Presentation is loading. Please wait.

Presentation is loading. Please wait.

Presenter Claire Gomez Miller CIA CRMA FCCA Chief Audit Executive

Similar presentations


Presentation on theme: "Presenter Claire Gomez Miller CIA CRMA FCCA Chief Audit Executive"— Presentation transcript:

1 EFFECTIVE INTERNAL AUDITING & INTERNAL CONTROLS FOR GOOD CORPORATE GOVERNANCE
Presenter Claire Gomez Miller CIA CRMA FCCA Chief Audit Executive The National Gas Company of Trinidad & Tobago Limited Effective Internal Auditing and Internal Controls for Good Corporate Governance Presenter- Mrs. Claire Gomez Miller-Chief Audit Executive, The National Gas Company Trinidad & Tobago

2 AGENDA – EFFECTIVE INTERNAL AUDITING AND INTERNAL CONTROLS FOR GOOD CORPORATE GOVERNANCE
Overview & Global Definitions of Corporate Governance Internal Auditing – 100% Focus on Controls, Risk & Governance Standards for Effective Internal Auditing & Controls - Institute of Internal Auditors & COSO Responsibilities of Board of Directors, Board Audit Committee, Management & Internal Auditors for Effective Control of Risks Examples of Governance Risks that must be controlled for Good Governance Effective Internal Auditing & Controls for Good Corporate Governance – Factors that make an Internal Audit Function Ineffective Internal Audit Independence Pillars of Good Corporate Governance - Working Together for Strong Governance July2013 CGM

3 Corporate Secretariat
SHARE HOLDER COMPANY LAW BOARD OF DIRECTORS BOARD AUDIT COMMITTEE INTERNAL AUDIT EXTERNAL AUDITORS Company Secretary & Corporate Secretariat FUNCTIONAL BOARD OPERATIONS COMMITTEE BOARD FINANCE COMMITTEE HUMAN RESOURCE BOARD COMMITTEE BOARD TENDERS COMMITTEE CORPORATE MANAGEMENT CEO/PRESIDENT & EMT RESPONSIBILITY OF COMPANY & BOARD Company is a Legal Entity that must, through its Directors: Safeguard Shareholder Investments/Company Assets Achieve its Purpose Generate a fair Rate of Return for its investors Deliver Service/Product Comply with Laws & Legal Requirements including Company Act that requires Duty of Care, and Shareholder Agreements. Be ‘harmless” (no harm to Employees, Public, Consumers, Environment) LEGAL DUTY OF DIRECTORS & OFFICERS Subject to the articles and any unanimous shareholder agreement, the directors of a company shall- (a) exercise the powers of the company directly or indirectly through the employees and agents of the company; and (b) direct the management of the business and affairs of the company. REGULATORS Duty to ensure Companies under their oversight are in Full Compliance with Regulatory Requirements Example: Integrity Commission Tax Auditors {Board of Inland Revenue} Insurance Inspectors Fire Inspectors Occupational Safety & Health Inspectors Environmental Inspectors DUTY OF CARE: Directors and Officers (1) Every director & officer shall in exercising his powers and discharging his duties- (a) act honestly and in good faith with a view to the best interests of the company; and (b) exercise the care, diligence and skill that a reasonably prudent person would exercise in comparable circumstances. (2) In determining what are the best interests of a company, a director shall have regard to the interests of the company’s employees in general as well as to the interests of its shareholders. (3) The duty imposed by subsection (2) on the directors of a company is owed by them to the company alone; and the duty is enforceable in the same way as any other fiduciary duty owed to a company by its directors. EXTERNAL AUDITORS Appointed by the Shareholder to provide them with an independent opinion on the Financial Statements and Disclosures as prepared by Management. Driven by the Companies Act, and supported by the legal requirement for Directors to state whether Auditors’ report on Annual Accounts was unqualified or qualified, and if it was qualified set out the report in full together with any further material needed to understand the qualification; whether the auditors’ report on the annual accounts contained a statement as to (i) the inadequacy of the accounting records or returns; (ii) the accounts not agreeing with the records or returns; or (iii) the failure to obtain necessary information or explanations. CONTRACTS: SHAREHOLDERS; EMPLOYEES; SUPPLIERS; CUSTOMERS; CREDITORS. T&T CITIZENS NATIONAL LAWS & REGULATIONS GLOBAL REGULATIONS July2013 CGM

4 GLOBAL DEFINITIONS OF CORPORATE GOVERNANCE
RISK MANAGEMENT & CONTTOLS 27 July 2009 GLOBAL DEFINITIONS OF CORPORATE GOVERNANCE Corporate or Organizational Governance Common elements present in most definitions of Corporate Governance describe it as “the policies, processes, and structures used by organizations to direct and control its activities, achieve its objectives, and protect the interests of its diverse stakeholder groups in a manner consistent with appropriate ethical standards.” The INSTITUTE OF INTERNAL AUDITORS defines Corporate Governance as “The combination of processes and structures implemented by the board to inform, direct, manage, and monitor the activities of the organization toward the achievement of its objectives.” What is Organizational Governance? There is no single, comprehensive, universally accepted definition of organizational governance. However, An often-used definition of organizational governance comes from the Paris-based forum of democratic markets, the Organisation for Economic Co-operation and Development (OECD): Corporate governance involves a set of relationships between a company's management, its board, its shareholders and other stakeholder. Corporate governance also provides the structure through which the objectives of the company are set, and the means of attaining those objectives and monitoring performance are determined.1 See Appendix B in Section 3 for other organizational governance definitions. July2013 CGM

5 GLOBAL DEFINITIONS OF CORPORATE GOVERNANCE
RISK MANAGEMENT & CONTTOLS 27 July 2009 GLOBAL DEFINITIONS OF CORPORATE GOVERNANCE BELGIUM: "Corporate governance" refers to the set of rules applicable to the management and control of a company. It is the duty of the board of directors to manage the company's affairs exclusively in the interests of the company and all its shareholders, within the framework of the laws, regulations, and conventions under which the company operates.” {Belgium Commission on Corporate Governance, Corporate Governance for Belgium Listed Companies, December 1998} Appendix B: Definitions of Organizational Governance Corporate governance is the system by which companies are directed and managed. It influences how the objectives of the company are set and achieved, how risk is monitored and assessed, and how performance is optimized. (Australia)1 "Corporate governance" refers to the set of rules applicable to the management and control of a company. It is the duty of the board of directors to manage the company's affairs exclusively in the interests of the company and all its shareholders, within the framework of the laws, regulations, and conventions under which the company operates. (Belgium)2 "Corporate governance" means the process and structures used to direct and manage the business and affairs of the corporation with the objective of enhancing shareholder value, which includes ensuring the financial viability of the business. The process and structure define the division of power and establish mechanisms for achieving accountability among shareholders, the board of directors and management. The direction and management of the business should take into account the impact on other stakeholders such as employees, customers, suppliers, and communities. (Canada)3 The nature of supervision by a present-day board of directors, having independent directors at the heart of its activities, is the undertaking of appropriate monitoring from the aspect of fulfilling the duties entrusted to them, while motivating the executive managers and employees with an appropriate compensation system in order to encourage independence. The balancing of this supervision (from the standpoint of the shareholders) with management (the administration of the company business) is called governance Governance, which is the primary role of the independent director, is to ensure the introduction and correct functioning of the internal audit and compensation systems Corporate governance is a scheme for ensuring that the executive managers, who have been placed in charge of the company, fulfill their duties. (Japan)4 Corporate governance is the system by which companies are directed and controlled. Boards of directors are responsible for the governance of their companies. The shareholders' role in governance is to appoint the directors and the auditors and to satisfy themselves that an appropriate governance structure is in place. The responsibilities of the board include setting the company's strategic aims, providing the leadership to put them into effect, supervising the management of the business, and reporting to the shareholders on their stewardship. The board's actions are subject to laws, regulations, and the shareholders in general meeting. (United Kingdom)5. 1 The Australian Stock Exchange Corporate Governance Council, Principles of Good Corporate Governance and Best Practice Recommendations, March 2003. 2 Belgium Commission on Corporate Governance, Corporate Governance for Belgium Listed Companies, December 1998. 3 Toronto Stock Exchange Committee on Corporate Governance, Dey Report, December 1994. 4 Japan Corporate Governance Committee, Corporate Governance Forum of Japan, Revised Corporate Governance Principles, revised October 2001. 5 Report of the Committee on the Financial Aspects of Corporate Governance (Cadbury committee), December 1992. July2013 CGM

