Leading the Global. Next Decade Doing More with Less The Lean Internal Audit Model. Larry Rieger

Similar documents
Crowe Activity Review System (CARS ) for Loan Review

Quality Assurance in Internal Audit. Standard on Internal Audit (SIA) 7

EY Center for Board Matters. Leading practices for audit committees

Audit Committee Performance Evaluation

Conversation with Representative Hill A Financial Services Perspective

External Quality Assessment Review of University of Florida s Office of Internal Audit

A Strategic Approach to Bank Fraud

Beyond Compliance. Leveraging Internal Control to Build a Better Business: A Response to Sarbanes-Oxley Sections 302 and 404

The Strategic Potential of Internal Audit

Your committee: Evaluates the "tone at the top" and the company's culture, understanding their relevance to financial reporting and compliance

The Future of Internal Auditing:

Quality Assessments what you need to know

5 Core Must-Haves for Improved Internal Audit Performance. Copyright 2018 AuditBoard Inc. 1

DOING MORE WITH LESS: OBSTACLE OR OPPORTUNITY FOR COMPLIANCE LEADERS

Sarbanes-Oxley Act of 2002 Can private businesses benefit from it?

Evolving Core Tasks for Improved Internal Audit Performance. Copyright 2018 AuditBoard Inc. 1

Crowe Caliber. Using Technology to Enhance AML Model Risk Management Programs and Automate Model Calibration. Audit Tax Advisory Risk Performance

Brink's Modern Internal Auditing

SOX Optimization: Improving Compliance Efficiency and Effectiveness

International Finance Corporation

Borough of Poole Local Code of Governance

International Standards for the Professional Practice of Internal Auditing (Standards)

Effective Risk Management With AML Risk Assessment. January 25, 2017

2010 State of the Internal Audit Profession Study// Attīstības tendences 2010.gadā*

Capital Markets: IPO Advisory

Positioning Internal Audit to Deliver Value

Merger and Acquisition Readiness:

ALLL Roadmap: Are You Ready for the Future?

B S R & Co. LLP. Reporting on Internal. Reporting An Overview. Sarbanes Oxley Act (SOX) 28 December 2013

Road to Self Governance

Implementation Guide 2060

What We Will Cover Today

This charter defines the purpose, authority and responsibility of News Corporation s (the Company ) Corporate Audit Department.

Caribbean Association of Audit Committee Members Inc. Independent Quality Assurance Assessment of the Internal Audit function

Risk Advisory SERVICES. A holistic approach to implementing effective governance, managing risk and maintaining compliance

California State Teachers Retirement System

Corporate Governance An Overview. 30 November 2010 Oliver Loch

Planning Guides. Planning. IA Governance

About the Pulse of Internal Audit

REX ENERGY CORPORATION CORPORATE GOVERNANCE GUIDELINES

Managing Fraud Risk: New Professional Guidance

Implementation Guide 1312

audit typology 115 audit universe 101 data and information pool 103 definition 101 structure and content 101

Seeking value through Internal Audit

Risk Management Culture: The Linkage Between Ethics & Compliance and ERM September 14, 2009

IIA ERM Summit. August 22, 2010

2018 North American Pulse of Internal Audit. Public Sector Focus. The Internal Audit Transformation Imperative

Next Wave of Continuous Control Monitoring solution A Point of View. For Private circulation only

9. Internal control Internal control, as defined in accounting and auditing, is a process for assuring achievement of an organization's objectives in

Internal audit s role in modern corporate governance

Embracing Opportunity Demands an Internal Audit Transformation

Benchmarking Your Third Party Risk Management Program

Audit Committee Charter

SIAAB Guidance #02 Internal Audit Independence- Interaction with Agency Head, Senior Staff and Placement Within the Organizational Structure

Creating Effective Public Sector Audit Committees

Back-Office Consolidation for Multi-Location Dealer Groups

CORPORATE GOVERNANCE KING III COMPLIANCE REGISTER 2017

Glossary. Chartered Institute of Internal Auditors. 26 July Add value. Adequate control. Assurance services. Board. Charter

Audit Committee Charter for XL Group Ltd

ENTERPRISE RISK MANAGEMENT USING DATA ANALYTICS. Dan Julevich and Chris Dawes April 17, 2015

