120 likes | 290 Views
Continuous Monitoring Continuous Auditing. Organizational Readiness What Needs To Be Done Making It Happen. Research & Information Sources. Professional Experience – Senior Director, Continuous Auditing at Major Bank Industry – Barclay’s, RBS, Wells Fargo, Citigroup, RBC, Fleet
E N D
Continuous Monitoring Continuous Auditing Organizational Readiness What Needs To Be Done Making It Happen Clyde Rogers clyde.rogers@sympatico.ca
Research & Information Sources • Professional Experience – Senior Director, Continuous Auditing at Major Bank • Industry – Barclay’s, RBS, Wells Fargo, Citigroup, RBC, Fleet • Organizations – IIA & ADR • External Firms – Deloitte, KPMG, E&Y • Academic – Centre for Continuous Auditing – Rutgers, U of Waterloo
Guiding Principles - Mindset • Improve Efficiency and/or Effectiveness – Needs to Business Case, Be Important, $’s, Benefits • COSO/COCO Frameworks, Enterprise Wide Risk Management, Control Self-Assessment • Changing Regulatory Requirements – SOX, Basel • Partner with Client & Governance Groups • Validate - Cross Organization Roles & Responsibilities & Acceptance
Guiding Principles – Mindset • Client Monitors & Manages Risk and Compliance • Audit Gets Assurance From Client & Partner Processes as well as Independent Testing • Information Technology is an Enabler – Larger Than That • Staged and Incremental Implementation – Business Line & Phases
Success Drivers • Promoted/Championed by Senior Executive – Chief Auditor & Business Line Executive • Focus On a “Quick Win” – Business Line Readiness – Operating Models • Business Line Buy-In also Influences Governance and Support Groups • Leverage/Benchmark to Industry & Non-Industry Leaders and Best Practices
CM – CA Model/Processes Advisory Support Lines Whistle Blower Operational Losses Staffing Issues Key Performance Early Warning Systems Risk Teams External/ Regulatory NIAP Strong or Satisfactory No Action Suggested Action Quarterly Audit Planning and Reporting Requires Improvement Prior Audit Results Unsatisfactory Accelerate audit activity Inherent Risk Operational Risk Continuous Auditing Warehouse Continuous Auditing Warehouse Traditional Auditing Risk and Frequency Model Traditional Auditing Risk and Frequency Model Proceed with audit As scheduled
Business Line Profile • Standard Operating Environment – 1,000 locations – National – 4 Segmented Client Offers • Confusion/Duplication Between Functions in Roles & Responsibilities – 4 Major Risk Teams • Quick Win – Risk Teams – Duplication & Costs • Conflicting Reporting to Clients & Stakeholders
Benefits – Phase I – Risk Teams • Align Risk Teams Coverage to Meet the Needs of all Groups – 1 Group – Audit Leverages (QA) • Roles & Responsibilities Defined and Aligned to Changing and Emerging Regulatory Requirements – SOX, Basel • Improve Effectiveness & Efficiency – Less Branch Disruption – Also $2 million Savings • Move to Continuous Monitoring/Auditing Model – Foundational to Phase II – Further Benefits
Phase I Q2 2005 Q1 2006 SOX Q1 2005 Basel SOX W/M Basel • Reduced On-site Testing Through: • Inventorying current on-site testing activities • Changing/adding/deleting tested activities • Identifying duplication • Migrating duplicated testing to FRS • Eliminating migrated testing from groups • Developing process to audit FRS • Focusing on routine activities • Processes review with product groups W/M Compliance Compliance On-site testing InternalAudit Internal Audit Internal Audit Business Risk Business Risk
Benefits – Phase II - EWS • Leverage Information Technology - Consists of Data Mining and Analytics • Whole Portfolios – Holistic View – Real Time • Additional Efficiencies - $5 million • Major Step Towards Continuous Monitoring/Auditing Model • Monitoring Capability Enhanced: - Reduces Onsite Testing - Risk Indicators/Trends To Support On-site Testing - Improves Earlier Identification – More Predictive
Phase II Q1 ‘07 SOX Basel W/M SOX • Reduced On-site Testing Through: • Develop central monitoring capability • Enhanced technology platform • Leverage existing knowledge (NRM/EWS/CRS) • Central monitoring for select activities • Further on-site testing eliminated • Majority of on-site testing migrated to FRS Compliance Basel On-site testing W/M Compliance Internal Audit Internal Audit Internal Audit/Basel Business Risk Business Risk