How to Measure the Value of Your Internal Audit Group

Similar documents
Improve GRC Maturity through Combined Assurance

MEGA S SOLUTIONS FOR GOVERNANCE, RISK, AND COMPLIANCE

Third Party Risk Management ( TPRM ) Transformation

Trusted by more than 150 CSPs worldwide.

RSA ARCHER INSPIRE EVERYONE TO OWN RISK

Crowe Consumer Compliance Consulting Services

RouteONE Helping enhance the real value from SAP GRC Risk Management

DUBAL s ISO based ERM Program

Agile Risk Assessment Reinventing RCSAs

Strategies to Mitigate the Cost of a Risky Third-Party Relationship

Extended Enterprise Risk Management

Reengineering your core processes and service layer A critical digital ecosystem enabler

Five Tips: How to measure the value of your internal audit department

RSA ARCHER IT & SECURITY RISK MANAGEMENT

Operational Excellence By Automating Operational Risk Management. February 4, 2016 Doug Hatler, EVP of Sales

IBM Sterling B2B Integrator

Cisco Tidal Intelligent Automation for SAP

Risk Advisory Services Developing your organisation s governance for competitive advantage

BlackLine Compliance

Enterprise Compliance Management for Credit Unions

OPTIMISING INFORMATION WORKFLOW MANAGEMENT (IWM) IN BANKING

Generating value within the Risk Ecosystem Risk powers performance

Building a Framework for Effective Third-Party Risk Management (TPRM)

Case Study Webinar: Vendor Risk Management at Global Lending Services

Boards and internal audit: Working together to strengthen risk management

Intelligent automation and internal audit

Internal Audit Solutions:

SOLUTION BRIEF RSA ARCHER AUDIT MANAGEMENT

Maximizing value from your lines of defense

Blockchain Unleashed: Petrochemical Industry Impact

SOLUTION BRIEF RSA IDENTITY GOVERNANCE & LIFECYCLE SOLUTION OVERVIEW ACT WITH INSIGHT TO DRIVE INFORMED DECISIONS TO MITIGATE IDENTITY RISK

Fast Forward Shareholder Value from your SAP Investment using IBM Rational

RouteONE Helping enhance the real value from SAP GRC Access Control

Crowe Activity Review System

IBM Service Management Buyer s guide: purchasing criteria. Choose a service management solution that integrates business and IT innovation.

Four Best Practices To Improve Quality In the Supply Chain. Lower supply chain risks and cost of quality

LEADING WITH GRC. The Return of the ERM Extending Beyond It s Past Scope. Brenda Boultwood, SVP Industry Solutions, MetricStream

COMPLIANCE TRUMPS RISK

EY Center for Board Matters. Leading practices for audit committees

Point of View on AI & Cognitive. Deloitte Cognitive Lab

RSA Solution for egrc. A holistic strategy for managing risk and compliance across functional domains and lines of business.

Solution Sheet. Profitable SME Lending

Streamline Physical Identity and Access Management

RSA. Sustaining Trust in the Digital World. Gintaras Pelenis

Achieve Continuous Compliance via Business Service Management (BSM)

RSA ARCHER MATURITY MODEL: AUDIT MANAGEMENT

EY Forensic & Integrity Services

Internal Audit Challenges & Opportunities Speaker: Laurie Shen, Director, Grant Thornton LLP

EY Center for Board Matters Boards and internal audit

Corporate Functions & Business Operations

Business Risk Intelligence

Business Process Services: A Value-Based Approach to Process Improvement and Delivery

Evolving Core Tasks for Improved Internal Audit Performance. Copyright 2018 AuditBoard Inc. 1

Identify and Manage Third Party Vendor Risks:

Using data analytics and continuous auditing for effective risk management

5 Core Must-Haves for Improved Internal Audit Performance. Copyright 2018 AuditBoard Inc. 1

What s the cost of control? Keeping control of your business when cash is king

Demystify Governance, Risk & Compliance For Lifesciences

Securing Intel s External Online Presence

Learning and Knowledge enabling the magnet for talent

Asset Acceptance Capital Corp.

The winning tax transformation trinity. Data, technology and operations

Presentation for INCC LUMS 2008 May 2, 2008 Presented by Shahed Latif, KPMG LLP, Silicon Valley

Control and testing transformation

On the road(map) again. Balancing the emerging regulatory requirements in the Middle East public sector

Data rich governance. Three keys to leading consumer data and information practices. kpmg.com

FUELING FINANCE S NEEDS FOR INSIGHTS WITH SAP S/4HANA

Navigating the New Health Economy

Vendor Management Risk Mitigation:

Board Audit Committee Training Automation of Audit Function. Anthony Wanyoike TeamMate Consulting East, Central & West Africa

7 Key Trends in Enterprise Risk Management

Emerging & disruptive technology risks

Big data strategy to support the CFO and governance agenda

GOVERNANCE. Overview. The Governance Module can address all applicable standards and regulations.

Finance & Performance Management Services. Helping organizations master the finance capabilities that drive high performance

Are you prepared for this Challenge? The new COSO Enterprise Risk Management Framework

SOLUTION BRIEF EU GENERAL DATA PROTECTION REGULATION COMPLIANCE WITH RSA ARCHER

Key Success Factors for Digital Transformation in the Banking Industry

IBM Sterling B2B Integrator for B2B Collaboration

Powered by technology, our experts are unlocking the value of your audit. Dynamic Audit

PART THREE: Work Plan and IV&V Methodology (RFP 5.3.3)

Gain strategic insight into business services to help optimize IT.

CLAconnect.com/creditunions. Impact the Future of Credit Unions

IBM INDUSTRY GO TO MARKET MODEL

Simplifying the Risk & Compliance THE PREMISE

Manage Risk. Enhance Compliance. Boost Profitability.

Financial Institutions Consulting. Quality service. Personal attention.

Fulfilling CDM Phase II with Identity Governance and Provisioning

Architecting Business Flexibility. KC Wu, Vice President Cisco Value Chain IT

10/18/2018. London Governance, Risk, and Compliance

Utility of Analytics Analytics in India. Rajarshi Sengupta Deloitte Touche Tohmatsu December 10, 2014

Solution Sheet. Profitable Small Business Lending

Regulatory Change Management. French Caldwell, Chief

Optimizing an Enterprise Wide Effective Vendor Risk Management Program. Pam Schott Head and VP Enterprise Supplier Governance

SOLUTION BRIEF EU GENERAL DATA PROTECTION REGULATION COMPLIANCE WITH RSA ARCHER

BMC - Business Service Management Platform

Why PMOs Fail: Is Your Organization at Risk?

ENABLE DIGITAL - % COMPLETE ENGAGED WORKFORCE - % COMPLETE

CGMA Competency Framework

FINRA 2090/2111 Solutions & Expertise

Transcription:

How to Measure the Value of Your Internal Audit Group Best practices to follow, pitfalls to avoid and success metrics to measure May 17, 2012

Agenda Strategic challenges: Implications for the enterprise How to address challenges and add value How technology can help?

Organizational Implications of the New Reality Operational Risk Management The new centerpiece of Organizational Strategy IMPLICATIONS FOR THE ORGANIZATION Strategic Increasing pace of regulatory changes Stringent enforcement New global and local regulations Differing interpretations Convergence in risk management Need for greater assurance Tactical Generating business value Increasing Volume BIG DATA Increasing complexity of information Revealing the opaque Need to rationalize Simplify to improve facilitation

Divergent Path: Operational Losses & Business Performance Increasing Increases Decreases Operational Losses Business Performance Internal Fraud Return on Investment External Fraud Employment Practices and Workplace Safety Clients, Products, & Business Practice Cost of Investment Growth Prospects Competitive Advantage Damage to Physical Assets Business Disruption & Systems Failures Reducing Operations Execution, Delivery, & Process Management Market Goodwill

