First Plus Resolutions, Inc. Vicki McIntyre, CIA, CPA Supervisory Committee Communications with...
-
Upload
antonio-hurrell -
Category
Documents
-
view
215 -
download
2
Transcript of First Plus Resolutions, Inc. Vicki McIntyre, CIA, CPA Supervisory Committee Communications with...
First Plus Resolutions, Inc. Vicki McIntyre, CIA, CPA
Supervisory Committee Communications with Management
and the Board
Association of Credit Union Internal Auditors June 21, 2012
Vicki A. McIntyre, CIA, CPAVice President, FirstPlus Resolutions, Inc.
First Plus Resolutions, Inc. Vicki McIntyre, CIA, CPA
Agenda
• Champion the Audit Activity• The Risk-Based Audit Plan• Impact of Resource Limitations• Supervisory Committee Evaluation of
Internal Audit• Supervisory Committee considerations• Top 10 Worst Things You Can Do• Questions?
First Plus Resolutions, Inc. Vicki McIntyre, CIA, CPA
Champion the Audit Activity
• Know the purpose, authority and responsibility of your audit activity.
• Understand key concepts of governance, risk and control.
• Empower and challenge internal audit to add value.
First Plus Resolutions, Inc. Vicki McIntyre, CIA, CPA
Definition of Internal Audit
“An independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.”
First Plus Resolutions, Inc. Vicki McIntyre, CIA, CPA
IA’s Purpose, Authority & Responsibility
• The Audit Activity Charter• Code of Ethics• Independence & reporting lines• Access• Nature of Assurance & Consulting
Services
First Plus Resolutions, Inc. Vicki McIntyre, CIA, CPA
What is Governance ?
Governance is the combination of processes and structures implemented by the board to inform, direct, manage, and monitor the activities of the organization toward the achievement of its objectives.
It is the culture, values, mission, structure and layers of processes, policies and measures by which organizations are directed and controlled.
First Plus Resolutions, Inc. Vicki McIntyre, CIA, CPA
IA’s Role in Governance
IA must assess and make appropriate recommendations for improving the governance process in its accomplishment of the following objectives:
• Promoting appropriate ethics and values within the organization
• Ensuring effective organizational performance management and accountability
• Communicating risk and control information to appropriate areas of the organization
• Coordinating the activities of and communicating information among the board, external and internal auditors, and management
First Plus Resolutions, Inc. Vicki McIntyre, CIA, CPA
What is Risk?
The possibility of an event occurring that will have an impact on the achievement of objectives. Risk is measured in terms of impact and likelihood.
Risks to the Internal Audit Activity:• Audit failure• False assurance• Reputation risks
First Plus Resolutions, Inc. Vicki McIntyre, CIA, CPA
What is Control?
Any action taken by management, the board, and other parties to manage risk and increase the likelihood that established objectives and goals will be achieved. Management plans, organizes and directs the performance of sufficient actions to provide reasonable assurance that objectives and goals will be achieved.
First Plus Resolutions, Inc. Vicki McIntyre, CIA, CPA
Hard vs. Soft Controls
• Policies/Procedures• Organizational
Structure• Bureaucracy• Restrictive Formal
Processes
• Competence• Trust• Shared Values• Strong Leadership• High Expectations• Openness• High Ethical
Standards
First Plus Resolutions, Inc. Vicki McIntyre, CIA, CPA
Empower & Challenge IA to Add Value
• Become more relevant to broader business objectives
• Enhance ability to identify emerging risks
• Improve risk assessment processes• Reduce audit fatigue on the
business
First Plus Resolutions, Inc. Vicki McIntyre, CIA, CPA
The Risk-Based Audit Plan
• Consider risk appetite levels• Consider organizational risk
management framework• Consult with senior management
and the Board• IA exercises judgment of risks
First Plus Resolutions, Inc. Vicki McIntyre, CIA, CPA
The Risk-Based Audit Plan
Ask the critical questions:
• What keeps you up at night?• Is IA providing assurance in those areas?• Does IA cover the right things at the right
time?• Can IA identify emerging risks; is the audit
plan flexible enough to provide coverage?• Is IA perceived as a valued business partner?
