Audit Committees, Good Governance, and the Chief Audit Executive Our program will begin at 1 PM ET Connecting to the audio feed Two options 1. Through your computer • On the menu bar, choose Communicate > Join Audio Broadcast. • Your Audio broadcast panel appears. 2 Telephone – Toll Free US/Canada number 2. • Call-in toll number (US/Canada) 1-408-792-6300 • Call-in toll-free number (US/Canada) 866-699-3239 • Meeting Number: 750 057 026 www.theiia.org Welcome to today today’s s webinar Before we begin – – – – Our Presenters CPE Requirements Polling Questions Q&A Session Copyright: This presentation is the property of the IIA Use IIA. U without ith t the th expressed d written itt permission i i of the IIA is prohibited. www.theiia.org CPE Requirements • Only registered participants are eligible to receive CPE credit. • A series of polling questions will be posed throughout the presentation. • You must respond to 70% of the polling questions to receive credit. dit • Be sure to select the submit button, after making your answer selection. • You Y mustt view i the th entire ti webinar. bi • Early departure could result in decreased CPE award. • IIA CPE for IIA reporting purposes will be awarded for the recorded d d version i off this thi Webinar W bi after ft passing i the th accompanying exam. www.theiia.org Submit Questions to the Presenter • Live viewing audience: – To submit a question, type the question into the Q & A panel section. – Select the “Send” button. – We will have a dedicated Question and Answer session at the end of the presentation to address your questions. questions • Please use the chat feature only for technical assistance i t or call ll WebEx W bE technical t h i l supportt att 1-866-229-3239 (US and Canada Toll-Free) 1-408-435-7088 (International Toll) www.theiia.org Demographic Polling Question How many y viewers are watching g the webinar at your location? a)) 1 - I am the h only l viewer i b) 2 to 4 viewers c) 5 to 7 viewers d) 8 to 10 viewers e) More than 10 viewers www.theiia.org Audit Committees, Good Governance, and the Chief Audit Executive www.theiia.org Contact Information Rick Julien, CIA, CPA Risk Consulting Services Crowe Horwath LLP Chicago, IL 630-586-5280 [email protected] www.theiia.org Todd Richards, CPA Risk Consulting Services Crowe Horwath LLP Chicago, IL 630-586-5195 [email protected] AC/CFO/CAE / / Research Results www.theiia.org The question we wanted to help answer is: How can Chief Audit Executives better support their Audit Committees? www.theiia.org Research Overview CAE AC Chief Audit Executive Audit Committee Crowe & Corporate Board Member Crowe & IIA Gain Network Jan – May 2008 CFO Chief Financial Officer www.theiia.org March 2008 Crowe & CFO Research Services May 2008 Research Initiatives – Three Angles CAE Research (334 total respondents) Objective: To understand how CAEs are interacting with audit committees and their perceptions about the relationship. AC Research (292 total respondents) Objective: To understand the perceived value CAEs are adding and their perceptions about working with CAEs and others to achieve their goals. CFO Research (157 total respondents) Objective: To understand CFOs’ perceptions on risk management, what risk-related challenges they see, and best practices for working with CAEs. www.theiia.org CAE Chief Audit Executive Research Main Themes www.theiia.org CAE CAE Interaction With and Support of the Audit Committee • 96% provide updates to audit committee members on critical issues • 90% provide updates to audit committee members on the internal environment at the organization i ti • 85% educate audit committee members on relevant risks and risk management g strategies g • 76% work with general counsel on various governance and internal control matters • 76% work with the audit committee to design the internal audit charter, activity’s mission, strategy and focus www.theiia.org CAE CAE Interaction With and Support of th Audit the A dit Committee C itt - Opportunities O t iti • 32% do not educate audit committee members on new governance initiatives and emerging compliance trends • 36% do not assist in preparing for meetings • 45% are not involved in ERM-related activities including g risk assessments conducted through g IA • 66% are not involved in conducting orientation for new board/audit committee members www.theiia.org CAE Chief Audit Executive Research Main Themes • Only one-third of CAEs rate their overall experience interacting with the Audit Committee as “Excellent” • Less than one-quarter of CAEs strongly agree that th A the Audit dit Committee C itt leverages l them th to t increase i the committee’s effectiveness • Only 30% of CAEs strongly agree that they serve as the link between the Audit Committee and Management • There is a definite opportunity to increase the CAE’s role as a link between organization management and the Audit Committee on corporate governance and related matters www.theiia.org CAE Question #1 Do y you believe that there is an opportunity pp y for Internal Audit to serve as a link between the organization management and the Audit Committees on corporate governance and related matters? a. Yes b. No www.theiia.org AC Audit Committee Research Main Themes www.theiia.org AC Audit Committee Research AC evaluation of CAE • Overall, the CAE and the CFO were rated as the most effective in terms of helping the audit committee meet its internal control responsibilities. • There is a positive correlation between how comfortable AC respondents are that information they receive from their CAE is complete, accurate, proactive, and objective and how effective they rate the CAE’s assistance in meeting AC responsibilities. – AC respondents are most confident that the information the AC receives from the CAE is accurate. – AC respondents are least confident that the information received is proactive. www.theiia.org AC Audit Committee Research Question and Rating Scale • Question: How effective is your company’s Chi f Audit Chief A dit E Executive ti with ith regard d to t the th following functions? • Rating scale: – Very effective – Somewhat effective – Not effective – Would be useful, but function not currently i place in l – Not comfortable delegating this task www.theiia.org AC CAE Effectiveness ff i as rated db by ACs % rated ‘Very Effective’ C onducting risk assessments (ERM considerations/ evaluations) 42.9% Evaluating governance processes, ERM process and/or internal controls 41.1% Providing information to the AC on new governance issues, emerging compliance trends 36.7% C hampioning the governance framework in the organization 32.5% Auditing compensation disclosure process 28.0% C onducting orientation for new AC members 21 7% 21.7% 0% www.theiia.org 5% 10% 15% 20% 25% 30% 35% 40% 45% 50% AC Comparing the views of CAEs and AC ACs Preparing for the audit committee meetings by organizing agenda agenda, preparing materials Providing information to AC on relevant risks/risk management strategies CAEs selfreported support of AC Conducting risk assessments (ERM considerations/ evaluations) AC Rating CAE as 'Very Effective" Evaluating governance processes, ERM process and/or internal controls Providing information to the AC on new governance issues, emerging compliance trends Conducting orientation for new AC members 20% www.theiia.org 40% 60% 80% AC Audit Committee Research Enterprise Risk Management • 70% of ACs identified enterprise risk management (ERM) as the most challenging issue for their audit committee in the coming 12 months. • According to Audit Committee members: – Over 55% of CAEs have the opportunity to improve p in conducting g risk assessments ((ERM considerations/ evaluations). – Nearly 60% of CAEs could improve in their effectiveness evaluating governance processes, ERM process, and/or internal controls. www.theiia.org CFO CFO Research Main Themes www.theiia.org CFO CFO Research E t Enterprise i Risk Ri k Management M t Like Audit Committee members, managing risk across the entire company tops the list of risk management challenges for CFOs. – 65% of CFOs say managing risk across the entire company will be particularly challenging over the next year. – Over 30% say they have been disrupted by both financial and operation surprises in the last year. year – Over 40% or more say there is substantial concern about market, financial and technology risk factors over the next year. year – It was reported that 21% of the finance teams will devote much greater attention on company-wide risk management (another 54% at least moderately more). more) www.theiia.org Survey Summary – Key Finding CAE AC CFO • ERM is Here – Audit Committees and CFOs agree that the biggest challenge they will face in the ne t 12 to 18 months is managing risk next isk across ac oss the entire company. www.theiia.org Survey Summary – Other Findings CAE AC CFO The basic requirements have been met, however, there are important opportunities for CAEs to increase their value to Audit Committees: – It is more than just meetings. CAEs need to engage in discussing g risks,, how they y are managed g and controlled. – CAEs should take the lead to educate the Board and Management about governance and risk management. – CFOs and ACs need to drive to clarity in the role of the CAE. – Recent events have demonstrated we all need to understand business risks holistically. – Audit Committees and CFOs need to foster an environment for unfiltered fil d di discussions i with i h CAEs. CAE “The audit committee wants the help and support of CFOs and CAEs.” www.theiia.org CAE Question #2 Where do you believe Internal Audit has the most opportunity to support the Audit Committee? a. Improved Risk Assessment b Furthering b. F th i E Enterprise t i Risk Ri k M Managementt (ERM) c. Helping p g the Audit Committee with meeting agendas and meeting preparation d. Evaluating Corporate Governance e. Providing proactive education and risk monitoring www.theiia.org Corporate Governance www.theiia.org Dynamics of Good Corporate Governance Corporate governance is the systems y and processes p an organization has in place to protect the interests of its diverse stakeholder groups, e.g. shareholders, employees, customers, vendors, community, etc. Corporate Governance FrameworkSM Board of Directors & Committees Legal & Regulatory Monitoring Communication Enterprise Risk Management Business Practices & Ethics Disclosure & Transparency www.theiia.org Why is It Important? • Meet Legal Requirements and Fiduciary R Responsibility ibilit tto IInvestors t • Attract & Retain Qualified People • Gain Community Support • Obtain a Competitive Advantage • Maintain/Improve / p Reputation p • Increase Stakeholder Return • Foster Trust www.theiia.org Benefits of Good Governance • Sets tone at top • Applies to all organizations o gani ations no matter matte where he e they are located • Applies to all individuals equally – within an organization and across organizations • Provides a way to realize the vision of mitigating risk and optimizing performance simultaneously in today’s regulatory environment • Pays for itself through increased shareholder returns www.theiia.org Other Reasons... Keeps CEO & CFO and others out of handcuffs “Former HealthSouth CFO Gets 27 Months” - MSNBC, September 22, 2005 www.theiia.org Other Reasons... Keeps CEO & CFO and others out of handcuffs “A Guilty Verdict: The Overview; Ex-Chief of WorldCom is Found Guilty in $11 Billion Fraud” - New York Times, March 16, 2005 www.theiia.org Other Reasons... Keeps CEO & CFO and others out of handcuffs “Ex-Tyco Executives Convicted” - Washington g Post,, June,, 18,, 2005 www.theiia.org Other Reasons... Provides better transparency to risk management Martha Stewart convicted of four felonies - USA TODAY TODAY, March 2004 www.theiia.org Other Reasons... Helps Board Members, CEOs & CFO’s avoid government oversight i ht and d actions ti www.theiia.org Internal Audit’s Role in Corporate Governance • New Institute of Internal Auditors (IIA) Internal Audit Standards (Section 2110): – Promote appropriate ethics and values within the organization. – Ensure effective organizational g p performance management g and accountability. – Effective communicating of risk and control information to appropriate areas of the organization. – Effective coordinating of activities and communicating information among the board, external and internal auditors and management. – Internal Audit should evaluate the design design, implementation and effectiveness of the organization’s ethics-related objectives, programs and activities. www.theiia.org CAE Question #3 How does Internal Audit reinforce good governance in your organization? (click on all that apply □ Deliver a risk based Internal Audit plan □ Conduct governance audits □ Provide governance training □ Review the h ethics h program and d activities □ Fostering communications and activities among g the board,, management, g , and external auditors www.theiia.org Performing Corporate Governance Audits • Audits should be conducted using an established framework Board of Directors & Committees • Alternative approaches: pp – Coordinate legal and governance aspects; Legal & – Rotate components reviewed; – Review internally every other year; and – Review externally every other year. www.theiia.org Regulatory Monitoring Communication Enterprise Risk Management Business Practices & Ethics Disclosure & Transparency Board of Directors & Committees • Assess Governance Structure • A Assist i B Boards d off Directors Di and Committees with updating their charters • Participate in Whistleblower claims evaluation process • Review determination of size and committee structure. • Review committees selfassessment process • Annual review of prior year’s corporate governance www.theiia.org Board of Directors & Committees Legal & Regulatory Monitoring Communication Risk & Performance Management Business Practices & Ethics Disclosure & Transparency Legal & Regulatory • Evaluate Management’s Section 302 & 404 certifications f • Perform a legal and regulatory compliance inventory and assessmentt evaluation l ti under d direction of legal counsel • Evaluate Shareholder Rights • Review reports on the company’s compliance with financial laws and regulations • Evaluate compliance monitoring functions and assess advantages of better coordination/interfaces www.theiia.org Board of Directors & Committees Legal & Monitoring g y Regulatory Communication Business Practices & Ethics Risk & Performance Management Disclosure & Transparency Business Practices & Ethics • Review the company’s code of conduct and ethics to determine if it establishes an environment to encourage a sense of honesty and integrity with employees and assess compliance Board of Directors Committees Legal & Regulatory Monitoring • Ensure the company has the appropriate procedures in place to handle confidential, anonymous complaints from employees • Review the development of Governance Performance measures • R Review i Foreign F i Corruption C i P Practices i Act compliance monitoring, fraud risk assessment, and management overrides assessment www.theiia.org Communication Business Practices & Ethics Risk & Performance Management Disclosure & Transparency Disclosure & Transparency • Review accounting policies and reporting requirements and understand the impact to financial statements Board of Directors • Assess adequacy of internal disclosures and transparency Committees Legal & Regulatory Monitoring • Assess adequacy of financial reporting controls evaluation structure • Review external reporting procedures (not just financial), financial) considering all stakeholders and their needs www.theiia.org Communication Business Practices & Ethics Risk & Performance Management Disclosure & Transparency Enterprise Risk Management • Evaluate the risk management oversight structure and sufficiency of supporting documentation • Evaluate the process to identify and prioritize key risk areas • Assess the process to proactively id tif emerging identify i risks i k • • • Review the company’s approach to managing risk and evaluate the process in place to monitor and manage those risks Assess the interrelationship of risk management monitoring activities to maximize performance Evaluate how management has demonstrated they have utilized risk management intelligence in managing the organization www.theiia.org Board of Directors Committees Legal & Regulatory Monitoring Communication Business Practices & Ethics Enterprise Risk Management Disclosure & Transparency Monitoring • Assess the integrated reporting capabilities • Assess the continuous improvement process • Evaluate the components of the Corporate Governance framework to verify that they are operating as designed • Review implementation of Internal Audit and other monitoring functions recommendations • Assess IA’s IA s structure and organization – QAR • Become the legs for Governance monitoring www.theiia.org Board of Directors Committees Legal & Regulatory Monitoring Communication Business Practices & Ethics Risk & Performance Management Disclosure & Transparency Communication • Assess communication processes • Review internal reporting procedures Board of Directors • Develop l curriculum/communicatio ns to inform employees of Governance policies • Review minutes of management meetings and verify issues are being brought to the attention of the Board www.theiia.org Committees Legal & Regulatory Monitoring Communication Business Practices & Ethics Risk & Performance Management Disclosure & Transparency Corporate Governance Scorecard Attributes Board of Directors & C Committees itt Legal & Regulatory Business Practices and Ethics Disclosure and Transparency Enterprise Risk Management Monitoring g Communication www.theiia.org Compliant Developed Advanced Corporate Governance: The Most Critical Risk To Audit Just ask the key stakeholders at: www.theiia.org CAE Question #4 Where do y you believe Internal Audit can have the most impact on Corporate Governance? a. There is little Internal Audit can do to audit governance b. There are a few things internal audit can do but basically y it is covered by y SOx 404 requirements c. There are many areas beyond just the SOx 404 entity level controls that Internal Audit can review for the board www.theiia.org Enterprise Risk Management Governance • Internal Audit • Audit Committee www.theiia.org ERM Defined COSO defines Enterprise Risk Management as: “… a process, effected by an entity's board of directors, management and other personnel, applied pp in strategy gy setting g and across the enterprise, p , designed to identify potential events that may affect the entity, and manage risks to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.” Source: COSO Enterprise Risk Management – Integrated Framework. 2004. COSO www.theiia.org Why a Governance Model for ERM? • Most ERM initiatives begin as a project for someone within ithi IA or finance fi • Typically, a pilot effort • It is not clear who has what responsibility • ERM programs stall • Internal Audit cannot own ERM • As the process matures, a management structure must evolve www.theiia.org Why Today? • More organizations are reviewing their ERM approach h – Market events – Competitive pressures – Rating agencies – Regulatory g y scrutiny y • Board members are asking more questions about ERM process www.theiia.org Most Frequent Board Concerns • • • • • What is ERM? Who is responsible? How should the board be involved? What is the role of the audit committee? What is the role of internal audit? www.theiia.org Why ERM Governance is a Challenge • No one best practice • No N one knows k how h to t gett started t t d and d who h is i in-charge • Evolving process – In most companies, a variety of risks are being managed in diverse ways – No clear links to broader business strategy – Establishing such links can cause confusion as to roles and responsibilities – Executive management believes they have structure in place to manage risk www.theiia.org Define Governance Roles with Greater Precision • Define ERM leadership team • Differentiate between company activities and board responsibilities • Define relationship between board, board committees, internal risk management, and Internal Audit www.theiia.org ERM Governance Process Corporate Management CEO Board of Directors Risks ERM Process & Risks Full Board BU Leaders ERM Process & Risks Risk Management Council ERM Process & Risks ERM Leadership Team Education ERM Process Monitor & Improve BU Individual Risk Owners/Champions BU Risk Owners #1 www.theiia.org BU Risk Owners #2 BU Risk Owners #3,#4.. Audit Committee CAE Question #5 Where does ERM stand in y your organization? g □ □ □ □ www.theiia.org Does not yet exist Recently started in past year 2+ years but not yet inactive M t Mature Audit Committee Chairman Roundtable Topics www.theiia.org April 2009 AC Topics • • • • • • • • Enterprise Risk Management Internal Audit CEO Pushback AC Self Assessment External Auditor Proximity Review and 302 Disclosure Executive Sessions IFRS www.theiia.org Viewer Questions Q www.theiia.org CPE Certificate • Registered g participants p p who have met the CPE requirements will access their certificate from the “Completed Courses” page in The IIA’s online learning system system, GEAR GEAR. • Certificates will be available for download in approximately one week. www.theiia.org Upcoming IIA Webinars June 25, 2009 IT Internal Audit Risk Assessment July 23, 2009 Making Sure Your Company is PCI Compliant Augustt 13 A 13, 2009 Contract Basics for Internal Auditors August 20, 2009 Title 31 and Suspicious Activity Reporting www.theiia.org Virtual Seminar Starting July 20th Risk-based Auditing: A Value Add Proposition Through case studies, group discussions, round tables, and supplemental lectures, this seminar will help audit team leaders and other management level audit professionals align their organizations’ strategies, visions, and values with the internal audit process. Furthermore, participants will come to understand the importance of corporate governance and enterprise risk management, while learning to identify risks, perform risk assessments, develop a risk-based assurance plan, l understand d t d entity-wide tit id controls, t l and d plan l a risk-based i kb d engagement. t What attendees can expect to learning: • Understand the importance of corporate governance and enterprise risk management • Identify risks to strategy • D fi Define key k business b i processes and d objectives bj ti • Perform a risk assessment • Develop a risk-based assurance plan • Understand entity-wide controls and their relevance in the audit plan • Plan a risk-based engagement g g To learn more about this exciting class visit www.theiia.org/e-learning www.theiia.org
© Copyright 2026 Paperzz