Enhancing Governance through IA Activities” IA’s Role in Ethics, Governance and Compliance

Presentation Outline Definition of Key Terms Evolving Role of the IA in Compliance Auditing Role of the IA and other key stakeholders (BOD/ EA and Management) in the Governance process and Ethics Important Aspects of Governance Auditing Important Aspects of Ethics Auditing •

IA DEFINED Internal Auditing is an independent, objective, assurance and consulting activity designed to add value and improve an organization's operations. IA helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes. ” The Institute of Internal Auditors

What is Governance IIA defines governance as a combination of processes and structures implemented by the BOD to inform , manage, direct and monitor the activities of an organization in pursuit of its objectives. Institute of IA

What is Compliance Auditing This is audit activities and processes aimed at assess an organization employees, board and stakeholders compliance with the laws, policies and procedures which governs them. It is a comprehensive review of an organization's adherence to regulatory/ mandatory guidelines.

Farlex Financial Dictionary. © 2012 Farlex, Inc What is Ethics Auditing An investigation into how well (or poorly) a company conforms to the ethical standards of its industry or society generally. An ethics audit may consider the company's own practices, how it redresses grievances, how it discloses its finances, whether it punishes whistleblowers, and even the general culture surrounding its business dealings. Farlex Financial Dictionary. © 2012 Farlex, Inc It is recommended that companies formally adopt a code of ethics and conduct periodic ethics audits to see how closely they follow their own rules.

IA’s role in Compliance Auditing

Elements of a Compliance Management System Designation of a compliance officer Policies Procedures (internal processes and controls) Regulatory change management Training Quality control (monitoring) Consumer complaint response process Audit Follow-up

IA a critical player an organisation Compliance function Internal Auditing function is the lifeblood of a company’s compliance program.   Internal auditors usually are the first to uncover improper payments.  In 2012, the US Justice Department settled two FCPA cases in which the internal auditors were most directly responsible for failing to act when they uncovered (or should have uncovered) improper payments.  On the other hand, there were several major disclosures in that year of potential FCPA violations as a result of findings made by internal auditors.

IA’s role evolving role in Compliance Auditing Some companies place the overall compliance function in the auditing department.  As we all know, that is a mistake. Compliance across the board Compliance officers and internal auditors are increasingly working hand-in-hand to oversee/ audit compliance.  Historically, internal auditors have adhered to a “materiality” standard when conducting internal audits.  That has changed, and will continue to change, in response to more aggressive legislation and oversight by regulatory agencies . Internal auditors are now applying a “blended” approach which includes not only “materiality” but extends to risks such as bribery, fraud and other financial misconduct.  Internal auditors are now employing more sophisticated sampling techniques and technology to try and identify trends and potential risks without conducting burdensome and time consuming audits of entire divisions of organizations.

IA’s role evolving role in Compliance Auditing Some companies place the overall compliance function in the auditing department.  As we all know, that is a mistake. Compliance officers and Internal Auditors are increasingly working hand-in-hand to oversee/ audit compliance.  Historically, Internal Auditors have adhered to a “materiality” standard when conducting internal audits.  That has changed, and will continue to change, in response to more aggressive legislation and oversight by regulatory agencies . Internal auditors are now applying a “blended” approach which includes not only “materiality” but extends to risks such as bribery, fraud and other financial misconduct.  Internal auditors are now employing more sophisticated sampling techniques to try and identify trends and potential risks without conducting burdensome and time consuming audits of entire divisions of organizations.

IA role in Governance and Ethics

Effective Governance Effective governance includes systems and associated processes and controls that promote ethics and values, performance and accountability, risk communication and coordination and communication among the board , external and internal auditors and management. To succeed an organization’s governance process must rest on four interrelated pillars BOD, EA. IA and Management

Board Essentially has 4 roles Governance- Role of Board Board Essentially has 4 roles Boards of directors are responsible for the governance of their companies. The responsibilities of the board include: setting the company’s strategic aims, providing the leadership to put them into effect, supervising the management of the business and reporting to shareholders on their stewardship. The board’s actions are subject to laws, regulations and the shareholders in general meeting.

Role of Audit Committees The audit committee can contribute to the success of internal auditors and the achievement of their value-added activities by ensuring that they have: 1. Sufficient independence from management by reporting to and being held accountable to the audit committee 2. Adequate resources, competence, and focus to assess the company’s operational efficiency, internal control effectiveness, ERM, and reliability of financial reports 3. Proper knowledge of the company’s corporate governance, internal control, financial reporting, and audit activities 4. The mechanisms and confidence to bring forward controversial reporting issues 5. A process for communicating directly with the company’s audit committee on a regular and timely basis 6. Access to the audit committee to discuss concerns related to management activities, financial reporting risk, and fraudulent financial reporting 7. Audit committee approval of the budget and staffing of the internal audit function.

Role of External Auditor The external auditor's responsibility is to provide assurance to the general public regarding the truth and fairness of the information presented in the organization's financial statements. Since the public relies heavily upon an audit opinion published by a public accounting firm to make investment decisions, it is imperative that they view accounting firms as being independent, objective and free from the influence of the audit client or any other parties.

IA ‘s Role in Governance and Ethics Institute of Internal Auditor’s (IIA) International Standards for the Practice of Internal Auditing Standard 2110 state that IA must assess and make appropriate recommendations on the Governance process and must specifically undertake an assessment” of an entity’s accomplishment of the following objectives: Promoting appropriate ethics and values within the organization; Ensuring effective organizational performance management and accountability; Communicating risk and control information to appropriate areas of the organization; and, Coordinating the activities of and communicating information among the board, external and internal auditors, and management.. IA have an obligation to assess governance ( ethics) it is not optional .

Framework for Effective Board Governance Structure Board and Processes Board and Committees have Charter with mandates which makes sense are approved and reaffirmed periodically Framework for Oversight and Accountability Attract and Retain Effective Directors Continuously strive to improve Board Performance Recognize and Manage Conflict of Interest Recognize and Manage Risk Oversee Strategy and its Implementation Oversee the organization's performance

Framework for Effective Board Governance Engage effectively with stakeholders Shareholders, Regulators, and the Community.  Approves significant transactions and event , ensure that they are consistent with the organizations' strategic direction. Oversee and evaluate the IA’s function Oversee and evaluate the relationship between the Internal and External Legal Counsel

Framework for Effective Governance Succession plan for an organization’s CEO and Executive Officers Have a Corporate Policy Framework to address major areas of risk (approved, reviewed and reaffirmed) Director recruitment and selection process, continuous education programs , board committee / director assessment. Ethics and whistle blowing policy and program.

Why Audit Ethics Auditing ethics programs ensures that an organization “walks the walk.” This is the way any business can safeguard itself against fraud by seeing that the practices that exist in its daily operations match up with the procedures it espouses in its policies and code of conduct.

Best Practice in Auditing Ethics Policies Matter Ensure you have the best possible policies in place before you begin. As your team conducts an ethics audit, they compare your policies as the ideal to the actual behavior of your employees. comparisons. Competent Team-Your auditing team must be cross-functional and highly skilled. By the Numbers Create metrics for your team to use. Your audit should be as quantitative as possible. Ethics audits will never be as quantitative as financial audits, but they do work best with tangible metrics.

Best Practice in Auditing Ethics Lean and Mean Ensure your team audits efficiently and minimizes disruption of normal operations. Warn all impacted employees in advance, provide schedules, and make sure there are no surprises for anyone. Talk Them Through It - Respond to all ethics violations with discipline that consistently follows your company procedures, codes of conduct, and policies, every single time. Train- Use anonymized examples of ethics violations for ethics trainings to prevent the same problems from recurring.

The Bottom Line Effective ethics auditing does more than protect your company. It offers opportunities for modeling ethical behavior and creating trust with employees. also allows you to inspire confidence in clients. Auditing governance , ethics and compliance programs is smart business. Failure to do it is a risk no one can afford. .

THANK YOU .