Are you ready for Industry 4.0? FY2017 Stakeholder engagement summary

Using a Compliance Program Assessment for Strategic Impact

Advisory Services Governance, Risk & Compliance

Audit Committee Performance Evaluation Form

Countdown to Day One Closing the Gap Between Due Diligence and Acquisition Integration

Changes To the Public Sector Internal Audit Standards April 2017

INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING (STANDARDS)

EFFICIENT USE OF AUDIT COMMITTEES

Board Audit & Compliance Committee Conference

Implementation Guide 1000

Chapter 2. The CPA Profession

BOARD SKILL AND TRAINING BENCHMARKING ANALYSIS October 2012

PULSE OF INTERNAL AUDIT. Navigating an Increasingly Volatile Risk Environment

Functional Reporting. Helping Not-for-Profit Organizations Avoid Misreporting Costs

Enhancing Audit Committee Excellences through Internal Audit. 21 November 2017

Agenda. Enterprise Risk Management Defined. The Intersection of Enterprise-wide Risk Management (ERM) and Business Continuity Management (BCM)

Smart decisions. Lasting value.tm

Three Lines of Defense vs. Five Lines of Assurance

Canadian Insurance Accountants Association

CORPORATE GOVERNANCE THEORY, SCOPE AND IMPORTANCE

Internal Audit - Expect More Rising to the challenges of a dynamic risk landscape

Transforming Internal Audit to Drive Business Performance. 21 June, 2011

Food and drink fraud What consumers expect

Deloitte Governance Framework and Maturity Model

FEDERAL HOME LOAN BANK OF INDIANAPOLIS CHARTER FOR THE AUDIT COMMITTEE

Agenda. Agenda. Definitions and Processes. Risks. Audit & ERM. Key Strategies. Conclusions ERM and Audit 1. ERM and Audit.

Developing an Integrated Anti-Fraud, Compliance, and Ethics Program

Pharmaceutical Regulatory and Compliance Congress and Best Practices Forum

City of Edmonton EXTERNAL QUALITY ASSESSMENT OF THE OFFICE OF THE CITY AUDITOR. September 11, 2015

The Current State of Risk Management Maturity for Belgian Organizations kpmg.com/be

FIRST SOLAR, INC. CORPORATE GOVERNANCE GUIDELINES. A. The Roles of the Board of Directors and Management

Internal controls over financial reporting

Institute of Internal Auditors 2018 IIA CHICAGO CHAPTER JOIN NTAC:4UC-11

The Accenture 2011 High Performance Finance Study. Redefining High Performance in the Insurance Finance Function

Implementation Guide 2000

What is the right path to prepare for accounting change?

Corporate Governance Principles of Auditing: An Introduction to International Standards on Auditing - Ch 14

Periodic Comprehensive Review of the External Auditor

Transformation in the Internal Audit Function Neil White October 5, 2017

Mind the Gap Assuring Stakeholders of Internal Audit s Value. Anton van Wyk, CIA, QIAL, CRMA IIA Global Chairman 2014/2015

Transcription:

Leading the Global Profession into the Next Decade Doing More with Less The Lean Internal Audit Model Larry Rieger 1

Agenda How chief audit executives and internal audit functions remain relevant Market trends Internal audit challenges Solutions Four principles of the new internal audit model Compliance Business Performance Evaluation Risk Management Assurance 2

How chief audit executives and the internal audit function remain relevant Internal audit should: Engage the organization on good corporate governance Understand strategy, related risks and risk responses Participate in enterprise risk management process and provide thought leadership Monitor and report on key risks Respond to changing business requirements Give assurance to key stakeholders 3

Recent Crowe Horwath research was conducted to help understand how chief audit executives can best support the business 4

Research overview 5 5

Research initiatives three angles CAE Research Objective: To understand how chief audit executives are interacting with Audit committees and their perceptions about the relationship. AC Research Objective: To understand the perceived value chief audit executives are adding and their perceptions about working with chief audit executives and others to achieve their goals. CFO Research Obj ti T d t d hi f fi i l ffi ti i k Objective: To understand chief financial officer s perceptions on risk management, what risk-related challenges they see, and best practices for working with chief audit executives. 6

Chief audit executive interaction with and support of the Audit Committee 96% %provide updates to Audit Committee members on critical issues 90% provide updates to Audit Committee members on the internal control environment at the organization 85% educate Audit Committee members on relevant risks and risk management strategies 76% work with general counsel on various governance and internal control matters 76% work with the audit committee to design the internal audit charter, activity s mission, strategy and focus 7

Chief audit executive interaction with and support of the Audit Committee - opportunities 32% do not educate Audit Committee members on new governance initiatives and emerging compliance trends 36% do not assist in preparing for meetings 45% are not involved in enterprise risk management related activities including risk assessments conducted through internal audit 66% are not involved in conducting orientation for new board/audit Committee members 8

Audit Committee responses 70% of Audit Committees identified enterprise risk management as the most challenging issue for their audit committee in the coming 12 months. According to Audit Committee members: Over 55% of chief audit executives have the opportunity to improve in conducting risk assessments. Nearly 60% of chief audit executives could improve in their effectiveness evaluating governance processes, enterprise risk management process, and/or internal controls. 9

Audit Committee research evaluation of chief audit executive Overall, the chief audit executive and the chief financial officer were rated as the most effective in terms of helping the Audit Committee meet its internal control responsibilities There is a positive correlation between how comfortable Audit Committee respondents are that information they receive from their chief audit executive is complete, accurate, proactive, and objective and how effective they rate the chief audit executive s assistance in meeting Audit Committee responsibilities Audit Committee respondents are most confident that the information the Audit Committee receives from the chief audit executive is accurate, however Audit Committee respondents are least confident that the information received is proactive 10

Audit Committee research question and rating scale Question: How effective is your company s chief audit executive with regard to the following functions? Rating scale: Very effective Somewhat effective Not effective Would be useful, but function not currently in place Not comfortable delegating this task 11

Chief audit executive effectiveness as rated by Audit Committees % rated Very Effective Sarbanes-Oxley compliance 83.2% Preparing for the audit committee meetings by organizing agenda, preparing materials 72.9% Championing ethics/following up on Whistleblower hotline 66.7% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 12

Chief audit executive effectiveness as rated by Audit Committees % rated Very Effective Providing information to AC on relevant risks/risk management strategies 58.8% Researching specific topics/questions 56.3% Establishing an anti- fraud program 43.8% 0% 10% 20% 30% 40% 50% 60% 70% 13

Chief audit executive effectiveness as rated by Audit Committees % rated Very Effective Conducting risk assessments (ERM considerations/ evaluations) Evaluating governance processes, ERM process and/or internal controls Providing information to the AC on new governance issues, emerging compliance trends Championing the governance framework in the organization 42.9% 41.1% 36.7% 32.5% Auditing compensation disclosure process 28.0% Conducting orientation for new AC members 21.7% 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% 50% 14

Comparing the views of chief audit executives and Audit Committees Preparing for the audit committee meetings by organizing agenda, preparing materials Providing information to AC on relevant risks/risk management strategies Conducting risk assessments (ERM considerations/ evaluations) Evaluating governance processes, ERM process and/or internal controls CAEs selfreported support of AC AC Rating CAE as 'Very Effective" Providing information to the AC on new governance issues, emerging compliance trends Conducting orientation for new AC members 20% 40% 60% 80% 15

Chief financial officer research enterprise risk management Like Audit Committee members, managing g risk across the entire company tops the list of risk management challenges for chief financial officers 65% of chief financial officers say managing risk across the entire company will be particularly l challenging over the next year Over 30% say they have been disrupted by either financial or operation surprises in the last three years Over 40% or more say there is substantial concern about market, financial and technology risk factors over the next year It was reported that 21% of the finance teams will devote much greater attention on company-wide risk management (another 54% at least moderately more) 16

Research main themes Chief financial officers identified the following as their weakest risk management performance areas: Risk identification Incorporation of risk analysis in strategy setting Information gathering for risk management purposes Risk assessment and quantification 17

Research main themes According to chief financial officers the biggest obstacles to improving risk management at their organization are: Lack of time, attention, resources Lack of shared understanding and approach to risk management Perception of risk management as an unnecessary interference in business activities 18

Market trends Three surveys on internal audit commissioned by Crowe Horwath and partner organizations indicated that businesses felt: Internal audit departments do well in testing past events Fail to address two critical needs: How the company is doing today? What are the areas with room for improvement? Companies want greater assurance that t everything is OK today, better business improvement processes and more thorough risk management efforts Global l economic recession is requiring i more with less 19

