1 / 77

IIA / ISACA Joint Training Event & Holiday Networking Reception

IIA / ISACA Joint Training Event & Holiday Networking Reception. December 9 th , 2010 UBS Tower, Chicago, Illinois. Seminar Agenda. 1:30 Opening remarks

blythe
Download Presentation

IIA / ISACA Joint Training Event & Holiday Networking Reception

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. IIA / ISACA Joint Training Event & Holiday Networking Reception December 9th, 2010 UBS Tower, Chicago, Illinois

  2. Seminar Agenda • 1:30 Opening remarks • 1:35 – 3:30 Key note speaker: Mr. Dick Anderson, “The 10 Greatest Challenges the IA Profession Faces in the Next Two Years” • 3:30 – 3:45 Holiday raffle and acknowledgements • 3:45 – 7:00 Holiday networking reception at 1 North Kitchen

  3. The 10 Greatest Challenges the IA Profession Faces in the Next Two Years Dick Anderson, Clinical Professor The Center for Strategy, Execution and Valuation DePaul University Trustee: IIA Research Foundation

  4. Agenda • Stage setting; • Background • Current issues • 10 Greatest Challenges the Internal Audit Profession Faces In the Next Two Years • Summary • Q&A

  5. Background for this material • IIA GAIN Surveys • Roundtables conducted by The IIA’s Audit Executive Network • Discussions with internal audit leaders • Recent publications

  6. Current issues that aren’t on the list • Budgets and staffing • Audit coverage and focus • “Doing more with less”

  7. Staffing and budgets appear to have stabilized Internal Audit Budgets 2010 act. 32% 40% 28% Source: IIA Knowledge Alert October 2010 Internal Audit Staffing 2010 act. 17% 67% 17% Source: March 2010 IIA GAIN Survey, “Internal Auditing in 2010”

  8. The Outlook for 2011 On Internal Audit Budgets IIA/ISACA 19% 64% 17% On Internal Audit Staffing IIA/ISACA 20% 76% 4% Source: The IIA Audit Executive Center – August 30, 2010

  9. Operational risks continue to be receiving significant coverage Projected 2011 coverage is consistent with these trends Source: March 2010 IIA GAIN Survey, “Internal Auditing in 2010”

  10. 10 Greatest Challenges the Internal Audit Profession Faces in the Next 2 Years

  11. 1. Mis-alignment with evolving stakeholder expectations

  12. Stakeholder Expectations • They are more dynamic than static • We’ve seen major swings • SOX • Impact of the economy • For many organizations, changes are occurring again • New directors / executive management bring different expectations • Increasing expectations around risks and risk management • Corporate governance now a real topic

  13. Stakeholder Expectations Cont’d RJA Observation: #1 reason for stakeholders voicing dissatisfaction with internal audit • If you don’t understand and meet your unique stakeholder expectations, you will not be perceived as really “adding value” • Stakeholders will ascribe value to assurance activities but typically will look/want more

  14. Need to consider “new” stakeholders • Board • Other board committees • Compensation committee • Risk committee • New directors and executives

  15. What are directors concerned with?

  16. What are Audit Committees concerned with? • Risk • Risk, again • Increased focus on enforcement • Regulatory Changes • Substantial changes to accounting standards Ongoing economic uncertainty Key changes to the business Complex transactions The complexities of multinational operations Audit committee effectiveness Source: Corporate Board Member Volume 16, 2010

  17. Personal Skills and CapabilitiesTop Five – CAE Results © 2010Protiviti Inc. 2010 Internal Audit Capabilities and Needs Survey Protiviti Inc.

  18. Finally, stakeholder expectations are the “filter” for leading practices • We all know not every “leading” or “best” practice is right for every organization • Stakeholder expectations are the “filter” to help identify which practices work for you • Does the objective of a practice align with expectations? • Does a practice directly help achieve an expectation?

  19. 2. Becoming a second class citizen in the risk management game

  20. Risk Management Assurance Current Risk Management Maturity Control Assurance Compliance Informal Risk Management Functional ERM Sox Compliant Internal Control Processes PwC Internal Audit 2012 Study “Internal Audit at a Crossroads”2007 Future State of Internal Audit, 2012 and Beyond Internal Audit Value Creation Internal Audit Value Proposition Current State of Internal Audit, 2006 / 07 Internal Audit Value Maintenance Risk Management Maturity

  21. Financial crisis has significantly increased board interest in risk management PwC Survey ¹ results: • “More CEO’s are planning a ‘major change’ in risk management than other elements of their strategy, organization or operating model” • PwC 13th Annual Global CEO Survey issued January, 2010 IIA Knowledge Alert, October 2010 • “61% of all respondents and 86% of Fortune 500 respondents report their organization has an enterprise risk management program of some nature in place”

  22. Risk management is a current hot topic with audit committees KPMG Report:¹ • “While internal audit typically is not accountable or responsible for risk management, it can/should provide added assurance regarding the adequacy of the company’s risk management processes.” (1) KPMG Fall 2009 Audit Committee Roundtable Report, issued January, 2010

  23. 2010 Risk Management Maturity Risk Management Assurance Control Assurance Compliance Informal Risk Management Functional ERM Sox Compliant Internal Control Processes PwC Internal Audit 2012 Study “Internal Audit at a Crossroads”2007 Future State of Internal Audit, 2012 and Beyond Internal Audit Value Creation Internal Audit Value Proposition Current State of Internal Audit, 2006 / 07 Internal Audit Value Maintenance Risk Management Maturity

  24. Other Risk Management “wild card” • The “Chief Risk Officer: • Position being added by more organizations • Position description can look a lot like a CAE • Access to board or board committee • Reporting to CEO or “C” suite level • Key member of executive management • Can be a real partner for the CAE • Or can be the CAE’s boss

  25. 3. Loss of best staff as the economy improves

  26. 2010 Conference Board Survey on U.S. Job Satisfaction • Only 45% of respondents are satisfied with their jobs • 22% said they don’t expect to be in their current jobs in one year • The youngest group (under the age of 25) expresses the highest level of dissatisfaction ever recorded by the survey in any age group

  27. Recent IIA Audit Executive Network Roundtables • Impacts of the economy • Low turnover • Low salary increases / bonus • Fewer opportunities to transfer out of internal audit • Fear is that when the economy, job market picks up, your best people will be at risk Quote from one CAE:“Focus on your best people NOW!”

  28. Focusing on your best people • Coaching and mentoring • Example: “Shadow days” • Personal exposure and interaction with the CAE • Example: Informal monthly lunches with CAE • Exposure to the audit committee • Example: Each IA director presents the risk assessment and audit plan for their areas to the audit committee

  29. Focusing on your best people • Career planning discussions • Rotations, secondments into the businesses • Example: international assignments For additional ideas see Fortune, November 1, 2010 article “Giving Back to Your Stars”

  30. 4. Evolving and enhancing your risk assessment process

  31. Need for better risk assessments increasing • Required by IIA Standards • Audit plan level • Engagement level • But: • One of the hottest topics in corporate world today is risk management • Boards, audit committees looking for help from internal audit • Identify the risks, especially emerging risks • Help enhance risk management practices • Assess quality of management’s risk assessment processes

  32. Macro problems with today’s internal audit risk assessments • Timing; • too many are “events” not ongoing processes • Lack of focus on strategic risks • Need to consider “black swan” and “fat-tailed” risks • Also need to consider responses to unexpected events • Need better, clearer reporting

  33. Risk Assessments - Timing • Need to move risk assessment to an ongoing process not an “event” • Need processes to try to identify emerging risks

  34. Financial crisis has significantly increased board interest in strategic risks PwC Survey ¹ results: • “Board agendas are getting busier – with strategic risks at the top” (1) PwC 13th Annual Global CEO Survey issued January, 2010

  35. Audit committees expect internal audit to look at strategic risks KPMG Report:¹ • “Internal audit should also be looking at strategic and operational risks – not just controls and compliance.” (1) KPMG Fall 2009 Audit Committee Roundtable Report, issued January, 2010

  36. Focus on the “Real Risks” Composite analysis of the types of risks that have significantly reduced shareholder value: Strategic & Business 60% Operational 20% Financial 15% Compliance 5% 36

  37. Responding to Emerging Risks All Respondents Fortune 500 Respondents Source: The IIA Audit Executive Center – August 30, 2010

  38. Responding to Emerging Risks IIA/ISACA Respondents Source: The IIA Audit Executive Center – August 30, 2010

  39. Responding to Emerging Risks All Respondents Fortune 500 Respondents Source: The IIA Audit Executive Center – August 30, 2010

  40. Responding to Emerging Risks IIA/ISACA Respondents

  41. Strategic Risk Assessment¹ (1) Strategic Finance, December 2009, Frigo & Anderson

  42. Defining an Organization’s Appetite for Risk Traditional Approach to Assessing Risks Range of risks to be mitigated to lower quadrants or avoided Impact Likelihood

  43. Problem with the traditional approachAppetite for Risk Home of the Black Swans” and “fat- tailed n’s” Impact Likelihood “It turns out that in financial markets, “black swans” or extreme events, occur much more often that the usual probability models suggest” The Economist, February, 2010

  44. Some internal auditors are now considering additional factors, such as¹ Other Possible Risk Assessment Factors¹ • Velocity • Readiness • Capacity • Controllability • Monitorability • Frequency of occurrence • Interdependencies • Volatility • Maturity • Degree of confidence (1) source: with/ Paul Sobel, VP, Mirant Corp

  45. Risk Assessments - Reporting • Clarity and simplicity • “Visually Impactive” • Help readers focus on the critical items • For audit plans, show a clear linkage

  46. Strategic Risk Profile

  47. 5. Deploying effective audit technology

  48. Audit Technology • Focus is beyond just automated workpapers • Data mining and data analytics starting to show significant benefits • Greater use of embedded tools in major systems • Not just efficiency but focus on how to increase the effectiveness of the auditing process • Becoming more “continuous”

  49. Understand and address potential barriers Do you have the level of knowledge you need? Knowledge and technical skills appears to be the biggest barriers, not the technology itself.

  50. Assessing Audit Process KnowledgeTop Five – Overall Results © 2010Protiviti Inc. 2010 Internal Audit Capabilities and Needs Survey Protiviti Inc.

More Related