CAE Communications with the Audit Committee State of Oregon CAE Training Salem, Oregon November 3, 2010.

Slides:



Advertisements
Similar presentations
Organizational Governance
Advertisements

. . . a step-by-step guide to world-class internal auditing
PRESENTATION ON MONDAY 7 TH AUGUST, 2006 BY SUDHIR VARMA FCA; CIA(USA) FOR THE INSTITUTE OF INTERNAL AUDITORS – INDIA, DELHI CHAPTER.
Auditing, Assurance and Governance in Local Government
IMFO Audit & Risk Indaba June 2012
Supervisory Committee Communications with Management and the Board
It’s Time to Talk About Risk and Control
Branding and Promoting Internal Audit Salem Chapter of the IIA Salem, Oregon November 3, 2010.
The Role and Value of Internal Audit Association of Credit Union Internal Auditors September 26, 2012.
CBIZ Risk & Advisory Services, LLC 1 Quality Assessments Lessons Learned/Best Practices Thomas A. Johnson, CIA November 13, 2007.
2011 Governance, Risk, and Compliance Conference August 29 – 31, 2011 / Orlando, FL, USA The Top Four Essential Objectives to Auditing ERM Stephen E. McBride,
Eliot M. Stenzel, CPA,CIA IIA Instructor for many years Risk Based Auditing.
By Collin Smith COBIT Introduction By Collin Smith
PwC Role of Internal Audit in Corporate Governance September 2010 Tumin Gültekin, Partner.
IS Audit Function Knowledge
1 Strategies to Maintaining Internal & External Relationships The Institute of Internal Auditors April 13, 2004 Xenia Parker, CIA, CISA, CFSA Principal.
Quality evaluation and improvement for Internal Audit
External Quality Assessments
Purpose of the Standards
PAINTING THE FULL PICTURE
Audit Committees in Local Government FinPro Professional Development Seminar Linda MacRae Local Solutions Pty Ltd 25 October
Control environment and control activities. Day II Session III and IV.
Corporate Governance: Beyond Compliance at a time of Recession Prof. Ashley G. Frank BA(Econ)[Magna Cum Laude], MDPA (Cum Laude], MBA, MCom [Cum Laude],
Internal Auditing and Outsourcing

D-1 McGraw-Hill/Irwin ©2005 by the McGraw-Hill Companies, Inc. All rights reserved. Module D Internal, Governmental, and Fraud Audits “I predict that audit.
Creating National Values with Global Accumulations 11 th Turkey Internal Audit 9 th November, 2007 Istanbul Accountability: Value that only Internal Auditing.
Internal Audit within the Financial Services Authority
Internal Audit Role in Order to Develop an Ethical Corporate Culture as a Competitiveness Factor A.I.I.A. - Internal Auditing body Università degli Studi.
Section Topics Establish a framework for assessing risk
CDS Operational Risk Management - October 28, 2005 Existing Methodologies for Operational Risk Mitigation - CDS’s ERM Program ACSDA Seminar - October 26.
Introduction In 1992, the Committee Of Sponsoring Organizations of the Treadway Commission (COSO) published Internal Control-Integrated Framework (1992.
World Bank Institute Regional Workshop for Anglophone Africa on Auditing and Financial Accountability Addis Ababa KEY ISSUES IN CREATING AN EFFECTIVE INTERNAL.
An Integrated Control Framework & Control Objectives for Information Technology – An IT Governance Framework COSO and COBIT 4.0.
Taking the STANDARDS Seriously... what they are and why they are so critically important to internal audit professionalism.
BPK Strategic Planning: Briefing for Denpasar Regional Office Leadership Team Craig Anderson Ahmed Fajarprana August 11-12, 2005.
The Institute and the Profession: 1 Personalize your title and presenter here. The Institute and the Profession The Institute and the Profession: 1.
Private & Confidential1 (SIA) 13 Enterprise Risk Management The Standard should be read in the conjunction with the "Preface to the Standards on Internal.
The views expressed in this presentation do not necessarily reflect those of the Federal Reserve Bank of New York or the Federal Reserve System Association.
The Connection between Risk Management and Internal Control in Organizations Mag. Norbert Wagner Budapest,
INTERNAL AUDIT AND INVESTIGATION SERVICES PRESENTATION TO THE PORTFOLIO COMMITTEE ON THE UNIT’S ACTIVITIES FOR THE YEAR ENDING 31 MARCH 2006 Z MXUNYELWA,
1 The Auditor’s Role in Governance: Emulate, Evaluate, Educate Lori Cox, CIA, CGAP IIA Tucson Chapter President Director – Internal Audit, Pima Community.
Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved.McGraw-Hill/Irwin.
“How can audit committees ensure that they derive value from their internal audit function”.
1 Strategic Plan Review. 2 Process Planning and Evaluation Committee will be discussing 2 directions per meeting. October meeting- Finance and Governance.
Company: Cincinnati Insurance Company Position: IT Governance Risk & Compliance Service Manager Location: Fairfield, OH About the Company : The Cincinnati.
Internal/External Audit Corporate Governance part 5.
Board Chair Responsibilities As a partner to the chief executive officer (CEO) and other board members, the Board Chair will provide leadership to Kindah.
Continuous Monitoring and Gaining External Audit Reliance.
PIC EU-28 Conference Paris, 26 – 27 November 2015 PIC An EU Approach Assurance Maps An Introductory workshop Nathan Paget United Kingdom.
Audit Committee in the Public Sector 30 September 2015 Corporate Executives: Barry Wheeler.
1 Emerging Issues in Internal Audit Charles Ndegwa.
ICAJ/PAB - Improving Compliance with International Standards on Auditing Planning an audit of financial statements 19 July 2014.
Scottish Local Authority Chief Internal Auditors Group Conference - June 2013.
Internal Audit Section. Authorized in Section , Florida Statutes Section , Florida Statutes (F.S.), authorizes the Inspector General to review.
What the Audit Committee Needs to Know State of Oregon Audit Committee Training Salem, Oregon November 3, 2010.
ASSURANCE MAPPING INTERACTIVE CASE STUDY APPROACH 20 APRIL 2016.
Organizations of all types and sizes face a range of risks that can affect the achievement of their objectives. Organization's activities Strategic initiatives.
Internal Audit Quality Assessment Guide
SADCOPAC Conference Accountability and Transparency in SOEs– opportunities and challenges for the Public Accounts Committees. September 2012.
What the Audit Committee Needs to Know
Board Roles & Responsibilities
Hans Nieuwlands CIA CGAP CCSA CEO IIA Netherlands
IIASA Governance Review
How to Survive an External Quality Assessment
TechStambha PMP Certification Training
Kode Etik dan IA Standard Dr Rilla Gantino, SE., AK., MM
Following Up on Internal Audit Reports Workshop on IIA Standard 2500
Association of International Bank Audit
Taking the STANDARDS Seriously
Presentation transcript:

