Audit Committee Reporting: Trends and Best Practices. Claudio de los Rios CPA, CA, Wolters Kluwer November 1, 2016

Transcription

1 Audit Committee Reporting: Trends and Best Practices Claudio de los Rios CPA, CA, Wolters Kluwer November 1, 2016

2 Claudio de los Rios Canadian CPA,CA Public accounting and Tax in Vancouver, Canada Deloitte, PwC, KPMG Internal Audit Hewlett Packard, ebay, PayPal, OmniVision Technologies, Activision Blizzard Wolters Kluwer TeamMate Sr. Director, Strategic Market Development Title of presentation 2

3 Agenda Key Concepts 2014 Audit Committee Reporting Survey Results 10 Opportunities to Enhance Your Audit Committee Materials & Reporting 3

4 Key Concepts An effective relationship between the audit committee and the (organization s) internal auditors is fundamental to the success of the internal audit function. Are reports and other communications from internal auditors to the audit committee of an appropriate standard and do they provide value? Audit Committee Resource Guide, Deloitte, January

5 Key Concepts to be successful, internal audit is less about presenting audit results and more about engaging executives and board members in thoughtful consideration of current challenges. Key Questions to Address: Can your organization take data and turn it into useful intelligence? Can your organization provide comparative information? Is your organization showing value of insights delivered by internal audit? Insight: Delivering Value to Stakeholders IIA Research Foundation,

6 Key Concepts Note strong focus on concepts: providing value thoughtful considerations useful intelligence providing comparative information Do not focus on report formats! 6

7 2014 Audit Committee Reporting Survey Results 7

8 Survey Background More than 300 audit executives surveyed regarding the following areas: Format of audit committee reporting Content provided to the audit committee Extent of current reporting practices Frequency of specific reporting activities Survey Data Augmented with insights from over half a dozen interviews with IA Leaders including current and former heads of COSO as well as current Audit Committee heads. Developed a set of 10 recommendations to enhance audit committee reporting methods, communications and content. 8

9 Survey Background & Demographics Location Organization Type Department Size 65% 1% 8% 7% 19% 42% 1% 4% 7% 22% 25% 2% 8% 12% 24% 28% 26% Central or South America Africa Asia/Pacific Region Europe and the Middle East North America Partnerships Educational Institutions Not-for-profit Organizations Government Agencies Private Companies Public Corporations Depts with more than 100 members Depts with members Depts with members Depts with members Depts with 6-10 members Depts with 1-5 members 9

10 Polling Devices Everyone should have a polling device Your responses are anonymous only group statistics are captured Please return at the end of the session 10

11 Do you provide the audit committee with: (Check all that apply) A. Copies of all audit reports B. Summaries of all audit reports C. Only audit reports with certain ratings or significant findings D. Summaries of audit reports with certain ratings or findings 48% 21% 17% 14% A. B. C. D. 11

12 Do you provide the audit committee with: (Check all that apply) Copies of all audit reports 43% Does this help the AC focus? Summaries of all audit reports 49% Only audit reports with certain ratings or significant findings 12% Summaries of audit reports with certain ratings or significant findings 35% 0% 10% 20% 30% 40% 50% 60% 12

13 Average total time to compile, prepare and distribute audit committee package is: A. 1-4 hours 38% 38% B. 5-8 hours C. 1-3 days 13% 10% D. More than 3 days 1-4 hours 5-8 hours 1-3 days More than 3 days 13

14 Average total time to compile, prepare and distribute audit committee package is: 1-4 hours 5% 4-8 hours 16% 1-3 days 49% More than 3 days 30% 0% 10% 20% 30% 40% 50% 60% 14

15 How satisfied are you with the quality of your Audit Committee materials? A. I believe we have a leading edge package 39% B. Generally very satisfied C. Somewhat satisfied D. Our format is set and it is adequate 5% 21% 15% 20% E. Not really satisfied A. B. C. D. E. 15

16 How satisfied are you with the quality of your Audit Committee materials? According to KPMG's 2015 Global Audit Committee Survey, audit committee members rate much of the information they receive as good but are searching for more and better information 16

17 10 Opportunities to Enhance Your Audit Committee Materials & Reporting 17

18 Framing the 10 Opportunities Focus on identifying knowledge and information that is valuable to the audit committee as opposed to report formats. Note connections & interrelationships between opportunities. Tailor reporting and materials to the specific needs and expectations of your audit committee. Approach as a strategic, relationship-building opportunity and not a tactical exercise. 18

19 1. Share materials with the Audit Committee more frequently To better inform your audit committee, provide members with periodic information and updates between committee meetings Good communications is an iterative process focusing on: Valuable information and knowledge not formats Building relationships and trust Think broadly about what kinds of materials and information would be of value to the audit committee: Audit committee articles and practices Risk and business-related materials Look beyond audit results 19

20 Reassess the type, nature and frequency of communications with the AC Chair 1 Goal establish a clear and effective channel between the two parties 60% of respondents indicated they hold discussions with the AC Chair to help the AC set priorities BUT half of these do this by Audit committees prefer timely and candid verbal communications David Landsittel, a former COSO chair There is much to gain from conducting executive sessions between audit chairs and CAEs. Such meetings provide the opportunity for the type of candid and constructive conversations that build rapport and strengthen the relationship 20

21 Enhance Relationships and Build Confidence 1 Expand the range of internal audit presenters to the audit committee - include direct reports to the CAE and other IA staff as appropriate. Informal meetings or events involving the audit committee and members of the internal audit staff. Have members of the audit committee conduct a critical review of internal audit's reports. Do they provide valuable insight? Do they reflect a strong knowledge of the organization and your primary areas of operation? 21

22 2. Utilize more automated reporting support Leverage technology to enhance informationsharing and expand scope of activities Consider board portals Take your corporate culture into account Assess director receptivity to newer technology Meet with audit committee to review options 22

23 How are audit committee materials provided to the members 2 A. In hard copy only B. Electronically plus hard copy 54% 35% C. Only Electronically D. Made available on a website In hard copy only 12% Electronically plus hard copy Only Electronically 0% Made available on a website 23

24 Ways to Enhance Audit Committee Materials: Current Considerations 2 24

25 3. Conduct a formal review of your audit committee materials and format During the last 2 years, have you conducted a formal review of the format and/or content of your audit committee materials with the audit committee to identify possible enhancements 52% 48% A. Yes B. No Yes No 25

26 Executive Review of AC Materials 3 Do you review AC material with executive management BEFORE sending it to the Audit Committee? Why not? Gain advance support on key issues from management and the external auditor Bob Hirth COSO Chair 26

27 4. Pursue greater Management involvement in follow-up on reporting issues Ample opportunity for internal audit to foster greater involvement from management in the reporting process. Though hard to achieve, can significantly enhance the stature and positioning of internal audit. 27

28 How do you handle open audit issues, including management responses & follow up? 4 TeamMate 2014 Survey Results Internal audit develops an updated status-report on open audit issues, including management responses and follow-up, and discusses the report with the audit committee Management develops an updated status-report on open audit issues BUT internal audit briefs the audit committee on report findings Management develops an updated status-report on open audit issues AND reviews report with audit committee 71% 16% 4% Other 8% 28

29 Increase management s responsibility for reporting the status of audit issues 4 Since management is responsible for following up on reporting activities, take steps to reinforce that responsibility 1. Find a champion within management to assist with the follow-up reporting process 2. Reposition internal audit as function providing assurance on actions as opposed to group responsible for the actions 3. Assist management by providing a streamlined technology solution to track and report on corrective actions 29

30 5. Provide More Periodic Trending Information Audit Committees gain significant value from trending types of information: helps them gain a sound overall assessment of an organization s systematic and thematic risk and control issues. predictive capabilities 30

31 Types of Trending Information Provided 5 TeamMate Insight: Audit committees find trending information extremely valuable in assisting them to see broader thematic and systemic issues. 31

32 How to improve? 5 Analyze trending information currently being provided to the audit committee. Does it seek to identify thematic and systemic issues? Ask senior management and members the audit committee what types of trending information they would find most valuable Revise internal audit processes to capture trending data as part of your ongoing procedures Sometimes, it s just about presentation 32

33 Playable graphs and tables 5 33

34 6. Provide more Risk Information to the Audit Committee The need to understand an organization s risks and risk management practices is a fundamental challenge for audit committees. CAEs have significant opportunities to step up and position themselves as trusted advisors to their audit committees Consider how to acquire and share information on emerging risks As an opportunity, consider the types of risk reporting only being used by a minority of survey respondents (next slide) Demonstrate the direct linkage between changes to the organization s risk profile and changes to the audit plan 34

35 Types of Risk Information Provided 6 35

36 7. Explore Combined Reporting Opportunities Audit committees appreciate and value combined reporting that contributes to consensus-building and the development of sound, enterprise-wide profiles of risks and controls. Only 28% of survey respondents prepare any materials on a combined basis with other risk-and-control functions. Suggests potential for many internal audit groups to increase stakeholder value by exploring additional opportunities for combined reporting. 36

37 Areas Where Internal Audit Prepares Audit Committee Materials on a Combined Basis with other Risk & Control Functions 7 When it comes to collaborating with other risk-and-control functions for combined audit committee materials, Enterprise Risk Management (ERM) leads the way for those following this practice. 37

38 Combined Reporting - Key Success Factors 7 Play the role of catalyst: Develop a common framework Think about cooperation and working together not about changes in organizational structure Be aware of potential silo issues View the exploration of combined-reporting activities as an opportunity to increase information and knowledge sharing with other risk and control functions 38

39 8. Determine what types of internal audit opinions are valued by the audit committee When it comes to providing an annual opinion to the audit committee only 40% of survey respondents do so. The experts interviewed in our process believe there is more value in selective assurance (wherein internal audit provides an opinion on a specific area or process) rather than an overall blanket opinion. 39

40 Overall Internal Audit Opinions 8 40

41 Key Considerations: Providing an annual opinion 8 Would your audit plan support issuance of an overall opinion? Ask whether management sees value in an opinion If yes, determine what type of opinion that might be Per previous chart, top area of focus for respondents providing an opinion: Assessing Adequacy/Overall System of Controls Also consider areas such as risk management and adequacy of financial controls Discuss opinion value with audit committee chair 41

42 9. Enhance reporting on internal audit quality and performance. Do you provide the audit committee with any type of annual internal audit report on quality or performance? 51% 49% A. Yes B. No Yes No 42

43 Types of information reported annually 9 43

44 10. Help the audit committee focus and set priorities Basic challenge facing audit committees: the need to sift through volumes of materials to determine what really matters to their work. For internal auditors looking to provide value to their primary stakeholders, this challenge spells opportunity. 44

45 Techniques to Help the Audit Committee Set Priorities 10 Do you have any specific techniques to help the audit committee set priorities? 82% A. Yes B. No 18% Yes No 45

46 Techniques to Help the Audit Committee Set Priorities 10 * Other, including (1) Developing Matrix of Audit Committee Responsibilities, (2) Ranking Audits by Degree of Impact on Organization, (3) Use of Audit Ratings, and (4) Identifying the Severity of Each Audit Finding 46

47 Discussions with the Audit Committee Chair 10 CAEs, in particular, can help facilitate audit committee discussion on key Issues. a pre-meeting call between the CAE and audit committee chair provides the CAE with an opportunity to play the role of advisor and recommend specific areas of focus for the audit committee agenda Well before meeting dates, send out deep-dive background information to the audit committee 47

48 Visual Analytics 10 Purpose Tell the story / communicate the message Assist the reader in thinking/reasoning about the topic Enable rapid comprehension / interpretation Support decision making Inform / provide insight Establish credibility 48

49 Visual Analytics examples 10 49

50 Visual Analytics examples 10 50

51 Visual Analytics examples 10 51

52 Visual Analytics examples 10 High Risk Issue by City 52

53 Resources Available 53

54 Thanks for your time