Advisory Services Governance, Risk & Compliance

Similar documents
Auditing Governance at Board level October 2017

Your committee: Evaluates the "tone at the top" and the company's culture, understanding their relevance to financial reporting and compliance

Fraud Risk Management

CSR / Sustainability Governance and Management Assessment By Coro Strandberg President, Strandberg Consulting

Internal Auditing 2011: It s Time to Fill the Glass

Sample Corporate Risk Management Policy

Role of Board of Directors in Risk Management. CPA Erick Audi Thursday, 15 th November 2018

Audit of Entity Level Controls

Caribbean Association of Audit Committee Members Inc. Independent Quality Assurance Assessment of the Internal Audit function

EY Center for Board Matters. Leading practices for audit committees

Strate Compliance with King III. Prepared by: Company Secretary

The COSO Risk Framework: A reference for internal control? Transition from COSO I to COSO II

B U S I N E S S R I S K M A N A G E M E N T L T D

Sample Strategy and Value Oversight Policy

Global Mega Trends Transforming Business

AEC Corporate Governance Framework

The Future of Internal Auditing:

Corporate Governance Principles 2015

From Dictionary.com. Risk: Exposure to the chance of injury or loss; a hazard or dangerous chance

COSO ERM: Integrating with Strategy and Performance. Michael Parkinson

Basel Committee on Banking Supervision. Stress testing principles

Catching Fraud During a Recession Through Superior Internal Controls. FICPA s 25 th Annual Accounting Show. J. Stephen Nouss September 29, 2010

CGIAR System Management Board Audit and Risk Committee Terms of Reference

Increasing the Intensity and Effectiveness of Supervision

Risk Management Strategy

Practice Guide ASSESSING ORGANIZATIONAL GOVERNANCE IN THE PUBLIC SECTOR

2013 New COSO 2013 Framework and Current Trends in Risk Management

Boards and internal audit: Working together to strengthen risk management

DIRECTOR TRAINING AND QUALIFICATIONS: SAMPLE SELF-ASSESSMENT TOOL February 2015

Consultation paper (CP 24) High-level principles for risk management

29/11/2017. Risk Management Policy

Guidance Note: Corporate Governance - Audit Committee. January Ce document est aussi disponible en français.

Statement on Risk Management and Internal Control

RISK MANAGEMENT FRAMEWORK OF THE CGIAR SYSTEM

Session 7: Corporate Governance

Next-generation enterprise risk management

APPLICATION OF THE KING IV TM PRINCIPLES

GUIDANCE NOTE FOR DEPOSIT TAKERS (Class 1(1) and Class 1(2))

QUILTER PLC ( Quilter or the Company ) BOARD RISK COMMITTEE TERMS OF REFERENCE

IoD Code of Practice for Directors

EY Center for Board Matters Boards and internal audit

TRANS HEX GROUP LIMITED REGISTER OF APPLICATION OF THE KING IV PRINCIPLES

Enterprise Risk Management Integrated with Strategy & Performance

Risk management & internal control. Understanding of key risk areas Effectiveness of controls Fraud risk

Risk Management Guidelines of the CGIAR System

Guidance Note: Corporate Governance - Board of Directors. January Ce document est aussi disponible en français.

The Value of Consulting Assuring Audit Committee & other Key Stakeholders of IA s Quality

Business Context of ISO conform Internal Financial Control Assessment

STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL

1 RISKS AND GOVERNANCE COMMITTEE CHARTER Validated by the Board of Directors on March 28, 2017

IRM s Professional Standards in Risk Management PART 1 Consultation: Functional Standards

Enhancing Audit Committee Excellences through Internal Audit. 21 November 2017

Finance, Audit & Risk Management Committee Terms of Reference

HCCA Audit & Compliance Committee Conference. February 29-March 1, Drivers of ERM. Enterprise Risk Management in Healthcare.

Practice Guide. Developing the Internal Audit Strategic Plan

Chatham-Kent Health Alliance. Internal Control Framework Assessment - Executive Summary

Enterprise risk management Protecting and enhancing value Advisory

Risk frameworks. Driving business strategy with effective risk frameworks

REPORT 2016/033 INTERNAL AUDIT DIVISION

RISK AND AUDIT COMMITTEE

Agenda. How the strategy was developed. Update from your feedback in the first Informal Consultation. Implementation plan and progress so far

This role provides independent and objective assurance and consulting services to both

Evolving Core Tasks for Improved Internal Audit Performance. Copyright 2018 AuditBoard Inc. 1

An Overview of the 2013 COSO Framework. August 2013

Risk Advisory SERVICES. A holistic approach to implementing effective governance, managing risk and maintaining compliance

Enterprise risk management Protecting and enhancing value Advisory

CHARTER OF THE GOVERNANCE COMMITTEE NATIONWIDE MUTUAL INSURANCE COMPANY NATIONWIDE MUTUAL FIRE INSURANCE COMPANY NATIONWIDE CORPORATION

Aligning and Integrating ERM and Business Process. Federal ERM Summit September 9, :00-12:00

STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL

International Finance Corporation

RISK MANAGEMENT POLICY. [Section 134 of the Companies Act, 2013 read with Clause 49]

Part 3 Accountability and Audit:

REPORT 2015/077 INTERNAL AUDIT DIVISION

CORPORATE GOVERNANCE FRAMEWORK

National Policy Corporate Governance Principles. Table of Contents

Guidance Note: Corporate Governance - Audit Committee. March Ce document est aussi disponible en français.

