620 likes | 787 Views
CAACM’s 5th Annual Meeting & Conference in Collaboration with ICATT. By David Hall President Institute of Internal Auditors, Jamaica July 13, 2011. Presentation – Developments and Practices Shaping the Audit Committee Oversight.
E N D
CAACM’s 5th Annual Meeting & Conferencein Collaboration with ICATT By David Hall President Institute of Internal Auditors, Jamaica July 13, 2011
Presentation – Developments and Practices Shaping the Audit Committee Oversight The economic outlook is still very challenging for the Caribbean markets over the next 12 months. As a result, boards and audit committees must understand the major challenges their businesses will face and set an appropriate agenda for the Audit Committee. This presentation will review top-of-mind issues facing organizations and their boards in 2011 and key areas to be addressed in this year’s Audit Committee agenda. IIA Research Foundation
1. Introduction2. Role of the Audit Committee3. Responsibility for Risk Management & Fraud management4. Corporate Governance5. Developments & Practices impacting businesses6. Shaping the Audit Committee Agenda – Enterprise Level Issues7. Shaping the Audit Committee Agenda – Process & technology Risk Issues Agenda IIA Research Foundation
In the wake of the late-2000s global financial crisis, there is an increased focus on the role of the audit committee and information disclosed in a company’s financial statements. Clearly, the audit committee’s role in ensuring accurate and transparent disclosure is more difficult and challenging than ever 1. INTRODUCTION IIA Research Foundation
— given increased expectations by shareholders, regulators, and other stakeholders; heightened scrutiny when things go wrong; more responsibility for risk management, and more focus on the need for fraud prevention. 1. INTRODUCTION IIA Research Foundation
2. Role of the Audit Committee IIA Research Foundation
2. Role of the Audit Committee • To assist the board of directors in fulfilling its oversight • responsibilities in regards to: • The integrity of the company’s financial statements, • The company’s compliance with legal and regulatory • requirements, • The auditor’s qualifications and independence, and • The performance of the company’s internal audit • function and independent auditors. IIA Research Foundation
2. Role of the Audit Committee The Audit Committee members should : • Be inquisitive and have independent • judgment • Ask the right questions and appropriately • interpret the answers • Have knowledge of the company's risks and • controls and the ability to offer informed • insight IIA Research Foundation
2. Role of the Audit Committee The Audit Committee members should : • Have a broad perspective on the business • that extends beyond financial and technical • knowledge • Have the ability to offer new perspectives • and constructive suggestions • Financially literate, at least one person being • the “Financial expert” IIA Research Foundation
3. Who is responsible for Risk Management Standard 2100 The internal audit activity should evaluate and contribute to the improvement of risk management, control, and governance processes using a systematic and disciplined approach IIA Professional Practices Framework
4. Who is responsible for Fraud Management Management is responsible for establishing and maintaining an effective control system at a reasonable cost. This includes designing some controls to indicate when other controls are not working effectively. Following up on these indicators may result in the determination that fraud may have occurred IIA Professional Practices Framework
4. Who is responsible for Fraud Management Standard 1210 The internal auditor should have sufficient knowledge to identify the indicators of fraud but is not expected to have the expertise of a person whose primary responsibility Is detecting and investigating fraud IIA Professional Practices Framework
5. Corporate Governance The combination of processes and structures implemented by the board to inform, direct, manage, and monitor the activities of the organization towards the achievement of its objectives.
. DEVELOPMENTS AND PRACTICES IMPACTING BUSINESSES
Managing through the economic recovery with emphasis on finding new sources of growth • Finding new sources of profitable growth is a strategic imperative • As companies seek new sources of growth , they must be careful not to stray too far from their core competencies • CEO’s have to balance short term demand from long term objectives, against delivering acceptable quarterly results
1. Managing through the economic recovery with emphasis on finding new sources growth • Many companies are still finishing work they started in 2009 and 2010, such as streamlining business operations and discarding nonperforming or nonstrategic assets • Companies may choose to invest in innovations that will provide a foundation for the future , while also protecting the business from exposure to another severe economic recession
2. Monitoring the competitive environment and adjusting the strategic direction of the company accordingly • Both management and the board must understand the • risks inherent in the corporate strategy and the • supporting business model to deliver that strategy • They must agree on the significant • assumptions underlying the strategy
2. Monitoring the competitive environment and adjusting the strategic direction of the company accordingly • There should be a process to monitor the environment • for changes that could alter those assumptions • significantly • If one or more critical assumptions • are no longer valid, the strategy must • be either revisited or exited, • depending on the circumstances
3. Maintaining morale and retaining top talent • The workforce is changing, not just demographically, • but also through the ways we interact with each other • Expectations between workers and companies have • changed fundamentally • Loyalty is no longer a viable expectation • The “mobile workforce” phenomenon has significant • long-term implications for businesses • The changing workforce – less loyal and more • transient – is both a threat and an opportunity
4. Building customer loyalty • Customers have always been the lifeblood of any business • Many companies now realize this and are now paying • attention to how they can improve customer retention and • maintain long term customer engagement • Due to technological advances and increased competition, • customers now have more choices than ever before • Strong relationships and the willingness to be flexible, • when addressing customer issues are vital to sustaining • revenue streams over time
5. Protecting sensitive and private information • The WikiLeaks phenomenon has been an eye-opener • to many as It relates to private and sensitive data being • exposed, this was not on anyone’s radar 12 month’s ago • Given the rapid change of pace, it is vital that board • of directors and senior management view information • security and privacy as a business issue and not just • another IT issue
5. Protecting sensitive and private information • Security threats, vulnerabilities and privacy exposures • challenge every organization, creating risks that must be • understood and managed • Companies must implement a data classification policy • Good security and privacy practices create revenue • growth opportunities by engendering customer • confidence and providing customers with • personalized support
6. Managing in an environment of increased regulatory oversight • Adjusting the business model to the regulatory • environments of different countries is a challenge to • businesses operating in regional or global markets • Anticipating how governments in various countries • might change regulatory guidelines and impact the • company’s business model is an even more • daunting task
6. Managing in an environment of increased regulatory oversight • Management must pay close attention to the regulatory • environment because as the complexity of the regulatory • environment increases, the process of staying • compliant becomes more challenging • Maintaining a strong governance structure is an • imperative in light of the requirements for increased • public disclosures • A strong compliance culture also reduces • exposure to headline risk
7. Understanding and responding to a changing risk profile • As the business environment changes, so does the company’s • risk profile. • The financial crisis has put a number of issues under the • microscope • - The effectiveness of risk management processes, • - The impact of incentive compensation on risk-taking • behaviour, • - The positioning of a Chief Risk Officers, within the • organization, • - The consideration of risk in strategy-setting and • performance management, and: • - The effectiveness of board risk oversight.
7. Understanding and responding to a changing risk profile • There are two important issues of note, namely : • (a) The success of risk management will have a huge • impact on preserving the company’s reputation • (b) Every company will eventually face a crisis test, • which is why crisis readiness and response is a • vital process
7. Understanding and responding to a changing risk profile It is important to understand the source and severity of threats that have a high velocity and persistence of impact, as well as an inadequate response readiness by the organization
8. Assessing capital and managing cash flow effectively • Understanding the company’s cash • flow is critical to managing its • overall fiscal health • It is also important for the company • to maintain an efficient capital • structure to drive the enterprise’s • long-term financial performance
9. Effectively using the data and information available in the organization to make timely and informed decisions • Many companies have acknowledged that they can • do a better job of using available data and • information for decision making • Members of the board of directors • are now asking management for • more transparency, CEOs are • looking to the finance organization • to play an active role in planning, • measuring, and monitoring • business performance
10. Complex corporate structures Mergers, acquisitions and reorganisations often involve aligning organisations not only with distinct corporate cultures but also from different industries and different areas of the world. In today’s business environment, companies frequently cross borders for every aspect of their business. This environment presents management and the audit committee with unique oversight challenges. While governance practices in such environments are evolving, the influence of global business needs careful consideration.
11. Social Media Risks Social media represents real opportunities and real risks and therefore demands a disciplined approach. The global social media landscape has changed dramatically in recent years and many companies are struggling to keep up.
11. Social Media Risks In a recent 2011 Social Media Survey of U.K. employees, it was found that social media usage in the workplace has grown enormously in recent years with more than half (51%) of workers surveyed now claiming to engage with a social networking site whilst at work. Almost a third (30%) of workers use sites such as Twitter, Facebook and LinkedIn on a daily basis, while more than 5% do so several times an hour.
Shaping the Audit Committee Agenda - 2011 ENTERPRISE-LEVEL ISSUES
Ensure the company’s risk assessment • methodology maximizes its value and use First of all the board and audit committee must ensure that management is conducting at least an annual risk assessment The audit committee must be satisfied that their companies’ assessment methodologies are providing appropriate insights
Ensure the company’s risk assessment • methodology maximizes its value and use There are some high-impact, low-likelihood risk scenarios which can be ultimate “showstoppers”. Likelihood Impact
Ensure the company’s risk assessment • methodology maximizes its value and use • Particularly if they have a : • high velocity (i.e. speed • between the occurrence of • an event and its initial impact • on the company ) and , • (ii) high persistence (i.e. duration • of time and extent of effort that will • be required to deal with the impact • of a given risk event once it occurs )
2. Update the company’s risk profile to reflect changing conditions and identify fraud risks • Companies have to ensure that the assessment of the • risk profile is current • (ii) There has to be an elevated alertness to the potential • for fraud and corruption • (iii) There should be consideration for an assessment of • fraud risk
2. Update the company’s risk profile to reflect changing conditions and identify fraud risks • (iv) A review of the effectiveness of the fraud prevention • and detection process • Escalation and response mechanisms to react to • events ( eg. Audit findings, whistleblowers )
3. Clarify the committee’s contribution to the board’s risk oversight process Boards of directors and their audit committees need to be on the same page as to the committee’s contribution to risk oversight The question for clarity is “What is the audit committee’s role in the board’s risk oversight process?” “Does the audit committee have the time, skills and support to contribute to the assessment of the risk assessment methodology?”
3. Clarify the committee’s contribution to the board’s risk oversight process The board could see it fit to establish a separate risk committee or engage one or more other standing committees other then the audit committee to contribute to risk oversight If this structure is set up by the board , the audit committee must inquire and understand the nature of those activities and the results
4. Evaluate competence and capabilities of the finance organization and Internal audit • The past two years have put the CFO organization under pressure in many companies • The audit committee should satisfy itself that the skill sets in the finance department match up to the expectations, driven by the organization’s: • Industry • Structure • Culture • Business performance issues • Internal and public reporting • requirements
4. Evaluate competence and capabilities of the finance organization and Internal audit For Internal Auditing the audit committee should make sure the function ( including any co-source partners ) have the necessary resources to address the company’s key risks Question to be addressed by the audit committee - “Given the scope of the risks, what are the additional audit resources, budget funding, and/or utilization of outside skill sets needed to address the enterprise risks?”
5. Keep a sharp eye on the overall control environment as the company seeks new sources for growth “Tone at the top” has never been more important Over the past two years most companies have reduced their costs and sized their organizations to market demand This “surgery” has increased the expectations for employees to do more with less, placing stress on the internal control structure, which sometimes led to control failures. Vigilance is the order of the day.
5. Keep a sharp eye on the overall control environment as the company seeks new sources for growth • The audit committee should: • Be alert for signs the internal control structure is under • stress as the organization continues to pursue • (i) cost-reduction plans and process • streamlining efforts while also seeking • new sources of growth • Ensure that the company emphasizes • responsible business behavior and • maintains a strong focus on • preventing and detecting fraud and • corruption
5. Keep a sharp eye on the overall control environment as the company seeks new sources for growth • The audit committee should : • Ensure that key control activities essential to • financial reporting are not compromised • Note that new acquisitions, new business activities • and new IT/Network systems can place • an already fragile control structure • under further stress
PROCESS AND TECHNOLOGY RISK ISSUES
Pay attention to financial communications • quality • The audit committee should proceed with caution before straying far from its core mission : • To oversee financial reporting risk and the quality of the financial and public report presentation and disclosures, earnings guidance and earnings releases • With the increasing complexity • of financial reporting , a proactive • approach to oversight is warranted
Pay attention to financial communications • quality • From time to time the audit committee should • review management’s assumptions underlying all • critical accounting estimate to ascertain whether • they remain valid in terms of of the current • business environment • Be vigilant for “red flags” when it comes to • acquisitions, divestitures, changes • in markets/or the economy, new or • unusual transactions
7. Understand the implications of changing laws and regulations • Regulatory reform is a global phenomenon • If you are a global/regional company, there are • regulations that have been passed in some • countries that companies may not fully understand • in terms of implications • The audit committee has to ensure that the company • is monitoring the regulatory environment for key • changes requiring adjustments to policies and • processes • Especially in highly regulated • industries