International Finance Corporation

Similar documents
Deloitte Governance Framework and Maturity Model

EY Center for Board Matters. Leading practices for audit committees

Audit Committee Performance Evaluation

Enterprise Risk Management in Health Care

Generating value within the Risk Ecosystem Risk powers performance

HR Metrics and Model for Modern Times

Modernizing compliance: Moving from value protection to value creation

Extended Enterprise Risk Management

Quality Assessments what you need to know

Boards and internal audit: Working together to strengthen risk management

Audit committee performance evaluation

Are you ready for Industry 4.0? FY2017 Stakeholder engagement summary

EY Center for Board Matters Boards and internal audit

Four faces of the CFO

Audit Committee Performance Evaluation Form

NANTKWEST, INC. CORPORATE GOVERNANCE GUIDELINES

Enterprise Risk Management Discussion American Gas Association Risk Management Committee Meeting

Governance in a multidimensional environment

W. R. GRACE & CO. CORPORATE GOVERNANCE PRINCIPLES

Your committee: Evaluates the "tone at the top" and the company's culture, understanding their relevance to financial reporting and compliance

Risk Intelligent Enterprise Risk Management (ERM) Dolores Atallo-Hazelgreen, Firm Director

Data Standards in Oil & Gas

Canadian Insurance Accountants Association

Board Bio Leading Practices. Building your Board Bio Pre-Work for Deloitte Workshop

Guidelines of Corporate Governance

Implementing Analytics in Internal Audit. Jordan Lloyd Senior Manager Ravindra Singh Manager

Corporate Governance Principles 2015

EXIDE TECHNOLOGIES CORPORATE GOVERNANCE GUIDELINES. As of February 5, 2018

Creating a Risk Intelligent Enterprise: Risk governance

CORPORATE GOVERNANCE STATEMENT

INFRAREIT, INC. Corporate Governance Guidelines

HEWLETT PACKARD ENTERPRISE COMPANY BOARD OF DIRECTORS HR AND COMPENSATION COMMITTEE CHARTER

Internal Audit and Technology Sustainable Analytics

APERGY CORPORATION CORPORATE GOVERNANCE GUIDELINES

Sarbanes-Oxley Act of 2002 Can private businesses benefit from it?

The Future of Internal Auditing:

Introduction. The Assessment consists of:

Role of Board of Directors in Risk Management. CPA Erick Audi Thursday, 15 th November 2018

Value-added governance and controls: The need and application of strategic risk Paul Campbell, Katie Pavlovsky and Jeff Suchadoll

Appointing, Assessing, and Compensating the Independent Auditor The Role of the Audit Committee

COSO Updates and Expectations. IIA San Diego Chapter January 8, 2014

Corporate Governance. Information Request List Family- or Founder-Owned Unlisted Companies. Commitment to Corporate Governance

Planning tool: Audit committee calendar of activities

Audit committee performance evaluation

Let s talk: governance

How Boards are Changing the HR Game

BEST BUY CO., INC. AUDIT COMMITTEE CHARTER

Mind the Gap Assuring Stakeholders of Internal Audit s Value. Anton van Wyk, CIA, QIAL, CRMA IIA Global Chairman 2014/2015

AUTOZONE, INC. CORPORATE GOVERNANCE PRINCIPLES

The Role of the Board in Strategy & Risk. NACD National Conference Power Breakfast October 15, 2012

POLARIS INDUSTRIES INC. BOARD OF DIRECTORS AUDIT COMMITTEE CHARTER Revised January 26, 2017

Sample audit committee charter

Beyond Compliance. Leveraging Internal Control to Build a Better Business: A Response to Sarbanes-Oxley Sections 302 and 404

On the board s agenda US The 2018 boardroom agenda Dealing with challenges old and new. Board Effectiveness. Center for.

Citizens Financial Group, Inc. Corporate Governance Guidelines

Board Audit & Compliance Committee Conference

Refocus your risk assessment lens Scale your ICFR program to focus on risks not benchmarks

The Report of the Audit Committee Analysing the trends in South Africa

Internal Audit of the Future Evolution of Internal Audit Due to Digitisation. Cheryl Khor Asia Pacific Operational Risk Leader Deloitte

GOPRO, INC. CORPORATE GOVERNANCE GUIDELINES. (Adopted May 1, 2014 and effective as of GoPro, Inc. s initial public offering; revised August 4, 2015)

Kent State ESOP Governance Conference

VALLEY NATIONAL BANCORP and VALLEY NATIONAL BANK Corporate Governance Guidelines

AMENDED AND RESTATED ON SEMICONDUCTOR CORPORATION CORPORATE GOVERNANCE PRINCIPLES

NOMINATING AND GOVERNANCE COMMITTEE OF THE BOARD OF DIRECTORS

Proposed Attestation Requirements for FR Y-14A/Q/M reports. Overview and Implications for Banking Institutions

Board and audit committee director development programs

Mid-market technology trends: Leveraging disruption to drive value The Dbriefs Private Companies series Anthony Stephan, Principal, Deloitte

Outsourcing Transparency Evolution: Creating Value Across the Third-Party Extended Enterprise

ASX CORPORATE GOVERNANCE STATEMENT (FINANCIAL YEAR ENDED 31 DECEMBER 2017)

Adopting automation in internal audit Using robotic process automation and cognitive intelligence to fortify the third line of defense

External Audit and the Audit Committee

ULTA BEAUTY, INC. Corporate Governance Guidelines

Caribbean Association of Audit Committee Members Inc. Independent Quality Assurance Assessment of the Internal Audit function

SEACOR Holdings Inc. CORPORATE GOVERNANCE GUIDELINES (Effective as of November 13, 2018)

HUMAN RESOURCES COMMITTEE OF THE BOARD OF DIRECTORS OF THE TORONTO-DOMINION BANK CHARTER

HUMAN RESOURCES COMMITTEE OF THE BOARD OF DIRECTORS OF THE TORONTO-DOMINION BANK CHARTER

Risk Management Guidelines of the CGIAR System

Corporate Governance Principles

IIA ERM Summit. August 22, 2010

BROWN-FORMAN CORPORATION CORPORATE GOVERNANCE GUIDELINES

FRONTERA ENERGY CORPORATION CORPORATE GOVERNANCE POLICY

Operational Risk Management (#DOpsRisk) Solutions suite

Audit committee requirements and governance topics

International Standards for the Professional Practice of Internal Auditing (Standards)

What Great Internal Audit Departments Do Well:

Agenda. Agenda. Definitions and Processes. Risks. Audit & ERM. Key Strategies. Conclusions ERM and Audit 1. ERM and Audit.

Glossary. Chartered Institute of Internal Auditors. 26 July Add value. Adequate control. Assurance services. Board. Charter

CB&I SUPERVISORY BOARD CORPORATE GOVERNANCE GUIDELINES

HUMAN RESOURCES COMMITTEE OF THE BOARD OF DIRECTORS OF THE TORONTO-DOMINION BANK CHARTER

On the board s agenda US The 2019 boardroom agenda: Something old, something new? Board Effectiveness. Center for. January 2019

POLARIS INDUSTRIES INC.

Audit, Risk and Compliance Committee Terms of Reference. Atlas Mara Limited. (The "COMPANY") Amendments approved by the Board on 22 March 2016

A-9: Audit Committee Effectiveness

IMMUNOGEN, INC. CORPORATE GOVERNANCE GUIDELINES OF THE BOARD OF DIRECTORS

Risk Advisory Services Developing your organisation s governance for competitive advantage

MAGNA INTERNATIONAL INC. BOARD CHARTER

Internal audit strategic planning Making internal audit s vision a reality during a period of rapid transformation

Guidance Note: Corporate Governance - Board of Directors. January Ce document est aussi disponible en français.

CHARTER OF THE GOVERNANCE COMMITTEE NATIONWIDE MUTUAL INSURANCE COMPANY NATIONWIDE MUTUAL FIRE INSURANCE COMPANY NATIONWIDE CORPORATION

AUDIT COMMITTEE CHARTER

Transcription:

International Finance Corporation Corporate Governance and Internal Audit Overview Bob Lamm Independent Senior Advisor Center for Corporate Governance Deloitte LLP Neil White Global IA Analytics Leader Deloitte & Touché LLP November 11, 2015

Agenda The Deloitte Governance Framework 3 Corporate governance fundamentals 5 Select board practices 7 Risk oversight Board composition Cybersecurity 2

Deloitte Governance Framework The Deloitte Governance Framework was developed to help boards and executive management assess the effectiveness of the organization s governance programs. It defines board and management activities that support effective governance. Each area of governance can be considered in the context of four attributes: Skills and knowledge Process Information Behavior 3

Levels of board engagement What makes sense for this organization? Least Involved Most Involved Passive board Certifying board **Engaged board** Intervening board Operating board Functions at the discretion of the CEO Limits its activities and participation Limits its accountability Ratifies management s preferences Certifies to shareholders that the CEO is doing what the board expects and that management will take corrective action when needed Emphasizes the need for independent directors and meets without the CEO Provides insight, advice and support to the CEO and management team Recognizes its ultimate responsibility to oversee CEO and company performance; guides and judges the CEO Becomes intensely involved in decision making around key issues Convenes frequent, intense meetings, often on short notice Makes key decisions that management then implements Fills gaps in management experience Stays informed about current performance and designates external board members to evaluate the CEO Establishes an orderly succession process Is willing to change management to be credible to shareholders Conducts useful, two-way discussions about key decisions facing the company Seeks out sufficient industry and financial expertise to add value to decisions Takes time to define the roles and behaviors required by the board and boundaries of CEO and board responsibilities Source: Building Better Boards by David A. Nadler Harvard Business Review, April 2004. 4

Corporate governance fundamentals Boards, committees and directors Corporate governance is a set of rules, processes and practices by which a company is directed and controlled. It involves balancing interests of many stakeholders, including shareholders, boards of directors, management, employees, customers, suppliers, lenders and creditors, communities and government. Corporations are bound by state law, federal corporate law (e.g., Sarbanes-Oxley, Dodd- Frank), and other regulators/influencers (e.g., SEC, stock exchanges, proxy advisory firms). Directors are bound by fiduciary duties of care and loyalty, as well as implicitly implied good faith, which are owed to stockholders and in some states, others such as communities and employees. Oversight vs. management. Directors may rely upon management, committees, experts, and others. Committees handle much of the boards work; full board providing oversight of committees. Boards are responsible for its own structure and processes. 5

Corporate governance fundamentals Areas of board focus Typical areas of board focus Risk Oversight Strategy CEO and key management succession planning Financial oversight Compliance Hot topics Board composition/ refreshment/ diversity Cybersecurity Shareholder engagement Activism Executive compensation 6

Risk oversight Six key areas of focus Define the board s risk oversight role Understand and accept an appropriate risk appetite Assess the maturity of the risk governance process Foster a Risk Intelligent culture Help management incorporate Risk Intelligence into strategy Make sure the organization disclose the risk story to the stakeholders Questions for the board to consider To help assess the maturity of the risk governance process, boards can ask: How frequently is the board informed on risk management issues? Are specific risks mapped to board committees and processes? Which board committees are responsible for various aspects of risk governance? Are risk identification, analysis of key assumptions, and scenario planning considered in the strategic planning process? Is the board getting the necessary information on these and similar issues in a timely and accurate manner? Source: Risk Intelligent Governance: Lessons from state-of-the-art board practices, Deloitte & Touche LLP 7

Risk oversight The board plays an active role in setting the organization s risk policy. The board receives enough information to assess the impact of business risks. Strongly Agree 26% 19% 21% Strongly Agree 16% 15% 34% Agree 59% 54% 51% Agree 54% 49% 68% Neither agree nor disagree 10% 15% 18% Neither agree nor disagree 9% 18% 10% Disagree 4% 11% 8% Disagree 7% 12% 7% Strongly Disagree 0% 1% 2% Strongly Disagree 1% 0% 0% 0% 20% 40% 60% 80% 100% Global '13 Global '12 Global '11 0% 20% 40% 60% 80% 100% Global '13 Global '12 Global '11 Source: Deloitte Global Director 360 Survey; 3 rd edition. www.global.corpgov.deloitte.com 8

Board composition Areas to consider Independence Qualifications Leadership Tenure Assessment Diversity Board refreshment structure Voting for directors 9

Board composition Diversity The organization/ board has introduced diversity policies for board composition Yes Global 37% The board has implemented the following for its directors (select all that apply): Gender Professional qualifications (e.g., industry) Ethnicity Religion Age Disability Internationaliz ation Sexual orientation No 63% Guidelines 64% 82% 18% 10% 32% 8% 44% 9% 0% 20% 40% 60% 80% Quotas 10% 10% 6% 3% 5% 3% 5% 2% The organization/board has introduced diversity policies for board composition: Term Limits 30% Age Limits 17% None of the above 52% Don t know/ not applicable 10% 0% 50% 100% Source: Deloitte Global Director 360 Survey; 3 rd edition. www.global.corpgov.deloitte.com 10

Information technology Social media and technology risk The board uses social media to: Assess the market s perception of the organization 21% The board actively discusses the following technology risks: Social media 29% Understand concerns/ issues that involve the organization in the marketplace 22% Cyber security 51% Learn what the organization can improve upon 18% Data warehousing 38% Connect with their market including shareholders and other stakeholders 19% Data privacy International data transfer 21% 57% Not applicable, the board does not use social media 63% The board does not discuss technology risks 27% 0% 50% 100% 0% 50% 100% Source: Deloitte Global Director 360 Survey; 3 rd edition. www.global.corpgov.deloitte.com 11

Internal Audit Internal Audit is rapidly evolving to address the modern challenges facing the enterprise 12 12

The Four Faces of the Chief Auditor 13

Optimizing the Internal Audit Function Protect Enterprise Value Financial, compliance, and general IT risks Balance sheet orientation Exception reporting and problem identification Inherent risks and rotational coverage Internal Audit s Value Proposition Enhance Enterprise Value Operational, organizational, and strategic risks Risk Intelligence orientation Proactive reporting and solutions development Focus on emerging risks and trends Optimal balance protect/enhance Independent and objective assurance with value-added advice 14

Internal audit maturity model Understanding the maturity of an IA function helps identify areas of improvement and can help the department enhance its value to the organization. It also helps better align expectations with key stakeholders. Perspective Basic Focus on the past; retrospective look on what happened Focus on present survey battlefield, shoot wounded Style Corporate police Fact finder/father knows best Rotational/Based on history Planning/risk focus (Financial and compliance risks) Existence of Chief Audit Executive (CAE) Risk-based audit plan (Operational, compliance and financial risks) High value Future help the wounded, map the minefield Trusted advisor (auditing and consulting) Enterprise risk-focused audit plan (Full spectrum of risks) Not likely IA Director CAE/Member of C suite Reporting lines CFO/COO CEO Audit Committee Chair Objective and mandate Independence and objectivity Compliance to policies and procedures Assurance on internal control systems an compliance Hopefully Generally Absolutely Business risk assurance SoX ownership Owns Participates Validates IT Auditing Ill-defined GCCs, security, applications Fraud prevention and detection Generally not addressed Reactive Proactive Consulting to improve IT infrastructure Risk Management Limited assessment Thorough assessment ERM Champion Governance No involvement Limited involvement IA as advisor/facilitator Technology Limited Automated workpapers and use of CAATs for data analysis Results Small findings Assurance on key audit units Advanced use of CAATs and continuous assurance approach Proactive risk management contribution/dynamic reporting 15

