caacm’s 5th annual meeting & conference in collaboration with icatt
Post on 16-Jan-2016
29 Views
Preview:
DESCRIPTION
TRANSCRIPT
CAACM’s 5th Annual Meeting & Conference
in Collaboration with ICATT
By David HallPresident
Institute of Internal Auditors, Jamaica
July 13, 2011
IIA Research FoundationIIA Research Foundation
Presentation – Developments and Practices Shaping the Presentation – Developments and Practices Shaping the Audit Committee OversightAudit Committee Oversight
The economic outlook is still very challenging for the Caribbean markets over the next 12 months.
As a result, boards and audit committees must understand the major challenges their businesses will face and set an appropriate agenda for the Audit Committee. This presentation will review top-of-mind issues facing organizations and their boards in 2011 and key areas to be addressed in this year’s Audit Committee agenda.
1. Introduction2. Role of the Audit Committee3. Responsibility for Risk Management & Fraud management4. Corporate Governance5. Developments & Practices impacting businesses6. Shaping the Audit Committee Agenda – Enterprise Level Issues7. Shaping the Audit Committee Agenda – Process & technology Risk Issues
IIA Research FoundationIIA Research Foundation
AgendaAgenda
In the wake of the late-2000s global financial crisis, there
is an increased focus on the role of the audit committee
and information disclosed in a company’s financial
statements. Clearly, the audit committee’s role in
ensuring accurate and transparent disclosure is more
difficult and challenging than ever
IIA Research FoundationIIA Research Foundation
1.1. INTRODUCTIONINTRODUCTION
— given increased expectations by shareholders, regulators,
and other stakeholders; heightened scrutiny when things go
wrong; more responsibility for risk management, and more
focus on the need for fraud prevention.
IIA Research FoundationIIA Research Foundation
1.1. INTRODUCTIONINTRODUCTION
IIA Research FoundationIIA Research Foundation
2.2. Role of the Audit CommitteeRole of the Audit Committee
IIA Research FoundationIIA Research Foundation
2.2. Role of the Audit CommitteeRole of the Audit Committee
To assist the board of directors in fulfilling its oversight responsibilities in regards to:
• The integrity of the company’s financial statements,
• The company’s compliance with legal and regulatory requirements,
• The auditor’s qualifications and independence, and
• The performance of the company’s internal audit function and independent auditors.
IIA Research FoundationIIA Research Foundation
2.2. Role of the Audit CommitteeRole of the Audit Committee
• Be inquisitive and have independent judgment
• Ask the right questions and appropriately interpret the answers
• Have knowledge of the company's risks and controls and the ability to offer informed insight
The Audit Committee members should :The Audit Committee members should :
IIA Research FoundationIIA Research Foundation
2.2. Role of the Audit CommitteeRole of the Audit Committee
• Have a broad perspective on the business that extends beyond financial and technical knowledge
• Have the ability to offer new perspectives and constructive suggestions
• Financially literate, at least one person being the “Financial expert”
The Audit Committee members should :The Audit Committee members should :
3. Who is responsible for Risk Management
Standard 2100
The internal audit activity should evaluate and contribute to the improvement of risk management, control, and governance processes using a systematic and disciplined approach
IIA Professional Practices FrameworkIIA Professional Practices Framework
4. Who is responsible for Fraud Management
Management is responsible for establishing and maintaining an effective control system at a reasonable cost.
This includes designing some controls to indicate when other controls are not working effectively.
Following up on these indicators may result in the determination that fraud may have occurred
IIA Professional Practices FrameworkIIA Professional Practices Framework
4. Who is responsible for Fraud Management
Standard 1210
The internal auditor should have sufficient knowledgeto identify the indicators of fraud but is not expected to have the expertise of a person whose primary responsibility Is detecting and investigating fraud
IIA Professional Practices Framework
5. Corporate GovernanceCorporate Governance
The combination of processes and structures implemented by the board to inform, direct, manage, and monitor the activities of the organization towards the achievement of its objectives.
5. Corporate GovernanceCorporate Governance
.
. DEVELOPMENTS AND PRACTICES IMPACTING
BUSINESSES
1. Managing through the economic recovery with emphasis on finding new sources of growth
- Finding new sources of profitable growth is a strategic imperative
- As companies seek new sources of growth , they must be careful not to stray too far from their core competencies
- CEO’s have to balance short term demand from long term objectives, against delivering acceptable quarterly results
1. Managing through the economic recovery
with emphasis on finding new sources growth
- Many companies are still finishing work they started in 2009 and 2010, such as streamlining business operations and discarding nonperforming or nonstrategic assets
- Companies may choose to invest in innovations that will provide a foundation for the future , while also protecting the business from exposure to another severe economic recession
2. Monitoring the competitive environment and adjusting the strategic direction of the company
accordingly
- Both management and the board must understand the risks inherent in the corporate strategy and the supporting business model to deliver that strategy
- They must agree on the significant assumptions underlying the strategy
2. Monitoring the competitive environment and adjusting the strategic direction of the company
accordingly
- There should be a process to monitor the environment for changes that could alter those assumptions significantly
- If one or more critical assumptions are no longer valid, the strategy must be either revisited or exited, depending on the circumstances
3. Maintaining morale and retaining top talent
- The workforce is changing, not just demographically, but also through the ways we interact with each other
- Expectations between workers and companies have changed fundamentally
- Loyalty is no longer a viable expectation
- The “mobile workforce” phenomenon has significant long-term implications for businesses
- The changing workforce – less loyal and more transient – is both a threat and an opportunity
4. Building customer loyalty
- Customers have always been the lifeblood of any business
- Many companies now realize this and are now paying attention to how they can improve customer retention and maintain long term customer engagement
- Due to technological advances and increased competition, customers now have more choices than ever before
- Strong relationships and the willingness to be flexible, when addressing customer issues are vital to sustaining revenue streams over time
5. Protecting sensitive and private information
- The WikiLeaks phenomenon has been an eye-opener to many as It relates to private and sensitive data being exposed, this was not on anyone’s radar 12 month’s ago
- Given the rapid change of pace, it is vital that board of directors and senior management view information security and privacy as a business issue and not just another IT issue
5. Protecting sensitive and private information
- Security threats, vulnerabilities and privacy exposures challenge every organization, creating risks that must be understood and managed
- Companies must implement a data classification policy
- Good security and privacy practices create revenue growth opportunities by engendering customer confidence and providing customers with personalized support
6. Managing in an environment of increased regulatory oversight
- Adjusting the business model to the regulatory environments of different countries is a challenge to businesses operating in regional or global markets
- Anticipating how governments in various countries might change regulatory guidelines and impact the company’s business model is an even more daunting task
6. Managing in an environment of increased regulatory oversight
- Management must pay close attention to the regulatory environment because as the complexity of the regulatory environment increases, the process of staying compliant becomes more challenging
- Maintaining a strong governance structure is an imperative in light of the requirements for increased public disclosures
- A strong compliance culture also reduces exposure to headline risk
7. Understanding and responding to a changing risk profile
- As the business environment changes, so does the company’s risk profile.
- The financial crisis has put a number of issues under the microscope
- The effectiveness of risk management processes,- The impact of incentive compensation on risk-taking
behaviour,- The positioning of a Chief Risk Officers, within the organization,- The consideration of risk in strategy-setting and
performance management, and:- The effectiveness of board risk oversight.
7. Understanding and responding to a changing risk profile
There are two important issues of note, namely :
(a) The success of risk management will have a huge impact on preserving the company’s reputation
(b) Every company will eventually face a crisis test, which is why crisis readiness and response is a vital process
7. Understanding and responding to a changing risk profile
It is important to understand the source and severity of threats that have a high velocity and persistence of impact, as well as an inadequate response readiness by the organization
8. Assessing capital and managing cash flow effectively
- Understanding the company’s cash flow is critical to managing its overall fiscal health
- It is also important for the company to maintain an efficient capital structure to drive the enterprise’s long-term financial performance
9. Effectively using the data and information available in the organization to make timely
and informed decisions
- Many companies have acknowledged that they can do a better job of using available data and information for decision making
- Members of the board of directors are now asking management for more transparency, CEOs are looking to the finance organization to play an active role in planning, measuring, and monitoring business performance
10. Complex corporate structures
Mergers, acquisitions and reorganisations often involve aligning organisations not only with distinct corporate cultures but also from different industries and different areas of the world.
In today’s business environment, companies frequently cross borders for every aspect of their business. This environment presents management and the audit committee with unique oversight challenges.
While governance practices in such environments are evolving, the influence of global business needs
careful consideration.
11. Social Media Risks
Social media represents real opportunities and real risks and therefore demands a disciplined approach.
The global social media landscape has changed dramatically in recent years and many companies are struggling to keep up.
11. Social Media Risks
In a recent 2011 Social Media Survey of U.K. employees, it was found that social media usage in the workplace has grown enormously in recent years with more than half (51%) of workers surveyed now claiming to engage with a social networking site whilst at work.
Almost a third (30%) of workers use sites such as Twitter, Facebook and LinkedIn on a daily basis, while more than 5% do so several times an hour.
ENTERPRISE-LEVEL
ISSUES
Shaping the Audit Committee Agenda - 2011
1.Ensure the company’s risk assessment methodology maximizes its value and use
First of all the board and audit committee must ensure that management is conducting at least an annual risk assessment
The audit committee must be satisfied that their companies’ assessment methodologies are providing appropriate insights
1.Ensure the company’s risk assessment methodology maximizes its value and use
There are some high-impact, low-likelihood risk scenarios which can be ultimate “showstoppers”.
High – Li
Low -Impact
Hi – Li
Hi - Impact
Low – Li
Low - Impact
Low – LiLow – Li
Hi - ImpactHi - Impact
Likelihood
Impact
1.Ensure the company’s risk assessment methodology maximizes its value and use
Particularly if they have a :
(i) high velocity (i.e. speed between the occurrence of an event and its initial impact on the company ) and ,
(ii) high persistence (i.e. duration of time and extent of effort that will be required to deal with the impact of a given risk event once it occurs )
2. Update the company’s risk profile to reflect changing conditions and identify fraud risks
(i) Companies have to ensure that the assessment of the risk profile is current
(ii) There has to be an elevated alertness to the potential for fraud and corruption
(iii) There should be consideration for an assessment of fraud risk
2. Update the company’s risk profile to reflect changing conditions and identify fraud risks
(iv) A review of the effectiveness of the fraud prevention and detection process
(v) Escalation and response mechanisms to react to events ( eg. Audit findings, whistleblowers )
3. Clarify the committee’s contribution to the board’s risk oversight process
Boards of directors and their audit committees need to be on the same page as to the committee’s contribution to risk oversight
The question for clarity is “What is the audit committee’s role in the board’s risk oversight process?”
“Does the audit committee have the time, skills and support to contribute to the assessment of the risk assessment methodology?”
3. Clarify the committee’s contribution to the board’s risk oversight process
The board could see it fit to establish a separate risk committee or engage one or more other standing committees other then the audit committee to contribute to risk oversight
If this structure is set up by the board , the audit committee must inquire and understand the nature of those activities and the results
4. Evaluate competence and capabilities of the finance organization and Internal audit
The past two years have put the CFO organization under pressure in many companies
The audit committee should satisfy itself that the skill sets in the finance department match up to the expectations, driven by the organization’s:- Industry- Structure- Culture- Business performance issues- Internal and public reporting requirements
4. Evaluate competence and capabilities of the finance organization and Internal audit
For Internal Auditing the audit committee should make sure the function ( including any co-source partners ) have the necessary resources to address the company’s key risks
Question to be addressed by the audit committee -
“Given the scope of the risks, what are the additional audit resources, budget funding, and/or utilization of outside skill sets needed to address the enterprise risks?”
5. Keep a sharp eye on the overall control environment as the company seeks new sources for growth
“Tone at the top” has never been more important
Over the past two years most companies have reduced their costs and sized their organizations to market demand
This “surgery” has increased the expectations for employees to do more with less, placing stress on the internal control structure, which sometimes led to control failures.
Vigilance is the order of the day.
5. Keep a sharp eye on the overall control environment as the company seeks new sources for growth
The audit committee should:
- Be alert for signs the internal control structure is under stress as the organization continues to pursue
(i) cost-reduction plans and process streamlining efforts while also seeking new sources of growth
- Ensure that the company emphasizes responsible business behavior and maintains a strong focus on preventing and detecting fraud and corruption
5. Keep a sharp eye on the overall control environment as the company seeks new sources for growth
The audit committee should :
- Ensure that key control activities essential to financial reporting are not compromised
- Note that new acquisitions, new business activities and new IT/Network systems can place an already fragile control structure under further stress
PROCESS AND TECHNOLOGY
RISK ISSUES
6.Pay attention to financial communications quality
The audit committee should proceed with caution before straying far from its core mission :
-To oversee financial reporting risk and the quality of the financial and public report presentation and disclosures, earnings guidance and earnings releases
-With the increasing complexity of financial reporting , a proactive approach to oversight is warranted
6.Pay attention to financial communications quality
- From time to time the audit committee should review management’s assumptions underlying all critical accounting estimate to ascertain whether they remain valid in terms of of the current business environment
- Be vigilant for “red flags” when it comes to acquisitions, divestitures, changes in markets/or the economy, new or unusual transactions
7. Understand the implications of changing laws and regulations
- Regulatory reform is a global phenomenon
- If you are a global/regional company, there are regulations that have been passed in some countries that companies may not fully understand in terms of implications
- The audit committee has to ensure that the company is monitoring the regulatory environment for key changes requiring adjustments to policies and processes
-Especially in highly regulated industries
8. Pay attention to new technological developments and trends
- The pace of technological innovations will impact both the business and financial reporting
-Technological innovations are transforming the way companies are doing business, cloud computing, mobile communications etc
8. Pay attention to new technological developments and trends
These innovations will expose the business to more security threats, vulnerabilities and privacy and data issues
As technology continues to impact the quality of financial reporting processes, the effectiveness of the overall IT controls and entity-level environment warrants attention
8. Pay attention to new technological developments and trends
- Advancements in technology are setting the stage for :
Emerging customers and suppliers in sourcing innovative ideas and co-producing products
8. Pay attention to new technological developments and trends
-Enabling customer-to-customer content sharing
-Facilitating new forms of B2B commerce
-Laying the groundwork for cooperative consumption by groups of end consumers
9. Pay attention to the impact that natural disasters may have on your company (eg. Earthquakes, Hurricanes etc )
Earthquake Shakes Caribbean CountriesEarthquake Shakes Caribbean Countries
January 21, 2011 – CARIBBEAN – The 5.0 earthquake that struck Saint Kitts and Leward Islands at a depth of 163.7 km today is one more indication of the growing unrest and tension seen in the Caribbean plate as planetary tremors have intensified in frequency across the globe
PORT OF SPAIN, Trinidad, Friday February 4, 2011 – A 5.1 magnitude earthquake sent tremors through several Caribbean islands this morning, but there have been no reports of damage or injuries so far. The quake was felt by residents in Trinidad and Tobago, St Vincent and the Grenadines, St Lucia and Grenada.
9. Pay attention to the impact that natural disasters may have on your company ( eg. Earthquakes, Hurricanes etc )
These events could have a devastating impact on a company’s operations if mitigating controls are not implemented
Management should ensure that the company has well documented disaster recovery and business continuity plans, which have been:- adequately tested and all information is current, - business owners are aware of their responsibilities, - critical systems throughout the organization have been identified, and - recovery processes have been prioritized.
10. Utilize external auditors effectively
One of the core missions of the audit committee has been, and will continue to be:
-The oversight of the relationship with , and the competence, capability and reach of the external auditor (s)
- The audit committee should satisfy itself that the external audit team is bringing to bear the experience and skills needed to do the job
10. Utilize external auditors effectively
The Audit Committee should:
- Request information to maximize insights from the attestation process, such as:
- identification of high risk areas- judgemental issues- the summary of passed adjustments- concerns with respect to the internal control
structure- areas of disagreement with management
10. Utilize external auditors effectively
The Audit Committee should:
- Inquire as to the audit firm’s litigation exposure, as litigation from the financial crisis continues to unfold
-Understand the nature, timing and extent of external audit work performed, including work performed by contractors, or performed offshore or in remote locations rather than where the firm has on- site/engagement teams
10. Utilize external auditors effectively
- Questions could arise as to “How does the accounting firm manage the quality of work and the confidentiality of company information”, especially for remote locations
THANK YOU
Contact Information :
David A. HallPresidentInstitute of Internal AuditorsJamaica
Telephone : (876) 997-1040E-mail : davidyasmin@aol.com
top related