200 likes | 216 Views
How JCPenney is Managing Corporate Risk. John Polarinakis, Audit Director Dave Miller, Senior Audit Manager. What is JCPenney doing?. Ethics Program Internal Audit Function Anti-Fraud Programs Enterprise-Wide Hotline. On-line Ethics Statement. A letter from our Chairman
E N D
John Polarinakis, Audit DirectorDave Miller, Senior Audit Manager
What is JCPenney doing? • Ethics Program • Internal Audit Function • Anti-Fraud Programs • Enterprise-Wide Hotline
On-line Ethics Statement • A letter from our Chairman • The purpose of the Statement of Business Ethics • Our responsibility as an employee • A great work environment • Our duty to the Company
An Effective Ethics Program • Communication with Employees • Communications with Suppliers • Employee Training • The Use of Criminal Background Checks • The Role of the Legal and Ethics Compliance Committee • Measuring our Performance – how effective are the programs
How does Internal Audit support the Company’s corporate governance initiatives?
Perform an Annual Risk Assessment • Risk rank each audit area • Discuss with management • Allocate resources • Allow for flexibility
Anti-Fraud Programs • Fraud Risk Assessment • Fraud Awareness Program • Continuous Auditing and Monitoring • Enterprise-Wide Hotline
Objectives of Fraud Risk Assessment • Evaluated the adequacy of select controls to mitigate fraud risks • Reviewed the oversight processes to prevent and detect fraudulent activity • Identified additional anti-fraud control enhancements
Benefits of Fraud Risk Assessment • Interaction with management • Increasing management’s fraud awareness
Increasing Fraud Awareness • Established multi-department task force to oversee • Conducting awareness and ethics presentations • Red Flags of Fraud poster • Senior Management presentations to Audit Committee
Continuous Auditing • Continuous Monitoring
Monitoring Retail Store Operations • Short cash expense • Bad check expense • Purchase card expense • POS information
Anti-Fraud Continuous Auditing • Matching vendor and employee name, address and telephone number • Identifying duplicate vendor invoices • Identifying duplicate expenses – travel
Establishing an Enterprise-Wide Hotline • Required as part of SOX 301 and 806 • Means of anonymous communication for employees and vendors • Establishing Awareness programs • No Retaliation Policy communication
Benefits of Outsourced Program • Online database of all call activity • Automatic notification of call activity • Available 24/7 • Multi-lingual service • Experienced operators • Call monitoring
Steps to Take • Communicate what is expected of employees • Provide a safe mechanism to report concerns • Zero Tolerance for fraud