Strategic Challenges for Internal Audit New product development: exposure to new risks Mobile banking and payments, multi-family lending, residential lending and refinancing Convergence in risk management Operational, IT, vendor, regulatory, credit, market Increasing pace of regulatory changes and related risks Stringent enforcement means financial and strategic impact Information overload and differing interpretations Need for greater risk assurance Rating agency, board, investor requirements

The rising cost of Operational Risk Credit Losses RISKS * UDAAP Late Projects Fair Lending Weak/anemic loan demand RISKS * Enforcement Actions Social Media Information asymmetry Concerned Customers Suspicious Investors Aggressive Competitors Strategic Costs Financial Costs Continuing Instability Economic Volatility Corporate Credit THREATS Politics Law & Regulations Corporate Governance Compliance Costs Operational Costs Scarcity of Resources Adapting Technology Changing Processes RISKS * Information Security National Mortgage Settlement RISKS * Vendor Management Incomplete Documentation

Implications for the Enterprise THREATS RISKS IMPLICATIONS FOR THE ENTERPRISE Compliance Costs UDAAP Fair Lending National Mortgage Settlement Act Civil money penalties Headline news Stock downgrades Re-classify loans to nonaccruing Financial Costs Enforcement Action Social Media Limits dividend payment Hold on M&A Consumer expectations regarding real time responses Information Asymmetry Inconsistent data taxonomy

Implications for the Enterprise THREATS RISKS Credit Losses IMPLICATIONS FOR THE ENTERPRISE Insufficient tier one capital Strategic Costs Late Projects Weak/anemic loan demand Loss of competitive edge De-risking the portfolio to re-set the product portfolio Vendor Management Risk assessments, oversight Operational Costs Inadequate documentation Information Security Loan buy-backs, hold for servicing Maintain trust

Confluence of Operational Risk and Reputational Risk in a Social World One reflects on the other Social Media Chief Marketing Officer Chief Risk officer Chief Communications Officer Marketing Sales Customer Service HR Risk Management convergence Integration Analysis

Operational Losses: Bigger than your calculations 1 Operational Loss Incident 5.6 Bn Personal Communication Devices 2 Bn People Connected to the Internet 3 Tr Interconnected intelligent devices 2.9 Mn 20 Hrs 50 Mn 700 Bn 375 MB Emails every second Youtube Video Upload/min Tweets per day Mins on facebook/month Household data consumption/day IMPLIES Word will spread Organizations can no longer hide Losses will spill over - Reputational impact on future business Incidents will be forever - Loss incidents will live on forever

How Well Organizations Manage These Risks? Source: PWC Survey Report 2012 State of Internal Audit

How to address challenges and add value?

Importance of IA s contribution to monitoring risks Source: PWC Survey Report 2012 State of Internal Audit

Risks that receive less attention from internal audit Source: PWC Survey Report 2012 State of Internal Audit

Risk areas in which stakeholders and CAEs want/plan to add internal audit capabilities Source: PWC Survey Report 2012 State of Internal Audit

Risk-driven Internal Audit System Helps align audits with risks and organizational goals Helps in identifying critical areas

Integrate Activities with Others Transcend organizational silos, and establishes an integrated audit management Help align audits with risks and organizational goals Help identify all issues, internal as well as external such as issues related to compliance reporting, regulations, self-assessments etc. Enhance collaboration with other assurance functions and senior management

Cross-Organizational GRC Platform Develop common risk & business framework for cross-organizational alignment Leverage cross-organization governance, risk & compliance activities Identify & mitigate issues across the organization (regulatory, compliance etc. ) Internal Audits Enterprise Risk Operational Risk Corporate Compliance Issue Tracking & Resolution Library Organizations Processes Controls Risks Tests IT Audits SOX Policy Management Fraud others

Communicate Clearly Specify & Simplify the Facts Adopt a highly structured & standardized method of reporting audit results Report should highlight critical information across the organization Should provide valuable risk insights and intelligence Should provide top-level visibility for CAEs, highlighting key risk areas Decision making process should be streamlined and real-time, based on hard facts and data

How Technology Can Help?