CAE Communications with the Audit Committee State of Oregon CAE Training Salem, Oregon November 3, 2010

2 Training Objectives Assess the power of face-to-face meetings with the Audit Committee and its Chair Determine what the Audit Committee wants and needs Consider approaches on reporting to the Audit Committee regarding  Audit Plan  Audit Engagements  Investigations  Issue tracking  Internal Audit operations  Organizational strategy

3 Agenda 1. Power of face-to-face meetings 2. What the Audit Committee wants and needs 3. Reporting on the Audit Plan 4. Reporting on Audit Engagements 5. Reporting on Investigations 6. Reporting on Issue Tracking 7. Reporting on Internal Audit Operations 8. Reporting that contributes to Organizational Strategy

Power of Face-to-Face Meetings Unit 1

5 Credibility The quality, capability, or power to elicit belief The quality of being believable or trustworthy Given credibility: derives from external validation Acquired credibility: earned through interaction

6 Credibility Builders Deliver on commitments Present information that is meaningful, accurate, and timely Be responsive Be honest and transparent about capabilities

7 Trust Firm reliance on the integrity, ability, or character of a person or thing Built over time by evidence and through contact Build relationships when issues are not pressing, e.g. over lunch

What the Audit Committee Wants and Needs Unit 2

9 Audit Committee Reporting Internal audit planning Internal audit results Issue tracking Internal audit operations Audit Committee education Organizational strategy

10 International Professional Practices Framework Require board communications  1000 Purpose, Authority, and Responsibility  1110 Organizational Independence  1111 Direct Interaction with the Board  1320 Reporting on the Quality Assurance and Improvement Program  2020 Communication and Approval  2110 Governance  2440 Disseminating Results

11 Audit Charters Samples of both audit committee and internal audit charters available from the IIA Both include mandates requiring communications with the Audit Committee

12 Communications Plan Example TopicAudit observations ModeHigh risk – full report Medium risk – summary Low risk – simple list FrequencyQuarterly DatesJan 8, Apr 8, Jul 8, Oct 8

13 Two Questions for the AC What do you want less of? What do you more of?

Reporting on the Audit Plan Unit 3

15 Objectives for Reporting on Audit Planning Informs audit committee (AC) of the risk universe as you define it Informs the AC what you will cover Informs the AC what you will not cover Demonstrates how your audit plan is aligned with your risk-assessment methodology Explains how your plan does or does not support your ability to render an opinion Informs the AC how you will deploy resources Measures productivity of the internal audit

16 High Performance Business Model Monitoring Risks/Controls Objectives/Metrics Governance/Organization/Processes Strategy/Risks Vision/Values/Culture

17 Governance Model Strategy Monitoring & Communication Enterprise Risk Management Transparency & Reporting Ethics & Business Conduct Legal, Regulatory, Standards Roles and Responsibilities

18 Other Considerations Focus Lists Dynamic audit plans Including other assurance coverage  External Auditor  Regulators  Compliance groups  Management self-assessments

19 Small-Group Activity What are the opportunities to make the risk assessment and planning processes more robust and add more value to the enterprise?  What are the underserved needs of the audit committee and executive management?  Does your process comply with standards, e.g. Governance and Risk Management?  Do you have a definable, repeatable risk-assessment process that has been reviewed with the audit committee and executive management?  Do you develop both an unconstrained and constrained plan for audit committee review?  What other organizations are providing risk assurance work? Are they included in your plan? Should they be?

Reporting on Audit Engagements Unit 4

21 Different Approaches All reports in full Only significant reports Only executive summaries Summary of observations

22 Considerations What do you want the AC to focus on? What do they want: more detail, less detail? How much time do you have for the presentation? How skilled are you and your writers? How effective is the staff at writing reports that convey the messages you want to get across? Do you rate observations or reports?

Reporting on Investigations Unit 5

24 Investigations by IA or Others Internal audit usually gets the “Big Three”  Big people  Big money  Big issue May be in conjunction with legal, security, procurement, IT, others

25 Considerations How will you separate noise from issues? How will you report on trends that emerge? What level of detail is the AC seeking?

26 Typical Summaries Number of allegations by time period or business unit Nature of allegations, e.g. theft, conflicts of interest, ethical violations Number open, in progress, closed Recommended actions, e.g. letter to file, pay cut, termination, referral to police

Reporting on Issue Tracking Unit 6

28 Tracking Parameters Aging of open issues Reset resolution dates Risk-rating Risk category: strategic, reporting, operational, compliance Processes Business units Geographies

29 Audit Process Definition The audit process begins with the timely identification of risks to an entity's strategic, reporting, operational, or compliance objectives…The audit process ends when the audit committee has accepted management actions to manage observed residual risks to within the risk appetitive of the entity.

30 Repeat Audit Observations Defect in the audit process Inability to focus audit committee on management’s inattention Residual risk in excess of the entity’s risk appetite

31 Considerations Invite managers with overdue open issues to the audit committee to explain delays

Reporting on Internal Audit Operations Unit 7

33 General Reporting Topics Risk Assessment Methodology Staffing and Staff Development Budget  Salaries  Co-sourced resources  Training and development  Technology investment  Travel Quality Assurance and Improvement Process

Reporting that Contributes to Organizational Strategy Unit 8

35 Audit Committee Training Audit Committee best practices Regulatory environment Risk and control models Governance and ERM

36 Becoming More Strategic Ensure risk assessment is aligned with the entity’s strategy Seek ways to add value that are not focused on compliance and financial reporting Focus on the foundation of the business model

37 High Performance Business Model Monitoring Risks/Controls Objectives/Metrics Governance/Organization/Processes Strategy/Risks Vision/Values/Culture

38 Are you focused on the right risks? How value is destroyed in companies Where are your audit resources focused? PwC Advisory, An Opportunity for Transformation, 2008 Strategic 60% Operational 20% Financial 15% Compliance 5%

39 Small-Group Activity Where are your audit resources focused?  In your group, reach consensus on the percentage of your resources assigned to strategic, operational, financial, and compliance risk?  Identify 3 risk areas where you could be more strategic.

40 Questions for your Chief Audit Executive What is the criteria for establishing the annual and long-range audit plan? What assurance do you have that you are in compliance with Standards? Does your risk assessment include all known risks to the organization? How do you prioritize IA efforts? Are there areas of high priority where IA work has been deferred?

41 Questions for your Chief Audit Executive What is the level of respect internally for IA? What are management’s practices for responding to IA reports? Who in management has reviewed the risk assessment? What risk factors do you consider in developing the audit plan? How will you provide assurance for governance processes?

42 Questions for your Chief Audit Executive Has IA identified areas of serious concern relative to the corporate internal control environment? Are there other matters that you believe should be of concern to the committee? Putting yourself in the audit committee’s position, are there questions you believe we should ask?

43 Questions for your Chief Audit Executive What processes are not being assured this year due to resource constraints? What processes have never been assured? What are your risk-assessment and risk- based auditing methodologies? What professional certifications do you and the staff hold, e.g. CPA, CIA, CISA? What are the metrics to ensure the audit processes meet objectives?

44 Questions for your Chief Audit Executive How much resource and time does it take to publish a final audit report? What is the process to follow with management to complete actions to resolve residual risk? How do you track and report aged open actions? Do you believe that management is taking risk beyond their delegation levels or in excess of the organization’s risk appetite?

45 Implications Audit committees are concerned about risk management and governance Internal audit improve their standing in the enterprise with assurance and consulting activities in these areas Developing a strategy is essential  To include communications plan for the audit committee

46 Contact Information Jim Key, Partner Shenandoah Group, L.L.P. PO Box 1323 Beaufort, SC U.S.A

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.