First Plus Resolutions, Inc. Vicki McIntyre, CIA, CPA
Are Audit Resources Aligned with Risk?
Root causes of organizations loosing a large percentage of shareholder value in a short period of time:
• 60% - Business or strategic risks• 20% - Operational risks• 15% - Financial risks• 5% - Compliance risks
First Plus Resolutions, Inc. Vicki McIntyre, CIA, CPA
Impact of Resource Limitations
• Must communicate to senior management and the Board
• Advocate for IA• Be sure resources are effectively
deployed
First Plus Resolutions, Inc. Vicki McIntyre, CIA, CPA
Impact of Resource Limitations
• Beware of SALY and JELLY(Same as last year & just exactly like last year)
• Beware of pet projects• Beware of isolated concerns of
constituents• Consider management’s
responsibility for monitoring and self-assessment
First Plus Resolutions, Inc. Vicki McIntyre, CIA, CPA
Evaluation of Internal Audit
• Does the Board have confidence in IA’s assurance activities?• Does the Board believe it is sufficiently and timely informed of
IA’s significant findings?• Does the Board believe IA has the skills and foresight to build
emerging risks into the audit plan?• Does the Board believe the audit plan is sufficiently broad in
scope and executed in a timely manner?• Does management believe audit reports are actionable?• Does management perceive IA as a valued business partner?• Does management believe it gets superior value for its
investment in IA?• Is the Board and management confident of IA’s independence,
objective and fair-minded approach and that IA is empowered and sufficiently staffed and resourced?
First Plus Resolutions, Inc. Vicki McIntyre, CIA, CPA
Evaluation of Internal Audit
• How well does the IA director respond to probing by the Supervisory Committee?
• How knowledgeable is the IA director in the company’s accounting and financial reporting policies?
• How well does the senior management respect the IA director, and how healthy is the tension between them?
• How well do the external auditors respect the IA director?
• Does the IA director provide adequate assurance in areas requested by the audit committee?
• Is the IA director respected within the auditing profession? Examples would be as a frequent speaker, writing articles, participating in industry organizations, etc.
First Plus Resolutions, Inc. Vicki McIntyre, CIA, CPA
Supervisory Committee Considerations
• Promote effective Sup Committee functioning; staff with sufficient expertise
• Promote an open, transparent relationship with IA and other organizational control functions
• Consider term limits for committee members• Perform an annual self-assessment• Request candid feedback from the Board and
IA
First Plus Resolutions, Inc. Vicki McIntyre, CIA, CPA
The Top 10 Worst Things You Can Do……
1) Not being a proactive communicator2) Fail to remain up-to-date on your CU’s
business, the CU industry and IA successful practices
3) Not being aware of your CU’s risk management activities
4) Not having an audit plan that adds value
5) Fail to support IA independence
First Plus Resolutions, Inc. Vicki McIntyre, CIA, CPA
The Top 10 Worst Things You Can Do……
6) Ineffective evaluation of the Chief Audit Executive; not making a needed change
7) Fail to perform regular self-assessments8) Failure to honor high ethical standards;
integrity, objectivity, confidentiality and competency
9) Fail to deliver bad news to the Board timely10)Paralysis – do nothing - not knowing what to
do when there are serious problems
First Plus Resolutions, Inc. Vicki McIntyre, CIA, CPA
Questions?
First Plus Resolutions, Inc. Vicki McIntyre, CIA, CPA
Vicki A. McIntyre, CIA, CPA
FirstPlus Resolutions, Inc.Tustin, CA
714.469.2440
First Plus Resolutions, Inc. Vicki McIntyre, CIA, CPA
Bibliography
• “Top 10 Worst Things…” adapted from Managing Director of the IA Division of the MIS Training Institute, Joel Kramer’s presentation titled “Best Practices in Educating the Audit Committee.”
• “Are Audit Resources Aligned…” adapted from IIA CEO Richard Chambers’ presentation on the state of the IA profession, IIA So Cal District Conference, Anaheim, CA, 6/4/2012.
• “Evaluation of Internal Audit…” adapted from Alan Siegfried’s (former Chair IIA North American Board) presentation on Audit Committee Expectations of IA-Best Practices