240 likes | 254 Views
This article discusses the importance of effectively managing risk in organizations and how FSS Risk Management Services can help build and protect enterprise value by taking a risk-smart approach. It covers various risk management solutions, such as enterprise risk management, financial services risk management, financial crime risk management, and compliance and regulatory risk management.
E N D
Draft Eliciting Management Support to the Internal Audit Function Theme: Internal Audit and Transformational Leadership Winning is a choice,,,. You have to make it- Choose to attain Risk Resilience, The Road lead to Performance Excellence ‘Overcoming Audit Complexities’.
Background of FSS Risk Management Services Regional players, National Governments, County Government, Public Sector, and Organizations of all types and sizes face internal and external increasingly changing factors that make achievement of their objectives uncertain “the Risk”. While good governance imperative require all organizations want to manage their risk, lack of capacity to effectively manage risk in line with best practice may be their major constraint. FSS Risk Services limited was formed with a goal to help organizations build and protect enterprise value by taking a Risk smart approach to managing financial, Operational and Strategic Management. We work with all organizations to help them develop, implement and continuously improve a framework for integrating the process for managing risk into the organization’s overall governance, strategy and planning, management, reporting processes, policies, values and culture. We help them to establish consistent processes within a comprehensive framework to ensure that risk is managed effectively, efficiently and coherently across their organization. Our Risk solutions are modeled along best practice (principally ISO 31000, and COSO-ERM Frameworks) and ensure compliance with regulatory requirements e.g. Basel II, Solvency II, and other global best-in-class initiatives. This approach helps our clients focus on their areas of increased risk, bridge silos to effectively manage risk across organizational boundaries and pursue not only risk mitigation and enhance transparency through Risk analytics, but also allow intelligent risk taking as a means of value creation that supporting regulatory compliance, enhanced competitive positioning , capital, liquidity, funding efficiencies. We intervene through consultancy, in-house training, open workshops, sharing of thorough leadership and current tread in the locale of Risk Management. Our Risk Management transformation Solutions include; Enterprise Risk Management Review and framework Development. Financial Services Risk Management (Credit Market and Operational Risk). Financial Crime Risk Management Programs development. Business Continuity Policy Development. Regulatory Compliance . Enterprise Risk Management (ERM): We help all type of organizations in reviewing existing risk management regime, develop holistic and integrated ERM framework and build Risk Management capacity: We help organizations make ERM an ongoing management process embedded throughout the organization to identify existing and emerging risks that can prevent your company from achieving entity goals. Financial Services Risk Management (FSRM): Financial institutions must manage their risks in a holistic manner for improved financial performance and compliance to regulations. We support all Financial services participants and actors including upcoming Mobile financial services gain capacity and firm understanding on dealing with Financial services Risks. Skill them up on methodology to identify measure and mitigate them. Financial Crime Risk Management (FCRM): Despite widespread coverage in the press, and governments and regulators' efforts to reduce fraud, economic crime continues to be a menace to businesses in Africa and around the world. FSS pro-active services are designed for responsible and progressive organizations that decide to conduct pro-active Fraud prevention; Fraud Risk Assessments as well establish a process to manage such a crisis, should one occur. We further help in Designing and implementing employee awareness testing, Reviewing your code of ethics and whistleblower program in relation to best practices. Compliance and regulatory risk management: at FSS we support organization orchestrate compliant operational regimes: Our supportive consulting approach help client put in place a process to identify, monitor and manage an organization's ethics, Anti money laundering and regulatory compliance responsibilities. We help develop mechanism to anticipate and react to compliance and regulatory requirements to avoid or recover from compliance failures, support growth objectives, protect shareholder value and avoid reputational/brand risks. Financial Services Solutions Limited Our Risk Management Services
Table of Contents 1 Introduction Establishment of an effective internal environment 2 3 Is internal auditor’s ‘independence’ a threat to management 4 Process monitoring and communication 5 Conclusion
Introduction • The Past 10 Years Have Witnessed Seismic Changes - Headlines Have Included/professional development • Major realignment in internal audit’s reporting relationships • Significant change in internal audit’s focus, roles, and responsibilities • Greater employment of risk-based methodologies in determining priorities and allocating resources • New communications strategies and practices to address enhanced stakeholder expectations • Increased resources for internal audit functions to address increased demands • Need for quality oversight • Supporting risk taking function becoming priority agenda
Introduction (Continued) “Internal auditing is an independent, objective assuranceand consulting activity designed to add value and improve an organization's operations. It helps an organisation accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes. ” THEIIA • Objectivity • Reporting structure • Risk management • Staffing • Prioritization • Adding Value
Introduction (Continued) Internal Audit Standard 2110: Nature of work – Governance The internal audit activity must assess and make appropriate recommendations for improving the governance process in its accomplishment of the following objectives: • Promoting appropriate ethics and values within the organization • Ensuring effective organizational performance management and accountability • Communicating risk and control information to appropriate areas of the organization • Coordinating the activities of and communicating information among the board, external and internal auditors and management
Introduction (Continued) Internal auditors are expected to; • maximize the assurance provided to the Board, the Audit Committee and Management, • contribute to the continuous improvement strategies of the organization without impairing its objectivity and independence, • provide guidance and expertise in areas including, but not limited to, corporate governance, ERM, fraud policies and prevention, and information technology systems, in addition to the traditional area of internal controls.
Introduction (Continued) Current changing demand and crisis in Confidence • Public is skeptical • Stakes are greater • Public trust has diminished • Greater challenges • More director liability • Financial system stressed • Increasing Fraud /mistrust with investment agents • Business failures continue • Risks neither understood nor managed • Governance mechanisms suspect/Regulations • Interested parties: Ratings agencies/Regulators/Lawmakers/Boards of Directors/Credit analysts • Commercial banks/Investment banks
Creating an effective Internal Audit environment Independent, Objective and Proficiency and Due Professional Care • Effective internal audit functions help organizations accomplish their business goal • Right environment underscore the growing importance of effective governance and establishing, maintaining and improving governance, risk management • Governance require and effective and independence Internal Audit established by the organizational and reporting structure..
Creating an effective Internal Audit environment • Objectivity : IA should have no personal or professional involvement with or allegiance to the area being audited; and should maintain an un-biased and impartial mindset in regard to all engagements. • Reporting Structure : IA should report to a level within the organization that allows the internal audit activity to fulfill its responsibilities and remain independent. This often results in a dual reporting relationship between executive management and the audit committee. Whatever, the reporting relationship there must be organizational independence. • Staffing : A broad range of skills and expertise, and ongoing professional development are critical to the formation and maintenance of an effective internal audit activity. • Prioritization: The CAE independence should provide the necessary organizational knowledge for staying in sync with risks and the organization’s overall priorities that allow for effective management of internal audit resources. • Adding Value : IA serves management and the board, assesses the ethical climate and the effectiveness and efficiency of operations, and provides a safety net for organizational compliance with rules, regulations, and overall business practices. • Building Confidence and Trust: Becoming the trusted partner of helping growth and improved performance (applying business wide expertise on risk and strategy).
Creating an effective Internal Audit environment Auditor Key factors/Qualification • Objectivity, independence , professionalism • Auditor ability to link audit issues to performance results • People skill/communication skills • Good Communication and Interpersonal Skills • Interviewing Skills • Intelligent and pertinent questions • Listen attentively • Analytical Skills • Ability to assimilate data and determine how it relates to the audit criteria • Analyze information and report results • Training and Experience • Standards, regulations, auditing techniques, and audit management skills • Ability to think inside and outside the box
Creating an effective Internal Audit environment • Creating the environment : The success of the auditing program depends significantly upon the selection of the right people for the task • Right personnel from cross-functional groups • Document & training • Engage stakeholder in in Audit Planning • Use recommendation/improvement proposals as a kpi • Perform audits on a regular basis • Responsibility becomes part of job description • Must be taken seriously by employee and manager • Part of performance review
Establishment of an effective internal environment ‘Selling’ Ref: Lawrence Sawyer Theory’ • Philosophy of assisting management and the Board in achieving the organization’s objectives through well-reasoned audits, evaluations, and analyses of operational areas. • Modern internal auditor to act as a counselor to management rather than as an adversary, as an active players influencing events in the business rather than criticizing all degrees of errors and mistakes. • Future “catching a manager doing something right” and providing recognition and positive reinforcement. Writing about positive observations in audit reports. • Who understands and forecast the benefits of providing more balanced reporting while simultaneously building better relationships. • make internal auditing more relevant and more interesting through a sharp focus on operational or performance auditing. This approach helped catapult the chief audit executive into the role of a respected and knowledgeable adviser who was thought to be reasonable, objective, and concerned about helping the organization achieve the stated goals.
Establishment of an effective internal environment ‘Selling’ • Efficient auditing can identify inadequate / ineffective / inefficient collection of data & measurements • Data not being used, not being used efficiently, wrong data being measure or being measure at wrong point in process • For example, data being collected regarding scrap rate, but the data is never presented to anyone OR data has consistently shown a high rate and no action has ever been taken or discussed • Efficient auditing can identify redundancies in systems • eliminate or reduce is an obvious cost savings • For example, redundant manual system and electronic system to avoid validation of electronic system
Establishment of an effective internal environment ‘Selling’ • Compliance is a regulatory requirement for our industry! • Efficient auditing can identify those areas where the company has added more requirements than needed from both a regulatory and business perspective • Complicated system uses resources and is prone to error (i.e., non-compliance) • Improvement of compliance level in governance issues, regulatory Compliance risk management and internal controls; • Greater possibility of getting unqualified financials; • Improved service delivery. • Cost saving measure • Uniform systems and consistency
Communicating and Monitoring results • Good auditing cannot be reflected in a poorly documented report • Issue TIMELY • Write to your “customer” • Write for impact • Make the report talk • Recognize their priorities • Lead (don’t lose) the “customer” • Fast tract open issueS
Process monitoring and communication • Utilize standard format for consistency • Audit scope, purpose, references, standards, procedures • Executive summary • Highlight hot issues (positive and negative) • Audit summary and specific non-conformances • Identify high risk areas • Audit recommendations for improvement and / or potential issues • Part of report or separate document?
Auditor independence, A threat of not • Internal audit is an independent objective assurance activity. • To ensure that the activity is carried out objectively, the internal auditor must have his/her independence protected. • Independence is assured in part by having an appropriate structure within which internal auditors work. • Independence is also assured in part by the internal auditor following acceptable ethical and work standards. • Risks if auditors are not independent
Process monitoring and communication • Objectivity - The comments and opinions expressed in the Report should be objective and unbiased. • Clarity - The language used should be simple and straightforward. • Accuracy - The information contained in the report should be accurate. • Brevity - The report should be concise. • Timeliness - The report should be released promptly immediately after the audit is concluded, within a month.
Conclusion Let make internal auditing not only am audit tool but more importantly as performance improvement tool, a regulatory compliance enabler , but as a necessary means to continuously improve the efficiency of business practices and product quality. This is the future and key buy in for internal Audit
Patrick Gitau-MBA,CFE, CIA, CRISC, GRCP Fraud Management, Internal Assurance, Governance, Risk Management & Compliance Consultant .
Patrick Gitau, MBA-Finance CIA, CFE, CRISC, GRCP FSS Risk Services & Advisers Thank you