Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Audit, Control and Risk Management Budget Management and Financial Accountability Steven E. Jameson Lead Auditing Specialist, IAD March 2, 2004.

Published byAudra Daniels Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Audit, Control and Risk Management Budget Management and Financial Accountability Steven E. Jameson Lead Auditing Specialist, IAD March 2, 2004."— Presentation transcript:

1 1 Audit, Control and Risk Management Budget Management and Financial Accountability Steven E. Jameson Lead Auditing Specialist, IAD March 2, 2004

2 2 How Is The Audit Profession Changing? Independence is being re-emphasized Heavy emphasis on financial reporting Greater focus on technology Focus and scope expanding more into governance and risk Expanded expertise and facilitation skills Resource for assurance and consulting services Help the organization manage business risk

3 3 Factors Identified by the Competency Framework of Internal Auditing (CFIA) Global and organizational change Technological innovation Competition for market share Legislative imperatives Shareholders demanding increased accountability Client’s changing expectations Strategic alliances Mergers and acquisitions What Will Drive Change?

4 4 Major Areas for Legislation and Regulation Reform Measures Ethical Climate Shareholder Involvement Boards of Directors Audit Committees Corporate Management Public Accounting Corporate Disclosures

5 5 Recommendations for Internal Auditors Focus on and evaluate the control system for effectiveness Ensure a good Enterprise Risk Management plan Ensure adequate controls to manage risk Internal auditors should include their own risk assessment Keep current on all the investigative committees, press reports, new legislation, etc.

6 6 Assurance Internal auditing provides assurance about: Risk management Control Provided to: Management Audit committee And other stakeholders

7 7 Framework for Effective Control Control your environment Control your risk Control your activities Control your information and communication Monitor and review your control

8 8 The Bank Uses the COSO Framework Control Environment Risk Assessment Control activities Monitoring Communication Information &

9 9 Who/what Can Assist? COSO A good control environment Properly assessed risks Effective controls (appropriate polices/procedures) Relevant/timely information Focused/timely monitoring/review

10 10 Benefits of Effective Control Structure It will: Improve accountability and program delivery Promote ethical and professional business practices Advance risk management Enhance communications, decision making and performance reporting Contribute to quality outcomes

11 11 Some Signs of Dysfunctional Control System Controls mostly “detective” not “preventive” Practice different from documented procedures Responsibility difficult to pinpoint Control not commensurate to risk Control can be circumvented – “back door” Mere “appearance” of control

12 12 Internal Control Reporting Any organization accepting investor money should have a comprehensive internal control system The system should be monitored for effectiveness There should be public reporting with emphasis on ethics, risk, and related controls

13 13 Enterprise Risk Management COSO ERM Project Linkage to COSO Internal Control

14 14 Risk profiles are increasing Regulatory/public scrutiny Expanding services increases risks Business change increases risk complexity Risk management not keeping pace Need for right kind of risk training Need for risk assessment methodologies/technology tools Stakeholders have different risk needs Inconsistent risk language used Gaps in Risk Coverage Perceptions in Today’s Risk Environment

15 15 COSO’s Objectives Develop the COSO Enterprise Risk Management Framework. Include conceptual framework and application guidance. Identify interrelationships between risk and risk management, and with the COSO Internal Control – Integrated Framework.

16 16 Project Oversight COSO Board – IIA, AICPA, FEI, IMA, AAA COSO Advisory Council – two reps from each member organization Project Coordinator – Moss Adams LLP PWC project team

17 17 Intended Users COSO member orgs Government Industry associations Management of middle market and large companies Not-for-profit Academia Lawyers Professional orgs Regulators and other rule-makers Risk management professionals and public accounting firms

18 18 Assessment Phase Literature search 376 web sites 200+ books, periodicals, other pubs COSO organization forums Four forums Stakeholder interviews Survey

19 19 Key Benefits From ERM Awareness of risk increased Cross-enterprise risk identified Coordination across business units for more effective mitigation Complete/consistent risk information Common risk language established Shareholder value protected/enhanced

20 20 Survey Results 19% have a CRO CRO more common w/ revenue < $1B 20% have a board approved policy 22% have a dedicated ERM committee 84% do not have formal measurements

21 21 Key Success Factors for Implementing ERM Provide clear goals and objectives Establish sponsorship or senior management Link to performance measures and compensation Drive the approach from the corporate/head office Establish a dedicated corporate function

22 22 What Works What Needs Well Improvement Bus. units are taking ownership of risk mgmt. Insurance mgmt. Communication of risk Sr. mgmt. and exec. support and involvement Communication and education Integration of ERM processes Formalizing the process

23 23 ERM vs. Internal Control ERM elaborates and expands on those components of internal control relevant to risk Significantly expands on the “risk assessment” component Emphasizes and expands on other components as they relate to risk

24 24 Internal control and ERM are two separate frameworks w/ considerable overlap In some respects IC is broader and in others ERM is broader IC framework remains in tact ERM framework addresses risk management concepts more broadly and deeply ERM vs. Internal Control

25 25 ERM is effective only when: IC components are present and functioning effectively ERM components are present and functioning effectively Addl. features needed to convert RM into ERM: Application of RM concepts in strategy-setting Taking a “portfolio” view of ERM components ERM vs. Internal Control

26 26 Core concept – You can have effective internal control without enterprise risk management, but you cannot have effective enterprise risk management without effective internal controls. ERM vs. Internal Control

27 27 ERM is a process, effected by an entity’s board of directors, management, and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, manage risks to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives. - Proposed by COSO (2003) - www.coso.org COSO’s Definition of Enterprise Risk Management

28 28 Emphasizes “Enterprise” – not just selected “silos of risk” Consideration of risks on “portfolio” basis Collection of risks Interactions of risks Done to enhance entity value Heavily integrated with business strategy Focus is on identification, measurement, assessment, and response to risks primarily across 2 dimensions Probability (Likelihood) Criticality (Consequence) Key part of entity’s corporate governance Responsibility of senior management and board Pushed down to key business segment management Key Elements to ERM

29 29 8 Components of the Framework

30 30 Coming Soon COSO’s release of ERM Framework for enterprise risk management Application guidance on how to implement ERM

Download ppt "1 Audit, Control and Risk Management Budget Management and Financial Accountability Steven E. Jameson Lead Auditing Specialist, IAD March 2, 2004."

Similar presentations

Organizational Governance

Organizational Governance
Internal Control–Integrated Framework

Internal Control–Integrated Framework
Lisanne Sison Director ERM Bickmore

Lisanne Sison Director ERM Bickmore
Federal Audit Executive Council (FAEC) June 2012 Bi-Monthly Meeting Heather I. Keister Doris G. Yanger June 14, 2012 Green Book Update.

Federal Audit Executive Council (FAEC) June 2012 Bi-Monthly Meeting Heather I. Keister Doris G. Yanger June 14, 2012 Green Book Update.
IMFO Audit & Risk Indaba June 2012

IMFO Audit & Risk Indaba June 2012
Chapter 10 Accounting Information Systems and Internal Controls

Chapter 10 Accounting Information Systems and Internal Controls
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Control and Accounting Information Systems

Control and Accounting Information Systems
It’s Time to Talk About Risk and Control

It’s Time to Talk About Risk and Control
Introduction to Enterprise Risk Management (ERM)

Introduction to Enterprise Risk Management (ERM)
Executive Insight through Enhanced Enterprise Risk Management Leverage Value From Your Risk Management Investment.

Executive Insight through Enhanced Enterprise Risk Management Leverage Value From Your Risk Management Investment.
Tax Risk Management Keeping Up with the Ever-Changing World of Corporate Tax March 27, 2007 Tax Services Bryan Slone March 27, 2007.

Tax Risk Management Keeping Up with the Ever-Changing World of Corporate Tax March 27, 2007 Tax Services Bryan Slone March 27, 2007.
1 INTERNAL CONTROLS A PRACTICAL GUIDE TO HELP ENSURE FINANCIAL INTEGRITY.

1 INTERNAL CONTROLS A PRACTICAL GUIDE TO HELP ENSURE FINANCIAL INTEGRITY.
PwC David Devlin 23 April 2002 Auditor Independence in a Global Market Place.

PwC David Devlin 23 April 2002 Auditor Independence in a Global Market Place.
2011 Governance, Risk, and Compliance Conference August 29 – 31, 2011 / Orlando, FL, USA The Top Four Essential Objectives to Auditing ERM Stephen E. McBride,

2011 Governance, Risk, and Compliance Conference August 29 – 31, 2011 / Orlando, FL, USA The Top Four Essential Objectives to Auditing ERM Stephen E. McBride,
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Institute of Municipal Finance Officers & Related Professions

Institute of Municipal Finance Officers & Related Professions
Operational Auditing--Fall 2010 1 Operational Auditing Fall 2010 Professor Bill O’Brien.

Operational Auditing--Fall Operational Auditing Fall 2010 Professor Bill O’Brien.
PwC Role of Internal Audit in Corporate Governance September 2010 Tumin Gültekin, Partner.

PwC Role of Internal Audit in Corporate Governance September 2010 Tumin Gültekin, Partner.
Operational Auditing--Fall 2009 1 Operational Auditing Fall 2009 Professor Bill O’Brien.

Operational Auditing--Fall Operational Auditing Fall 2009 Professor Bill O’Brien.

Similar presentations

Ads by Google