“Board Directors

- Needs and the Internal Auditor”

Vicki Harnish, CPA, ICD

Board Director, Chapter Member

April 25, 2019

Boards are Accountable to act in the best

interest of the corporation

• Approve the strategic plan and oversee its

implementation

• Identify major risks and ensure appropriate

systems are in place to manage these

risks

• Provide oversight to the operations

• Select and hire the CEO

• Ensure appropriate talent management

and succession planning

Internal audit supports the Board

- assurance, information, advice

• Objective assurance on quality of controls

in place to manage risk

• Recommends measures to improve

effectiveness of risk management, control

and governance processes

• Risk identification – reporting significant

residual risks to management & Board

Maximizing value to the Board

• Really understand the organization

– audit plan to address highest risk area

– pointing out risks to management and

bringing high risks to Board

– using risk knowledge to support/challenge

strategy

Maximizing value to the Board

• Support significant organizational changes

– Consulting engagements

• readiness assessments

• advice on programs under development

• lessons learned

– Partnering with evaluation

• broader assessment, can report on program effectiveness

Maximizing value to the Board

• Values and ethics

– targeted audits

– lense in regular audits

– fraud and wrongdoing

– observation and listening

Maximizing value to the Board

• Identifying systemic risks

– risks that affect several program areas

– risks where programs are interdependent

– risk trends

Maximizing value to the Board

• Audit follow-up

– reporting on status of action plans

– verifying completion

– highlighting outstanding actions with high risks

Where care is needed

• Relationships

– trusted partner – SLT, line, ERM

– independent and objective – choosing and

performing audits

– streamlined and efficient service

Where care is needed

• Communication

– respectful approach

– unbiased and balanced, clear reporting

– timely

– best practice vs policy

– respecting innovation and risk tolerance

Where care is needed

• Cost

– full cost identification

– good value for money

• Performance metrics

– targets, benchmarks

Final thoughts

• Most Boards recognize the benefits from

appropriate use of internal audit.

• If the CAE feels unsupported or overlooked,

make this known to the appropriate Board

member

• Remind us that you can be most effective if

you have regular access to and input from

Board members.

Questions?