Internal Audit : Framework for the Management of Compliance Presentation at FMI meeting Sept. 2014.

Slides:



Advertisements
Similar presentations
Internal Audit and Risk Management Policy for the NSW Public Sector
Advertisements

Module N° 4 – ICAO SSP framework
IBM Corporate Environmental Affairs and Product Safety
EMS Checklist (ISO model)
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS.
Building blocks for adopting Performance Budgeting in Canada Bruce Stacey – Executive Director Results Based Management Treasury Board Secretariat, Canada.
Auditing, Assurance and Governance in Local Government
Agency Risk Management and Internal Control Standards Presentation to the Board of Visitors November 14, 2014.
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS.
It’s Time to Talk About Risk and Control
Sodexo.com Group Internal Audit. page 2 helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and.
QUALITY ASSURANCE AND IMPROVEMENT PROGRAM (QAIP)
Audit Committee in Albania Legal framework Law 9226 /2006 “On banks in Republic of Albania” Law 9901/2008 “On entrepreneurs and commercial companies” Corporate.
Presentation to ISACA Ottawa Valley Chapter Richard Brisebois, Principal November 9, 2010.
Environmental Management Systems An Overview With Practical Applications.
© 2013 Cengage Learning. All Rights Reserved. 1 Part Four: Implementing Business Ethics in a Global Economy Chapter 8: Developing an Effective Ethics Program.
Quality evaluation and improvement for Internal Audit
Office of the Auditor General of Canada The State of Program Evaluation in the Canadian Federal Government Glenn Wheeler Director, Results Measurement.
Purpose of the Standards
Australia’s Experience in Utilising Performance Information in Budget and Management Processes Mathew Fox Assistant Secretary, Budget Coordination Branch.
The Role of Risk Management and Assurance in Effective Organizational Governance Urton Anderson The University of Texas at Austin.
“The Impact of Sarbanes Oxley, An Evolving Best Practice” Ellen C. Wolf Senior Vice President & Chief Financial Officer American Water National Association.
PAINTING THE FULL PICTURE
Auditing Standards IFTA\IRP Audit Guidance Government Auditing Standards (GAO) Generally Accepted Auditing Standards (GAAS) International Standards on.
Elements of Internal Controls Preventing Fraud, Waste, and Abuse in Urban and Rural Transit Systems.
Control environment and control activities. Day II Session III and IV.
Internal Auditing and Outsourcing
Corporate Governance in Financial Institutions OCDE/IAIS/ASSAL Conference on Insurance Regulation & Supervision in Latin America Punta Cana, Dominican.
Session No. 3 ICAO Safety Management Standards ICAO SMS Framework
1.  The views expressed are those of the speaker and do not necessarily reflect the views of the Federal Reserve Board of Governors, or the Federal Reserve.
Staff Structure Support HCCA Special Interest Group New Regulations: A Strategy for Implementation Sharon Schmid Vice President, Compliance and.
ACADEMIC PERFORMANCE AUDIT
ISMMMO, Antalya April Internal Audit, Best Practices Özlem Aykaç, CIA,CCSA CAE Coca-Cola İçecek.
Improving Corporate Governance in Malaysian Capital Markets – The Role of the Audit Committee Role of the Audit Committee in Assessing Audit Quality.
CORPORATE COMPLIANCE Tim Timmons Vice President Compliance and Regulatory Services Health Future, LLC.
Developing an Effective Ethics Program
Implementation Issues of Sarbanes-Oxley CASE Presentation September 23, 2004 By Denise Farnan.
Monitoring Internal Control Systems Johann Rieser Senior Auditor, Ministry of Finance, Vienna.
© 2013 Cengage Learning. All Rights Reserved. 1 Part Four: Implementing Business Ethics in a Global Economy Chapter 9: Managing and Controlling Ethics.
Portfolio Committee Presentation Government printing Works Audit and Compliance 07 May 2013 Presented by: Chief Executive Officer.
Agency Risk Management & Internal Control Standards (ARMICS)
Role of the Board of Directors
Corporate Responsibility and Compliance A Resource for Health Care Boards of Directors By Debbie Troklus, CHC and Michael C. Hemsley, Esq.
Private & Confidential1 (SIA) 13 Enterprise Risk Management The Standard should be read in the conjunction with the "Preface to the Standards on Internal.
Copyright © 2007 Pearson Education Canada 1 Chapter 1: The Demand for Auditing and Assurance Services.
ACADEMIC PERFORMANCE AUDIT ON AREA 1, 2 AND 3 Prepared By: Nor Aizar Abu Bakar Quality Academic Assurance Department.
Portfolio Committee on Appropriations Audit of predetermined objectives 26 March 2013.
Indiana Regional Sewer District Association October 26, 2015.
Briefing to the Portfolio Committee on Economic Development Department on the audit outcomes for the 2013/2014 financial year Presenter: Ahmed Moolla October.
1 Integrated Risk Management: A Provincial Perspective Presentation by the Public Service Commission to the Portfolio Committee on Public Service and Administration.
Kathy Corbiere Service Delivery and Performance Commission
Tax Administration Diagnostic Assessment Tool MODULE 11 “POA 9: ACCOUNTABILITY AND TRANSPARENCY”
Implementation of Insurance Core Principles and FSAP Evaluations The Portuguese FSAP experience Gabriel Bernardino Instituto de Seguros de Portugal.
SOLGM Wanaka Retreat Health and Safety at Work Act 2015 Ready? 4 February 2016 Samantha Turner Partner DDI: Mob:
Briefing to the Portfolio Committee on the Department of Rural Development and Land Reform on the audit outcomes for the 2013/2014 financial year Presenters:
February, MansourahProf. Nadia Badrawi Implementation of National Academic Reference Standards Prof. Nadia Badrawi Senior Member and former chairperson.
Page 1 Portfolio Committee on Water and Environmental Affairs 14 July 2009.
Valiants Verify Compliance Program Judith W. Spain, J.D., CCEP ® Chief Ethics and Compliance Officer General Counsel (Effective March 2016) 1.
F8: Audit and Assurance. 2 Audit and Assurance Designed to give you knowledge and application of: Section A: Audit Framework and Regulation Section B:
1 “Good Practices in Managing for Results” Workshop Santiago, Chile October 27 th and 28 th, 2010 Benjamin Nelson Managing Director for Quality Office.
Shared Services and Third Party Assurance: Panel May 19, 2016.
SUNY Maritime Internal Control Program. New York State Internal Control Act of 1987 Establish and maintain guidelines for a system of internal controls.
The Role of Departments in the Implementation of the Government Agenda Concepts and Realities FMI Professional Development Day - June 7, 2016.
Understanding the Principles and Their Effect on the Audit
A Framework for Control
INTRODUCTION TO Compliance audit METHODOLGY and CAM
SAPS Audit Committee 26 October 2016.
Monitoring and Evaluation using the
2017 Administration and Finance Conference
Evaluation in the GEF and Training Module on Terminal Evaluations
Presentation transcript:

Internal Audit : Framework for the Management of Compliance Presentation at FMI meeting Sept. 2014

The Framework for the Management of Compliance - along with the Foundation Framework for Treasury Board Policies and the Framework for the Management of Risk - is one of the key architectural elements of the Treasury Board suite of policies. Core responsibilities of the Deputy head within a department include ensuring compliance with legal and Treasury Board policy requirements. Generally performed through an attestation exercise, with oversight and monitoring & reporting. Background 2

Compliance: Executive committee sets expectation and effort (tone) Engage functional community (performance/compensation) Review inventory of ‘TBS and internal’ policies – Relevance, requirements, accountabilities, current monitoring & reporting, consequences of non-compliance, gaps analysis – Develop risk assessment process/tool – Conduct risk assessment of all policies and rank Monitor and report (risk-based approach) (ADM level statements) Feedback mechanism (audit) Non-compliance: Review instances of non-compliance Risk rate the consequences (tone) Develop monitoring approach Report all non-compliance and measures taken to address 3 EX: Framework for Management of Compliance

In 2012, CIC launched an exercise through which functional authorities could attest to their compliance to policy suites, acts, and regulatory requirements. To initiate this, an analysis was performed to determine which Treasury Board policies apply to CIC, and accountabilities by functional area were assigned. An annual compliance attestation exercise has been established to inform the Department’s management of compliance. The self-assessments requested as part of the compliance attestation exercise were not formally challenged or based on risk. Performance requirements against compliance are not formalised. Issues related to non-compliance are addressed on an ad hoc basis. With the completion of this first exercise to assess compliance, CIC has initiated activities to formally assign accountability for Treasury Board policy domains, but a comprehensive framework for oversight, monitoring or reporting on compliance has not been established. 4 Summary of Findings

1.CIC should develop a risk-based oversight framework for monitoring compliance to TB policies. This should include: – accountability for development and implementation of the framework; – risk-ranking and risk tolerance for Treasury Board policies; – accountability for individual policy compliance (including shared when relevant); – documentation requirements to support compliance assessments; – monitoring of activities; and – reporting requirements including pre-determined frequency of reporting. 2.CIC should develop and implement measures to identify and report on non-compliance and the adequacy of the actions taken in a situation of non-compliance with Treasury Board policy requirements. 5 Recommendations

TB Framework for the Management of Compliance TB Foundation Framework for Treasury Board Policies Cadre stratégique sur la gestion de la conformité du CT Cadre principal des politiques du CT 6 References

The objective of the audit was to provide assurance to senior management that effective practices are in place within CIC for the management of compliance with Treasury Board policy requirements. In order to limit the scope, the audit did not include legislative requirements specific to CIC or a subset of government departments, but rather focused on government-wide policy requirements issued by Treasury Board. The audit examined activities from June 1, 2012 to August 31, It also reviewed documents from related to central and independent agency reporting requirements and Policy Suite Renewal, a departmental exercise launched in to simplify and reduce the number of CIC Frameworks, Policies and tools. The audit criteria developed for this audit are included below. Annex: Audit Objective, Scope and Procedures 7

The audit sought evidence that: Governance: – An oversight regime exists to ensure all relevant Treasury Board policy requirements are respected in line with Treasury Board policy expectations. Risk Management: – CIC policies and procedures and monitoring practices over Treasury Board policy requirements have been designed with consideration of risk. Internal Controls: – Approval processes, procedures and control systems of CIC are in line with Treasury Board policy requirements. Annex: Areas of Engagement 8

Governance 1 – An analysis has been done to determine policies relevant to CIC and an appropriate framework of oversight has been determined based on risk. 2 – For policies relevant to CIC, accountability has been assigned and performance management includes compliance considerations. 3 – The results of monitoring of Treasury Board policy compliance are reliable, risk-based and are reported to those with an oversight responsibility, and action is taken when appropriate. 4 – CIC has measures in place to ensure that non-compliance and the nature of the consequences and their severity are commensurate with the nature of the non-compliance. Risk Management 5 – CIC policies and procedures are commensurate with the associated risk of non-compliance with Treasury Board policy. 6 – Policies and procedures foster an organizational environment conducive to innovation and informed risk-taking. Internal Controls 7 – Departmental frameworks for internal controls and management practices are designed to be efficient, transparent, understood and supported in CIC, and, where applicable, are in line with Treasury Board policy requirements. 8 – Employees are trained and have access to learning opportunities and relevant information to increase their awareness and knowledge of applicable Treasury Board policy requirements. 9 Annex : Audit Criteria