Presentation is loading. Please wait.

Presentation is loading. Please wait.

Impact of Corporate Governance on the Internal Audit Profession Glenn E. Sumners, DBA, CIA, CFE Upward Hacia arriba Onward Adelante (1941) Internal auditing.

Similar presentations

Presentation on theme: "Impact of Corporate Governance on the Internal Audit Profession Glenn E. Sumners, DBA, CIA, CFE Upward Hacia arriba Onward Adelante (1941) Internal auditing."— Presentation transcript:

1 Impact of Corporate Governance on the Internal Audit Profession Glenn E. Sumners, DBA, CIA, CFE Upward Hacia arriba Onward Adelante (1941) Internal auditing is an endless journey towards an every- changing destination. Glenn E. Sumners Dominican Republic Punta Cana 2012 Today

2 Glenn Sumners, DBA, CIA, CFE is on the faculty of Louisiana State University where he is the director of the Louisiana State University Center for Internal Auditing (LSUCIA). He was named Educator of the Year in 1987 by the IIA and received the LCPA Lifetime Achievement in Accounting Education Award in In 2006, Professor Sumners received the Bradford Cadmus Memorial Award from the IIA. He is a member of the IIA Society Emeritus. In 2012, he was inducted into the IIA American Hall of Distinguished Audit Practitioners. Three LSUCIA students have placed first in the international manuscript competition. Eighteen students from the LSUCIA Program have won international award for the highest score on the CIA exam. In 2012, The CIA Award for the highest student score was named the Dr. Glenn E. Sumners Award. He provides quality assurance reviews, consulting, and training to internal audit groups and audit committees. He has made over 1200 presentations in the last 25 years. He has been invited to speak in 25 countries. Glenn E. Sumners Director Louisiana State University Center for Internal Auditing {Su foto} Presenter (presentador)

3 Governance (gobierno) Agenda (orden del día) Adding Value: The expanding role of Internal Auditing (valor agregado) The Value Proposition (la prpuesta de valor) Addressing Governance (relación con el gobierno corporat) Infrastructure (infraestructura) Integration (Integración) Assessing Risk (evaluación de riesgos) (Borderless organizations) (organizaciones sin fronteras) Internal (interno) External (externo) (Strategies) (Estrategias) Risk Threats (riesgos amenaza) Risk Opportunities (riesgos oportunidades)

4 Governance Agenda (gobierno orden del día) Adding Value: The expanding role of Internal Auditing (toward governance) Job enlargement Job satisfaction Job enrichment Addressing Governance (infrastructure and integration) Assessing Risk (broader perspective) (borderless organizations) Internal External (strategies) Enhancing Controls Control Activities Management Controls Plan (tactical and strategic) (planning committee) Organize (delegation of accountability) Staff (needed competencies outpacing competencies) (CFIA) (CBOK) (Surveys) Direct (policies and procedures) (control activities) Monitor (change management) (custodial managers) Environmental Controls COSO – Tone at the Top (infrastructure) (integration) (permeation) Control Environment

5 Agenda (orden del día) Enhancing Controls (mejorar los controles) Control Activities (actividades de control) (time allocation) Management Controls (controles de gestión) Plan (Tactical and Strategic) (Comité de Planificación)) Organize (Delegation of Accountability) (organizar) Staff (I K W – RP) (BS and CS) (personal) Needed competencies outpacing competencies CFIA CBOK (Business Knowledge) Surveys (Encuestas) (Critical Thinking – Hours – Business) Direct (Policies and Procedures) (directo) Monitor (Oversight, Analytics, Change Management) (custodial managers) Control Environment (Entorno de control interno)) All components of COSO reside in the Control Environment) Virgin territory COSO – Tone at the Top (infrastructure) (integration) (permeation) (infraestructura) (integración) (penetración)

6 Internal Auditing: Adding Value (Auditoria Internía: Agregando Valor) Integration GRC External Entity Process Unit Control Environment Management Controls Control Activities Evolution of the Profession (evolución de la profesión) Controls (Controles) Risk (Riesgos) Board Audit Committee Charter Internal Audit Charter Governance (Gobierno) (Mature) (Maduro) (Embryo) (Embrión) (Radar) Opportunities Threats Evaluation Check the box Reality Quality (calidad) Question: Can you be in 100% compliance and go out of business?

