AUDIT COMMITTEE REPORTING: TRENDS & BEST PRACTICES Timothy Etoori Head of Internal Audit UGAFODE Microfinance

Similar documents
GoldSRD Audit 101 Table of Contents & Resource Listing

SIAAB Guidance #02 Internal Audit Independence- Interaction with Agency Head, Senior Staff and Placement Within the Organizational Structure

Internal Audit Quality Analysis Evaluation against the Standards International Standards for the Professional Practice of Internal Auditing (2017)

Changes To the Public Sector Internal Audit Standards April 2017

2012 IIA Standards Update

Practice Advisory : Quality Assurance and Improvement Program

Report. Quality Assessment of Internal Audit at <Organisation> Draft Report / Final Report

Internal Audit Annual Assertion on Internal Auditing. for Financial Year

External Quality Assessment of the Internal Audit Activity at the World Food Programme

What We Will Cover Today

The Red (Book) Rocks The Latest and Greatest Audit Standards

Implementation Guides

External Quality Assessment Are You Ready? Institute of Internal Auditors

FLORIDA STATE UNIVERSITY Office of Inspector General Services Report #17-06

Developing an Integrated Anti-Fraud, Compliance, and Ethics Program

Quality Assurance and Improvement Program (QAIP)

Implementation Guide 1312

WELLS FARGO & COMPANY AUDIT AND EXAMINATION COMMITTEE CHARTER

PRACTICE GUIDE. Formulating and Expressing Internal Audit Opinions

10/5/2016. Quality Assessment Review. Agenda. What s the purpose of a QAR? Internal Audit Manager Training October 3-4, 2016

BrightPath Early Leaning Inc. Audit Committee Charter

Dexia Group Audit Charter

The Audit Committee of the Supervisory Board of CB&I

Audit Standards 6/23/2017. Outline. Let s Refresh. Changes to the IIA Standards

AUDIT COMMITTEE CHARTER. Specifically, the Audit Committee is responsible for overseeing that:

Audit Committee Member Roles and Responsibilities

Caribbean Association of Audit Committee Members Inc. Independent Quality Assurance Assessment of the Internal Audit function

Implementation Guide 1300

The University of Texas at San Antonio 2014 External Quality Assessment of the Auditing and Consulting Services Office

NORFOLK SOUTHERN CORPORATION. Committee s Role and Purpose

AUDIT COMMITTEE CHARTER

The Internal Auditor s Duties Outside of Auditing

Quality Assessments what you need to know

Value-Added Internal Audit: Myth or Reality?

NEWMARK GROUP, INC. AUDIT COMMITTEE CHARTER. (as of December 2017)

IPPF Practice Guide. Internal Audit Opinions

SUNEDISON, INC. AUDIT COMMITTEE CHARTER (Adopted October 29, 2008)

Ethical leadership and corporate citizenship. Applied. Applied. Applied. Company s ethics are managed effectively.

DAVITA INC. AUDIT COMMITTEE CHARTER

CORPORATE GOVERNANCE KING III COMPLIANCE REGISTER 2017

Corporate Governance Statement John Bridgeman Limited

CORPORATE GOVERNANCE King III - Compliance with Principles Assessment Year ending 31 December 2016

The World Bank Audit Firm Assessment Questionnaire

Checklist for Higher Education

Guidance Note: Corporate Governance - Audit Committee. March Ce document est aussi disponible en français.

Audit Committee Charter

COLGATE-PALMOLIVE COMPANY AUDIT COMMITTEE CHARTER

INTERNAL AUDIT CHARTER

(

Quality Assurance and Improvement Program

NEW YORK LIFE INSURANCE COMPANY AUDIT COMMITTEE MISSION STATEMENT

CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS OF PAM TRANSPORTATION SERVICES, INC.

AGS 10. Joint Audits AUDIT GUIDANCE STATEMENT

EPCOR Utilities Inc. Ethics Policy

GRANITE CONSTRUCTION INCORPORATED AUDIT/COMPLIANCE COMMITTEE CHARTER

CORPORATE GOVERNANCE THEORY, SCOPE AND IMPORTANCE

MINDEN BANCORP, INC. AUDIT COMMITTEE CHARTER

CHARTER OF THE AUDIT COMMITTEE NATIONWIDE MUTUAL INSURANCE COMPANY NATIONWIDE MUTUAL FIRE INSURANCE COMPANY NATIONWIDE CORPORATION

Internal Audit Appendix: IIA Standards

(Adopted by the Board of Directors on 13 May 2009 and amended on 24 September 2009, 13 September 2012 and 27 November 2013)

Self Assessment Workbook

Implementation Guide 1000

For personal use only

Chapter 10 Crown Corporation Governance

INTERNATIONAL STANDARD ON AUDITING 210 TERMS OF AUDIT ENGAGEMENTS CONTENTS

PPG INDUSTRIES, INC. AUDIT COMMITTEE CHARTER

How to plan an audit engagement

4. Organic documents. Please provide an English translation of the company s charter, by-laws and other organic documents.

Beyond Compliance. Leveraging Internal Control to Build a Better Business: A Response to Sarbanes-Oxley Sections 302 and 404

The Audit and Compliance Committee of Novartis AG

August 14, Dear Ms. Gula:

Analysis of the application of the 75 corporate governance principles as recommended in the King III report

KING REPORT ON GOVERNANCE FOR SOUTH AFRICA 2009 (KING III)

This charter defines the purpose, authority and responsibility of News Corporation s (the Company ) Corporate Audit Department.

AUDIT COMMITTEE CHARTER

CORPORATE GOVERNANCE King III - Compliance with Principles Assessment Year ending 31 December 2015

CRESCENT CAPITAL BDC, INC. AUDIT COMMITTEE CHARTER

BOARD GUIDELINES ON SIGNIFICANT CORPORATE GOVERNANCE ISSUES

AUDIT COMMITTEE CHARTER (updated as of August 2016)

Standard on Quality Control (SQC)-1 Need for Documentaton. Abhay Vasant Arolkar

RISK AND AUDIT COMMITTEE TERMS OF REFERENCE

Comparison of the PCAOB s Auditing Standards No. 5 and No. 2 (Certain key differences are highlighted by underlining)

IMMUNOGEN, INC. CORPORATE GOVERNANCE GUIDELINES OF THE BOARD OF DIRECTORS

AXT, INC. CORPORATE GOVERNANCE GUIDELINES

COSO 2013: Updated internal control framework

INTERNATIONAL STANDARD ON AUDITING 260 COMMUNICATION WITH THOSE CHARGED WITH GOVERNANCE CONTENTS

MISSISSIPPI STATE UNIVERSITY INTERNAL AUDIT CHARTER

Human Resources Committee Charter

BOARD CHARTER TOURISM HOLDINGS LIMITED

For personal use only

OPTINOSE, INC. CORPORATE GOVERNANCE GUIDELINES

Accountability Framework

FIAT CHRYSLER AUTOMOBILES N.V. AUDIT COMMITTEE CHARTER

AUDIT COMMITTEE CHARTER REINSURANCE GROUP OF AMERICA, INCORPORATED. the audits of the Company s financial statements;

CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS

King iii checklist 2013

CHARTER INTERNAL OVERSIGHT OFFICE (IOO)

KING III CHECKLIST. We do it better

Continuing Professional Development (CPD) Requirements for New Zealand Licensed Auditors

WICOMICO COUNTY INTERNAL AUDIT MANUAL OFFICE OF THE INTERNAL AUDITOR

Transcription:

AUDIT COMMITTEE REPORTING: TRENDS & BEST PRACTICES Timothy Etoori Head of Internal Audit UGAFODE Microfinance The Internal Auditors Workshop Institute of Certified Public Accountants of Uganda 1 2 February, 2018

CONTENTS 1. Standard Requirements for Reporting 2. Reports submitted to the Audit Committee. 3. Elements of effective reports. 4. Presenting Opinions. 5. Reporting results of Fraud Examinations/ investigations.