Technology Strategy Broad Communication of Company Centralized Visibility Technology Unified Risk Program Workflow-Based Solutions Reusable library of risks and Controls Centralized Repository Decentralized Point Solutions Risk Effectiveness

Universal and Consistent Information Model Comprehensive Definition of Risk Relating it to Business Growth and Profitability Board Directives Corporate Governance Organizational Structure Business Objectives Areas of Compliance Functions Processes Risks Controls Growth FSA IT Process 1 Op Risk Control 1 Profitability FIRNA Treasury Process 2 IT Risk Control 2 Market Share PCI Lending Process 3 Reputation Control 3 Services Quality ISO SOX Sales Marketing References Policies/Documents Risk Assessments Issues Regulation 1 Regulation 2 Standard 1 Standard 2 Policy 1 Procedure 1 Work Instruction 1 Risk-Based Requirement-Based Business Unit-Based Action Plan Implement Monitor

Information Model supports Audit Planning Process Risk Library Auditable Entities Annual Audit Plan Audit Universe Audit Projects Risk 1 Risk 2 Risk 3 Business Unit 1 Business Unit 2 Process 1 Process 2 Policy 1 Policy 2 Process 1 Process 2 Site 1 Site 2 Key Risks Audit Project 1 Audit Project 2 Audit Project 3 Risk 1 Risk 3 Template Repository Audit Project Work Program Template Checklists Questionnaires Control Test Plans Tasks & Milestones Work Paper Documents Workflows, Emails & Alerts Draft & Final Reports

Manage the Complete Audit Lifecycle Perform all types of audit-related activity on a single integrated platform Project Management Active Resource Management Calendar Control Milestone Tracking Enable a targeted, risk-based audit with consistent analysis & assessment of risks Eliminate errors & inconsistencies through standardized data collection Powerful reporting and analytics for real-time visibility Improve the overall efficiency and productivity

Things To Look After For Your Audit Infrastructure must Align business focus on the right set of business risks Provide an integrated framework to collate crucial information Ensure optimal resource utilization and effectiveness Simplify compliance with embedded regulatory content & standards Provide real-time business intelligence and risk insights Increase collaboration across the enterprise Respond to change quickly Better justify & manage costs

Succeeding in a Risk-Focused Environment Common information model leverages business line risk assessments Multiple sites, regulations, functions Collaboration driven Standardized data collection to eliminate errors and inconsistencies Manage compliance, risk and audits as a central function Integrated and real-time information flow Leveraging internal and external sources Decision making and performance management Easy access to analytics - with minimal manual work Tied to a closed-loop remediation, corrective actions processes Seamless integration between compliance, risk and audit process

Risk Monitoring and Reporting at Sterling Bank* Committees review their risks and KRIs according to a defined review schedule and report on actions taken to mitigate high residual risks ECER reviews key residual risks and actions plans Board committee receives business risk reports Credit and Risk Committee Executive Credit & Risk Committee Audit Committee Monitors Legal risk Governance and Compensation Committee *Used with permission

About MetricStream Vision Integrated Governance, Risk & Compliance (GRC) for Better Business Performance Solutions Audit Management Risk Management Corporate and Supplier Governance Regulatory and Operational Compliance Quality Management Partners Governance Differentiators Big 4 KPMG, PWC, Deloitte, E&Y System Integration Firms like Tata Consultancy, TBD Networks Associations SIFMA, IIA, GARP, RMA, NACD, Policy Makers Kleiner Perkins Caufield & Byers (Google, Amazon, Cisco, Genentech) Integral Capital Partners 650+ employees with strong-growth (60% year-on-year) Technology - Enterprise GRC Platform Breadth of Solutions Single Vendor for all GRC needs Cross-industry Best Practices and Domain Knowledge ComplianceOnline.com - Largest GRC Portal on the Web GRC Consulting & Advisory Services

Thank You Susan Palm Vice President, Industry Solutions MetricStream, Inc. spalm@metricstream.com

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback