1 / 24

Supervisory Committee Communications with Management and the Board

Supervisory Committee Communications with Management and the Board. Association of Credit Union Internal Auditors June 21, 2012 Vicki A. McIntyre, CIA, CPA Vice President, FirstPlus Resolutions, Inc. Agenda. Champion the Audit Activity The Risk-Based Audit Plan

dnewman
Download Presentation

Supervisory Committee Communications with Management and the Board

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Supervisory Committee Communications with Management and the Board Association of Credit Union Internal Auditors June 21, 2012 Vicki A. McIntyre, CIA, CPA Vice President, FirstPlus Resolutions, Inc.

  2. Agenda • Champion the Audit Activity • The Risk-Based Audit Plan • Impact of Resource Limitations • Supervisory Committee Evaluation of Internal Audit • Supervisory Committee considerations • Top 10 Worst Things You Can Do • Questions?

  3. Champion the Audit Activity • Know the purpose, authority and responsibility of your audit activity. • Understand key concepts of governance, risk and control. • Empower and challenge internal audit to add value.

  4. “An independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.” Definition of Internal Audit

  5. IA’s Purpose, Authority & Responsibility • The Audit Activity Charter • Code of Ethics • Independence & reporting lines • Access • Nature of Assurance & Consulting Services

  6. What is Governance ? Governance is the combination of processes and structures implemented by the board to inform, direct, manage, and monitor the activities of the organization toward the achievement of its objectives. It is the culture, values, mission, structure and layers of processes, policies and measures by which organizations are directed and controlled.

  7. IA’s Role in Governance IA must assess and make appropriate recommendations for improving the governance process in its accomplishment of the following objectives: • Promoting appropriate ethics and values within the organization • Ensuring effective organizational performance management and accountability • Communicating risk and control information to appropriate areas of the organization • Coordinating the activities of and communicating information among the board, external and internal auditors, and management

  8. What is Risk? The possibility of an event occurring that will have an impact on the achievement of objectives. Risk is measured in terms of impact and likelihood. Risks to the Internal Audit Activity: • Audit failure • False assurance • Reputation risks

  9. What is Control? Any action taken by management, the board, and other parties to manage risk and increase the likelihood that established objectives and goals will be achieved. Management plans, organizes and directs the performance of sufficient actions to provide reasonable assurance that objectives and goals will be achieved.

  10. Policies/Procedures Organizational Structure Bureaucracy Restrictive Formal Processes Competence Trust Shared Values Strong Leadership High Expectations Openness High Ethical Standards Hard vs. Soft Controls

  11. Empower & Challenge IA to Add Value • Become more relevant to broader business objectives • Enhance ability to identify emerging risks • Improve risk assessment processes • Reduce audit fatigue on the business

  12. The Risk-Based Audit Plan • Consider risk appetite levels • Consider organizational risk management framework • Consult with senior management and the Board • IA exercises judgment of risks

  13. The Risk-Based Audit Plan Ask the critical questions: • What keeps you up at night? • Is IA providing assurance in those areas? • Does IA cover the right things at the right time? • Can IA identify emerging risks; is the audit plan flexible enough to provide coverage? • Is IA perceived as a valued business partner?

  14. Are Audit Resources Aligned with Risk? Root causes of organizations loosing a large percentage of shareholder value in a short period of time: • 60% - Business or strategic risks • 20% - Operational risks • 15% - Financial risks • 5% - Compliance risks

  15. Impact of Resource Limitations • Must communicate to senior management and the Board • Advocate for IA • Be sure resources are effectively deployed

  16. Impact of Resource Limitations • Beware of SALY and JELLY (Same as last year & just exactly like last year) • Beware of pet projects • Beware of isolated concerns of constituents • Consider management’s responsibility for monitoring and self-assessment

  17. Evaluation of Internal Audit • Does the Board have confidence in IA’s assurance activities? • Does the Board believe it is sufficiently and timely informed of IA’s significant findings? • Does the Board believe IA has the skills and foresight to build emerging risks into the audit plan? • Does the Board believe the audit plan is sufficiently broad in scope and executed in a timely manner? • Does management believe audit reports are actionable? • Does management perceive IA as a valued business partner? • Does management believe it gets superior value for its investment in IA? • Is the Board and management confident of IA’s independence, objective and fair-minded approach and that IA is empowered and sufficiently staffed and resourced?

  18. Evaluation of Internal Audit • How well does the IA director respond to probing by the Supervisory Committee? • How knowledgeable is the IA director in the company’s accounting and financial reporting policies? • How well does the senior management respect the IA director, and how healthy is the tension between them? • How well do the external auditors respect the IA director? • Does the IA director provide adequate assurance in areas requested by the audit committee? • Is the IA director respected within the auditing profession? Examples would be as a frequent speaker, writing articles, participating in industry organizations, etc.

  19. Supervisory Committee Considerations • Promote effective Sup Committee functioning; staff with sufficient expertise • Promote an open, transparent relationship with IA and other organizational control functions • Consider term limits for committee members • Perform an annual self-assessment • Request candid feedback from the Board and IA

  20. The Top 10 Worst Things You Can Do…… • Not being a proactive communicator • Fail to remain up-to-date on your CU’s business, the CU industry and IA successful practices • Not being aware of your CU’s risk management activities • Not having an audit plan that adds value • Fail to support IA independence

  21. The Top 10 Worst Things You Can Do…… • Ineffective evaluation of the Chief Audit Executive; not making a needed change • Fail to perform regular self-assessments • Failure to honor high ethical standards; integrity, objectivity, confidentiality and competency • Fail to deliver bad news to the Board timely • Paralysis – do nothing - not knowing what to do when there are serious problems

  22. Questions?

  23. Vicki A. McIntyre, CIA, CPA FirstPlus Resolutions, Inc. Tustin, CA 714.469.2440 iiadistrictrepvam@sbcglobal.net

  24. Bibliography • “Top 10 Worst Things…” adapted from Managing Director of the IA Division of the MIS Training Institute, Joel Kramer’s presentation titled “Best Practices in Educating the Audit Committee.” • “Are Audit Resources Aligned…” adapted from IIA CEO Richard Chambers’ presentation on the state of the IA profession, IIA So Cal District Conference, Anaheim, CA, 6/4/2012. • “Evaluation of Internal Audit…” adapted from Alan Siegfried’s (former Chair IIA North American Board) presentation on Audit Committee Expectations of IA-Best Practices

More Related