Focusing over the horizon Leading IA functions proactively engage in key topical areas and high impact areas of focus. Governance Fraud & Ethics Risk Changing the relationship between audit committees and CAEs Improving audit committee performance Internal audit reporting structure with executive-level accountability and presence Internal audit metrics, accountability, and performance improvement Auditing the management compliance process Reporting status of fraud investigations and monitoring hotlines Auditing for broad areas of ethical concern and ethics program Working relationships between in-house legal counsel, security, compliance, HR, and internal audit departments Taking an enterprise compliance approach Managing the cost of compliance Converging risk management, compliance, and IA Assessing risk associated with complex financial instruments, complex accounting and regulatory, and compliance matters relevant to industry Reporting and communicating risk assessment results Assessing reputational and brand risk Assessing cyber risk and threats Monitoring extended enterprise risks Technology Applying data analytics throughout all aspects of the internal audit process Evaluating the basics and evolving IT areas including identity management, social media risks, emerging technology, cyber risk (cyber intelligence and warfare), ShadowIT, mobile security, etc. Protecting customer data Planning for business continuity and crisis management Talent Considering varied and emerging talent models Attracting and retaining the right talent in IA (e.g., management development, rotations, guest auditors, operational experience liaisons) Committing to a highly competent team and supporting professional and leadership development Managing flexibility Mentoring and performance Finance & Compliance Assessing risks associated with business combinations Performing post-acquisition audits Auditing the due diligence process Value-add audits beyond Sarbanes- Oxley; balance of financial, process, IT, and operational auditing Collaborating between internal and external auditors Navigating the regulatory landscape 16

Integration of internal audit & ERM Internal Audit can play any role in ERM from validation to facilitation to ownership of the program depending on the culture of the Company. ERM is a systematic capability to identify, measure, and respond to key risks. When establishing an ERM program, given their knowledge of a company s risk environment, an effective internal audit department should be involved in consulting on the ERM program. Once established, the internal audit function should continually validate the ERM program. Business Units ERM Function Risk Committees Executive Committee Audit Committee Internal Audit Take & Manage Risks Monitor & Aggregate Oversee Approve Ratify Validate Ownership of business unit activities which give rise to risk and responsibility for risk management and mitigation Risk identification and self-assessments Developing strategy and taking actions to manage and mitigate risks within policy and risk appetite Providing assertions on risk exposure and controls for their business area/function Business unit risk managers coordinate the business unit risk assessment, monitoring, and mitigation activities Establishment of consistent risk policies, governance framework, standards, and information reporting mechanisms to facilitate effective risk management Monitoring and participation in specific risk committees for the purpose of providing the enterprise view Providing summary information and analysis to the executive committee to assess, evaluate, and act on risk Oversight over risks within scope of authority Oversight and approval of measurement and management methodologies for risks within scope Oversight of changes in risk profile Oversight of business unit management of designated risk categories Approval of key documents, such as: ERM policy Risk appetite Risk governance model Authorities Committee charters Monitoring risk exposure status Approving board reporting package Monitoring business unit mitigation plans and their status for top risks Approve limit exceptions Ratification of key documents, such as: ERM policy Risk appetite Risk governance model Authorities Committee charters Independent verification and testing of: Internal controls Quality of the ERM program Quality and integrity of risk models 17

Internal audit insights High-impact areas of focus 2016 Many boards and senior executive teams now want internal audit to go beyond table-stakes audits. Cyber security Data visualization Key Performance Indicator (KPI) assurance Corporate governance Internal audit analytics Dynamic internal audit planning 18

Questions?

About Deloitte Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee ( DTTL ), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as Deloitte Global ) does not provide services to clients. Please see www.deloitte.com/about for a detailed description of DTTL and its member firms. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. Certain services may not be available to attest clients under the rules and regulations of public accounting. Member of Deloitte Touche Tohmatsu Limited

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback