Issue 2 GLOBAL PERSPECTIVES AND INSIGHTS: Beyond the Numbers Internal Audit s Role in Nonfinancial Reporting

Similar documents
Issue 8. GLOBAL PERSPECTIVES AND INSIGHTS Internal Audit and External Audit. Distinctive Roles in Organizational Governance

Internal Audit 2017: Global Trends and Outlook. Richard F. Chambers, CIA, QIAL, CGAP, CCSA, CRMA President & CEO, The Institute of Internal Auditors

From Dubai to Beijing

Members by Region The Global IIA in 2017 International Affiliates: 39 Members: 47,410 YOY Change: +1% 190,000+ MEMBERS COUNTRIES & TERRITORIE

Can the EU Directive on nonfinancial reporting give you a competitive advantage?

Proposed Enhancements to The Institute of Internal Auditors International Professional Practices Framework (IPPF)

April 12, Attn: Mr. Chris Spedding, Secretary to the Committee. Responded via to

IIA Global Update. Director, IIA Global Board Chair, IIA Global Audit Committee

DRAFT Feb 2018 GPAI GLOBAL PERSPECTIVES AND INSIGHTS. Internal Audit in the Age of Disruption

Relationships and Risk

Mr. Paul Druckman Chief Executive Officer, International Integrated Reporting Council

Stock markets are mainstreaming non-financial reporting. Are New Zealand companies ready?

International <IR> Framework Implementation Feedback

Tailoring IPPF Implementation

GLOBAL PERSPECTIVES AND INSIGHTS Artificial Intelligence Considerations for the Profession of Internal Auditing. Special Edition

Practice Guide. Developing the Internal Audit Strategic Plan

IFC Corporate Governance Progression Matrix for Listed Companies. (Integrating Environmental, Social, and Governance Issues)

GLOBAL PERSPECTIVES AND INSIGHTS The IIA s Artificial Intelligence Auditing Framework. Practical Applications, Part A.

International trends and <IR> Framework feedback Sarah Grey, Markets Director International Integrated Reporting Council

Strategy: The Breakthrough Phase

Linking the GRI Standards and the European Directive on non-financial and diversity disclosure

Technical Director International Auditing and Assurance Standards Board 545 Fifth Avenue, 14 th Floor New York, New York USA

GLOBAL ADVOCACY PLATFORM

Drive Your Career Forward IIA Certifications and Qualifications

The IIA s Global Strategic Planning. European Session Advance Material and Worksheet

Improve GRC Maturity through Combined Assurance

Maximizing value from your lines of defense

Voices on Reporting -

Internal Audit independence arrangements

MAKING HEADWAY IN EUROPE

2014 Global Council. Dubai, UAE 6-9 March 2014 DAY 2. globaliia.org

EU Directive on disclosure of non-financial and diversity information. The role of practitioners in providing assurance POSITION PAPER

Webinar on An Evolving Corporate Reporting Landscape

2018 GLOBAL REPORT EXECUTIVE BRIEF: THE ARTIFICIAL INTELLIGENCE IMPERATIVE

Consultation questions

2015 THROUGH RESULTS INTEGRATED THINKING THE BENEFITS OF INTEGRATED REPORTING <IR>

IPPF Practice Guide. Interaction with the Board

The Superstar CFO. Optimizing an increasingly complex role. A research brief prepared in collaboration with SAP

The <IR> Journey in Practice: Insights from Early Adopters in Singapore

Caribbean Association of Audit Committee Members Inc. Independent Quality Assurance Assessment of the Internal Audit function

Trends in European Governance and Internal Audit Martin Stevens CIA, CFSA, CRMA

Sustainability Services Driving responsible growth

Re: IOSCO Consultation Report, Good Practices for Audit Committees in

CONTENTS. Acknowledgments... iv. 1: Introduction : Why have organizations chosen to seek compliance with the Standards?...2

Corporate Sustainability Reporting for development: An introduction

WHITE PAPER 5 TIPS FOR MANAGING FOOD AND BEVERAGE SUPPLY CHAIN

A Holistic Framework for Business Excellence

Supervisory Committee Expectations of Internal Audit

Good Practices of the Audit Committee

INTEGRATED ASSURANCE FOR NON-FINANCIAL REPORTING

CSR / Sustainability Governance and Management Assessment By Coro Strandberg President, Strandberg Consulting

External Quality Assessment of the Internal Audit Activity at the World Food Programme

International Federation of Accountants International Auditing and Assurance Standards Board 545 Fifth Avenue, 14th Floor New York, New York USA

Insights into the new GRI Standards Launched October 2016

Implementation Guide 2000

CYPRUS INSTITUTE OF INTERNAL AUDITORS

ISAE 3420, Assurance Reports on the Process to Compile Pro Forma Financial Information Included in a Prospectus

EU Directive: disclosure of non-financial information and diversity information

The Value of Consulting Assuring Audit Committee & other Key Stakeholders of IA s Quality

Global Shipping and Logistics

June 2016 Issue 05/2016

Lya Villasuso OECD Corporate Affairs Division Response ed to: RE: Corporate Governance and the Financial Crises

Implementation Guide 1300

What We Will Cover Today

Consultation questions

CONNECTING THE INTERNAL AUDIT DOTS AN OVERVIEW OF INTERNAL AUDIT S ROLE, SCOPE, STANDARDS AND ENGAGEMENT APPROACH

Compilation Engagements

MAINTAINING TRUST AMID SHIFTING CONSUMER DEMANDS

getting materiality right a whitepaper by brownflynn

PULSE OF INTERNAL AUDIT Navigating an Increasingly Volatile Risk Environment.

PROMOTING A COLLABORATIVE ENVIRONMENT AMONG RISK MANAGEMENT, INTERNAL AUDIT, AND COMPLIANCE DEPARTMENTS. ANDREW SIMPSON, CISA COO CaseWare RCM Inc.

Environmental, social and governance (ESG) materiality assessment

Law Firm Procurement Roundtable Executive Summary. hbrconsulting.com HBR Consulting LLC. All rights reserved.

Supply Chain Management

Internal Audit Quality Analysis Evaluation against the Standards International Standards for the Professional Practice of Internal Auditing (2017)

Should boards and CEOs care about COSO ERM 2017? By Tim J. Leech

IFAC S SUPPORT FOR A SINGLE SET OF AUDITING STANDARDS: AUDITS OF SMALL- AND MEDIUM-SIZED ENTITIES

Mind the Gap Assuring Stakeholders of Internal Audit s Value. Anton van Wyk, CIA, QIAL, CRMA IIA Global Chairman 2014/2015

Intergovernmental Working Group of Experts on International Standards of Accounting and Reporting (ISAR)

DJSI 2017 Results Webcast September 2017

Corporate Services. EY has your back office

Balanced Scorecard Reporting

Internal Audit of the Future Evolution of Internal Audit Due to Digitisation. Cheryl Khor Asia Pacific Operational Risk Leader Deloitte

Consultation questions

Global Mega Trends Transforming Business

Ms. Maridel Piloto de Noronha, PAS Secretariat Via

I D C M a r k e t S c a p e : W o r l d w i d e B u s i n e s s C o n s u l t i n g S e r v i c e s V e n d o r A n a l y s i s

A look at the varied roles of internal auditors by... ALL IN A DAY S WORK INTERNAL AUDITING:

EUROPEAN CONFEDERATION OF INSTITUTES OF INTERNAL AUDITING (IVZW)

Integrated reporting. Tips for organizations on elevating value EY Integrated Report summary brochure_v.15.indd 1

Consultation questions

INTERNAL AUDIT: CHALLENGES OF A DEVELOPING PROFESSION. Introduction

Global Trends of Sustainability Reporting

Managing your risk, creating value: The role of Internal Audit and emerging technologies

Law Firm Procurement Roundtable Executive Summary. hbrconsulting.com HBR Consulting LLC. All rights reserved.

Redefining Value: Measurement, Valuation and Reporting led by the WBCSD

Ethics in Emerging Economies Implication for Businesses. Copyright 2003 by the Center for Ethical Business Cultures. 1

THREE-YEAR STRATEGIC PLAN UPDATE v1

Implementing Category Management for Common Goods and Services

Targeting transparency

Transcription:

Issue 2 GLOBAL PERSPECTIVES AND INSIGHTS: Beyond the Numbers Internal Audit s Role in Nonfinancial Reporting

Contributors Amina Batool Sustainability Reporting Advisor, The Co-operative Group United Kingdom Silvio de Girolamo Chief Audit & CSR Officer, Autogrill Group Italy Mark Jongejan Senior Vice President, Global Audit Americas, Heineken International United States Advisory Council Table of Contents The Role of Internal Audit in Nonfinancial Reporting... 5 The IIA s Position... 5 Be the Change Agent... 6 Participate in Project Teams... 7 Provide Assurance... 7 Partner with External Audit... 7 Closing Thoughts... 8 Nur Hayati Baharuddin, CIA, CCSA, CFSA, CGAP, CRMA IIA Malaysia Lesedi Lesetedi, CIA, QIAL African Federation IIA Hans Niewlands, CIA, CCSA, CGAP IIA Netherlands Karem Obeid, CIA, CCSA, CRMA Member of IIA United Arab Emirates Ana Cristina Zambrano Preciado, CIA, CCSA, CRMA IIA Colombia Reader Feedback Send questions or comments to globalperspectives@theiia.org. Copyright 2015 by The Institute of Internal Auditors, Inc., ( The IIA ) strictly reserved. Any reproduction of The IIA name or logo will carry the U.S. federal trademark registration symbol. No parts of this material may be reproduced in any form without the written permission of The IIA. 2

Beyond the Numbers: Internal Audit s Role in Nonfinancial Reporting Internal auditors are familiar with annual reports crisp recitations of organizational activities, a few words from the CEO, eye-catching graphics, pages of financial outcomes, and, for publicly traded companies, a long list of required disclosures relating a vast array of sometimes confusing and mind-numbing detail. The reports encompass everything the reader needs to know about the company, especially if that reader is contemplating investing in the organization. Right? Maybe not. Increasingly, investors and other stakeholders want more from company reporting. They want to know if the organization is operating sustainably, if it monitors its impacts on the environment, if it is mindful of social issues such as diversity and equal opportunity. When making decisions about supporting a company, stakeholders increasingly expect a more comprehensive report one that goes beyond financial health. Many organizations also want stakeholders to have improved insight into activities they perform that benefit the greater public good or serve a public interest. Nonfinancial reporting fills the void by reporting quantitative and qualitative information that falls outside the scope of mainstream financial statements. Though not an exhaustive list, related terms include corporate social responsibility (CSR) reporting; sustainability reporting; integrated reporting; holistic reporting; enhanced reporting; service efforts and accomplishments reporting; and environmental, social, and governance (ESG) reporting. 1 This is not a passing trend the European Union has required nonfinancial reports for some 6,000 organizations across member countries; 2 global frameworks and standardized approaches to nonfinancial reporting are gaining recognition; and globally, organizations are expected to increase spending on sustainability assurance by 20 percent over the next five years. 3 In 2013, KPMG et al published the results of a survey on corporate reporting in 45 countries. 4 It found 134 mandatory policies and 53 voluntary policies related to at least some aspects of nonfinancial reporting, among countries such as Australia, Brazil, China, France, India, Indonesia, Japan, Mexico, Singapore, and South Africa. Directive 2014/95/EU The European Directive on nonfinancial reporting became effective on 6 December 2014. It requires some 6,000 large organizations with more than 500 employees to disclose nonfinancial information that, at a minimum, must include information on environmental matters, social and employee-related matters, respect for human rights, and anticorruption and bribery matters. This nonfinancial information may be integrated with financial information, or presented in a separate report. In addition, European Union Member States may require that information contained in the nonfinancial report be verified by an independent assurance services provider. Member States must make the necessary provisions to comply with the Directive by 6 December 2016. 1 Nonfinancial reporting is the term used in this article to describe such reporting unless the context indicates otherwise. 2 Directive 2014/95/EU on disclosure of non-financial and diversity information by certain large undertakings and groups, 2014 3 Verdantix, Sustainability Assurance: Global Market Forecast 2015-2020, June 2015 4 KPMG, Centre for Corporate Governance in Africa, Global Reporting Initiative, and United Nations Environment Program, Carrots and Sticks: Sustainability reporting policies worldwide today s best practice, tomorrow s trends, 2013 3

Getting Started For internal audit departments whose organizations are just starting down the path to nonfinancial reporting, internal auditors should develop an enhanced understanding of what nonfinancial reporting is trying to achieve. They should plug themselves into discussions on strategic priorities, risks, and execution challenges. The focus should be on consistency, reporting both positive and negative results. Data quality (financial and nonfinancial) should be part of every internal audit. Therefore, during the planning phase, internal auditors should always ask themselves if there are any sustainability-related KPIs to be included in the audit scope. Another suggestion is to start with a deep dive into the organization s sustainability mission and activities, followed by a maturity assessment. At the first stage, the organization reports on compliance with relevant laws and regulations. At the second stage, the organization measures and monitors sustainability performance. The third stage is when the organization actively manages and continuously improves performance. Based on the maturity level, internal audit should identify metrics and measures, define reliance on other lines of defense, and determine how to perform relevant assurance and advisory services. The Role of Internal Audit in Nonfinancial Reporting A lot is riding on organizational reporting. It is not enough for the company to be managed in a sustainable way; it must also ensure that stakeholders know it is being managed in that way. Consequently, what and how a company reports can represent a significant strategic risk. Enter internal audit, which is uniquely positioned to make valuable contributions throughout the reporting development and deployment cycle. The involvement of internal audit should be viewed as non-negotiable. It can: Offer recommendations about what should be contained in the report. Support the board of directors and executive management by providing assurance on the reliability and consistency of the information. Contribute to sustainable performance itself by assessing whether all the risks that may have an impact on stakeholder evaluation and support are considered. The credibility of information reported to the public by a company cannot be sufficiently strong without some level of assurance. While it will take time for cost-effective assurance models over nonfinancial reporting to emerge and evolve, internal audit is central to any viable assurance model. So, if internal audit does not step up on nonfinancial reporting, other assurance providers will, and internal audit s role as an independent provider of assurance may, at the company s expense, become less relevant. The opportunity for proactive internal audit functions is substantial, but so is the risk if internal audit is passive. The IIA s Position In keeping with its position as the leading voice for internal audit worldwide, The IIA has articulated the contribution internal audit can make to nonfinancial reporting through a number of venues. In December 2014, The IIA issued a response to the International Integrated Reporting Council s (IIRC) paper, Assurance on <IR>: An Introduction to the Discussion. The IIA pointed out that, because the use of <IR>, or integrated reporting, is not mandated and no implementation method is fully defined, there is no single way to provide assurance on it (at least not yet). To that end, The IIA noted the need for globally accepted standards to guide assurance around <IR>, and recommended a review of existing standards to determine whether they can be revised or new ones must be developed. Ultimately, for <IR> to achieve its potential, it must be regarded as credible and reliable, which means that assurance both internal and external must have a significant role. 4

The IIRC recently issued the results of its call for comments on the role of assurance in <IR>. The comments echo the need for assurance over <IR>, but they also stress the need for the assurance role to evolve in alignment with the relatively immature discipline of <IR>, which is sure to innovate and change over time. According to IIRC respondents, practitioners who are engaged in providing assurance over <IR> will need a comprehensive understanding of how value is created for the organization and others 5 by leveraging the characteristics already generally attributed to internal auditors independence, professional judgment, and objectivity. This puts internal audit squarely in the middle as a key player in any evolving <IR> assurance model. The IIA believes internal audit can play at least four critical roles as it relates to supporting organizational governance over nonfinancial reporting: Being a change agent for integrated thinking in the organization, a necessary precursor to nonfinancial reporting. Participating in the project team, to provide guidance to implementation plans and performance. Providing assurance on the accuracy and reliability of the information being reported, both internally and externally as appropriate. Partnering with external assurance providers to ensure that the engagement is performed efficiently, reliably, and cost-effectively. Be a Change Agent for Integrated Thinking Think first, then do. Nonfinancial reporting, inclusive of CSR, sustainability, <IR> and other types of reports falling outside of the financial statement realm, requires new approaches to thinking, as well as doing. Savvy organizations have recognized that nonfinancial reporting can do more than inform stakeholders; the nonfinancial reporting process can help leaders make real-time, strategic business decisions. However, that outcome cannot be realized solely through the production of a oncea-year report. It springs from a culture of integrated thinking all year, at all levels of the enterprise. Senior management must be the primary catalyst for integrated thinking and integrated reporting. But in its third line of defense role in providing assurance on the effectiveness of governance, risk management, and controls, internal audit can support integrated thinking by focusing on recommendations that include collaborative action plans and promote organizational effectiveness and improvement. So what is integrated thinking? Integrated thinking entails a sense of commitment among employees and an acknowledgment of accountability to the stakeholders that the organization impacts Practical Tips and Techniques The following are examples of how one large Asia-Pacific organization addressed challenges and opportunities in establishing good practices for nonfinancial reporting: Established a group disclosure committee to ensure appropriateness, completeness, and accuracy of disclosures of information, including both financial and nonfinancial reporting. Created a cross-functional team, led by a nonfinancial reporting subject matter expert to drive implementation and champion the cause. Developed a balanced scorecard that is used to set KPIs, drive behavior, and measure performance. The balanced scorecard is included in the nonfinancial report. Ensured that internal audit had the necessary resources to adopt a risk-based approach in providing assurance on the adequacy, effectiveness, and robustness of internal controls over nonfinancial reporting. Set the expectation for internal audit to work with members of the management committee, including the chief executive officer (CEO), chief financial officer (CFO), and chief risk officer (CRO), at the beginning of each year to prioritize the top 10 focus areas, taking into account the strategic priorities and KPIs embedded in the balance scorecard. 5 IIRC, Assurance on <IR>: Overview of feedback and call to action, 2015 5

For More Information Organizations Global Reporting Initiative (GRI; www.globalreporting.org) International Integrated Reporting Council (IIRC; www.integratedreporting.org) Sustainability Accounting Standards Board (SASB; www.sasb.org) (U.S.) Governmental Accounting Standards Board (GASB) Service Efforts and Accomplishments (SEA) Reporting (www.seagov.org) Publications Chartered Institute of Internal Auditors, The Role of Internal Audit in Non-financial and Integrated Reporting, 2015 The European Confederation of Institutes of Internal Auditing (ECIIA), Non-Financial Reporting: Building trust with internal audit, 2015 The IIA Audit Executive Center, Integrated Reporting and the Emerging Role of Internal Auditing, Flash Report, 2013 The IIA (IIA France, IIA Netherlands, IIA Norway, IIA Spain, IIA UK and Ireland), Enhanced Integrated Reporting: Internal Audit Value Proposition, 2015 The IIRC, Assurance on <IR>: Overview of feedback and call to action, 2015 and that impact the organization. It is a mindset dedicated to actively seeking and identifying issues and finding solutions. It relies on collaboration at all levels, including governance, to achieve better outcomes. For organizations that are not thinking in an integrated way, internal audit can help drive the organization to enhance reporting by emphasizing the importance of placing integrated thinking in advance of integrated, or nonfinancial reporting. When an organization has adopted an integrated mindset, everyone speaks the same language. There is a strong sense of purpose; there is clarity of strategy that is simple yet differentiated; there is strong alignment and collaboration across functions; there is a strong customer following; and the enterprise is an employer of choice. And an internal audit department that exhibits integrated thinking is well plugged into the strategy, direction, and execution challenges and can translate this thinking into an integrated assurance approach. Participate in Project Teams Internal audit can play a consulting or advisory role in addition to providing assurance. As an advisory or participant in nonfinancial reporting teams, internal audit can help the organization understand how it can evolve across all relevant nonfinancial reporting matters. As well, internal audit can make recommendations about consistency, alignment with external guidance, and, most importantly, reliability of source data. Since many organizations have focused on the reliability of financial reporting controls, there is opportunity to improve internal controls to enhance the veracity of reporting nonfinancial data. Participation on project teams to address enhancing the control environment over such data is an area where internal audit should be highly visible and contributory. However, care must be taken to maintain organizational independence and refrain from taking ownership of nonfinancial reporting risks or controls. Provide Assurance An evolving area of potential focus for internal auditing in some companies today is providing assurance on the preparation of nonfinancial or integrated reports. Internal audit can provide assurance on not only the reported outcome, but especially on the processes that produce both quantitative data and qualitative information. Using a risk-based methodology, giving consideration to what an investor or external stakeholder may find to be most valuable in terms of reported nonfinancial data, internal audit can play a role in a deep dive into the details in an effort to provide assurance, for example, on greenhouse gas emissions of a manufacturing plant. In the context of continuous change, it is more relevant to perform assurance on resilience and on the capacity of the company to react to different risks and opportunities. This is important with respect to the organization s ability to deliver short-, medium-, and long-term value. Partner With External Audit External audit firms, and other consulting experts, are more than willing to provide assurance and other services related to nonfinancial reporting, ranging from the 6

strategic (development of a sustainability strategy) to the tactical (benchmarking, data analysis, and report preparation). The participation of external service providers in supporting an organization on its nonfinancial reporting journey raises questions about the relationship between external audit, other service providers, and internal audit in the process. The reliability of data included in nonfinancial reporting is integrated in various internal audit activities throughout the year. Internal audit has organizational independence, a broad perspective on the business, and more in-depth knowledge of the processes that produce the outcomes for the reporting. To maximize the benefits in the most cost-efficient manner, internal audit should partner with any external service provider in the realm of nonfinancial reporting services from development to ultimate assurance. Closing Thoughts Perhaps the final word on nonfinancial reporting and assurance is that ultimately, the market, as influenced by regulators, legislators, and other third parties, will determine the most appropriate assurance model. Many companies still have a way to go. But regardless of the model developed, internal audit is well positioned to contribute substantially to assuring that nonfinancial reports are purposeful, reliable, and, most importantly, credible. About The IIA The Institute of Internal Auditors Inc. (IIA) is a global professional association with over 180,000 members across more than 170 countries and territories. The IIA serves as the internal audit profession s chief advocate, international standard-setter, and principal researcher and educator. www. Reader Feedback Send questions or comments to globalperspectives@theiia.org. The opinions expressed in Global Perspectives and Insights are not necessarily those of individual contributors or of the contributors employers. 7

9/2015-1619

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback