180 likes | 681 Views
What they want to hear. March 14, 2018. Xavier BEDORET. The Psychology of the Board Member The Attitude of the Chief Audit Executive The Conditions of a Fruitful Encounter Another reading of the Internal Audit Standard 2400 – Communicating Results. What they want to hear.
E N D
What they want to hear March 14, 2018 Xavier BEDORET
The Psychology of the Board Member The Attitude of the Chief Audit Executive The Conditions of a Fruitful Encounter Another reading of the Internal Audit Standard 2400 – Communicating Results What they want to hear MFIA / March 14, 2018
I am not an Operational Manager but an Independent Director • I listen to you only 1 hour 4 times a year • I need information that is understandable and put into its context • I am sensitive about my criminal and civil responsibilities • I, the Chairman of the Audit Committee, have the duty to report to the Board. The Psychology of the Board Member MFIA / March 14, 2018
Shall I talk about the findings ? Or about the audit process ? • I am always late compared to the others • I am obsessed by my role of trusted advisor • Am I comfortable with my attitude of management by-pass ? The Attitude of the Chief Audit Executive MFIA / March 14, 2018
A relationship of trust in people and trust in process • A message that is simple and concise • An attitude that is factual and not controversial • A team that is committed and loyal. The Conditions of a Fruitful Encounter MFIA / March 14, 2018
Question time The Conditions of a Fruitful Encounter MFIA / March 14, 2018
You, the Internal Auditor, what do you want to hear from the Audit Committee ? The Conditions of a Fruitful Encounter You, the Chair of the Audit Committee, what do you want to hear from the Internal Auditor ? MFIA / March 14, 2018
Reframe the many control functions in the organisation March 14, 2018 Xavier BEDORET
There are some emerging risks in our international network. ERM watches Our audit of transactions revealed some non material errors in the HR files Many feed-backs to the Audit ommittee on the state of affairs What do they say ? Some financial controls are missing in the procurement process. The IC team monitors the improvements The HSE team works on 4 cases of injuries and dangerous occurences We are not ready for implementing the GDPR. The Compliance Team works We have identified 6 minor frauds during the quarter. The Ethics Officer investigates Our maturity model indicates the sales process is between « managed » and « defined » MFIA / March 14, 2018
Risk Manager Internal Auditor Many feed-backs to the Audit ommittee on the state of affairs Who are they ? Financial Controller HSE Manager Ethics Officer Quality Manager Compliance Officer MFIA / March 14, 2018
Control functions are proliferating in large enterprises under the impetus of regulators. The desire to secure the operation of large companies and protect investors has led regulators to enact a large number of regulations and to support their implementation by creating dedicated control functions In order to ensure their independence and authority, these control functions are attached to the Audit Committee (or the Board of Directors) Audit Committees have difficulties managing multiple control functions that invoke their functional connection (status, methodology, reporting) and relaying the information to the Board of Directors and to management (information, decision, alert). What is the problem ? MFIA / March 14, 2018
- Function usually created by law (European directive) or recommended by a governance institute - Establishment of a distinct methodology developed by an international professional association - Obtaining of a recognized professional certification providing authority - Creation of a distinct support line apart from the operational management - Status characterized by functional independence from the hierarchy and direct relationship with the CEO or the Board of Directors. What is the profile of these functions ? MFIA / March 14, 2018
- Multiplication of control functions in the same company - Functions not coordinated with each other and sometimes competing - Independence from hierarchy that can lead to isolation - Non-decision-making line, that is dependent on the managerial will to decide and to act - Operational cycle not aligned with managerial time - Separate concepts, scales and jargon for each control function - Lassitude of the local managers and disengagement towards controls considered disconnected from the reality in the field - Profusion and confusion in the mind of top management. What is the situation today ? MFIA / March 14, 2018
Context The Audit Committee lives in the discomfort of a growing workload and increased criminal responsibilities, in a VUCA world (Volatile, Uncertain, Complex, Ambiguous) where the feeling of loss of control is spreading. Some companies talk about strong control functions to compensate for the loss of management control. The Audit Committee experiences information asymmetry (ie highly accountable and poorly informed). What are the possible scenarios ? Steps that may be consideredby the Audit Committee MFIA / March 14, 2018
Scenario 1 There are too many control functions in the large enterprise. One of them takes precedence over the others and becomes the single voice and comfort provider dealing with all compliance matters with the Audit Committee. Other control functions are marginalized or outsourced. Steps that may be considered bythe Audit Committee MFIA / March 14, 2018
Scenario 2 • There are many control functions in the large enterprise. The Audit Committee has difficulty integrating the various points of view and taking a consistent position. • One of the control functions plays the role of facilitator and integrator within the framework of a combined assurance approach: • to coordinate the actions upstream and downstream • to relate the findings • to quantify and analyze the sensitivity and the impact • to consolidate, to plan, etc. Steps that may be considered bythe Audit Committee MFIA / March 14, 2018
Scenario 3 Given the emergence of data analytics and artificial intelligence, the burden of control is gradually being borne by the systems themselves. Each functional department manages a continuous monitoring approach. The second line of defense strengthens and matures to make its self-control, which is supervised by the internal auditors, the 3rd line of defense. The second line of defense reports autonomously to the ExCom on control matters, the third line of defense confirms the smooth functioning of the monitoring to the Audit Committee. Reminder : the control functions are non-decision-making and report today to the Audit Committee, which is also non-decision-making. The main attachment to the ExCom makes it possible to shorten the flows of communication and decision. Steps that may be considered bythe Audit Committee MFIA / March 14, 2018
Scenario 4 The accountants have standardized the accounting world by the emission of rational, permanent and universal standards ensuring the fidelity, the relevance and the comparability of the information. All players in the accounting world enjoy the benefits of standardization. Should not the other control functions coordinate themselves in order to manage the heterogeneity of their concepts, methods and findings? Coordinating does not mean bringing all methods back to a single standard, but ensuring – downstream - the articulation of the actions - and upstream – the integration of analyzes and results of various kinds. This development will contribute to the structuring of non-financial information in the annual report and to integrated reporting. Steps that may be considered bythe Audit Committee MFIA / March 14, 2018