INTERNAL AUDITING THAT MATTERS. Norman Marks April 2017

Similar documents
Group-think and directors not speaking up. Copyright Richard Leblanc. All rights reserved.

Catching Fraud During a Recession Through Superior Internal Controls. FICPA s 25 th Annual Accounting Show. J. Stephen Nouss September 29, 2010

Internal Audit Challenges & Opportunities Speaker: Laurie Shen, Director, Grant Thornton LLP

Enterprise Risk Management Program Development Update. Finance & Audit Committee Meeting September 25, 2015

risk and compliance department business plan

Extended Enterprise Risk Management

STOP ACTING LIKE AUDITORS!

Enterprise Risk Management. Focus on the Future June 2017

DIRECTOR TRAINING AND QUALIFICATIONS: SAMPLE SELF-ASSESSMENT TOOL February 2015

Guidance Note: Corporate Governance - Audit Committee. March Ce document est aussi disponible en français.

Governance Process ENDS. Board- President Relationship. Executive Limitations

Asset Acceptance Capital Corp.

The Future of Internal Auditing:

Leveraging Internal Audit and Corporate Compliance for Effective Risk Management

Internal Oversight Division. Internal Audit Strategy

Seattle Public Schools The Office of Internal Audit

June 2016 Issue 05/2016

Tactical Implementation of Enterprise Risk Management

2018 SALARY GUIDES NOW AVAILABLE! FINANCE & ACCOUNTING SALARY GUIDE

The Measurement and Importance of Profit

Comedy Hour Inc. (Recommended Time: 90 minutes)

COSO Updates and Expectations. IIA San Diego Chapter January 8, 2014

CFO meets M&A: Value creation in the digital age The Dbriefs Driving Enterprise Value series

FRAUD RISK FACTORS CHECKLIST (Source: New AU Section 240, Appendix A)

From Dubai to Beijing

Internal audit insights High impact areas of focus

ERM 101. Casualty Loss Reserve Seminar, Fall /5/ Practical Enterprise Risk Management (ERM) Agenda ERM 101 2

CLAconnect.com/creditunions. Impact the Future of Credit Unions

THE BODY OF KNOWLEDGE FOR MEDICAL PRACTICE MANAGEMENT

ENTERPRISE RISK MANAGEMENT USING DATA ANALYTICS. Dan Julevich and Chris Dawes April 17, 2015

Contract Risk and Compliance & Warranty Fraud. David Maberry Chief Risk Officer American Fidelity Assurance Company

Driving Business Performance

Risk Advisory Services Developing your organisation s governance for competitive advantage

LEADERSHIP OPPORTUNITY EXECUTIVE DIRECTOR

Independent Validation of the Internal Auditing Self-Assessment

Quality Assessments what you need to know

Self Assessment Workbook

Advanced External Auditing [AU2] Examination Blueprint

Internal Audit Report

The Business Capability Model from status quo to innovation! L. Gary Boomer, CPA, CITP, CGMA Visionary & Strategist

Benchmarking Report Share, Compare, Validate SAMPLE. Year: 2017 Your Organization Date

Internal Controls Integrating COSO

Chapter Outline. Chapter 4 The Internal Assessment. The Nature of an Internal Audit. The Resource-Based View (RBV) Integrating Strategy & Culture

Company LOGO C B T. An Educational Computer Based Training Program

Morality/Ethics in a Workplace and the Ethical Dilemma for SCM, Finance & Internal Audit

Advisory Services Governance, Risk & Compliance

Integrating COSO s Fraud Risk Management Guide on an Enterprise Scale

Synergies between Risk Modeling and Customer Analytics

The Red (Book) Rocks The Latest and Greatest Audit Standards

7 Quality Organizations and Service. Copyright 2016, 2013, 2011 Pearson Education, Inc. 1

Figure 1: COSO Enterprise Risk Management Cube

The Internal Assessment

THE AMA HANDBOOK OF DUE DILIGENCE

COSO 2013: Updated internal control framework

NEW YORK LIFE INSURANCE COMPANY AUDIT COMMITTEE MISSION STATEMENT

INTERNAL AUDIT OFFICE

Finance at McDonald s

PREVENTING FRAUD. Take-and-Use Guidelines for Chubb Crime Insurance Customers

Take stock, take control with Sage 50

See your auditor clearly. Transparency report: How we perform quality audit engagements

2014 Global Council. Dubai, UAE 6-9 March 2014 DAY 2. globaliia.org

Internal Audit Best Practices for Community Banks. A CSH White Paper

Welcome to the postmodern era for public sector ERP

Appointment of the Inspector General and Director of Oversight Office

Code of Corporate Governance

What Every Internal Auditor Should Know Perspectives of a Chief Compliance Officer

Concepts in Enterprise Resource Planning. Chapter 6 Human Resources Processes with ERP

Code of Ethics for Suppliers Banco Pichincha CODE OF ETHICS FOR BANCO PICHINCHA SUPPLIERS

Satisfaction Brand Value Proposition. Our Mission. TechKnowledge. Informing - Advising - Assisting

After the Acquisition HERE ARE SEVEN STEPS TO SUCCESSFULLY

Enterprise Risk Management

Audit Committee Charter ISSUE DATE: 22 JUNE 2017 AUDIT COMMITTEE CHARTER. ISSUE DATE: 22 JUNE 2017 PAGE 01 OF 07

Chapter 1. Learning Objective 1, 2. Capital Allocation. Efficient Capital Allocation. Financial Accounting and Accounting Standards

Code of Business Conduct and Ethics

The #1 Financial Mistake Made by Small-Business Owners

Transforming the HR function for high performance. kpmg.com

KING III COMPLIANCE ANALYSIS

Customer service. Chartered Institute of Internal Auditors. 26 October What is customer service? 1 Chartered Institute of Internal Auditors

STUDY UNIT TEN INTERNAL AUDIT RESPONSIBILITIES FOR FRAUD

Ventana Research Marketing Research in 2017

ACC 269 Auditing and Assurance Services

THE BODY OF KNOWLEDGE FOR MEDICAL PRACTICE MANAGEMENT A FRAMEWORK FOR SUCCESS

Internal Control Systems

and Assessing the Risks of Material Misstatement through Understanding the Entity and Its Environment

Strategic Business Continuity Management

TExES Business and Finance 6 12 (276) Test at a Glance

Statement on Risk Management and Internal Control

Mr. Jim Sylph Technical Director International Auditing and Assurance Standards Board 545 Fifth Avenue, 14th Floor New York, NY 10017

EFFICIENT USE OF AUDIT COMMITTEES

<Insert Picture Here>

Quality Manual. This manual complies with the requirements of the ISO 9001:2015 International Standard. AW2 Logistics, Inc Ace Industrial Dr.

Enhancing Governance Through Internal Audit Activities

CORPORATE GOVERNANCE KING III COMPLIANCE REGISTER 2017

Achieve. Performance objectives

Effective implementation of COSO s new anti-fraud guidance

Format and organization of GAGAS Auditor preparation of financials is a significant threat to independence 3 party arrangements in government State

Internal and Governmental Financial Auditing and Operational Auditing

Automating Your Property Management Business. Save Time and Money with Automated Software Solutions

CPA REVIEW SCHOOL OF THE PHILIPPINES M a n i l a. AUDITING THEORY Risk Assessment and Response to Assessed Risks

Table of Contents. Executive Summary...3. Overview of Division...5. Summary of Accomplishments...6

Transcription:

INTERNAL AUDITING THAT MATTERS Norman Marks April 2017

GLOBAL AUDIT COMMITTEE SURVEY: Fewer than half of the 1,800 respondents are satisfied that internal audit delivers the value to the company it should (45%), and that the internal audit plan properly focuses on the critical risks to the enterprise (49%)

expectations have risen, and all internal audit functions need to rise to this new floor: providing assurance on a broader range of critical risks and clearly communicating deeper insights.

Internal audit mission To enhance and protect organizational value by providing stakeholders with risk-based, objective and reliable assurance, advice and insight.

PROVIDE ASSURANCE ON WHAT MATTERS

WHAT MATTERS TO THE BOARD AND EXECUTIVES?

Accounts payable Payroll Receiving Compliance Theft and fraud IT general controls

DREW STEIN, PROFESSIONAL CHAIR AND DIRECTOR Almost all of IA findings are mundane operational compliance issues - July 2015

WHICH RISKS MATTER? Risks to the achievement of objectives The objectives of the enterprise as a whole The risks that matter to the board, CEO, and the executive team

WHAT MATTERS TO THE BOARD AND EXECUTIVES? RISKS TO: Revenue targets Earnings targets Market share Major projects Reputation And so on

ENTERPRISE RISK-BASED AUDITING Designed to address the risks that matter Plan is driven by the organization s risks, not location or process Aligned with how the organization considers risk Updated as risks change Enables internal audit to be agile

UNDERSTAND THE BUSINESS

WHAT ARE THE RISKS THAT MATTER? What are the organizational objectives? What objectives are not stated but assumed? What are the risks to those objectives?

WHAT ARE THE RISKS THAT MATTER? What keeps you up at night? What could go wrong? What has to go right? What do the executives spend their time on? What is on the agenda of the board?

HOW TO IDENTIFY THE RISKS? ERM Executive interviews Operational reports Workshops IA brainstorming Listen and observe!

WHEN YOU AUDIT A BUSINESS UNIT Still focus on enterprise risks Audit the activities at the business unit that are sources of enterprise risk Local risks may be added - optional

A Working Inventory of Business Risks, for use by management and internal audit on a periodic basis Customers Customers sales Planning Reliability Relationships Contracts Standards and Expectations Customer viability Rating Agencies Maxtor credit Vendor terms (guarantees, advance payments) Environment Political Legal Regulatory Business Interruption ExternalTheft/Fraud/ Illegal Acts Business Practices Salary Inflation Innovation Knowledge Assets Empowerment Training Integrity Management Fraud Employee/Theft/Fraud Illegal Acts Resource Misuse Ethics Brand Image Tone At The Top Reputation Human Resources Availability of Skilled Staff Perf/Rewards Alignment Workforce management Communications Morale and Job Satisfaction Leadership IP Protection Competitors Strategic Planning Capital Investment Corp. Organization R&D Financial Strategic Operations Safety Environmental Compliance Govt. Compliance Reliability Operating Costs Sales and Marketing Information Technology Access Availability Continuity System Integrity Technology Infrastructure Tech Development & Integration IT & Business Strategic Alignment Outsourcer Management Cost Control Risk Management - Insurance Risk Management - Interest Rates Risk Management Foreign Exchange Investments Financing Tax Strategies Debt Compliance Acquisitions Divestitures/Closures Manufacturing Strategy Functional Location SG&A Capital Projects Quality Customer Credits/Rebates Inventory Management Procurement Contract Compliance Capacity Planning Engineering Repair Services Lease Compliance Liquidity/Cash Flow Credit/Bad Debts Financial Planning & Modeling Accounting & Reporting SEC Reporting Management Reporting Statutory Reporting Financial Forecasts Tax Accounting & Reporting Performance Management Analyst Communications Suppliers Supply Pricing Quality Relationships Billing Logistics Technology Product Obsolescence

AGILE AUDIT PLANNING How often should we update the audit plan Update at the speed of the business Update as risks change

Auditing at the Speed of Risk! Internal auditors working from risk-based annual plans. are increasingly finding themselves addressing yesterday's challenges. Audit plans and coverage should constantly evolve as new, potential risks surface.

HOW DO WE MONITOR RISKS? Listen Read management reports Read industry news Get out into the field What is on management s agenda? What is on the board agenda? Think for yourself!

WHAT SHOULD THE AUDIT PLAN LOOK LIKE?

WHAT IS AN EFFECTIVE AUDIT REPORT Communicates effectively Gets the message across to the speedreading executive Eliminates the unnecessary to focus attention on the essential 1 page or less Multiple levels of communication

WHAT NOT TO DO.. Write what you want to say rather than what they need to hear Use the audit report as documentation Waste time and money yours and theirs Bury value in a mountain of waste

28

29

30

WHAT IS AN EFFECTIVE AUDIT REPORT A communication that is read and acted on right away A communication that matters! Says what the stakeholder needs to know and no more

Communicate what they need to know January 15, 1995 Audit of Derivatives Trading Are there any risk issues of significance to the Audit Committee or executive management? YES/NO Are there any outstanding major internal control findings meriting Audit Committee or executive management attention? YES/NO Distribution: Audit Committee Executive and Operating Management

THE AUDIT OPINION The AFE process does not meet the needs of the organization. Decisions are not timely and, as a result, business opportunities are lost rendering null the original business justification. In addition, valuable executive time is expended at the cost of attention to business strategies and execution.

THE AUDIT OPINION The process and related controls for contract review are inefficient; the same review is performed regardless of risk. As a result, current level of staffing is insufficient to ensure timely, quality reviews. The level of risk to revenue accounting, fraud, or inappropriate deals is higher than management risk tolerance.

Communicate what they need to know To: Chair, Audit Committee From: Head of Internal Audit Annual Internal Audit Report We have completed the internal audit plan, which was designed to address the more significant risks to the organization. In our opinion, based on the work performed, the systems of governance, risk management, and internal controls system provide reasonable assurance that the more significant risks are managed within organizational tolerances.

IS THERE A BETTER WAY IN 2016? Timely What they need to know, when they need to know Talk and listen Use technology Insert into normal way they receive information 36

OUR ROLE AS PRACTITIONERS 1. Focus on providing assurance that matters, on what matters, when it matters 2. Communicate the results of our work in business terms, effect on corporate objectives 3. Skate to where the puck is going to be 4. Find a way to use technology ourselves

IIA Internal Audit Principles Provides risk-based assurance. Is insightful, proactive, and futurefocused. Promotes organizational improvement.

CAN YOU HELP THE BUSINESS MANAGE AT SPEED?

1. INSERT KEY INTO IGNITION 2. SHIFT INTO DRIVE 3. PRESS FOOT FIRMLY ON THE THROAT OF MEDIOCRITY

THANK YOU! Norman Marks, CPA, CRMA Author; Evangelist for Better Run Business; OCEG Fellow; Honorary Fellow of the Institute of Risk Management nmarks2@yahoo.com https://iaonline.theiia.org/norman-marks http://normanmarks.wordpress.com/ Twitter: @normanmarks 4/26/2017 42

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback