areas rely heavily on detective or manual controls? Is there a business or control reason why these detective or manual controls are needed? What impact could shifting these controls to be more preventive or automated have on the reliability of a given process? 41

42 Centralizing Operations Possible Governance Considerations What processes in the company operate in a decentralized manner? Is there a business reason why control over these processes is decentralized? Could the company improve both control and efficiency by centralizing some or all of these processes? How much would the centralization effort cost in relation to the expected benefits? 42

43 Improving the Flow and Reliability of Information Possible Governance Considerations Does the company periodically inventory its reports and evaluate user needs and the efficiency of the report generation process? Does the company rely on manual report distribution or are electronic means utilized where possible? Has the company explored the possibility of real-time user access to selected information? 43

44 Implementing Business Process Improvements Possible Governance Considerations Does the company's control documentation contain enough information for users to understand the underlying business processes? Does the company use this information to identify possible inefficiencies in operations and business processes? Does the company consider technology and organizational issues when evaluating process improvement opportunities? 44

45 Potential Benefits From Focusing on Process Improvement Financial Close Performance Management & Financial Reporting Budgeting & Planning Improved quality, accuracy and timeliness of financial information Reduced time to close the books each period Eliminating unnecessary and/or manual activities Better aligned strategic and business goals Better information for decision making Elimination of unnecessary or redundant reports Reduced budget complexity and cycle time Enhanced ability to respond to market changes Increased quality, accuracy and timeliness of information Eliminating unnecessary and/or manual activities 45

46 Potential Benefits From Focusing on Process Improvement, cont'd Order to Cash Procure to Pay/ Supply Chain Inventory Management Decreased cost and cycle time associated with billing and collecting Increased accuracy on orders and bills Increase in cash flow More efficient purchasing process Increase in cash flow Better supplier relations Reduced inventory costs Reduced warehouse space Increase in cash flow 46

47 Contact information Steve Nouss Senior Vice President - Finance, Accounting & Operations Republic Metals Corporation Cell S.Nouss@republicmetalscorp.com 47

Enterprise Risk Management

Enterprise Risk Management Enterprise Risk Management Identifying & Assessing Enterprise Risk Steve Nouss, Partner Adam Ross, Senior Manager 1 Session objectives Define and understand the importance of enterprise risk management

More information

Asset Acceptance Capital Corp.

Asset Acceptance Capital Corp. Asset Acceptance Capital Corp. A Practical Approach to Enterprise Risk Management Detroit Chapter IIA September 14, 2010 1 Presenters Jeffrey S. Bankowski, CIA, CPA, CFF Jeff is currently the Vice President

More information

From Dictionary.com. Risk: Exposure to the chance of injury or loss; a hazard or dangerous chance

From Dictionary.com. Risk: Exposure to the chance of injury or loss; a hazard or dangerous chance Sharon Hale and John Argodale May 28, 2015 2 From Dictionary.com Enterprise: A project undertaken or to be undertaken, especially one that is important or difficult or that requires boldness or energy

More information

Enterprise Risk Management Program Development Update. Finance & Audit Committee Meeting September 25, 2015

Enterprise Risk Management Program Development Update. Finance & Audit Committee Meeting September 25, 2015 Enterprise Risk Management Program Development Update Finance & Audit Committee Meeting September 25, 2015 Enterprise Risk Management Presentation Topics Enterprise Risk Management ( ERM ) Overview Lead

More information

Session 7: Corporate Governance

Session 7: Corporate Governance Session 7: Corporate Governance New York Bankers Association-Community Bank Auditors Group 2016 Internal Audit Training-June 6-8, 2016 MEMBER OF ALLINIAL GLOBAL, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS

More information

APM Risk SiG Conference 26 th October 2006 Reporting risks to the board

APM Risk SiG Conference 26 th October 2006 Reporting risks to the board APM Risk SiG Conference 26 th October 2006 Reporting risks to the board Purpose The purpose of this paper is to summarise the key points from the various presentations and knowledge sharing session held

More information

CGEIT Certification Job Practice

CGEIT Certification Job Practice CGEIT Certification Job Practice Job Practice A job practice serves as the basis for the exam and the experience requirements to earn the CGEIT certification. This job practice consists of task and knowledge

More information

Agenda. Enterprise Risk Management Defined. The Intersection of Enterprise-wide Risk Management (ERM) and Business Continuity Management (BCM)

Agenda. Enterprise Risk Management Defined. The Intersection of Enterprise-wide Risk Management (ERM) and Business Continuity Management (BCM) The Intersection of Enterprise-wide Risk (ERM) and Business Continuity (BCM) Marc Dominus 2005 Protiviti Inc. EOE Agenda Terminology and Process Introductions ERM Process Overview BCM Process Overview

More information

2012 CliftonLarsonAllen LLP. A Practical & Tactical Approach to. Management (ERM) Cooperatives (NSAC) Jennifer Leary, Partner National Risk Management

2012 CliftonLarsonAllen LLP. A Practical & Tactical Approach to. Management (ERM) Cooperatives (NSAC) Jennifer Leary, Partner National Risk Management A Practical & Tactical Approach to Implementing Enterprise Risk Management (ERM) National Society of Accountants for Cooperatives (NSAC) Jennifer Leary, Partner National Risk Management 1 1 Speaker Bio

More information

Successful ERM Program Standards. Definitions of Enterprise Risk Management (ERM)

Successful ERM Program Standards. Definitions of Enterprise Risk Management (ERM) 1 Successful ERM Program Standards Enterprise Risk Management Vendor Management Business Continuity IT GRC Internal Audit Regulatory Compliance Manager William C. Hord V.P. of Enterprise Risk Management

More information

Figure 1: COSO Enterprise Risk Management Cube

Figure 1: COSO Enterprise Risk Management Cube Figure 1: COSO Enterprise Risk Management Cube Source: Committee of Sponsoring Organizations (COSO), "Enterprise Risk Management- Integrated Framework: Executive Summary" 5. As shown in the COSO ERM cube,

More information

SAMPLE BEC SuperfastCPA Review Notes

SAMPLE BEC SuperfastCPA Review Notes BEC 2018 SuperfastCPA Review Notes Table of Contents Corporate Governance 1 Internal Control Frameworks 1 Enterprise Risk Management Frameworks 6 Other Regulatory Frameworks and Provisions 10 Economic

More information

Fraud Risk Management

Fraud Risk Management Fraud Risk Management Fraud Risk Management Overview 2017 Association of Certified Fraud Examiners, Inc. Discussion Questions 1. Does your organization follow a specific risk management model? If so, which

More information

Sarbanes-Oxley: Company Case Study - Viacom Inc. IT General Controls - Sustaining Compliance Efforts. Anthony Noble VP, IT Internal Audit

Sarbanes-Oxley: Company Case Study - Viacom Inc. IT General Controls - Sustaining Compliance Efforts. Anthony Noble VP, IT Internal Audit Sarbanes-Oxley: A Focus on IT Controls Company Case Study - Viacom Inc. IT General Controls - Sustaining Compliance Efforts Anthony Noble VP, IT Internal Audit Today s Agenda Introduction Viacom Methodology

More information

Risk Management Culture: The Linkage Between Ethics & Compliance and ERM September 14, 2009

Risk Management Culture: The Linkage Between Ethics & Compliance and ERM September 14, 2009 2009 Compliance and Ethics Institute Risk Management Culture: The Linkage Between Ethics & Compliance and ERM September 14, 2009 Table of contents Section 1 2 3 4 5 6 Learning objectives Why measure risk

More information

A Practical Approach to Enterprise Risk Management

A Practical Approach to Enterprise Risk Management A Practical Approach to Enterprise Risk Management Presented by: Amit Govil Managing Partner, P&G Associates John McIsaac President, McIsaac Risk Solutions Today s Agenda I. Defining ERM II. Implementation

More information

Enterprise Risk Management (ERM) How Internal Audit Can Add Great Value

Enterprise Risk Management (ERM) How Internal Audit Can Add Great Value ASSOCIATION OF HEALTHCARE INTERNAL AUDITORS 2009 ANNUAL CONFERENCE Charting a Course for Excellence Enterprise Risk Management (ERM) How Internal Audit Can Add Great Value to Your Organization s ERM Process

More information

The COSO Risk Framework: A reference for internal control? Transition from COSO I to COSO II

The COSO Risk Framework: A reference for internal control? Transition from COSO I to COSO II The COSO Risk Framework: A reference for internal control? Transition from COSO I to COSO II S P E A K E R : D O T T. FA B I O A C C A R D I C O U R S E O F B U S I N E S S A U D I T I N G U N I V E R

More information

GRM OVERSEAS LIMITED RISK MANAGEMENT POLICY

GRM OVERSEAS LIMITED RISK MANAGEMENT POLICY GRM OVERSEAS LIMITED RISK MANAGEMENT POLICY As approved by the Board of Directors at their meeting held on 11.11.2014. 1 P a g e Contents 1. Risk Management...3 2. Policy...3 3. Risk Management Philosophy...3

More information

REPORT 2016/033 INTERNAL AUDIT DIVISION

REPORT 2016/033 INTERNAL AUDIT DIVISION INTERNAL AUDIT DIVISION REPORT 2016/033 Advisory engagement on the Statement on Internal Control project at the United Nations Joint Staff Pension Fund 25 April 2016 Assignment No. VS2015/800/01 CONTENTS

More information

Standards for Internal Control in New York State Government 2016 Update

Standards for Internal Control in New York State Government 2016 Update Standards for Internal Control in New York State Government 2016 Update Presented to the New York State Internal Control Association John F. Buyce Audit Director April 28, 2016 1 Last Revised in 2007 A

More information

5 Core Must-Haves for Improved Internal Audit Performance. Copyright 2018 AuditBoard Inc. 1

5 Core Must-Haves for Improved Internal Audit Performance. Copyright 2018 AuditBoard Inc. 1 5 Core Must-Haves for Improved Internal Audit Performance Copyright 2018 AuditBoard Inc. 1 Introductions Built by experienced auditors, AuditBoard allows enterprises to collaborate, manage, analyze and

More information

Charter for Enterprise Risk Management

Charter for Enterprise Risk Management for Enterprise Risk Management Prepared by: Shannon Sinclair Version: 1.2 Document Id: Date: Release Date TABLE OF CONTENTS TABLE OF CONTENTS... i 1. Background... 1 2. Objectives... 1 3. Scope... 2 3.1

More information

Certified Internal Auditor (CIA ) Exam Syllabus

Certified Internal Auditor (CIA ) Exam Syllabus Certified Internal Auditor (CIA ) Exam Syllabus Part 1 Internal Audit Basics 125 questions 2.5 Hours (150 minutes) The CIA exam Part 1 topics tested include aspects of mandatory guidance from the IPPF;

More information

Aligning and Integrating ERM and Business Process. Federal ERM Summit September 9, :00-12:00

Aligning and Integrating ERM and Business Process. Federal ERM Summit September 9, :00-12:00 Aligning and Integrating ERM and Business Process Federal ERM Summit September 9, 2013 11:00-12:00 1 Agenda Defining Risk and ERM The ERM Value Proposition An Integrated ERM Framework Aligning ERM with

More information

More than 2000 organizations use our ERM solution

More than 2000 organizations use our ERM solution 5 STEPS TOWARDS AN ACTIONABLE RISK APPETITE Contents New Defining Pressures Risk Appetite and Risk Tolerance Benefits The 5 Best of Practices Risk Assessments Benefits of an Actionable Risk Appetite More

More information

Evolving Core Tasks for Improved Internal Audit Performance. Copyright 2018 AuditBoard Inc. 1

Evolving Core Tasks for Improved Internal Audit Performance. Copyright 2018 AuditBoard Inc. 1 Evolving Core Tasks for Improved Internal Audit Performance Copyright 2018 AuditBoard Inc. 1 Introductions Built by experienced auditors, AuditBoard allows enterprises to collaborate, manage, analyze and

More information

Strengthening Your Enterprise Risk Management Process

Strengthening Your Enterprise Risk Management Process Strengthening Your Enterprise Risk Management Process Belinda Mumma, Senior Consultant, Enterprise Risk Management Services bmumma@sollievo.com (866) 605-5664 x3400 Discussion Topics Definition of Enterprise

More information

Gleim CIA Review Updates to Part Edition, 1st Printing June 2018

Gleim CIA Review Updates to Part Edition, 1st Printing June 2018 Page 1 of 15 Gleim CIA Review Updates to Part 1 2018 Edition, 1st Printing June 2018 Study Unit 3 Control Frameworks and Fraud Pages 66 through 69 and 76 through 77, Subunit 3.2: In accordance with the

More information

Risk Management in the 21 st Century Ameren Business Risk Management

Risk Management in the 21 st Century Ameren Business Risk Management Management in the 21 st Century Ameren Business Management Charles A. Bremer V.P. Ameren Service Center/Information Technology Ameren Services Co. November, 2007 Ameren s History 2 Ameren Today Electric

More information

NOGDAWINDAMIN FAMILY AND COMMUNITY SERVICES

NOGDAWINDAMIN FAMILY AND COMMUNITY SERVICES This dictionary describes the following six functional competencies and four enabling competencies that support the differentiated territory for professional accountants in strategic management accounting:

More information

Enterprise Risk Management Demystified

Enterprise Risk Management Demystified Enterprise Risk Management Demystified Charles W. Soucy, CPCU, CLU, ARM Joe C. Underwood, CPCU, ARM, AIC October 27, 2010 Agenda 1. What is it? A formal definition of ERM How it s different 2. Why do it?

More information

Tactical Implementation of Enterprise Risk Management

Tactical Implementation of Enterprise Risk Management Tactical Implementation of Enterprise Risk Management Presented by: Glen Cooper Copyright Tactical Implementation of ERM CONGRATULATIONS YOU HAVE SUCCESSFULLY MADE YOUR BUSINESS CASE AND ACHIEVED MANAGEMENT

More information

Advisory Services Governance, Risk & Compliance

Advisory Services Governance, Risk & Compliance Advisory Services Governance, Risk & Compliance Caribbean Association of Audit Committee Members Inc. 2010 Conference Caretakers of Integrity and Accountability: The Role of Internal Audit in Corporate

More information

In Control: Getting Familiar with the New COSO Guidelines. CSMFO Monterey, California February 18, 2015

In Control: Getting Familiar with the New COSO Guidelines. CSMFO Monterey, California February 18, 2015 In Control: Getting Familiar with the New COSO Guidelines CSMFO Monterey, California February 18, 2015 1 Background on COSO Part 1 2 Development of a comprehensive framework of internal control Internal

More information

International Standards for the Professional Practice of Internal Auditing (Standards)

International Standards for the Professional Practice of Internal Auditing (Standards) INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING (STANDARDS) Attribute Standards 1000 Purpose, Authority, and Responsibility The purpose, authority, and responsibility of the

More information

CSR / Sustainability Governance and Management Assessment By Coro Strandberg President, Strandberg Consulting

CSR / Sustainability Governance and Management Assessment By Coro Strandberg President, Strandberg Consulting Introduction CSR / Sustainability Governance and Management Assessment By Coro Strandberg President, Strandberg Consulting www.corostrandberg.com November 2015 Companies which adopt CSR or sustainability

More information

San Francisco Chapter. Presented by Scott Perry - Slalom Consulting

San Francisco Chapter. Presented by Scott Perry - Slalom Consulting Presented by Scott Perry - Slalom Consulting Introductions Session Objectives Overview of Enterprise Risk Management The Role Of IT IT Governance Model IT Risk Assessment How IT Auditors Add Value Key

More information

Comparison of the PCAOB s Auditing Standards No. 5 and No. 2 (Certain key differences are highlighted by underlining)

Comparison of the PCAOB s Auditing Standards No. 5 and No. 2 (Certain key differences are highlighted by underlining) Comparison of the PCAOB s Auditing Standards No. 5 and No. 2 (Certain key differences are highlighted by underlining) Topic AS No. 5 AS No. 2 Objective of ICFR Audit Planning the ICFR Audit Integration

More information

B U S I N E S S R I S K M A N A G E M E N T L T D

B U S I N E S S R I S K M A N A G E M E N T L T D B U S I N E S S R I S K M A N A G E M E N T L T D Governance, Risk and Compliance (GRC) After completing this course you will be able to Course Level Understand the requirements and benefits of GRC Develop

More information

Fraud Risk Management

Fraud Risk Management Fraud Risk Management Introduction Bethmara Kessler, CFE, CISA Campbell Soup Company 2017 Association of Certified Fraud Examiners, Inc. CPE Information 2017 Association of Certified Fraud Examiners, Inc.

More information

A Guide to IT Risk Assessment for Financial Institutions. March 2, 2011

A Guide to IT Risk Assessment for Financial Institutions. March 2, 2011 A Guide to IT Risk Assessment for Financial Institutions March 2, 2011 Welcome! Housekeeping Control panel on the right side of your screen. Audio Telephone VoIP Submit Questions in the pane on the control

More information

Control Environment Toolkit: Internal Audit Function

Control Environment Toolkit: Internal Audit Function III. MODEL DOCUMENT: INTERNAL AUDIT DEPARTMENT CHARTER ADOPTED BY THE AUDIT COMMITTEE OF THE COMPANY MEETING MINUTES NO OF 20 SIGNATURE OF THE CHAIRPERSON OF AUDIT COMMITTEE DATED THIS DAY OF, 20 Approved

More information

Enterprise Risk Management: Aligning Risk with Strategy & Performance June 26, :45 p.m. 4:45 p.m.

Enterprise Risk Management: Aligning Risk with Strategy & Performance June 26, :45 p.m. 4:45 p.m. Enterprise Risk Management: Aligning Risk with Strategy & Performance June 26, 2017 3:45 p.m. 4:45 p.m. Presented by: Marc Winkler Director P&G Associates 646 Highway 18 East Brunswick, NJ 08816 P: 877-651-1700

More information

Guidance Note: Corporate Governance - Board of Directors. January Ce document est aussi disponible en français.

Guidance Note: Corporate Governance - Board of Directors. January Ce document est aussi disponible en français. Guidance Note: Corporate Governance - Board of Directors January 2018 Ce document est aussi disponible en français. Applicability The Guidance Note: Corporate Governance - Board of Directors (the Guidance

More information

Guidance Note: Corporate Governance - Audit Committee. January Ce document est aussi disponible en français.

Guidance Note: Corporate Governance - Audit Committee. January Ce document est aussi disponible en français. Guidance Note: Corporate Governance - Audit Committee January 2018 Ce document est aussi disponible en français. Applicability The Guidance Note: Corporate Governance Audit Committee (the Guidance Note

More information

Road to Self Governance

Road to Self Governance Road to Self Governance Transform internal controls; sustain business performance 8 January 2015 Contents 1. Setting the Context 2. What needs to be done 3. Perspectives on IFC coverage 4. Leveraging IFC

More information

Translate stakeholder needs into strategy. Governance is about negotiating and deciding amongst different stakeholders value interests.

Translate stakeholder needs into strategy. Governance is about negotiating and deciding amongst different stakeholders value interests. Principles Principle 1 - Meeting stakeholder needs The governing body is ultimately responsible for setting the direction of the organisation and needs to account to stakeholders specifically owners or

More information

An Overview of the 2013 COSO Framework. August 2013

An Overview of the 2013 COSO Framework. August 2013 An Overview of the 2013 COSO Framework August 2013 Introduction Dean Geesler, KPMG Senior Manager Course Objectives Summarize the key changes from the 1992 Framework to the 2013 Framework including the

More information

Practices in Enterprise Risk Management

Practices in Enterprise Risk Management Practices in Enterprise Risk Management John Foulley Risk Management Practices Head SAS Institute Asia Pacific What is ERM? Enterprise risk management is a process, effected by an entity s board of directors,

More information

Quality Assurance and Improvement Program

Quality Assurance and Improvement Program Internal Audit Foundations Standards 1000, 1010, 1100, 1110, 1111, 1120, 1130, 1300, 1310, 1320, 1321, 1322, 2000, 2040 There is an Internal Audit Charter in place Internal Audit Charter is in place The

More information

risk management ERM Roles & Responsibilities In Community Banks: Who is Responsible for What?

risk management ERM Roles & Responsibilities In Community Banks: Who is Responsible for What? risk management ERM Roles & Responsibilities In Community Banks: Who is Responsible for What? By: John Hurlock, President JohnHurlock@smarterriskmanagement.com Kelly Lutinski, National Director KellyLutinski@smarterriskmanagement.com

More information

EFFICIENT USE OF AUDIT COMMITTEES

EFFICIENT USE OF AUDIT COMMITTEES AGENDA EFFICIENT USE OF AUDIT COMMITTEES BRENT YOUNG, CPA JERRY GAITHER, CPA Best practices related to: Audit Committee Process Internal Audit Risk Management 2 AUDIT COMMITTEE PROCESS AND PROCEDURES Audit

More information

Risk Advisory SERVICES. A holistic approach to implementing effective governance, managing risk and maintaining compliance

Risk Advisory SERVICES. A holistic approach to implementing effective governance, managing risk and maintaining compliance Risk Advisory SERVICES A holistic approach to implementing effective governance, managing risk and maintaining compliance Contents Weaver's Risk Advisory Services 1 Enterprise Risk Management 4 Assessing

More information

Internal Controls and Risk Management Report

Internal Controls and Risk Management Report 42 Internal Controls and Risk Management Report Responsibility Our Board of Directors has the overall responsibility to ensure that sound and effective internal controls are maintained, while management

More information

Charter for Group Internal Audit. Approved by the Chairman on behalf of the Board of Directors on 18 January 2018.

Charter for Group Internal Audit. Approved by the Chairman on behalf of the Board of Directors on 18 January 2018. Charter for Group Internal Audit 2018 Approved by the Chairman on behalf of the Board of Directors on 18 January 2018. Charter for Group Internal Audit 2017 Table of contents 1. Introduction... 3 1.1 GIA

More information

Assistance Options to New Applicants and Sponsors in connection with Internal Controls over Financial Reporting

Assistance Options to New Applicants and Sponsors in connection with Internal Controls over Financial Reporting Technical Bulletin - AATB 1 Issued March 2008 Technical Bulletin Assistance Options to New Applicants and Sponsors in connection with Internal Controls over Financial Reporting This Technical Bulletin

More information

CIA EXAM CONTENT. Part 1 :The Internal Audit Activitys Role in Governance Risk and Control

CIA EXAM CONTENT. Part 1 :The Internal Audit Activitys Role in Governance Risk and Control CIA EXAM CONTENT Part 1 :The Internal Audit Activitys Role in Governance Risk and Control A. Comply with The IIA's Attribute Standards (15-25%) (P) 1. Define purpose, authority, and responsibility of the

More information

Enterprise Risk Management: Developing a Model for Organizational Success. White Paper

Enterprise Risk Management: Developing a Model for Organizational Success. White Paper Enterprise Risk Management: Developing a Model for Organizational Success White Paper January 2009 Overview Less than a decade ago, Enterprise Risk Management (ERM) was an unfamiliar concept. Today, the

More information

Internal Controls: Providing an Effective Control Environment. Why This Session Is Needed. Lesson Overview & Module Objectives

Internal Controls: Providing an Effective Control Environment. Why This Session Is Needed. Lesson Overview & Module Objectives Internal Controls: Providing an Effective Control Environment Internal Controls 1 Why This Session Is Needed Uniform Guidance has expanded the requirements and increased the focus on internal controls

More information

Your committee: Evaluates the "tone at the top" and the company's culture, understanding their relevance to financial reporting and compliance

Your committee: Evaluates the tone at the top and the company's culture, understanding their relevance to financial reporting and compliance Audit Committee Self-assessment Guide The following guide summarizes leading audit committee practices discussed in the "Audit Committee Effectiveness- What Works Best" report. You may use it to help assess

More information

COSO Internal Control Integrated Framework update. INTOSAI Subcommittee on Internal Control Standards

COSO Internal Control Integrated Framework update. INTOSAI Subcommittee on Internal Control Standards COSO Internal Control Integrated Framework update INTOSAI Subcommittee on Internal Control Standards Cees Klumper RA MBA CIA Member of the COSO Advisory Council Chief Risk Officer of the Global Fund to

More information

Compliance Risk Management

Compliance Risk Management Compliance Risk Management Seventh Annual University Compliance Conference Society for Corporate Compliance and Ethics May 30, 2009 Robert F. Roach, NYU University Ethics and Compliance Officer Robert.Roach@nyu.edu

More information

Internal Audit & the Audit Committee

Internal Audit & the Audit Committee HCCA Audit & Compliance Committee Conference February 2008 Internal Audit & the Audit Committee Glen C. Mueller, CPA, CIA, CISA, CISM Scripps Health, San Diego, CA VP-Chief Audit & Compliance Executive

More information

INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING (STANDARDS)

INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING (STANDARDS) INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING (STANDARDS) ATTRIBUTE STANDARDS 1000 Purpose, Authority and Responsibility The purpose, authority, and responsibility of the internal

More information

6. IT Governance 2006

6. IT Governance 2006 6. IT Governance 2006 Introduction The Emerging Enterprise Model 3 p IT is an integral part of the business p IT governance is an integral part of corporate governance 4 Challenges for the IT IT gets more

More information

Understanding Changes to the Certified Internal Auditor Program for 2013

Understanding Changes to the Certified Internal Auditor Program for 2013 Understanding Changes to the Certified Internal Auditor Program for 2013 Certified Internal Auditor (CIA ) 2013 Content Change Overview: This document is provided by IIA Global Headquarters to explain

More information

Enterprise Risk Management: A Best Practice in Managing Federal Programs

Enterprise Risk Management: A Best Practice in Managing Federal Programs Business, Industry and Government Enterprise Risk Management: A Best Practice in Managing Federal Programs Nahla K. Ivy and Kenneth Shulman Over the past several years, many federal agencies have applied

More information

Certified Internal Auditor - Part 1, The Internal Audit Activity's Role in Governance, Risk, and Control

Certified Internal Auditor - Part 1, The Internal Audit Activity's Role in Governance, Risk, and Control IIA IIA-CIA-Part1 Certified Internal Auditor - Part 1, The Internal Audit Activity's Role in Governance, Risk, and Control https://killexams.com/pass4sure/exam-detail/iia-cia-part1 Question: 555 During

More information

Financial CIA-I. Certified Internal Auditor (CIA) Download Full Version :

Financial CIA-I. Certified Internal Auditor (CIA) Download Full Version : Financial CIA-I Certified Internal Auditor (CIA) Download Full Version : http://killexams.com/pass4sure/exam-detail/cia-i QUESTION: 225 To identify those components of a telecommunications system that

More information

Performance Risk Management Jonathan Blackmore, May 2013

Performance Risk Management Jonathan Blackmore, May 2013 Performance Risk Management Jonathan Blackmore, May 2013!@# Topics The world is changing How leading companies turn risk into results Back to basics 2 Company focus Market Risk Management an evolving journey

More information

716 West Ave Austin, TX USA

716 West Ave Austin, TX USA FRAUD-RELATED INTERNAL CONTROLS GLOBAL Headquarters the gregor building 716 West Ave Austin, TX 78701-2727 USA Figure 2.1 COSO defines an internal control as a process, effected by an entity s board of

More information

INTERNAL AUDIT CHARTER

INTERNAL AUDIT CHARTER INTERNAL AUDIT CHARTER I. MISSION II. SCOPE The mission of Internal Audit is to enhance and protect organizational value by providing risk-based and objective assurance, advice and insight. Internal Audit

More information

Director Training and Qualifications

Director Training and Qualifications 4711 Yonge Street Suite 700 Toronto ON M2N 6K8 Telephone: 416-325-9444 Toll Free 1-800-268-6653 Fax: 416-325-9722 4711, rue Yonge Bureau 700 Toronto (Ontario) M2N 6K8 Téléphone : 416 325-9444 Sans frais

More information

International Standards for the Professional Practice of Internal Auditing (Standards)

International Standards for the Professional Practice of Internal Auditing (Standards) Attribute Standards 1000 Purpose, Authority, and Responsibility The purpose, authority, and responsibility of the internal audit activity must be formally defined in an internal audit charter, consistent

More information

Policy and Procedures Date: November 5, 2017

Policy and Procedures Date: November 5, 2017 Virginia Polytechnic Institute and State University No. 3350 Rev.: 8 Policy and Procedures Date: November 5, 2017 Subject: Charter for the Office of Audit, Risk, and Compliance 1. Purpose... 1 2. Policy...

More information

Key Takeaways. Course Requirements. Delegates must meet the following criteria to be eligible for certificate of completion:

Key Takeaways. Course Requirements. Delegates must meet the following criteria to be eligible for certificate of completion: 111 Program Overview In today s ever-changing world, organizations are continuously faced with risks. These risks can have catastrophic impacts on an organization s success, reputation, and future. Unmanaged

More information

Enterprise Risk Management. Focus on the Future June 2017

Enterprise Risk Management. Focus on the Future June 2017 Enterprise Risk Management Focus on the Future June 2017 2017 Crowe 2017 Crowe Horwath Horwath LLP LLP Learning Objectives and Agenda Objectives Distinguish Risk Management from ERM Understand the Value

More information

State Street in the UK Pillar 3 Disclosure - Remuneration

State Street in the UK Pillar 3 Disclosure - Remuneration The following forms State Street s UK Pillar 3 disclosure under BIPRU 11.5.18R in respect of 2013. BIPRU 11.5.18R (1) Information concerning the decision-making process used for determining the remuneration

More information

20 Years in the Making. Meet the New ICIF: Revisions to COSO s Internal Control Integrated Framework. Dr. Sandra Richtermeyer COSO Board Member

20 Years in the Making. Meet the New ICIF: Revisions to COSO s Internal Control Integrated Framework. Dr. Sandra Richtermeyer COSO Board Member Meet the New ICIF: Revisions to COSO s Internal Control Integrated Framework Dr. Sandra Richtermeyer COSO Board Member Associate Dean and Professor of Accountancy Xavier University Cincinnati Ohio USA

More information

Enterprise Risk Management

Enterprise Risk Management BUSINESS RISK MANAGEMENT LTD Enterprise Risk Management Who should attend? Risk managers Managers and Directors responsible for the risk management function or process Senior Internal Auditors and audit

More information

Embedding Operational Risk

Embedding Operational Risk Embedding Operational Risk Banking & Payments Federation Ireland Angela Calapa, Risk & Regulatory Director Areas of Challenge for Embedding Operational Risk Most banks face a significant number of challenges

More information

Internal Control Questionnaire and Assessment

Internal Control Questionnaire and Assessment Bureau of Financial Monitoring and Accountability Florida Department of Economic Opportunity September 15, 2016 107 East Madison Street Caldwell Building Tallahassee, Florida 32399 www.floridajobs.org

More information

Guidance Note: Corporate Governance - Audit Committee. March Ce document est aussi disponible en français.

Guidance Note: Corporate Governance - Audit Committee. March Ce document est aussi disponible en français. Guidance Note: Corporate Governance - Audit Committee March 2015 Ce document est aussi disponible en français. Applicability The Guidance Note: Corporate Governance Audit Committee (the Guidance Note )

More information

Community Bankers Conference

Community Bankers Conference 3rd Annual Regional and Community Bankers Conference The Federal Reserve Bank of Boston Disclaimer NEVER WRONG DON T COMPLETELY RELY UPON Recent Developments in Audit Practice SOX, FDICIA 112, Other Robert

More information

Internal Financial Control (IFC)& Internal Financial Controls over Financial Reporting (IFCoFR)

Internal Financial Control (IFC)& Internal Financial Controls over Financial Reporting (IFCoFR) Internal Financial Control (IFC)& Internal Financial Controls over Financial Reporting (IFCoFR) Origin of IFC The first significant focus on internal control certification related to financial reporting

More information

DIRECTOR TRAINING AND QUALIFICATIONS: SAMPLE SELF-ASSESSMENT TOOL February 2015

DIRECTOR TRAINING AND QUALIFICATIONS: SAMPLE SELF-ASSESSMENT TOOL February 2015 DIRECTOR TRAINING AND QUALIFICATIONS: SAMPLE SELF-ASSESSMENT TOOL February 2015 DIRECTOR TRAINING AND QUALIFICATIONS SAMPLE SELF-ASSESSMENT TOOL INTRODUCTION The purpose of this tool is to help determine

More information

From Backyard Business to Public Company

From Backyard Business to Public Company From Backyard Business to Public Company The Changing Role of the Management Accountant IMA Michigan Fall Conference October 29, 2008 John Pollara CMA, IMA Chair Emeritus 1 2 3 4 5 6 7 8 9 10 11 12 Definitions

More information

Statement on Risk Management and Internal Control

Statement on Risk Management and Internal Control INTRODUCTION The Board affirms its overall responsibility for the Group s system of internal control and risk management and for reviewing the adequacy and effectiveness of the system. The Board is pleased

More information

METROPOLITAN TRANSPORTATION AUTHORITY

METROPOLITAN TRANSPORTATION AUTHORITY ENTERPRISE RISK MANAGEMENT AND INTERNAL CONTROL GUIDELINES Pursuant to Public Authorities Law Section 2931 Adopted by the Board on November 16, 2016 These guidelines apply to the Metropolitan Transportation

More information

Comments to be received by 31 January 2008

Comments to be received by 31 January 2008 29 October 2007 To: Members of the Hong Kong Institute of CPAs All other interested parties HKICPA DISCUSSION PAPER EXPOSURE DRAFT ASSISTANCE OPTIONS TO NEW APPLICANTS AND SPONSORS IN CONNECTION WITH INTERNAL

More information

Enterprise risk management Protecting and enhancing value Advisory

Enterprise risk management Protecting and enhancing value Advisory Enterprise risk management Protecting and enhancing value Advisory October 2016 kpmg.co.za 2016 KPMG Services (Pty) Ltd, a South African company and a member firm of the KPMG network of independent member

More information

ENTERPRISE RISK MANAGEMENT

ENTERPRISE RISK MANAGEMENT ENTERPRISE RISK MANAGEMENT PROFILE AND BACKGROUND JOHN TOSCANO, CPA, PARTNER 959-200-7211 john.toscano@cohnreznick.com John Toscano, CPA is a partner with CohnReznick LLP and leads the Firm s Independent

More information

Sample Corporate Risk Management Policy

Sample Corporate Risk Management Policy Sample Corporate Risk Management Policy This document provides a sample Risk Management policy which includes an overview of the key roles and responsibilities of the various stakeholders. Risk Oversight

More information

Enterprise Risk Management

Enterprise Risk Management 1 Enterprise Risk Management Building an Effective Enterprise Risk Management Program in a Community Bank Jay Gallo Chief Risk Officer Topics for Discussion 2 Defining Enterprise Risk Management Do Community

More information

Internal Control Questionnaire and Assessment

Internal Control Questionnaire and Assessment Bureau of Financial Monitoring and Accountability Florida Department of Economic Opportunity September 30, 2017 107 East Madison Street Caldwell Building Tallahassee, Florida 32399 www.floridajobs.org

More information

Leveraging Internal Audit and Corporate Compliance for Effective Risk Management

Leveraging Internal Audit and Corporate Compliance for Effective Risk Management Leveraging Internal Audit and Corporate Compliance for Effective Risk Management April 18, 2016 Don Sinko Chief Integrity Officer Cleveland Clinic Agenda Cleveland Clinic Integrity Office Model The 3 Lines

More information

Internal Auditors and Enterprise Risk Management (ERM) ICPAK Presentation

Internal Auditors and Enterprise Risk Management (ERM) ICPAK Presentation Internal Auditors and Enterprise Risk Management (ERM) ICPAK Presentation April 2014 Disclaimer This presentation is made by KPMG Kenya, a member firm of the KPMG network of independent firms affiliated

More information

Does your organization Establish Career Path for all Organizational Project Management Roles"?

Does your organization Establish Career Path for all Organizational Project Management Roles? Best Practice ID SAM Question Domain Process Improvement Stage 8640 Does your organizaron Control the Define Roadmap Control 8750 Does your organizaron Improve the Define Roadmap Improve 8760 Does your

More information

Lya Villasuso OECD Corporate Affairs Division Response ed to: RE: Corporate Governance and the Financial Crises

Lya Villasuso OECD Corporate Affairs Division Response  ed to: RE: Corporate Governance and the Financial Crises Richard F. Chambers Certified Internal Auditor Certification in Control Self-Assessment Certified Government Auditing Professional President April 16, 2009 Lya Villasuso OECD Corporate Affairs Division

More information