LEVERAGING COSO ACROSS THE THREE LINES OF DEFENSE

SUMMARY OF KING IV PRINCIPAL DISCLOSURES. Leadership, ethics and corporate citizenship

Report. Quality Assessment of Internal Audit at <Organisation> Draft Report / Final Report

ERM vs. Internal Audit

Deloitte Governance Framework and Maturity Model

We confirm that the representations we make in this letter are in accordance with the definitions as set out in Attachment I to this letter.

Translate stakeholder needs into strategy. Governance is about negotiating and deciding amongst different stakeholders value interests.

Auditing corporate governance

Internal Controls and Risk Management Report

Are you prepared for this Challenge? The new COSO Enterprise Risk Management Framework

Active Essex Risk Management Strategy

TIGER BRANDS LIMITED REGISTER OF APPLICATION OF THE KING IV PRINCIPLES IN THE REPORT ON CORPORATE GOVERNANCE FOR SOUTH AFRICA 2016

Enterprise Risk Management Aligning Risk with Strategy and Performance COSO ERM Framework Update

Introduction. The Assessment consists of:

Risk Management Culture: The Linkage Between Ethics & Compliance and ERM September 14, 2009

Enterprise Risk Management Discussion American Gas Association Risk Management Committee Meeting

A FRAMEWORK FOR AUDIT QUALITY. KEY ELEMENTS THAT CREATE AN ENVIRONMENT FOR AUDIT QUALITY February 2014

SCCE Compliance & Ethics Institute. Agenda. Trust & Verify: Investigation and Compliance Forensic Tools. September 16, 2014

Enterprise Risk Management Report

KING IV APPLICATION REGISTER. We do it better

Agenda. Enterprise Risk Management Defined. The Intersection of Enterprise-wide Risk Management (ERM) and Business Continuity Management (BCM)

Risk Advisory Services Developing your organisation s governance for competitive advantage

LeiningerCPA, Ltd. RISK MANAGEMENT POLICY STATEMENT

Audit committee performance evaluation

Transcription:

Advisory Services Governance, Risk & Compliance Caribbean Association of Audit Committee Members Inc. 2010 Conference Caretakers of Integrity and Accountability: The Role of Internal Audit in Corporate Governance PwC

Agenda Objectives Introduction The new role for Internal Audit Repositioning the Internal Audit function Questions

Objectives

Objectives Understand the new business environment and how it impacts on corporate governance practices Define internal audit s role in this new environment Identify the measures necessary to enable internal audit to fulfil this mandate 4

Introduction: Fitting the pieces together

Corporate Governance defined... No standard definition of corporate governance, but a number of common principles have been identified Direction and management of corporations Objective setting and achievement Risk assessment and monitoring Performance optimization Protection of stakeholders Enhancement and sustainability of shareholder value Accountability between management, board, and shareholders 6

The Role of the Board of Directors Core board responsibilities include: - Board dynamics (ensuring the board works effectively) - Management evaluation, compensation and succession planning - Strategy and planning - Transformational transactions (managing mergers and acquisitions) - Risk Management - Measuring and monitoring performance (financial and non-financial reporting) - External communications (disclosure to the market) - Tone at the top (demonstrating good business behaviour) 7

What works best Director responsibilities have increased substantially over the last 10 years Complexity of business operations Expanded geographical scope Increased demands on time for research, meetings, interaction outside of meetings Increasing trend towards to use of litigation in the event of adverse performance Approach involves delegating specific functions to board sub-committees Sub-committee composition specifically tailored to meet technical requirements of specific area 8

The Role of the Audit Committee Core responsibilities Financial reporting Oversight of risk management and internal control Regulatory compliance and ethics Relationships Board of Directors Management Internal audit External audit Other stakeholders 9

The Role of the Audit Committee Supporting initiatives to promote efficiency Training Developing and maintaining financial literacy Performance evaluation 10

The Role of the Audit Committee Significant linkage between oversight of risk management and internal controls and relationship with internal audit Underscored by definition of internal audit an independent, objective assurance and consulting activity designed to add value and improve an organisation s operations. It helps an organisation accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes. Institute of Internal Auditors 11

Risk Oversight vs. Risk Management Oversight is means by which the board determines that the entity has in place a robust process for identifying, prioritising, sourcing, managing and monitoring its critical risks and that the process is continuously improved as the business environment changes. Used to the board to: Obtain understanding of risk inherent in strategy and risk appetite Verify and assess critical assumptions underlying strategy Identify dysfunctional behaviour that can lead to excessive risk taking Provide feedback to executive management 12

Risk Oversight vs. Risk Management Risk Management is a function of management Includes appropriate oversight and monitoring to ensure policies are carried out and processes are executed in accordance with management s selected performance goals and risk tolerances 13

The Evolving Role of Internal Audit

After the Storm... It is acknowledged that risk management failures contributed to recent economic turmoil Corporate governance deficiencies nullified impact of risk management processes in place Lack of transparency, accountability and escalation in affected institutions Many directors and executive managers were unaware of extent of risk undertaken Fresh look needed... 15

Internal Audit at the Crossroads Recent focus for Internal Audit has been to support enhancement of internal controls and controls-related monitoring Internal controls now within the purview of business owners General level of internal controls has improved Value added by Internal Audit is perceived to have been decreased New value proposition required Focus on risk-assurance Paradigm shift to a risk-centric mindset 16

Internal Audit in the New Economic Environment Stakeholders primary concerns are risk assessment and risk management Internal Audit traditional focus is controls oriented Internal Audit must adopt an all-inclusive conceptual approach to audit, risk assessment, and risk management beyond the traditional narrow focus on internal controls Phased approach: Internal controls Compliance Informal risk assessment Functional enterprise-wide risk management 17

Changing Role for Internal Audit Transaction Focus Stand Alone Function Participating With Management Process Focus Supporting Management Self-Assessments Audit for Coverage Risk Exposure/Identification Enterprise Risk Management Auditor Detection Prevention Enhancement Consultant 18

The Prerequisites Engage stakeholders to understand and respond to, their expactations Partner with other risk and control functions within the organisation Stay in front of the business, rather than lag behind Focus on new, and significant change initiatives Audits performed to strengthen corporate objectives, and related risk management processes Incorporate COSO ERM to improve understanding of risk management processes Take a flexible approach Annual audit plan should include unallocated time to address developing issues and contingencies 19

Internal Audit of the Future: Trends and Challenges

Factors impacting on the future of Internal Audit Migration towards risk-centric approach will be driven by 5 key factors: Globalisation Changing Internal Audit roles Changes in risk management Talent and organisational issues Technological advancement 21

Globalisation Expansion of geographical scope of business will present challenges Political risks Culture Varying and increasingly complex compliance requirements Factors also impact to some degree on regional trade and commerce 22

Internal Audit roles Going forward, Internal Audit will need to address both controls, as well as risk assurance activities Re-allocation of time to allow for the following to be addressed: Risk management Anti-fraud programmes (risk assessments, detection, and investigations) Continuous auditing and monitoring Integrated IT audits Increased leverage of technology 23

Risk Management Traditional approach is generally risk based, but Risk assessments and monitoring need to adopt a more real-time dimension Broader scope of risks to be considered (e.g., health and safety, HR, reputational risks, etc.) Consideration of existing and emerging risks Set plans and schedules will become redundant More focus on as-needed reviews, as dictated by changes in risk profile Allocation of resources based on greatest or emerging risk becomes more critical 24

Talent and Organisational Issues Significant competition for talent Internally Externally Career path for Internal Audit losing popularity Possible use of rotational staffing models Integration with management training Organisational issues still remain Status within structure Independence Administrative reporting 25

Technological Advancement Internal Audit must be transformed to be in-step with the increased use of automation to support core business functions Pace and volume of transactions not compatible with traditional audit techniques Toolkit must allow for: Continuous monitoring and auditing Data extraction and analysis Fraud detection and prevention Knowledge management/best practices databases Predictive modelling tools IT security 26

The Ten Imperatives Achieve sufficient strategic stature for internal Audit within the organisation Develop and regularly update a formal strategic plan aligned with key enterprise-wide objectives and stakeholder expectations Communicate frequently with key stakeholders on their needs, expectations, and satisfaction with Internal Audit Align HR strategies with enterprise and stakeholder needs Adopt a risk-centric value proposition that focusses on enterprise risks 27

The Ten Imperatives Take an integrated approach to IT audit; enhance IT capabilities Leverage on technology to optimise audit operations Leverage Internal Audit knowledge and expertise Commit to continuous quality assurance and improvement Link performance measures with strategic goals 28

Questions

Thank You! 2010. All rights reserved. "" refers to the East Caribbean firm of or, as the context requires, the global network or other member Firms of the network, each of which is a separate and independent legal entity. PwC

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback