Global Mega Trends Transforming Business

Transcription

1 Focussing on the value journey Anton van Wyk, CIA, CRMA IIA Incoming Global Chairman April 2014 Global Mega Trends Transforming Business Rapid Technological advances 81% Urbanisation & social inequality 60% Resource scarcity & climate change 59% 1

2 CEOs Recognise the Need for Change Talent strategies Technology investments Customer growth and retention strategies Organisational structure/design Approach to managing risk Use and management of data and data analytics Supply chain R&D and innovation capacity Channels to market Investment in production capacity 81% 80% 82% 81% 73% 76% 64% 73% 71% 65% Global Internal audit functions that are perceived by stakeholders as high performing are finding ways to break out of the cycle and more effectively contribute to their organisation s ability to manage risk. 2

3 Audit Committees Ever Increasing Responsibilities Financial reporting Appropriateness of accounting policies Disclosure requirements Fairness The Integrated Report Audit Committee: Areas of focus External audit Appointment and remuneration Scope of work Independence requirements Significant audit findings/recommendations Reviewing the performance of external auditors Risk management & internal control Understanding the key risk areas Effectiveness of controls Fraud risk Combined assurance Internal audit Charter, authority and resources Scope of work Internal audit effectiveness Responses to internal audit recommendations Maintaining & measuring effectiveness Training needs Maintaining financial literacy Annual performance evaluation of audit committee Communicating & reporting Relations with management Updates and recommendations to the full board Reports to the board and shareholders Regulatory, compliance & ethical matters Effectiveness of system for ensuring compliance with laws and regulations Code of conduct / ethics Whistleblowing Eight Foundational Attributes of Internal Audit Quality and innovation Business alignment Service culture Technology Internal Audit Risk focus Talent model Cost effectiveness Stakeholder management pwc s 2014 SOTP study 3

4 Effective internal audit Evolving risk landscape The risk landscape Think and act strategically Align resource allocations Leverage the second line of defense Provide deeper insight Connect to business strategy Understand the business Deliver advice and best practices Leverage specialists Stakeholder relationships Build trust through ongoing dialogue Simplify reporting, make it consumable Link to market trends Higher stakeholder expectations Focus on critical risks and issues Match talent model to the value proposition Deliver costeffective services Eight core attributes 4 Engage and manage stakeholder relationships 7 Leverage technology efficiently 2 Align value proposition with stakeholders expectations 5 Enable a client service culture 8 Promote quality improvement and innovation The foundation Three Lines of Defence Governing Body / Board / Audit Committee Senior Management 1 st 2nd 3rd Line of defence: Line of defence: Line of defence: Function and line management are responsible for operationalising risk management and internal controls Risk management and compliance functions are responsible for establishing and monitoring policies and standards Internal audit is responsible for providing objective assurance and advise on governance, risk and compliance 4

5 The Journey to Capture Unrealised Value Align expectations Build capabilities Deliver quality Increase value Assurance provider Unrealised value Problem Solver Assurance provider Insight generator Problem Solver Assurance provider Trusted advisor Insight generator Problem Solver Assurance provider Perceived Value Providing value-added services and proactive strategic advice to the business well beyond the effective and efficient execution of the audit plan Taking a more proactive role in suggesting meaningful improvements and risk assurance Bringing analysis and perspective on root causes of issues identified in audit findings to help business units take corrective action Function/Role Delivering objective assurance of the effectiveness of an organisations internal controls pwc s 2014 SOTP study Trusted Advisors Have Higher Performance on 8 Foundational Attributes Focusing on critical risks and issues the company is facing 53% 84% Aligning scope and audit plan with stakeholder expectations 64% 83% Delivering cost-effective services 44% 79% Engaging and managing a relationship with the stakeholders Delivering services with a service oriented team 52% 51% 75% 78% Promoting quality improvement and innovation 29% 73% Obtaining, training and/or sourcing the right level of talent for audit 45% 68% 29% 51% Leveraging technology effectively in the execution of audit services 20% 40% 60% 80% 100% Percent of respondents indicating internal audit was performing well *Representative sample of the 18 capabilities surveyed Assurance providers Trusted advisors pwc s 2014 SOTP study Expanded expectations and alignment of stakeholder expectations creates an opportunity for Internal Audit to raise its performance and provide added value to the organisation. 5

6 Building the Capabilities to Deliver on Expectations 100 Foundational skills Advanced skills Financial controls General IT Fraud and ethics Compliance and Specific IT platform IT/cyber security Business continuity Data analytics Data privacy regulatory(including specific regulations) Assurance provider Trusted advisor Trusted advisors are performing at a significantly higher level because of the purposeful plan to obtain skill sets most valued by the organisation. pwc s 2014 SOTP study Trusted advisors are focused on communicating the value they bring to the organisation through the recommendations they provide and their involvement in emerging issues rather than classic value measures such as successful completion of the audit plan. pwc s 2014 SOTP study 6

7 The Value Journey 4 C s Credibility, Connectivity, Competency, Communication Credibility Understand the organistion and what it does Align and agree on critical risks and expectations Consider: Future needs and emerging issues and risks; Market trends; Regulatory expectations; The first and second lines of defense Proactively share expectations with open lines of communication across the key stakeholder group Facilitate discussions with stakeholders Achieving alignment of expectations and critical risks is a significant step towards internal audit improving its credibility, relevance and value to the business. 7

8 Connectivity Roles and Responsibilities CAE Leads the design Pro-active in communicating Board Members Pro-active input on the design Facilitates alignment when needed Approves design Executive Management Active participation in design Supports the basis of the design Connectivity the Audit Committees Continue with traditional coverage financial controls and fraud and ethics Increase coverage in less traditional areas (stakeholder dependent) large program assessments, new product introductions, capital project management, IT risk areas and mergers and acquisitions o keep abreast of the evolving responsibilities of the AC o become more agile in approach and skill to meet these needs o ensure planned outcomes are achieved/valued o be nimble in changing responses to company strategy shifts o know the market and trends o Identify new areas for coverage during the next planning cycle 8

9 Competency Align to the eight foundational attributes Skill up to address risk challenges Be able to articulate the thread from the internal audit plan to the organisation s business model, strategy and risk landscape Exhibit business acumen attributes Measure impact of changes in approach with stakeholders Be responsive, objective and inclusive in all dealings with stakeholders Be able to develop a strategy fit for the future and the skills to deliver it Be able to tell the story and not just write it help solve problems through objective eyes. Communication Communicate with audit committee chair and board on internal audit mandate Discuss annually IA s role with key stakeholders (align with expectations) Meet with management and board members to agree on expectations Encourage top-down/specific communication with IA team members on expectations Survey stakeholders on IA s performance / adherences to stakeholder expectations Meet with external stakeholders (incl regulators and external auditors) to discuss expectations Capture internal audit expectations on company s internal website CAE s of internal audit functions that are seen as trusted advisors are leveraging the tactics above to communicate across the organisation to stay the course of alignment on expectations and delivering value. 9

10 Communication Performance and Value Metrics Measure involvement and value provided in all key initiatives and emerging risk areas Provide macro/horizontal views on key issues and areas of critical risk to the organisation Be a change agent in the organisation IA s influence in improving the overall control environment year on year. Develop annual voice of the customer survey Answer questions from the Board and Management. Enhance the value of recommendations provided Facilitate cost savings and revenue enhancement based on internal audit recommendations and findings The path to delivering value CAEs must be robust but pragmatic, have courage but diplomacy, and have enough resource to do the job they are meant to do. They must come at things from a risk standpoint but have a reasonable amount within their plan for ad hoc and contingency work and consider what s going on in the dynamic business environment in which they operate. Leading CAE 10

11 Potential Areas of Focus The Next 12 Months Percent of respondents reporting that Internal Audit should be more involved in the next 12 months* Increased reliance on Big Data and business analytics Off-shoring, re-shoring, and related organisational Business transformation/change management Velocity of change in the business environment Increasing emerging risks and black swan activities More complex supply chains Faster pace of internal change Merges, acquisitions, and divestitures Growing numbers of stake holders Shifts in international trade and payments Innovation around product,service,business Analytics Operating model Managing Change Emerging Risks Business Impact Stakeholders Climate change and environmental issues Changes in talent/staffing/resources Changing customer needs/behaviors Shifts in financial and commodity markets (commodity 10% 20% 30% 40% 50% 60% 70% 80% 90% Assurance providers Trusted advisors *Base = those who said the area was among the biggest drivers of change in the next year pwc s 2014 SOTP study The Path Forward Audit Committee: Ask More Management: Expect More CAEs: Deliver More Ever increasing expectations of internal audit Demands that critical business risk coverage is aligned with their views on risk Be prepared to answer if internal audit has a strategic plan and resources to deliver AC to enable internal audit to be what it should be quality, delivery and value being key Will expect internal audit to perform at a higher level and bring more value Will expect internal audit to have a stronger enterprisewide risk assessment process Will expect internal audit to deliver value for the investment but recognise the need to invest Will expect a robust dialogue with internal audit and provision of candid feedback Deliver high quality on foundational areas Deliver a strategic vision that aligns with stakeholder expectations Deliver value for investment Deliver proactively 11

12 Thank You 12