ASSURANCE MAPPING INTERACTIVE CASE STUDY APPROACH 20 APRIL 2016.

Slides:

Advertisements

Similar presentations

Organizational Governance

Advertisements

. . . a step-by-step guide to world-class internal auditing

EU funds’ evaluation plan , Latvia

Risk The chance of something happening that will have an impact on objectives. A risk is often specified in terms of an event or circumstance and the consequences.

W. Richard Frederick Governance Consultant. 1. Is the board effective, passive, or dysfunctional? 2. Is the board composition good?  Skills, experience,

Auditing, Assurance and Governance in Local Government

A Consultative Approach to Auditing

IMFO Audit & Risk Indaba June 2012

QUALITY ASSURANCE AND IMPROVEMENT PROGRAM (QAIP)

Audit Committee in Albania Legal framework Law 9226 /2006 “On banks in Republic of Albania” Law 9901/2008 “On entrepreneurs and commercial companies” Corporate.

The Role and Value of Internal Audit Association of Credit Union Internal Auditors September 26, 2012.

Areti Moularas, Senior Manager

Can records management improve governance in Government? Paul Mullon South African Records Management Forum April 2009.

IS Audit Function Knowledge

Internal Audit Practices A consolidation of suggested and applied models Punta del Este, Uruguay 28 October 2005.

Quality evaluation and improvement for Internal Audit

Office of Inspector General (OIG) Internal Audit

Purpose of the Standards

Enhancing Governance through IA Activities”

Audit Committees in Local Government FinPro Professional Development Seminar Linda MacRae Local Solutions Pty Ltd 25 October

BRIEFING TO THE PORTFOLIO COMMITTEE ON THE DPSA’S RISK MANAGEMENT STRATEGY PRESENTATION TO THE PORTFOLIO COMMITTEE 12 MAY

Emerging Latino Communities Initiative Webinar Series 2011 June 22, 2011 Presenter: Janet Hernandez, Capacity-Building Coordinator.

1 Portfolio Committee on Home Affairs Presentation on Internal Audit 19 April 2013 Building a New Home Affairs.

Internal auditing for credit unions Nuala Comerford, Chair IIA Irish Region Committee Pamela McDonald Council Member IIA Credit Union Summer School Thursday,

WHERE WE ARE 22 member associations in 20 countries Over 4300 individual members who are responsible for risk management and/or insurance in their organisations.

1 Charles Garbowski Senior Director Research March 16, 2007 R E S E A R C H K P M G L L P ACI Second Annual Global Audit Committee Survey.

The role and responsibilities of the EITI Board Members Sydney, 24 May 2013 Christian Fr. Michelet.

Equity Housing Group Risk Management. 05 August 2002 © MazarsEquity Housing Group: Risk Management 2 Agenda Introduction: what is Risk Management? The.

Improving Corporate Governance in Malaysian Capital Markets – The Role of the Audit Committee Role of the Audit Committee in Assessing Audit Quality.

Audit Committees: practices in the EU Manfred van Kesteren Bucharest, December 4th 2014.

Implementation Issues of Sarbanes-Oxley CASE Presentation September 23, 2004 By Denise Farnan.

Implementing and Auditing Ethics Programs

LINC 07 Administrators Conference Successful Board Partnerships Nora V. Murrant, FCA, FCBV.

World Bank Institute Regional Workshop for Anglophone Africa on Auditing and Financial Accountability Addis Ababa KEY ISSUES IN CREATING AN EFFECTIVE INTERNAL.

 Family Support Agency Family Resource Centre Review June 2009 Internal Audit Services.

FOURTH EUROPEAN QUALITY ASSURANCE FORUM "CREATIVITY AND DIVERSITY: CHALLENGES FOR QUALITY ASSURANCE BEYOND 2010", COPENHAGEN, NOVEMBER IV FORUM-

1 Internal Audit. 2 Definition Is an independent activity established by management to examine and evaluate the organization’s risk management processes.

1 The Auditor’s Role in Governance: Emulate, Evaluate, Educate Lori Cox, CIA, CGAP IIA Tucson Chapter President Director – Internal Audit, Pima Community.

Page 1 Committee presentation An overview of the external audit process and types of audits 12 May 2010.

REPORT TO THE PARLIAMENTARY PORTFOLIO COMMITTEE ON THE FINDINGS OF THE AUDITOR GENERAL AND THEIR RECOMMENDATIONS ON THE ANNUAL REPORT.

Board Leadership Seminar: The Corporation & Its Board September 15, 2015.

International Security Management Standards. BS ISO/IEC 17799:2005 BS ISO/IEC 27001:2005 First edition – ISO/IEC 17799:2000 Second edition ISO/IEC 17799:2005.

INTERNAL AUDIT 2015 ANNUAL REPORT Internal Audit Assurance Independent Objective Collaborative Compliance Controls Efficiency Accountability Transparency.

Legal Status and Governance  EAGC (Reg. 2006) is a limited liability Company by Guarantee. It has no share capital and no shareholders.  It dropped the.

PIC EU-28 Conference Paris, 26 – 27 November 2015 PIC An EU Approach Assurance Maps An Introductory workshop Nathan Paget United Kingdom.

The role and responsibilities of the EITI Board Members Lima, 23 February 2016 Christian Fr. Michelet.

Audit Committee in the Public Sector 30 September 2015 Corporate Executives: Barry Wheeler.

Fraud Risk – some context first Year ending September 2015 there were 604,601 fraud offences reported (ONS) The National Fraud Indicator report in 2013.

ICAJ/PAB - Improving Compliance with International Standards on Auditing Planning an audit of financial statements 19 July 2014.

Internal Audit Section. Authorized in Section , Florida Statutes Section , Florida Statutes (F.S.), authorizes the Inspector General to review.

Belgian Technical Cooperation Internal audit presentation.

Internal Audit Quality Assessment Guide

Internal Audit FINANCE LEARNING FORUM ICF Diakonia Centre April 23, 2015.

Effective Board Governance & role of the Audit Committee Presentation by Cluster Audit Committee – July / August 2012.

Hans Nieuwlands CIA CGAP CCSA CEO IIA Netherlands

Session objectives After completing this session you will:

Well Trained International

IIASA Governance Review

How to Survive an External Quality Assessment

SAPS Audit Committee 26 October 2016.

Project Charter START IT! By Catherine B. Calio, PMP

IA Reform Progress… Where we now?

Board of Directors Roles and Responsibilities

Response to Report on Local Government new risk management and internal audit framework for NSW councils.

the foundation for achieving our missions

Internal Audit’s Role in Preventing Fraud and Corruption

Portfolio Committee on Communications

Presentation transcript:

ASSURANCE MAPPING INTERACTIVE CASE STUDY APPROACH 20 APRIL 2016

Today’s Agenda Why do we need Assurance Mapping ? How do we sell ? How do we collaborate ? How do we implement ? Case study approach

Establishing the context

We have arrived …….

Case 1 – Assurance ? CAE was excited on his new role. He was reporting directly to the ARC (in line with the IIA standards) and administratively to the CEO. In his first Audit & Risk Committee, the Chair welcomed him and posed two questions: a)We don’t understand ‘reasonable assurance’ – can you define the same in the charter ? b)We have big budget constraints this year – do you think we have to redefine ‘reasonable assurance’ later if this continues ? c)We have responsibility to oversee risk management and compliance processes as well – will you define reasonable assurance on their behalf in our charter (because we have only one ARC charter) ?

Assurance - A statement or indication that inspires confidence Reason - a basis (which can be limited) or cause, as for some belief, action, fact, event, etc.: 1 Definition will not change Risk has to be accepted by AC and Board 2 Define only in the charter Respective procedure manuals will also define the same 3 Case 1 – Answers

Case 2 – Why should I build 2 nd line ? ARC chair instructed CEO to establish risk management and compliance functions. However, CEO has decided not to appoint any FTE for this role due to budget constraints. He has now decided to approach CAE with two options: 1.Establish the function and manage the same for one or two years; or 2.Establish the function and ‘handheld’ any temporary employee (or external consultant) to manage the same for some time until a FTE is on board. CAE cannot say no since the CEO has instructed him to do so. He knows that managing second line of defense is not his primary role. However he has the following dilemma: “ How can I audit the procedures later, if I have developed the same or assisted in developing the same ? and what does the CEO mean by ‘handheld’ ? How can I maintain my independence and split the time spent on RM ?”

In this case ARC will approve the procedures and CAE should place any audit recommendations (as a part of regular yearly update process) to ARC for their review and approval. 1 This is a common practice in an evolving GRC market that, IA takes the lead in developing key functions like RM and Compliance. It is advisable that IA provides limited assurance to ARC until such time they are responsible and later limit their assurance once these responsibilities are shifted. It is better to seek an understanding on roles,reporting and accountability while undertaking responsibility to establish such functions. 2 Case 2 – Answers

Case 3 – Roles and Responsibilities CEO (who is also an executive board member) finally appointed three new positions to manage – Risk, Quality and Compliance functions. CEO has also approved their job descriptions. However down the line, CAE had the following new challenges : a)Quality is mandated to perform ISO reviews across all functions including IA function. Now our CAE is thinking: “Can 2 nd line of defense audit 3 rd line of defense ?” b)ARC had asked CAE to prepare a combined assurance framework and get the same approved. However CAE is now confused because since the scope of work of RM and Quality has been approved by CEO, does it mean that the combined assurance framework has to be approved by CEO and ARC ? c)CEO has also asked the CAE to utilize RM and QM resources in performing IA work to save costs of recruiting one more IA resource.

IA has to conform with the requirements of ISO standards and the same has to be documented in the IA charter. Further, IA can audit Quality function as per their mandate, therefore there is no breach of independence. 1 CAE has to document the combined assurance framework in line with the approved (CEO) procedures of second line functions. However in case of any conflicts or issues related to the scope of work / roles of second line functions, he has to highlight the same to ARC. 2 Case 3 – Answers This should not be an issue as long as ARC is aware of the same and there are no independence issues. 3

Case 4 – Planning and Scope of Work CAE has decided to perform his annual risk assessment in line with IIA standards and local regulatory requirements. During the course of discussion with his colleagues (RM, QM and CM), he identified the following new constraints: a)RM framework is limited to monitoring only strategic risks across the organisation. However the IA methodology requires identifying risks across all domains namely strategic, operational, legal, financial etc. What value will combined assurance add in this case especially when the mandate is mutually exclusive? b)CEO believes that there is a fraud incident that may have occurred in procurement. He wants all the assurance providers to get involved in the risk assessment and revert on which assurance provider, should be held accountable for such a failure ?

IA has to exclude such risks which are monitored by RM and CM in their scope of work. However IA can audit the effectiveness of RM and CM functions. 1 This is a subjective case. Primary responsibility remains with first line of defense. However final control failures should be ascertained based on evidence and involvement. 2 Case 4 – Answers

THANK YOU