Internal audit gaps that t exist today The need to provide greater assurance Recent cutbacks as a result of the economic crisis have narrowed the scope of internal audit activities Limited view of strategic and emerging risks Capability to address emerging and global needs Compliance with Foreign Corrupt Practices Act Compliance with other countries business practices and customs Sustainability Doing more with less 20

Internal audit challenges Must be able to leverage the work of others Increased ability to address many issues at the same time Process owners need to be held accountable Provide continuous coverage 21

The new internal audit model 22 22

Compliance The new model Red-flagged issues are investigated Relies on the work of business unit managers and current reports Verifies sample checks performed by managers Covers various areas of compliance JSOx/SOx Security and privacy Ethics and business practices Health and safety Anti-money laundering Other 23

Improving business performance Businesses need all employees to help improve performance. For internal audit that might include: Benchmark Streamline internal controls SOx Automated controls vs. manual Build controls into enterprise resource ERP systems Improve operating efficiency and effectiveness Optimize cost of compliance Best practices Continuous improvement 24

Chief Audit Executive s role in enterprise risk Key risks are always changing g Link future risks to strategy and business objectives Apply monitoring and review methods to make audit process more effective and efficient. Use risk assessments from elsewhere in organization and integrate them into internal audit risk assessment process. Review the process that other groups within the company are using to evaluate emerging risks. 25

Enterprise risk what it is not The chief audit executives role is not to manage risks or be in- charge of enterprise risk management Analyze Audit Communication i Strategy Implement 26

Assurance Stakeholders are looking for assurance on a variety of topics Risks are being managed effectively Financial Non Financial Compliance requirements are being met SOx FCPA Environmental Operations are efficient and effective Best practices are being utilized 27

Why assurance and internal audit? Typically y has broad exposure across the entire organization Deep understanding of Governance, Risk and Compliance within the organization and peers in Industry Is viewed to be independent within the organization Reports both operationally and functionally to key stakeholders Audit Committee of the Board of Directors Chief Financial i Officer General Counsel Has an understanding of the organizations cultural structure 28

Solution for providing assurance Includes four elements that most likely exist today in your organizations Periodic reporting completed throughout the organization Continuous controls monitoring Utilization of previously completed control assessments Focusing on relevant or critical compliance issues These elements are then organized into two new elements Information can then be accumulated and organized to generate the Assurance reporting tool Creation of the Entity Assurance Scorecard Report (EASR) Approach allows Internal Audit to provide the Assurance without additional resources. Process vs. Project orientation 29

New internal audit model assurance activities iti Internal Audit Principal Example Assurance Activity Compliance Business Performance Improvements Review of compliance coverage such as security and privacy requirements, FCPA and SOx requirements as completed by unit managers or Internal Audit. Improve operating efficiency and effectiveness by optimizing cost of compliance and move to CCM. Risk Management Utilization of Risk Assessments performed within the organization as a basis for the Assurance Scorecard Assurance Development of a Entity Assurance Scorecard Report that includes a statement of the current Governance, Control and Risk Environment. 30

Conclusion Redefining internal audit is a business necessity Audit Committee, chief financial officers and other stakeholders want an internal audit function that can build financial excellence with confidence People are discussing governance, risk and compliance but the NEW MODEL ADDS ASSURANCE With the internal audit model built on foundation of four key principles, i internal auditors can: Understand the business strategy More effectively assess the business risk Help manage risk in permanently changing business environment Make recommendation that will lead to business process improvement Help ensure compliance requirements are accomplished Provide continuous assurance that all the above are achieved Do all the above cost effectively 31

For more information, contact: Larry Rieger Direct 1.630.586.5150 Mobile 1.630.881.2886 Larry.Rieger@crowehorwath.com com Crowe Horwath LLP is an independent member of Crowe Horwath International, a Swiss verein. Each member firm of Crowe Horwath International is a separate and independent legal entity. Crowe Horwath LLP and its affiliates are not responsible or liable for any acts or omissions of Crowe Horwath International or any other member of Crowe Horwath International and specifically disclaim any and all responsibility or liability for acts or omissions of Crowe Horwath International or any other Crowe Horwath International member. Accountancy services in Kansas and North Carolina are rendered by Crowe Chizek LLP, which is not a member of Crowe Horwath International. This material is for informational purposes only and should not be construed as financial or legal advice. Please seek guidance specific to your organization from qualified advisers in your jurisdiction. 2011 Crowe Horwath LLP 32 32

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback