PAINTING THE FULL PICTURE

Slides:



Advertisements
Similar presentations
Internal Audit and Risk Management Policy for the NSW Public Sector
Advertisements

Organizational Governance
. . . a step-by-step guide to world-class internal auditing
Risk Management at Harvard – Panel Discussion Harvard IT Summit
Rob Kella - Chief Risk Officer
Risk The chance of something happening that will have an impact on objectives. A risk is often specified in terms of an event or circumstance and the consequences.
Auditing, Assurance and Governance in Local Government
IMFO Audit & Risk Indaba June 2012
Chapter 10 Accounting Information Systems and Internal Controls
Risk Management and Internal Controls ASSAL 20 November 2014 Annick Teubner Chair, IAIS Governance Working Group.
It’s Time to Talk About Risk and Control
Introduction to Enterprise Risk Management (ERM)
Sodexo.com Group Internal Audit. page 2 helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and.
Executive Insight through Enhanced Enterprise Risk Management Leverage Value From Your Risk Management Investment.
Tax Risk Management Keeping Up with the Ever-Changing World of Corporate Tax March 27, 2007 Tax Services Bryan Slone March 27, 2007.
AUDIT COMMITTEE FORUM TM ACF Roundtable IT Governance – what does it mean to you as an audit committee member July 2010 The AUDIT COMMITTEE FORUM TM is.
PwC Role of Internal Audit in Corporate Governance September 2010 Tumin Gültekin, Partner.
Enterprise Risk Management in DHHS
Quality evaluation and improvement for Internal Audit
Australia’s Experience in Utilising Performance Information in Budget and Management Processes Mathew Fox Assistant Secretary, Budget Coordination Branch.
The Role of Risk Management and Assurance in Effective Organizational Governance Urton Anderson The University of Texas at Austin.
“The Impact of Sarbanes Oxley, An Evolving Best Practice” Ellen C. Wolf Senior Vice President & Chief Financial Officer American Water National Association.
1 Business Continuity and Compliance Working Together Kristy Justice, AVP WaMu Card Services 08/19/2008.
Corporate Governance: Beyond Compliance at a time of Recession Prof. Ashley G. Frank BA(Econ)[Magna Cum Laude], MDPA (Cum Laude], MBA, MCom [Cum Laude],
COBIT® 5 for Risk Introduction
Information Technology Audit
Project Human Resource Management
WHERE WE ARE 22 member associations in 20 countries Over 4300 individual members who are responsible for risk management and/or insurance in their organisations.
Challenges Faced in Developing Audit Plans and Programs 21 st March, 2013.
COMMON CHALLENGES AND SOLUTIONS IN ERM IMPLEMENTATION TO IMPROVE MUNICIPAL CLEAN ADMINISTRATION PROCESS. M.J. RAMAKGOLO (CCSA)
The role of internal audit in enterprise-wide risk management (ERM)
D-1 McGraw-Hill/Irwin ©2005 by the McGraw-Hill Companies, Inc. All rights reserved. Module D Internal, Governmental, and Fraud Audits “I predict that audit.
1 Enterprise Risk Management (ERM) Program PNM Resources, Inc. March 29, 2007 Presentation to American Public Power Association March 2007 Austin, Texas.
IT Risk Management, Planning and Mitigation TCOM 5253 / MSIS 4253
“ Heightened Expectations” for Corporate Governance AIBA 2 nd Annual Compliance Seminar June 14, 2012 Lester Miller, Senior International Advisor International.
Strengthening Good Governance in the Public Sector Antony Melck University of Pretoria.
CDS Operational Risk Management - October 28, 2005 Existing Methodologies for Operational Risk Mitigation - CDS’s ERM Program ACSDA Seminar - October 26.
F INANCIAL S ERVICES Institute of International Bankers Enterprise Risk Management October 29, 2007.
Moving forward with combined assurance
Private & Confidential1 (SIA) 13 Enterprise Risk Management The Standard should be read in the conjunction with the "Preface to the Standards on Internal.
The views expressed in this presentation do not necessarily reflect those of the Federal Reserve Bank of New York or the Federal Reserve System Association.
1 OMB Circular A-123 Lessons Learned: Strategies for Sustained Compliance and Outlook for the Future Presented by Frank Petersen, Director Office of Quality.
The Connection between Risk Management and Internal Control in Organizations Mag. Norbert Wagner Budapest,
© 2003 DelCreo, Inc. All rights reserved. | U.S. Toll-free 866.DELCREO | International 001/ |
Bank Audit. Internal Audit Internal audit is an independent, objective assurance activity and can give valuable insight in providing assurance that major.
Where Do We Go From Here: Risk Management after the Financial Meltdown Kevin McCabe Wells Fargo Audit Services EVP & Chief Auditor FIRMA 24 th National.
S3: Understanding the Business. Session objective To explain why understanding of the business of the entity is important for the auditor To explain why.
Kathy Corbiere Service Delivery and Performance Commission
CAS Spring Meeting June 2007 Introduction to ERM …The Measurements, Quadrants, Tools, and Solutions Prof. Mark C. Vonnahme Fox Family Clinical Professor.
12-CRS-0106 REVISED 8 FEB 2013 APO (Align, Plan and Organise)
Copyright © 2007 Pearson Education Canada 9-1 Chapter 9: Internal Controls and Control Risk.
Audit Committee in the Public Sector 30 September 2015 Corporate Executives: Barry Wheeler.
Organizations of all types and sizes face a range of risks that can affect the achievement of their objectives. Organization's activities Strategic initiatives.
Shared Services and Third Party Assurance: Panel May 19, 2016.
Embedding the golden threads that lead to quality care every time……
An Overview on Risk Management
ENTERPRISE RISK MANAGEMENT IN THE CASE OF THE FINANCIAL SERVICE SECTOR
IIASA Governance Review
Audit & Risk Management
SAPS Audit Committee 26 October 2016.
Internal Audit Strategy Survey Results & Discussion
2017 Administration and Finance Conference
Corporate Governance It is a system by which companies are managed and directed in the best interests of the owners and shareholders. It refers to the.
CORPORATE & ACADEMIC GOVERNANCE STRUCTURE
PAINTING THE FULL PICTURE
An overview of Internal Controls Structure & Mechanism
REPUBLIC OF SOUTH AFRICA (RSA) APPROACH TO THE COSO COMPONENTS 2 & 3 AND THE 3 LINES OF DEFENCE (COMBINED ASSURANCE) Presenter: Pulane Mkhize | National.
Operational Risk Management
Portfolio Committee on Communications
Document CWG-FHR-10/8 4 September 2019 English only
Presentation transcript:

PAINTING THE FULL PICTURE COMBINED ASSURANCE INTEGRATING THE DIFFERENT ROLE PLAYERS INTERNAL AUDIT RETREAT – MPUMALANGA AUGUST 2013

Our Approach Today!!! Defining combined assurance Classes of assurance providers Key objectives of a combined assurance framework Effectiveness on current assurance Designing a model Achieving the Goal Strengths to build on What can we improve upon? Linking Assurance to performance ? – if any.

Combined assurance per the standard... King III defines Combined assurance as follows: Integrating and aligning assurance processes in a organisation to maximise risk and governance oversight and control efficiencies, and optimise overall assurance to the audit and risk committee, considering the company’s risk appetite. Role of the audit committee: The audit committee should ensure that a combined assurance model is applied to provide a coordinated approach to all assurance activities The audit committee should ensure that the combined assurance is received is appropriate to address all the significant risks facing the company. The relationship between the external assurance providers and the company should be monitored by the audit committee. Role of Internal Audit: King recommends that Internal audit should form an integral part of the combined assurance model as internal assurance provider.

Classes of Assurance Providers Those who report to management Executive Committee Management functions, Over sight Committee Preventative and Detective Control Control Self Assessments Enterprise risk Management External Auditors Heath and Safety Internal Audit Legal and Compliance SABS – Quality Assurance Company Secretary Providers etc Management External Internal

What is combined assurance? Integrating assurance processes in a company to: maximise risk and governance oversight and control efficiencies, and optimise overall assurance to the audit and risk committee, considering the organisation's risk appetite ASSURANCE Corporate strategy Control Risk Risk Appetite Strategic Objectives

SO combined Assurance is Nothing more than formalising the process to assess and provide assurance over the adequacy and effectiveness of the control environment to manage risks resulting from the overall business strategy OR A co-ordinated approach that ensures that all assurance activities provided by management, internal assurance providers and external assurance providers adequately address significant risks facing the company and that suitable controls exist to mitigate these risks

Key Objectives of the Framework Coordinating the efforts of management, internal and external assurance providers Optimise Assurance Coverage Extent to which risks have been fully identified and responded to based on an organisation or Departments objective Systematic assessment of Key risks associated with strategic objectives Assurance to the executive authority or board in making their statements on internal control in the integrated report. Support the audit committee in assessing the effectiveness of internal financial control Provide context of the impact of inadequate and ineffective control Quantitative and qualitative impact of control breakdown on the overall control environment.

Effectiveness of Assurance Legal and Governance EXCO Board and AC Right Forum? Right Information? Repetition? Too much Information? Stakeholder Com - Treasury Risk Com CFO BRANCH MAN CO – E.G Budget Project Com

DESIGNING A MODEL Agree on a common universe and acceptable methodology to ensure credibility Identify who provides what on which risks? Analyse the different roles and quality of assurance and GAPS What assurance to be provided – and by whom? Identify key risk

BLUE PRINT Who is the risk champion? Who in this scenario can present to top management? BLUE PRINT = Risks coverage, per assurance provider to the right governance structure National Treasury Model

Questions to ponder? – achieving the goal Develop a combined assurance framework Align the existing governance model to leading practice Assess the effectiveness of the risk management framework and processes and enhance risk governance, infrastructure and ownership (risk governance, risk framework and methodologies, risk appetite and tolerance, risk assessments, risk mitigation and control remediation) Assess the overall effectiveness of assurance providers including External audit, Internal Audit Regulatory compliance, and Risk management (role, position, people, processes, and performance) Identify key risks across the business Integrating and aligning the Internal controls framework in an organisation Assess the design, implementation and effectiveness of entity level controls Document processes and assess the design and implementation of key controls Test the effectiveness of key controls Develop the overall assurance and related materiality framework and approach for Internal Audit in supporting it’s overall level of assurance to the Audit Committee Support Internal Audit in assessing the level of assurance in its written assessment to the Audit Committee

strengths to build on A combined assurance approach is mostly already in place – to an extent – which is a good starting point. The approach typically requires some further tweaking and embedding into the day to day business activities. A three lines of defence assurance model is typically already established, where the first, second and third line assurance providers are already involved in the business with their roles being fairly mature (except perhaps for the management self-assessments). An ERM framework is mostly already in place. This integrates the business objectives with business processes and key risks. A Financial control framework and IT governance is often already in place, however not tied into the ERM and expanded to also cover non-financial controls, and not necessarily integrated

What can we improve upon? Enhancing transparency in terms of overall (combined) assurance results (data vs information for decision making) The combined assurance scope mainly covering financial risks, should cover all material risks. Structuring of the combined assurance team, oversight. Overall combined assurance framework not always in place or not integrated. Management Self Assessments (MSA’s) not always in place - this may be an efficient way of bedding accountability down and establishing a stronger risk / control culture.

Linking Assurance to performance Golden thread between strategy, risks, conrol and performance Risk control – relationship What are the risks to and of the strategy? How do we control/manage those risks? Effective risk management = a better chance of achieving objectives. Achieving Objectives (EEE) = Performance Providing PoE is only 1 measure of success.

? THANKYOU FOR LISTENING

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.