DAA and GEP Orlando Audit & Compliance or Audit vs. Compliance
DAA and GEP Orlando Debbie Austin – CTCP, CFSA, VP Fiduciary Compliance Manager PNC Bank, Philadelphia, PA Gary Pelcak – CTA, CFSA, CFE Chief Audit Executive Central National Bank, Junction City, Ks
DAA and GEP Orlando AGENDA Introduction Rules of Engagement Differences and Similarities Role of Audit and Compliance in today’s Environment The relationship of continuous Auditing, Monitoring, and Assurance
DAA and GEP Orlando AGENDA (cont) Key Steps to Implementation Benefits of an Audit / Compliance Partnership Summary Questions Closing
DAA and GEP Orlando Differences and Similarities –Both considered part of the Risk Management Process –Audit Reports ultimately to the Board –Compliance reports to a joint risk committee –Compliance testing moved to IA
DAA and GEP Orlando Some Definitions To Help Us Internal auditing is an independent, objective, assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.
DAA and GEP Orlando Some Definitions to Help Us Compliance is a broad term routinely applied to a financial institution’s responsibility to adhere to state and federal laws and regulations, many of which are intended to protect consumers.
DAA and GEP Orlando Audit and compliance together should: Add Value = Value is provided by improving opportunities to achieve organizational objectives, identifying operational improvement, and/or reducing risk exposure through both assurance and consulting services.
DAA and GEP Orlando The audit function should provide Assurance Services = An objective examination of evidence for the purpose of providing an independent assessment on risk management, control, or governance processes for the organization. Examples include financial, performance, compliance, system security, and due diligence engagements.
DAA and GEP Orlando and should work with compliance on Consulting Services = Advisory and related client service activities, the nature and scope of which are agreed with the client and are intended to add value improve an organization’s governance, risk management, and control processes without the internal auditor assuming management responsibility. Examples: counsel, advice, facilitation, training.
DAA and GEP Orlando Role of Audit and Compliance in today’s Environment –Today’s audit and compliance challenges Regulatory compliance & controls 12CFR 9.9(b) Continuous Audit - Audit of Fiduciary Activities Internal audit value and independence Availability of skilled resources Determining appropriate technology solutions –Need for timely, on-going assurance over risk management and control systems
DAA and GEP Orlando Role of Audit and Compliance in today’s environment (cont) –Provide more frequent, more timely, analyses to better manage control deficiencies and risk.
DAA and GEP Orlando The relationship of continuous Auditing, Monitoring, and Assessment –Continuous Auditing Method used to perform audit related activities on a continuous basis. Includes control and risk assessment Performed by internal audit
DAA and GEP Orlando –Compliance Monitoring IA Schedule and Compliance Schedule Specific Requests to IA Dashboard –conduct monthly “Where are we at?” and “What are you seeing?” meetings On the same committees Invited to all Entrance & Exit Meetings Copied on all reports & memos
DAA and GEP Orlando –Continuous Monitoring Processes to ensure policies / processes are operating effectively and to assess adequacy / effectiveness of controls Performed by operational / financial management; audit independently evaluates adequacy of management activities
DAA and GEP Orlando –Continuous Assurance Combination of continuous auditing and audit oversight of continuous monitoring
DAA and GEP Orlando Relationship of Continuous Auditing/Monitoring/Assurance Role of continuous auditing dependent on management’s role in continuous monitoring of controls –Inverse relationship: the greater the role of management, the less of a direct role of internal audit True continuous assurance –Depends on effective monitoring by management of internal controls and Audit’s independent assessment of that function
DAA and GEP Orlando Application Areas Continuous control assessment –Identification of control deficiencies –Identification of fraud, waste, abuse Continuous risk assessment –Examination of consistency of processes –Development of enterprise audit / compliance plan –Support to individual audits and compliance requests –Support / Follow-up on compliance recommendations
DAA and GEP Orlando Key Steps to Implementation –Establish the requirements for audit and compliance objectives –Gain executive – level support –Ascertain degree to which management is performing monitoring role –Select appropriate technology solutions –Identify information sources and gain access
DAA and GEP Orlando Key Steps to Implementation (cont) –Understand business processes and identify key controls and risks –Build audit and compliance skill set –Manage and report results
DAA and GEP Orlando Benefits of an Audit /Compliance Partnership –Increased scope of audit activities –Increased ability to mitigate risk –Reduced cost of internal control assessment –Increased confidence in financial results –Improvements to financial operations
DAA and GEP Orlando Benefits (cont) –Reduced financial errors and potential for fraud –Reduced revenue leakage for improved bottom – line results –Sustainable and cost effective means to support compliance
DAA and GEP Orlando Summary –Differences and Similarities –Role of Audit and Compliance in today’s Environment –The relationship of continuous Auditing, Monitoring, and Assurance –Key Steps to Implementation –Benefits of an Audit / Compliance Partnership