Presentation is loading. Please wait.

Presentation is loading. Please wait.

Internal Audit & Enterprise Risk Management

Published byShanna Hunter Modified over 6 years ago

Similar presentations

Presentation on theme: "Internal Audit & Enterprise Risk Management"— Presentation transcript:

1 Internal Audit & Enterprise Risk Management
Working Together Luis Fernandez March 10th, 2015 9/20/2018

2 …and find ways to better align our process.
Let’s think about risk… 9/20/2018

3 Let’s talk about… Objective Overview Trends in Financial Services
Internal Audit Challenge Real Risks? Approach Assessment Framework Audit Plan Role of IA in ERM 9/20/2018

4 Objective Is this happening?
Collaboration of risk-management and internal-audit functions is helping organizations improve efficiency, decision-making, and results. Is this happening? 9/20/2018 (Reference 1)

5 Table Content Objective Overview Trends in Financial Services
Internal Audit Challenge Real Risks? Approach Assessment Framework Audit Plan Role of IA in ERM 9/20/2018

6 Overview In 1999 IIA revised the definition of internal auditing to include both assurance and consulting activities. In 2004 the Commission of Sponsoring Organizations of the Treadway Commission (COSO) released its integrated framework for ERM. IIA issues a position paper delineating the core roles of IA in regard to ERM. (IIA, 2004a). 9/20/2018 (Reference 2)

7 Overview…cont’d ERM is defined by COSO (2004, 2) as:
“…a process, effected by an entity’s board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risks to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.” 9/20/2018 (Reference 2)

8 Overview…cont’d When announcing the release of the COSO framework, the IIA issued a statement commenting on the internal auditor’s role in risk management (IIA, 2004b). “Internal auditors should assist both management and the audit committee in their risk management responsibilities and oversight roles by examining, evaluating, reporting, and recommending improvements on the adequacy and effectiveness of management’s risk processes.” 9/20/2018 (Reference 2)

9 Overview…cont’d 9/20/2018

10 Table Content Objective Overview Trends in Financial Services
Internal Audit Challenge Real Risks? Approach Assessment Framework Audit Plan Role of IA in ERM 9/20/2018

11 Trends in Financial Services
Convergence Barriers separating Banks, Brokerage and Insurers are coming down. CROSS SELLING! Consolidation Acquisitions. Reduce operating expenses and increase market share. Changing Business Models Ways to make more profit (Technology, etc.) Challenge: Customization and Personalization of product lines. Changes in structure for revenue models. 9/20/2018

12 Table Content Objective Overview Trends in Financial Services
Internal Audit Challenge Real Risks? Approach Assessment Framework Audit Plan Role of IA in ERM 9/20/2018

13 IA’s challenge: It needs to reconsider its role!
Board Oversight Execution – A clear differentiator Change Management Operating style and culture – Critical to execution effectiveness Change the mindset! From control oriented to risk oriented. Board Oversight: Shareholders looking for skillful members to demonstrate oversight of risk management activities. Execution – A clear differentiator: Timely and effective identification and communication of issues. Good judgment. Change Management: Over reliance on objective factors and historical data points. Firms do not react to aggressive business strategy and increasing risk in appetite. Operating style and culture: Accountability and clear roles and responsibilities. Full Transparency (rapid escalation of issues). Attention to detail. Continuous improvement. 9/20/2018

14 Table Content Objective Overview Trends in Financial Services
Internal Audit Challenge Real Risks? Approach Assessment Framework Audit Plan Role of IA in ERM 9/20/2018

15 Is audit focused on the real risks?
Financial Compliance 12% 6% 6% 12% 13% 68% Operational Strategic/Business 13% 68% How value is destroyed in companies – reasons for decreases in shareholder value However, a significant percentage of internal audit resources are focused on financial controls in most organizations. 9/20/2018 (Reference 6)

16 Table Content Objective Overview Trends in Financial Services
Internal Audit Challenge Real Risks? Approach Assessment Framework Audit Plan Role of IA in ERM 9/20/2018

17 What should be the approach?
Audit Plan Evaluate impact of risks within universe. Identify different risks (financial, operational, Compliance). Define Audit Universe. Identify shareholders value by creating business assessment activities. Understand Enterprise Risks (Strategic, Financial, Ops, Compliance). Evaluate impact to shareholder value. Transformed Traditional 9/20/2018 (Reference 6)

18 ERM three-dimensional matrix:
9/20/2018 (Reference 5)

19 Table Content Objective Overview Trends in Financial Services
Internal Audit Challenge Real Risks? Approach Assessment Framework Audit Plan Role of IA in ERM 9/20/2018

20 How do we assess risk priorities?
Result: Audit universe is prioritized based on impact on shareholder value drivers, and the current and targeted maturity of the processes, programs and initiatives 9/20/2018 (Reference 6)

21 Sample Risk Assessment Framework
Result: A practical framework is created based on risk information and judgment. 9/20/2018 (Reference 6)

22 Table Content Objective Overview Trends in Financial Services
Internal Audit Challenge Real Risks? Approach Assessment Framework Audit Plan Role of IA in ERM 9/20/2018

23 Audit Plan Result: Audit plan is based on impact on shareholder value drivers, regulatory requirements/priorities and audit judgment. 9/20/2018 (Reference 6)

24 How do we continue the process?
Result: The relevance of the framework is driven per behavior of each of the elements of the audit program/plan, and audit judgment. 9/20/2018 (Reference 6)

25 Table Content Objective Overview Trends in Financial Services
Internal Audit Challenge Real Risks? Approach Assessment Framework Audit Plan Role of IA in ERM 9/20/2018

26 Summarizing - Role of IA in ERM
Core Internal Auditing Roles in ERM Giving assurance on risk management processes Giving assurance that risks are correctly evaluated Evaluating risk management processes Evaluating the reporting of risks Reviewing the management of key risks Roles internal auditing should not undertake Setting the risk appetite Imposing risk management processes Management assurance on risks Taking decisions on risk responses Implementing risk responses on management’s behalf Accountability for risk management 9/20/2018 (Reference 2)

27 Luis Fernandez (704) 9/20/2018

28 References Kristina Narvaez & John Bugalla, October 22,2012, CFO.com
Laura de Zwaan, Jenny Stewart and Nava Subramaniam, Internal Audit Involvement in ERM, Griffith University, Queensland Australia, No Andre Brodeur & Martin Pergler, Top-dow ERM: A pragmatic Approach to Managing Risk from the C-Suite, McKinzey working papers on risk, #22 Institute of Internal Auditors, The Professional Practices Framework, January 22 COSO – ERM Enterprise Risk Management - Integrated Framework, Executive Summary, September 2004. Mike Brown & Rich Reynolds, Applying Risk Assessment to Your Audit Plan, The Future of Internal Audit, Corp Executive Board, 2010. Walter Festand - GARP (Global Association of Risk Professionals, Common Themes in SEC and FINRA Exam Priorities, February 12, 2015 9/20/2018

Download ppt "Internal Audit & Enterprise Risk Management"

Similar presentations

Risk Management at Harvard – Panel Discussion Harvard IT Summit

Risk Management at Harvard – Panel Discussion Harvard IT Summit
Lisanne Sison Director ERM Bickmore

Lisanne Sison Director ERM Bickmore
IMFO Audit & Risk Indaba June 2012

IMFO Audit & Risk Indaba June 2012
Chapter 10 Accounting Information Systems and Internal Controls

Chapter 10 Accounting Information Systems and Internal Controls
It’s Time to Talk About Risk and Control

It’s Time to Talk About Risk and Control
Introduction to Enterprise Risk Management (ERM)

Introduction to Enterprise Risk Management (ERM)
Executive Insight through Enhanced Enterprise Risk Management Leverage Value From Your Risk Management Investment.

Executive Insight through Enhanced Enterprise Risk Management Leverage Value From Your Risk Management Investment.
CHAPTER 16 Auditing and corporate governance. Contents  Corporate governance  Independent directors  Chairman of the board and chief executive officer.

CHAPTER 16 Auditing and corporate governance. Contents  Corporate governance  Independent directors  Chairman of the board and chief executive officer.
2011 Governance, Risk, and Compliance Conference August 29 – 31, 2011 / Orlando, FL, USA The Top Four Essential Objectives to Auditing ERM Stephen E. McBride,

2011 Governance, Risk, and Compliance Conference August 29 – 31, 2011 / Orlando, FL, USA The Top Four Essential Objectives to Auditing ERM Stephen E. McBride,
Office of the Secretary of Defense – Comptroller Financial Improvement and Audit Readiness Directorate Unclassified 17 September 2014 GAO Revised “Green.

Office of the Secretary of Defense – Comptroller Financial Improvement and Audit Readiness Directorate Unclassified 17 September 2014 GAO Revised “Green.
6/2/20151 Enterprise Risk & Assurance Management in Zurich North America Brian Selby MA (Audit), FIIA, QiCA, MBCS, CISA.

6/2/20151 Enterprise Risk & Assurance Management in Zurich North America Brian Selby MA (Audit), FIIA, QiCA, MBCS, CISA.
PwC Role of Internal Audit in Corporate Governance September 2010 Tumin Gültekin, Partner.

PwC Role of Internal Audit in Corporate Governance September 2010 Tumin Gültekin, Partner.
Applying COSO’s Enterprise Risk Management — Integrated Framework

Applying COSO’s Enterprise Risk Management — Integrated Framework
PAINTING THE FULL PICTURE

PAINTING THE FULL PICTURE
Copyright © 2016 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

Copyright © 2016 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
COSO Framework Update IIA Columbus Chapter May 17, 2013

COSO Framework Update IIA Columbus Chapter May 17, 2013
Internal Auditing and Outsourcing

Internal Auditing and Outsourcing
The Importance of Transparency and Disclosure Presented by Brian S. Brown Seoul, Korea - March 1999 OECD Conference: Corporate Governance in Asia.

The Importance of Transparency and Disclosure Presented by Brian S. Brown Seoul, Korea - March 1999 OECD Conference: Corporate Governance in Asia.
Central Piedmont Community College Internal Audit.

Central Piedmont Community College Internal Audit.
The role of internal audit in enterprise-wide risk management (ERM)

The role of internal audit in enterprise-wide risk management (ERM)

Similar presentations

Ads by Google