1. STANDARD REQUIREMENTS FOR REPORTING Internal auditing is conducted in diverse legal and cultural environments; for organizations that vary in purpose, size, complexity, and structure; and by persons within or outside the organization. While differences may affect the practice of internal auditing in each environment, conformance with The IIA s International Standards for the Professional Practice of Internal Auditing (Standards) is essential in meeting the responsibilities of internal auditors and the internal audit activity.

Standard 2060 Reporting to Senior Management and the Board The chief audit executive must report periodically to senior management and the board on the internal audit activity s purpose, authority, responsibility, and performance relative to its plan and on its conformance with the Code of Ethics and the Standards. Reporting must also include significant risk and control issues, including fraud risks, governance issues, and other matters that require the attention of senior management and/or the board.

Standard 2060 Reporting to Senior Management and the Board Interpretation: The frequency and content of reporting are determined collaboratively by the chief audit executive, senior management, and the board. The frequency and content of reporting depends on the importance of the information to be communicated and the urgency of the related actions to be taken by senior management and/or the board. The chief audit executive s reporting and communication to senior management and the board must include information about:

Standard 2060 Reporting to Senior Management and the Board The audit charter. Independence of the internal audit activity. The audit plan and progress against the plan. Resource requirements. Results of audit activities. Conformance with the Code of Ethics and the Standards, and action plans to address any significant conformance issues. Management s response to risk that, in the chief audit executive s judgment, may be unacceptable to the organization.

The Internal Audit Charter According to Standard 1000 Purpose, Authority, and Responsibility, the internal audit activity s purpose, authority, and responsibility must be formally defined in the internal audit charter. The CAE is responsible for periodically reviewing the charter and presenting it to senior management and the board for approval.

Organizational Independence of the Internal Audit Activity The organizational independence of the internal audit activity must be confirmed to the board annually, according to Standard 1110 Organizational Independence. In addition, any interference in determining the scope of internal auditing, performing work, or communicating results as well as the implications of such interference must be disclosed to the board, according to Standard 1110.A1.

Internal Audit Plans, Resource Requirements, and Performance Standard 2020 Communication and Approval : The chief audit executive must ensure that internal audit resources are appropriate, sufficient, and effectively deployed to achieve the approved plan. Interpretation: Appropriate refers to the mix of knowledge, skills, and other competencies needed to perform the plan. Sufficient refers to the quantity of resources needed to accomplish the plan.

Internal Audit Plans, Resource Requirements, and Performance To quantify the level of performance, many CAEs use key performance indicators such as the percentage of the audit plan completed, percentage of audit recommendations that have been accepted or implemented, status of management s corrective actions, or average time taken to issue reports. In addition, updates on any special requests made by the board and/or senior management may be discussed during board meetings.

Results of Audit Engagements Standard 2440 Disseminating Results : The chief audit executive must communicate results to the appropriate parties. Interpretation: The chief audit executive is responsible for reviewing and approving the final engagement communication before issuance and for deciding to whom and how it will be disseminated. When the chief audit executive delegates these duties, he or she retains overall responsibility.

Quality Assurance and Improvement Program Standard 1320 Reporting on the Quality Assurance and Improvement Program : The chief audit executive must communicate the results of the quality assurance and improvement program to senior management and the board. Disclosure should include: The scope and frequency of both the internal and external assessments. The qualifications and independence of the assessor(s) or assessment team, including potential conflicts of interest. Conclusions of assessors. Corrective action plans. `

Conformance With the Code of Ethics and Standards Standard 1322 Disclosure of Nonconformance states, When nonconformance with the Code of Ethics or the Standards impacts the overall scope or operation of the internal audit activity, the chief audit executive must disclose the nonconformance and the impact to senior management and the board. For example internal auditors auditing a function for which they previously had responsibility.

Significant Risk and Control Issues and Management s Acceptance of Risk If the CAE believes that senior management has accepted a level of risk that the organization would consider unacceptable, the CAE should first discuss the matter with senior management. If the CAE and senior management cannot resolve the matter, Standard 2600 directs the CAE to communicate the matter to the board. If such issues are too urgent to wait until a scheduled board meeting (e.g., a major fraud), the CAE would be well advised to make arrangements to communicate sooner.

2. REPORTS SUBMITTED TO THE AUDIT COMMITTEE. A variety of reports should be submitted to the Audit Committee including the following: 1. Assurance Reports: These reports provide an opinion on whether the risk management is satisfactory. Hence these provide a level of comfort or assurance to the audit committee. 2. Compliance Reports: These reports provide information as to whether laws, regulators requirements, policies, procedures are being complied with. Whether internal controls are operating as intended.

2. REPORTS SUBMITTED TO THE AUDIT COMMITTEE. 3. Consultancy or Advisory Services: These reports provide information in conformance with the terms of reference of the particular assignment. 4. Investigative Reports: These reports are commissioned in response to specific allegations of impropriety. The aim is to prove or disprove the allegations.

3. ELEMENTS OF EFFECTIVE REPORTS. Bear in mind the level to which you are reporting. Whereas the Senior Management Team and line managers require detail in order to address the weaknesses, a CEO may require a one page brief with bullet points in order to assess whether the maters in the report require his intervention. On the other hand often the Audit Committee meets quarterly and requires a report highlighting systemic weaknesses and high risk issues which may affect the achievement of operational and strategic objectives.

3. ELEMENTS OF EFFECTIVE REPORTS. The effectiveness of the Audit Committee will be largely determined by the formats of the reports presented to them. It must be apparent from the report what the key issues are. Reports should include the following features: 1. Important Issues are highlighted. The observations should be ranked according to residual risk high risk items extracted for the attention of the Audit Committee. These high risk items should be linked to key business processes, hence their impact would be high. Issues escalated to the audit committee should have a potential of material loss; financial loss, loss of reputation and loss of key staff.

3. ELEMENTS OF EFFECTIVE REPORTS. 2. Executive Summaries. Summaries should be included which list the key findings. These should also include a background which will provide a greater understanding of the issues The background may include trends of profitability, client growth, turnover, size of the entity audited, changes in the regulatory environment and events which have affected performance.

3. ELEMENTS OF EFFECTIVE REPORTS. 3. Findings are quantified. Quantification on the basis of samples taken.e.g. In 6 out of the 30 personnel files we reviewed (20%), the contracts of employment had expired. 4. Recommendations should be included. In order to be effective the recommendations should address the root causes of conditions. This necessitates carrying out an analysis in order to establish the root causes of the conditions existing.

4. PRESENTING OPINIONS. The format of audit opinions should be standardized and should be agreed in advance with the audit committee. For example a four tier grading on the next slide:

Effective Controls evaluated are adequate, appropriate, and effective to provide reasonable assurance that risks are being managed and objectives should be met. Some Improvement Needed Major Improvement Needed A few specific control weaknesses were noted; generally however, controls evaluated are adequate, appropriate, and effective to provide reasonable assurance that risks are being managed and objectives should be met Numerous specific control weaknesses were noted. Controls evaluated are unlikely to provide reasonable assurance that risks are being managed and objectives should be met. Unsatisfactory Controls evaluated are not adequate, appropriate, or effective to provide reasonable assurance that risks are being managed and objectives should be met.

4. PRESENTING OPINIONS. A brief explanation may be provided as to why that opinion has been issued. For example: Due to the high number and severity of the findings, and indications of laxity on the part of branch management we have issued an unsatisfactory rating. Immediate intervention is required by top management.

5. REPORTING RESULTS OF FRAUD EXAMINATIONS/ INVESTIGATIONS. 1. Specific allegations. 2. Evidence to support those specific allegations. 3. No determination of guilt. Only the court has the power to determine guilt.

THANK YOU

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback