mario a. nazareth - bcasonline.org audit stakeholder's expectati… · mario a. nazareth....
TRANSCRIPT
Mario A. NazarethGroup Chief Internal Auditor
Mahindra & Mahindra LimitedBombay Chartered Accountants’ Society
13th July 2018
Mario A. NazarethGroup Chief Internal Auditor
Mahindra & Mahindra LimitedBombay Chartered Accountants’ Society
13th July 2018
Internal Auditors – the sine qua non for good, clean and transparent governance
…. independent, objective assurance and consulting activity Institute of Internal Auditors (IIA)
…. independent appraisal function; supports management Association of Chartered Certified Accountants (ACCA)
…. a way of ensuring businesses and public sector organizations use resources efficiently and apply process consistently Institute of Chartered Accountants of India (ICAI)
…. provides independent assurance on effectiveness of internal controls, risk management processes and contributes to enhancing governance for achieving organizational objectives. (Proposed Revision) Institute of Chartered Accountants of India (ICAI)
How is Internal Audit defined?
Internal Auditors – the sine qua non for good, clean and transparent governance
….. an aid (to Management and the Board) on matters
related to:
Risk
Governance
Control
Internal Auditors – the sine qua non for good, clean and transparent governance
Internal Auditors – the sine qua non for good, clean and transparent governance
The Third line of Defense
• Evaluate and improve the controls environment
• Assess whether financial and operating information is accurate and reliable
• Statutory compliances should be assured
• Streamline processes and look for redundant/ duplicate activities
• Attempt to bring about standardization through benchmarking
• Suggest improvement opportunities
Internal Auditors – the sine qua non for good, clean and transparent governance
Objectives of any Internal Audit
Challenges facing an Internal Audit Team
• Companies are becoming multi locational, multi product
• A changing demographic profile because of business acquisitions and growth
• The rigors of Performance Management Systems adds to the strain
• Technology aids .. Technology inhibits too
• Staff turnover in Operations
• Operations Manuals and Process Flowcharts – are they still considered relevant?
• New-age frauds – data sampling could soon become a thing of the past
Internal Auditors – the sine qua non for good, clean and transparent governance
continued overleaf
Challenges facing an Internal Audit Team (cont’d)
• Outsourcing of operations – are controls looked into … or is cost the only factor?
• Data access privileges … an illusion?
• Systems are made to support decision making and facilitate MIS. Do they highlight control weaknesses?
• Reviews of Controls & Commonality of processes – strictly for Internal Auditors … can they cope?
• Non documented processes and documentation to support business decisions – how long more?
• Resources for Internal audit – not always the brightest and the best
Internal Auditors – the sine qua non for good, clean and transparent governance
Expectations from Internal Audit
• Be in front of and understand the business
• Develop a Risk centric mindset
• Focus on process improvement; leverage technology effectively
• Move to ‘new age’ audit areas including areas concerning Governance and Compliance
• Look at the big picture
• Transparency and sharpness in reporting
• Keep re-inventing yourself
• Avoid overstepping the Auditor’s role
Internal Auditors – the sine qua non for good, clean and transparent governance
Top level expectations
Changing attributes of an Internal Auditor…..
Role: Policeman to Business enabler
Viewpoint: Reactive to Predictive
Outlook: Oversight to Insight
Approach: Controls based to Risk based
Skills set: Traditional Tools to Automated Tools
Attitude: Staid to Innovative
Interpretation: Data becomes Information
Internal Auditors – the sine qua non for good, clean and transparent governance
Unchanging characteristics …..
• Unyielding on values and ethics
• Knowledgeable and passionate
• Guided by instinct; perceptive by nature
• Friendly, yet aloof
• Tough, but with measured compassion
• Principled, with doses of pragmatism
Internal Auditors – the sine qua non for good, clean and transparent governance
Calendar of Significant Events in M&MYear Event
1964 Appointment of M&M’s first Internal Auditor
1988 Constitution of the Audit Committee in M&M
Pre-2003 Co-sourcing of audits begins
2004, 05, 08, 10, 13
Hosted the Auditor Conclaves
2009 Begun to formulate In-house Standards, Policies, Guidance Notes
2015 Commenced the Internal Peer Review process
2016 M&M’s 100th Audit Committee meeting
2018 Re-formulation of In-house Standards, Policies, Guidance Notes
Internal Auditors – the sine qua non for good, clean and transparent governance
NB: The above represent a selective list of events
Internal Auditors – the sine qua non for good, clean and transparent governance
…. the voice of a Stakeholder
Internal Auditors – the sine qua non for good, clean and transparent governance
Rama BijapurkarIndependent Director
Sharpness in Reporting
Internal Auditors – the sine qua non for good, clean and transparent governance
Help get to the
POINT
The clutter of a thousand words
Internal Auditors – the sine qua non for good, clean and transparent governance
Relevant for the Operating Team
Relevant for the Senior Management
for the
CEO
Reports - what’s relevant to whom?
The Executive Summary
The Conclusion and Report Rating
Internal Auditors – the sine qua non for good, clean and transparent governance
Audit ConclusionsOur audit review indicates that there is need to introduce ………. The controls were found to be generally adequate in other areas selected for review.
Our audit review has highlighted the need for enhanced monitoring to ensure ………….. This could be better achieved with the use of available System support.
Our audit review has highlighted concerns about ………. and the absence of periodic reviews. These processes need to be considerably strengthened.
Our review has highlighted the absence of a formally defined process for ……….. with possibilities of a bias creeping into ………. There is a risk that …… the Company ..… could be exposed to needless litigation.
The wide and unexplained gap between …….. and ……….. could be a pointer to ………… . Documentation in support of crucial decisions was not available for review.
Our audit review has highlighted that there needs to be more rigor, with structured automation, in several of the key procedures and processes.
Internal Auditors – the sine qua non for good, clean and transparent governance
Internal Auditors – the sine qua non for good, clean and transparent governance
Are the Report Ratings and Observation Gradings biased? Are they Reliable?
Is there a process for determining Ratings and Gradings?
How do I interpret the Report?
Questions in every Stakeholder’s mind
Internal Auditors – the sine qua non for good, clean and transparent governance
What’s the gut feel?
Into which category do the Observations fall?
What does the Rating Template indicate?
Bias in Reporting – the triple filter test
Internal Auditors – the sine qua non for good, clean and transparent governance
Rating - Long Term Scale
AAA Highest Safety
AA High Safety
A Adequate Safety
BBB Moderate Safety
BB Moderate Risk
B High Risk
C Very High Risk
D Default
Rating - Short Term Scale
A1 Very strong safety
A2 Strong safety
A3 Moderate Safety
A4 Minimal Safety
D Default IA indicators of assurance
A High
B Acceptable
C Minimal
D Unacceptable
Statutory audit opinions
Unmodified
Modified
Disclaimer
Adverse
Internal Auditors – the sine qua non for good, clean and transparent governance
Internal Auditors – the sine qua non for good, clean and transparent governance
Overall Report Rating
A High
B Acceptable
C Minimal
D Unacceptable
Individual Observation Grading
C Critical
M Major
M Medium
L Low
Internal Audit indicators of assurance
4 alphabet 4 Colour
Conclusion:Our audit review indicates that there is need to introduce ………. The controls were found to be generally adequate in the other areas selected for review.
+
Calendar of Significant Events in M&MYear Event
2010 Rating and Grading System introduced across the Group
Standardised Reporting at Audit Committees across the Group
2012 Mahindra Finance - Rating Template rolled out for audits of branches
2013 Template designed for Mahindra Holiday Resort audits
Internal Auditors – the sine qua non for good, clean and transparent governance
NB: The above represent a selective list of events
Overall Report Rating ParametersA Key internal controls provide a high level of assurance that
processes are operating efficiently and effectively.
B Key internal controls provide an acceptable level of assurance that processes are operating efficiently and effectively.
C Key internal controls provide a minimal level of assurance that processes are operating efficiently and effectively. Immediate action is required to improve the operating effectiveness of controls.
D Key internal controls provide an unacceptable level of assurance that processes are operating efficiently and effectively. Critical observations were identified that require IMMEDIATE Senior Management attention to improve the operating effectiveness of controls.
Internal Auditors – the sine qua non for good, clean and transparent governance
Observation Grading and Root Cause Definitions
Observation grading
Critical High risk, requires immediate Senior Management attention.
Major High risk, requires Senior Management attention.
Medium Medium risk, requires corrective action.
Low Low risk, with opportunities for improvement.
Root cause definitionsPeoples issue
The exception noted results from non adherence to the laid down processes and procedures
Business Process
The process/ control gap is the result of an inherent limitation of the business process
IT Process The process/control gap is the result of inherent limitations of the IT architecture supporting the business process
Internal Auditors – the sine qua non for good, clean and transparent governance
…. the voice of another Stakeholder
Internal Auditors – the sine qua non for good, clean and transparent governance
Internal Auditors – the sine qua non for good, clean and transparent governance
Ramesh IyerVice Chairman and Managing Director
Mahindra & Mahindra Financial Services Limited
Look at the Bigger Picture
Internal Auditors – the sine qua non for good, clean and transparent governance
Internal Auditors – the sine qua non for good, clean and transparent governance
Missing the woods for the trees
Internal Auditors – the sine qua non for good, clean and transparent governance
Age-old commonsense … a thing of the past ?
Internal Auditors – the sine qua non for good, clean and transparent governance
Data Knowledge Experience A holistic view
The Metamorphosis of an Audit Observation
Internal Auditors – the sine qua non for good, clean and transparent governance
Data is effective only if it can be turned into information,
and information into insight
Are we drowning in Information but starving for Know ledge ?versusInternal Auditors – the sine qua non for good, clean and transparent governance
Artificial vs Real Intelligence
Are we drowning in Information but ignoring Know ledge ?Internal Auditors – the sine qua non for good, clean and transparent governance
Calendar of Significant Events in M&MYear Event
2006 Introduction of ACL in audits and data analytics
2008+ Continuous Monitoring and development of audit Scripts
2012+ More intensive use of ACL and other software in audits
Internal Auditors – the sine qua non for good, clean and transparent governance
NB: The above represent a selective list of events
….Voice of the Auditee
Internal Auditors – the sine qua non for good, clean and transparent governance
Internal Auditors – the sine qua non for good, clean and transparent governance
Jasmin SuchakDeputy General Manager
Corporate Management Services
Believing everybody is dangerous
Believing nobodyis very dangerous
Internal Auditors – the sine qua non for good, clean and transparent governance
• An independent evaluation – started in April 06
• Currently 12 parameters – format revised for F-08 audits
• A 5 point rating scale– Strongly agree– Agree– Neutral– Disagree– Strongly disagree
• An Overall Satisfaction Score (1 to 10)
• Open comments• Results shared with the Audit Committee
The Auditee Evaluation Questionnaire
Internal Auditors – the sine qua non for good, clean and transparent governance
The Auditee Evaluation Questionnaire
1. The Audit area was appropriately selected for review2. The Audit engagement addressed the key concerns in the
chosen area
3. The audit was conducted in a professional manner4. The current Processes and Procedures were well explained to
and understood by the Audit Team
5. The significant Audit Observations were promptly communicated and discussed by the Audit Team
continued
Scoring pattern1 2 3 4 5
Strongly disagree
Disagree Neutral Agree Strongly agree
Internal Auditors – the sine qua non for good, clean and transparent governance
The Auditee Evaluation Questionnairecontinued
6. The audit Observations displayed sufficient depth of analysis and understanding of the issues involved
7. The Observations and Report were unbiased and objective8. An opportunity was given to discuss the Observations in
sufficient detail with all concerned before the Report was released
9. The Auditee’s explanations were given due weightage in the framing of the Observations and Recommendations
10. The Recommendations are practical11. The timelines agreed upon for completion of the Action
Plans are realistic
12. The Recommendations once implemented will be value adding to the Sector/ organization
Internal Auditors – the sine qua non for good, clean and transparent governance
On a scale of 1 (lowest) to 10 (highest), how satisfied were you with the audit engagement
Open Comments We welcome your comments and suggestions to help us serve you better – particularly in those areas where your Ratings have been ‘2’ or below.
The Auditee Evaluation Questionnairecontinued
Internal Auditors – the sine qua non for good, clean and transparent governance
Concluding Comments
Internal Auditors – the sine qua non for good, clean and transparent governance
…. these make us proud
Year Event
2008 Winners of the ACL Impact Award (Asia Pacific)
2012 Winners of the IIA Bombay Chapter Award for Innovation
2017 Group CIA is presented with IIA India’s (First) Internal Auditor of the Year AwardWinners of the IIA Bombay Chapter Award for Best Application of Technology
Internal Auditors – the sine qua non for good, clean and transparent governance
No one can whistle a symphonyIt takes a whole orchestra to play it
- Luccock
Internal Auditors – the sine qua non for good, clean and transparent governance
Internal Auditors – the sine qua non for good, clean and transparent governance
If being an Auditor used to be a pleasure …
Which as years went by became an
Today it might be viewed as a burden –
But not if there is a genuine acceptance of the contribution that wise and well meaning Auditors can play
Internal Auditors – the sine qua non for good, clean and transparent governance
Thank You
Internal Auditors – the sine qua non for good, clean and transparent governance