Download presentation
Presentation is loading. Please wait.
Published byJordan Gaines Modified over 6 years ago
1
Tools and Techniques for Internal Auditors and Compliance Officers in External Evaluations
CPA Gilberto Rivera, VP Compliance and Operational Risk at Reliable Financial Services, a subsidiary of Wells Fargo
2
Agenda Overview Compliance Officer & Internal Auditor Responsibilities
Compliance Officer & Internal Auditor working together in external evaluations Tools and techniques to prepare external regulatory evaluations Conclusion Questions
3
Overview Understand functions of internal audit and compliance.
Acquire tools and techniques to prepare and respond to external regulatory evaluations.
4
Compliance Officer & Internal Auditor Responsibilities
Similarities: Perform risk assessment procedures to evaluate the effectiveness and efficiency of operations. Communicate findings and provide recommendations to Management to guarantee the compliance with the internal controls, policies, applicable laws and regulations. Perform on-going monitoring and follow-up to ensure remedial actions have been taken.
5
Compliance Officer & Internal Auditor Responsibilities
Main Differences: Internal Auditor Reviews the reliability and integrity of financial reporting and internal controls Ensures the safeguarding of assets Reports directly with the Audit Committee or Board Must be independent from the operation Compliance Officer Focused on compliance with laws, regulations, and policies Obtains and/or establishes policies and procedures Reports directly to Management Liaison with external regulators and auditors Limited independence
6
Working Together in External Evaluations
Both, Compliance Officers and Internal Auditors, collaborate as part of the lines of defense an entity should have. First line of defense (Operations) – is accountable for executing controls for regulatory compliance risks associated with business operations on a day to day basis. Second line of defense (Compliance) - is responsible for independent oversight of the first line of defense, by ensuring that regulatory compliance risks are properly identified, mitigated, tested and reported. Third line of defense (Internal Audit) - provides an independent assessment of the first and second lines of defense and reports directly to the Board of Directors or Audit Committee.
7
Working Together in External Evaluations
Knowledge and awareness of the new standards and regulations, and assess the impact in the operations Understands well the high risk areas subject of the external evaluation Collaborate with external auditors or regulators - SAS 128 for internal auditors in regards to financial statements audits.
8
Tools and Techniques to Meet External Regulatory Evaluations
9
Tools and Techniques Know the inspection process in advance
Understand well how the evaluation process is conducted. Obtain the examination manual or inspection checklist directly from the regulatory or governing agency. Industry associations and other groups may compliance and audit guidelines.
10
Tools and Techniques Self-assessments is essential for success
It is essential to have a sound internal audit and compliance program. Companies should perform internal compliance audits regularly and proactively correct any deficiencies. Remember that outside auditors will look closely at the internal audit and compliance processes.
11
Tools and Techniques Consider using a subject matter expert
Some entities may not have an in-house expert to handle specific business functions. Independent third-party compliance auditing firms, tax lawyers and others can help close any gap.
12
Tools and Techniques Be pro-active to changes in the industry
“Static” is one of the biggest threats to compliance because compliance is not static, it's a "moving target“. External evaluations will probably tailor their inspection to ensure that any new regulations are accommodated.
13
Tools and Techniques Read the news
Be alert of problems within your industry or business environment Read the news Subscribe to automatic alert services Share information with colleagues Some examples: Department of Justice decisions on any entity that was fined for inappropriate practices Class action suits settled
14
Tools and Techniques Demonstrate that you can keep compliance data secure Many regulations place security requirements on sensitive data, preventing unauthorized access and safeguarding the data against alteration or destruction. This may involve technologies like encryption and firewalls products. Inspectors will want to verify that aspects of these security requirements are in place and working properly. Have policies and procedures in place to address the scheduling of data destruction and storage.
15
Tools and Techniques Gather and furnish documentation quickly
Provide documents quickly and this should be an important focus of your internal process. Maintain in a centralized manner the gathering and furnish of information in one or two team members.
16
Tools and Techniques Don't ignore the importance of a business continuity plan Be sure to have documented your important processes and systems in the business continuity plan. Examiners may want to see disaster recovery plans for business units/processes, technology and emergencies.
17
Tools and Techniques Bring known issues to the table
Self-disclose any known issues to the external examiner along with a corresponding corrective action plan. Penalties for intentionally hiding issues tend to be higher than having a self-disclosed issue.
18
Conclusion Although similarities and differences exists in the compliance and internal audit functions, both can help Management achieve their goals within the regulatory and internal control boundaries. In facing the examiners the most important role of the compliance and internal functions is to work in collaboration with the external evaluator.
19
Questions
20
Reference Roles and Responsibilities – Corporate Compliance and Internal Audit” by Mark P. Ruppert, nce-RolesResp pdf
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.