7 Issues (cuestiones): Accountability – Governance, Risks, and Controls (responsabilidad) King III Transparency (transparencia) Sustainability (sostenibilidad) Board (Junta) Selection Process (Proceso de Seleccíon) Audit Committee (comité de auditoría) CAE Risk Committee (comité de riesgos) CRO Global Strategic (CRMA) Compensation Committee (comité de compensación) Stock options Bonus plans Counter- productive Salaries Up, up, up, and away Governance (Gobierno Corporativo) Personal Opinion (Opinión personal):: The CEO and CFO should not be involved in selecting members of the Board, Audit Committee, Risk Committee, or Compensation Committee AAA COB CEO Obj. Sub. SOD

8 Reporting (Reportaje) Board (Junta) CEO Audit Committee (Comité de Auditoría) Functional (Funcional) Administrative (Administrativo) Internal Audit (Auditoria Interna) Resources Office Space Budget Training Travel Staffing Primary Report Audit Plan Overview of Administrative Executive Session (Reunión Ejecutiva) Charter Performance Evaluation Promotions Hiring – Rotation - Termination Proactive Review CAE Charter (Estatutos) The internal auditors should have an independent reporting line directly to the Audit Committee. SAS #99 Three principle factors contribute to independence and objectivity: the organizational positioning of the function, the corporate stature of the chief internal auditor, and the reporting of the chief internal auditor to the audit committee. For day-to-day operational purposes, the chief internal auditor should report administratively to a senior officer who is not directly responsible for preparing the companys financial statements. The commission encourages an administrative reporting relationship in which the chief internal auditor reports directly to the CEO. NCFFR (1987) Best Business Crimes Mr. Kozlowski had the companys (Tyco) internal auditors report to the board through himself, and ensured they would not audit a Tyco unit through which the fraudulent loans and other payments were made.

9 Risk Management Process (Proceso de Administractión de Riesgos) The Risk Complexity Multiplier (El multiplicador de la complejidad de riesgo) 10 x 100 x 1000 Limitations (limitaciones): Limited Oversight Limited Knowledge Limited Experience Limited Accountability Technology Interconnectivity Factors (factores): Chaos Theory Prediction Butterfly Effect Tipping Point Organizations (5/9) Ethics Long-term Planning Integration Status (Estado): Check the box Reality (Realidad) Audit Committee (comité de auditoría) of Board of Directors (oversight) CEO (Responsibility) CRO (Execution) Risk Management (gestión de riesgos) Auditor in Charge (AIC) Micro (Engagement Planning) CAE Macro (Resource Allocation) Oversight Comprehensive Report Audit Priority Feedback Input (Integration and Linkage) (Integración y conexion) Fraud Risk Analytics What does CRMA really mean? (Certified Risk Management Assurance)

10 ERM Implementation (Endless Activity) ( Adapt to Change) Risk Environment Oversight Accountability Ownership Monitor-Adjust Need Globalization Technology Information Market Volatility Interconnectivity Staffing Rate of Change Context Identify Priority Risks Strategic Operational Financial Compliance Risk Management Status Gap Analysis Desired ERM Business Plan Integration Dynamic Process Size Industry Strategy Competition Cycle Challenge Change Continuous Integration Process Governance Challenges: Control Environment Internal Environment Goals and Objectives Tone at the Top Governance Integration

11 What are the five primary reasons controls fail? (Cuales son las 5 razones principales por las cuales los controles fallen?) 1. ________________________________ 2. ________________________________ 3. ________________________________ 4. ________________________________ 5. ________________________________ V O l l = Question (Pregunta) Increase Sugar10Times Milk9 Eggs12 Bacon16 Stamps15 Fraud?Why Why? (Porqúe?) Technically, Ken is innocent.

12 What are the five primary reasons controls fail? 1. Lack of integrity 2. Weak control environment 3. Inconsistent objectives 4. Poor communication (Up, Down, and Across) 5. Inability to understand and react to changing conditions Internal Control – Integrated Framework Internal Control – Failures (Control Interno – Fracasos) Question: How many of these relate to Governance?

13 Unit B Activity 2 Monitoring Info. & Communication Control Activities Control Environment (Entorno de Control) Unit A Activity 1 Compliance Financial Reporting Operations Challenge (desafío): Evolving from Control Activities to the Control Environment COSO Control (Addressing Governance) Aggregate (agregado) Entity (entidad) Process (proceso) Unit (unidad) Risk Assessment Management should periodically check the batteries in their moral compass. GES

14 Mandatory Audits - Entity Employee Survey ERM Conflict of Interest Complaint Process Executive Expense Report Analytical Audit Ethics Audit Governance Audit Plan to Address Governance Accruals Change Reserves (Step #1) Transformation Transactions Top-side Closing Revenue Recognition Compensation Review Audit Committee – Best Practices Charter Checklist GAP Analysis Documentation Question: How much time does it take to do an entity level audit? Approach Unit Entity

15 ERM – Conceptual Framework Division Business Unit Subsidiary Entity Objective Setting Event Identification Risk Assessment Risk Response Control Activities Info. & Communication Internal Environment (Ambiente de Control) Monitoring Strategic (Estratégios) Operations Reporting Compliance Control Components (Componentes del control) Objectives (Objetivos) Focus: Internal Environment Strategies Integration COSO Risk (Riesgo) TIPS

16 COSO Risk Objectives Strategic Operations Compliance Financial COSO Components Control Environment Monitoring Information & Communication Risk Control Activities A AAA Question: What is the solution? Corporate Governance, Risk and Controls (Gobierno Corporativo, Riesgos y Controles) Risks (Riesgos) R R R Controls (controles) C C C Organization Override (anular) OR Objective Subjective Job Specificity Beneficial Detrimental Monitoring (monitoreo) M M M Audit plans from top down that parallel the business plan. Audit Focus Pressure (presión) P P P Opportunity (oportunidad) O O o Rationalization (racionalización) R R R

17 Timely Transparent Reporting Reasonable Assurance External: Uncontrollable Strategies Operations Internal: Controllable Reporting Compliance Enterprise Risk Management Integrated Framework (gestión del riesgo institucional del marco integrado) (Strategies) (Estrategias) Linkage: Objectives Risk Strategies Internal Auditing (Auditoría Interna)

18 Other Governance Challenges for Board, Audit Committee, and CAE Technology (Tecnología) Continuous Monitoring Globalization (Globalización) Risk Interconnectivity Staffing (Dotación de Personal) Business Knowledge Technology Risk Governance Control Environment CFIA CBOX Surveys Critical Thinking Hours of Preparation Who Studies Fraud (Fraude) Detection to Prevention Detrimental to Beneficial Analytics (Análisis) Integration Monitoring Process Audit Process Embody Governance

19 Preguntas y Respuestas Questions & Answers

20 Información de contacto Glenn E. Sumners, DBA, CIA, CFE Walden Road Baton Rouge, LA USA

21 Conclusiones The primary challenge of the internal audit profession will be fulfilling the prime directive to add value through enhancing governance, risks, and controls. These challenges will lead to the job enlargement and job enrichment of the profession.

Download ppt "Impact of Corporate Governance on the Internal Audit Profession Glenn E. Sumners, DBA, CIA, CFE Upward Hacia arriba Onward Adelante (1941) Internal auditing."

Similar presentations

Ads by Google