6 GLOBAL DEFINITIONS OF CORPORATE GOVERNANCE
RISK MANAGEMENT & CONTTOLS 27 July 2009 GLOBAL DEFINITIONS OF CORPORATE GOVERNANCE AUSTRALIA: “Corporate governance is the system by which companies are directed and managed. It influences how the objectives of the company are set and achieved, how risk is monitored and assessed, and how performance is optimized.” {The Australian Stock Exchange Corporate Governance Council, Principles of Good Corporate Governance and Best Practice Recommendations, March 2003} Appendix B: Definitions of Organizational Governance Corporate governance is the system by which companies are directed and managed. It influences how the objectives of the company are set and achieved, how risk is monitored and assessed, and how performance is optimized. (Australia)1 "Corporate governance" refers to the set of rules applicable to the management and control of a company. It is the duty of the board of directors to manage the company's affairs exclusively in the interests of the company and all its shareholders, within the framework of the laws, regulations, and conventions under which the company operates. (Belgium)2 "Corporate governance" means the process and structures used to direct and manage the business and affairs of the corporation with the objective of enhancing shareholder value, which includes ensuring the financial viability of the business. The process and structure define the division of power and establish mechanisms for achieving accountability among shareholders, the board of directors and management. The direction and management of the business should take into account the impact on other stakeholders such as employees, customers, suppliers, and communities. (Canada)3 The nature of supervision by a present-day board of directors, having independent directors at the heart of its activities, is the undertaking of appropriate monitoring from the aspect of fulfilling the duties entrusted to them, while motivating the executive managers and employees with an appropriate compensation system in order to encourage independence. The balancing of this supervision (from the standpoint of the shareholders) with management (the administration of the company business) is called governance Governance, which is the primary role of the independent director, is to ensure the introduction and correct functioning of the internal audit and compensation systems Corporate governance is a scheme for ensuring that the executive managers, who have been placed in charge of the company, fulfill their duties. (Japan)4 Corporate governance is the system by which companies are directed and controlled. Boards of directors are responsible for the governance of their companies. The shareholders' role in governance is to appoint the directors and the auditors and to satisfy themselves that an appropriate governance structure is in place. The responsibilities of the board include setting the company's strategic aims, providing the leadership to put them into effect, supervising the management of the business, and reporting to the shareholders on their stewardship. The board's actions are subject to laws, regulations, and the shareholders in general meeting. (United Kingdom)5. 1 The Australian Stock Exchange Corporate Governance Council, Principles of Good Corporate Governance and Best Practice Recommendations, March 2003. 2 Belgium Commission on Corporate Governance, Corporate Governance for Belgium Listed Companies, December 1998. 3 Toronto Stock Exchange Committee on Corporate Governance, Dey Report, December 1994. 4 Japan Corporate Governance Committee, Corporate Governance Forum of Japan, Revised Corporate Governance Principles, revised October 2001. 5 Report of the Committee on the Financial Aspects of Corporate Governance (Cadbury committee), December 1992. July2013 CGM

7 GLOBAL DEFINITIONS OF CORPORATE GOVERNANCE
RISK MANAGEMENT & CONTTOLS 27 July 2009 GLOBAL DEFINITIONS OF CORPORATE GOVERNANCE CANADA: "Corporate governance" means the process and structures used to direct and manage the business and affairs of the corporation with the objective of enhancing shareholder value, which includes ensuring the financial viability of the business. The process and structure define the division of power and establish mechanisms for achieving accountability among shareholders, the board of directors and management. The direction and management of the business should take into account the impact on other stakeholders such as employees, customers, suppliers, and communities.” {Canada’s Toronto Stock Exchange Committee on Corporate Governance, Dey Report, December 1994} Appendix B: Definitions of Organizational Governance Corporate governance is the system by which companies are directed and managed. It influences how the objectives of the company are set and achieved, how risk is monitored and assessed, and how performance is optimized. (Australia)1 "Corporate governance" refers to the set of rules applicable to the management and control of a company. It is the duty of the board of directors to manage the company's affairs exclusively in the interests of the company and all its shareholders, within the framework of the laws, regulations, and conventions under which the company operates. (Belgium)2 "Corporate governance" means the process and structures used to direct and manage the business and affairs of the corporation with the objective of enhancing shareholder value, which includes ensuring the financial viability of the business. The process and structure define the division of power and establish mechanisms for achieving accountability among shareholders, the board of directors and management. The direction and management of the business should take into account the impact on other stakeholders such as employees, customers, suppliers, and communities. (Canada)3 The nature of supervision by a present-day board of directors, having independent directors at the heart of its activities, is the undertaking of appropriate monitoring from the aspect of fulfilling the duties entrusted to them, while motivating the executive managers and employees with an appropriate compensation system in order to encourage independence. The balancing of this supervision (from the standpoint of the shareholders) with management (the administration of the company business) is called governance Governance, which is the primary role of the independent director, is to ensure the introduction and correct functioning of the internal audit and compensation systems Corporate governance is a scheme for ensuring that the executive managers, who have been placed in charge of the company, fulfill their duties. (Japan)4 Corporate governance is the system by which companies are directed and controlled. Boards of directors are responsible for the governance of their companies. The shareholders' role in governance is to appoint the directors and the auditors and to satisfy themselves that an appropriate governance structure is in place. The responsibilities of the board include setting the company's strategic aims, providing the leadership to put them into effect, supervising the management of the business, and reporting to the shareholders on their stewardship. The board's actions are subject to laws, regulations, and the shareholders in general meeting. (United Kingdom)5. 1 The Australian Stock Exchange Corporate Governance Council, Principles of Good Corporate Governance and Best Practice Recommendations, March 2003. 2 Belgium Commission on Corporate Governance, Corporate Governance for Belgium Listed Companies, December 1998. 3 Toronto Stock Exchange Committee on Corporate Governance, Dey Report, December 1994. 4 Japan Corporate Governance Committee, Corporate Governance Forum of Japan, Revised Corporate Governance Principles, revised October 2001. 5 Report of the Committee on the Financial Aspects of Corporate Governance (Cadbury committee), December 1992. July2013 CGM

8 1.1e) GLOBAL DEFINITIONS OF CORPORATE GOVERNANCE
RISK MANAGEMENT & CONTTOLS 27 July 2009 1.1e) GLOBAL DEFINITIONS OF CORPORATE GOVERNANCE JAPAN: “The nature of supervision by a present-day board of directors, having independent directors at the heart of its activities, is the undertaking of appropriate monitoring from the aspect of fulfilling the duties entrusted to them, while motivating the executive managers and employees with an appropriate compensation system in order to encourage independence. The balancing of this supervision (from the standpoint of the shareholders) with management (the administration of the company business) is called governance. Governance, which is the primary role of the independent director, is to ensure the introduction and correct functioning of the internal audit and compensation systems. Corporate governance is a scheme for ensuring that the executive managers, who have been placed in charge of the company, fulfill their duties.” {Japan Corporate Governance Committee, Corporate Governance Forum of Japan, Revised Corporate Governance Principles, revised October 2001.} Appendix B: Definitions of Organizational Governance Corporate governance is the system by which companies are directed and managed. It influences how the objectives of the company are set and achieved, how risk is monitored and assessed, and how performance is optimized. (Australia)1 "Corporate governance" refers to the set of rules applicable to the management and control of a company. It is the duty of the board of directors to manage the company's affairs exclusively in the interests of the company and all its shareholders, within the framework of the laws, regulations, and conventions under which the company operates. (Belgium)2 "Corporate governance" means the process and structures used to direct and manage the business and affairs of the corporation with the objective of enhancing shareholder value, which includes ensuring the financial viability of the business. The process and structure define the division of power and establish mechanisms for achieving accountability among shareholders, the board of directors and management. The direction and management of the business should take into account the impact on other stakeholders such as employees, customers, suppliers, and communities. (Canada)3 The nature of supervision by a present-day board of directors, having independent directors at the heart of its activities, is the undertaking of appropriate monitoring from the aspect of fulfilling the duties entrusted to them, while motivating the executive managers and employees with an appropriate compensation system in order to encourage independence. The balancing of this supervision (from the standpoint of the shareholders) with management (the administration of the company business) is called governance Governance, which is the primary role of the independent director, is to ensure the introduction and correct functioning of the internal audit and compensation systems Corporate governance is a scheme for ensuring that the executive managers, who have been placed in charge of the company, fulfill their duties. (Japan)4 Corporate governance is the system by which companies are directed and controlled. Boards of directors are responsible for the governance of their companies. The shareholders' role in governance is to appoint the directors and the auditors and to satisfy themselves that an appropriate governance structure is in place. The responsibilities of the board include setting the company's strategic aims, providing the leadership to put them into effect, supervising the management of the business, and reporting to the shareholders on their stewardship. The board's actions are subject to laws, regulations, and the shareholders in general meeting. (United Kingdom)5. 1 The Australian Stock Exchange Corporate Governance Council, Principles of Good Corporate Governance and Best Practice Recommendations, March 2003. 2 Belgium Commission on Corporate Governance, Corporate Governance for Belgium Listed Companies, December 1998. 3 Toronto Stock Exchange Committee on Corporate Governance, Dey Report, December 1994. 4 Japan Corporate Governance Committee, Corporate Governance Forum of Japan, Revised Corporate Governance Principles, revised October 2001. 5 Report of the Committee on the Financial Aspects of Corporate Governance (Cadbury committee), December 1992. July2013 CGM

9 GLOBAL DEFINITIONS OF CORPORATE GOVERNANCE
RISK MANAGEMENT & CONTTOLS 27 July 2009 GLOBAL DEFINITIONS OF CORPORATE GOVERNANCE UNITED KINGDOM: “Corporate governance is the system by which companies are directed and controlled. Boards of directors are responsible for the governance of their companies. The shareholders' role in governance is to appoint the directors and the auditors and to satisfy themselves that an appropriate governance structure is in place. The responsibilities of the board include setting the company's strategic aims, providing the leadership to put them into effect, supervising the management of the business, and reporting to the shareholders on their stewardship. The board's actions are subject to laws, regulations, and the shareholders in general meeting.” {United Kingdom - Report of the Committee on the Financial Aspects of Corporate Governance (Cadbury committee), December 1992.} Appendix B: Definitions of Organizational Governance Corporate governance is the system by which companies are directed and managed. It influences how the objectives of the company are set and achieved, how risk is monitored and assessed, and how performance is optimized. (Australia)1 "Corporate governance" refers to the set of rules applicable to the management and control of a company. It is the duty of the board of directors to manage the company's affairs exclusively in the interests of the company and all its shareholders, within the framework of the laws, regulations, and conventions under which the company operates. (Belgium)2 "Corporate governance" means the process and structures used to direct and manage the business and affairs of the corporation with the objective of enhancing shareholder value, which includes ensuring the financial viability of the business. The process and structure define the division of power and establish mechanisms for achieving accountability among shareholders, the board of directors and management. The direction and management of the business should take into account the impact on other stakeholders such as employees, customers, suppliers, and communities. (Canada)3 The nature of supervision by a present-day board of directors, having independent directors at the heart of its activities, is the undertaking of appropriate monitoring from the aspect of fulfilling the duties entrusted to them, while motivating the executive managers and employees with an appropriate compensation system in order to encourage independence. The balancing of this supervision (from the standpoint of the shareholders) with management (the administration of the company business) is called governance Governance, which is the primary role of the independent director, is to ensure the introduction and correct functioning of the internal audit and compensation systems Corporate governance is a scheme for ensuring that the executive managers, who have been placed in charge of the company, fulfill their duties. (Japan)4 Corporate governance is the system by which companies are directed and controlled. Boards of directors are responsible for the governance of their companies. The shareholders' role in governance is to appoint the directors and the auditors and to satisfy themselves that an appropriate governance structure is in place. The responsibilities of the board include setting the company's strategic aims, providing the leadership to put them into effect, supervising the management of the business, and reporting to the shareholders on their stewardship. The board's actions are subject to laws, regulations, and the shareholders in general meeting. (United Kingdom)5. 1 The Australian Stock Exchange Corporate Governance Council, Principles of Good Corporate Governance and Best Practice Recommendations, March 2003. 2 Belgium Commission on Corporate Governance, Corporate Governance for Belgium Listed Companies, December 1998. 3 Toronto Stock Exchange Committee on Corporate Governance, Dey Report, December 1994. 4 Japan Corporate Governance Committee, Corporate Governance Forum of Japan, Revised Corporate Governance Principles, revised October 2001. 5 Report of the Committee on the Financial Aspects of Corporate Governance (Cadbury committee), December 1992. July2013 CGM

10 Corporate Secretariat
SHARE HOLDER COMPANY LAW BOARD OF DIRECTORS BOARD AUDIT COMMITTEE INTERNAL AUDIT EXTERNAL AUDITORS Company Secretary & Corporate Secretariat FUNCTIONAL BOARD OPERATIONS COMMITTEE BOARD FINANCE COMMITTEE HUMAN RESOURCE BOARD COMMITTEE BOARD TENDERS COMMITTEE CORPORATE MANAGEMENT CEO/PRESIDENT & EMT CONTRACTS: SHAREHOLDERS; EMPLOYEES; SUPPLIERS; CUSTOMERS; CREDITORS. T&T CITIZENS NATIONAL LAWS & REGULATIONS GLOBAL REGULATIONS July2013 CGM

11 INTERNAL AUDITING: 100% FOCUS ON CONTROLS, RISK & GOVERNANCE
“Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.” July2013 CGM

12 International Standards for the Professional Practice of Internal Auditing
The Standards – Mandatory Element Under International Professional Practices Framework Mandatory Non mandatory Strongly recommended IPPF = THE IPPF includes mandatory and non-mandatory but strongly recommended guidance. The standards are required to be in conformance with the IPPF mandatory guidance. Strongly recommended guidance is not mandatory, but it provides the best practices or effective implementation of The IIA's Definition of Internal Auditing, Code of Ethics, and Standards. These can be found at the website: https://global.theiia.org/standards-guidance/Pages/Standards-and-Guidance-IPPF.aspx https://global.theiia.org/standards-guidance/Pages/Standards-and-Guidance-IPPF.aspx Institute of Internal Auditors INC July2013 CGM 01 FEBRUARY 2013 12

13 COSO INTERNAL CONTROL-INTEGRATED FRAMEWORK
COSO Internal Control-Integrated Framework guides the work of Internal Auditor when evaluating an organization’s internal control system. Originally formed in 1985, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) is a joint initiative of five private sector organizations and is dedicated to providing thought leadership through the development of frameworks and guidance on enterprise risk management (ERM) internal control and fraud deterrence. COSO’s sponsoring organizations are the American Accounting Association (AAA), the American Institute of Certified Public Accountants (AICPA), Financial Executives International (FEI), The Institute of Internal Auditors (IIA), and the Institute of Management Accountants (IMA). 2013 Internal Control-Integrated Framework Released COSO has issued the 2013 Internal Control–Integrated Framework (Framework). The Framework published in 1992 is recognized as the leading guidance for designing, implementing and conducting internal control and assessing its effectiveness. The 2013 Framework is expected to help organizations design and implement internal control in light of many changes in business and operating environments since the issuance of the original Framework, broaden the application of internal control in addressing operations and reporting objectives, and clarify the requirements for determining what constitutes effective internal control. COSO has also issued Illustrative Tools for Assessing Effectiveness of a System of Internal Control and the Internal Control over External Financial Reporting (ICEFR): A Compendium of Approaches and Examples. The Illustrative Tools are expected to assist users when assessing whether a system of internal control meets the requirements set forth in the updated Framework. The ICEFR Compendium is particularly relevant to those who prepare financial statements for external purposes based upon requirements set forth in the updated Framework. July2013 CGM

14 RISK MANAGEMENT & CONTTOLS
27 July 2009 INTERNAL CONTROL Control: Any action taken by management, the board, and other parties to manage risk and increase the likelihood that established objectives and goals will be achieved. Management plans, organizes, and directs the performance of sufficient actions to provide reasonable assurance that objectives and goals will be achieved. Control Processes: The policies, procedures, and activities that are part of a control framework, designed to ensure that risks are contained within the risk tolerances established by the risk management process. Control Environment: The attitude and actions of Board and Management regarding the significance of control within the organization. It provides the discipline and structure for the achievement of the primary objectives of the system of internal control, and includes elements of: Integrity and ethical values. Management’s philosophy and operating style. Organizational structure. Assignment of authority and responsibility. Human resource policies and practices. Competence of personnel. Control Any action taken by management, the board, and other parties to manage risk and increase the likelihood that established objectives and goals will be achieved. Management plans, organizes, and directs the performance of sufficient actions to provide reasonable assurance that objectives and goals will be achieved. Control Environment The attitude and actions of the board and management regarding the significance of control within the organization. The control environment provides the discipline and structure for the achievement of the primary objectives of the system of internal control. The control environment includes the following elements: Integrity and ethical values. Management’s philosophy and operating style. Organizational structure. Assignment of authority and responsibility. Human resource policies and practices. Competence of personnel. Control Processes The policies, procedures, and activities that are part of a control framework, designed to ensure that risks are contained within the risk tolerances established by the risk management process. July2013 CGM

15 BOARD OF DIRECTORS & THE EFFECTIVE CONTROL OF RISKS
Risk is defined as anything that prevents the achievement of objectives; therefore to achieve its Objectives, a Company must manage its Risks. BOD must Ensure Company has effective, ongoing process to Identify, Measure & Proactively Manage & Control Business Risks; Provide Risk Tolerance Levels that support effective Risk Taking by Management. Have on its Agenda a report on High Risk issues that pose potential liability to Company Directors Shareholders the Management & Control of those risks. July2013 CGM

16 EFFECTIVE CONTROLS IN THE MANAGEMENT OF RISKS
RISK MANAGEMENT & CONTTOLS 27 July 2009 EFFECTIVE CONTROLS IN THE MANAGEMENT OF RISKS RISK MANAGEMENT IS CONFORMANCE AND PERFORMANCE.  Risk Management seeks to balance the required conformance of corporate governance and healthy risks-taking for performance improvement.  Managers must avoid the downside of financial & reputational loss whilst managing the upside actions that increases financial performance. Managing the Upside of Risk: risk is inherent in business; nature and extent may differ between size and type of organisation company takes risks in order to pursue opportunities to earn returns for its owners; striking a balance between risk and return is key to maximizing shareholder wealth. Managing the Downside of Risk requires a combination of conformance and performance; Use of Conformance Frameworks Establishment of Controls July2013 CGM

17 RISK MANAGEMENT & CONTTOLS
27 July 2009 BOARD AUDIT COMMITTEE BOARD AUDIT COMMITTEE is responsible for: monitoring, overseeing, and evaluating the duties and responsibilities of management, the internal audit activity, and the external auditors as those duties and responsibilities relate to the organization’s processes for controlling its operations and managing its risks. determining that all major issues reported by the internal auditing department, the external auditor, and other outside advisors have been satisfactorily resolved. reporting to the full Board all-important matters pertaining to the organization’s controlling and risk management processes. The audit committee is responsible for monitoring, overseeing, and evaluating the duties and responsibilities of management, the internal audit activity, and the external auditors as those duties and responsibilities relate to the organization’s processes for controlling its operations. The audit committee is also responsible for determining that all major issues reported by the internal auditing department, the external auditor, and other outside advisors have been satisfactorily resolved. Finally, the audit committee is responsible for reporting to the full board all-important matters’ pertaining to the organization’s controlling processes. July2013 CGM

18 MANAGEMENT’S RESPONSIBILITY
RISK MANAGEMENT & CONTTOLS 27 July 2009 MANAGEMENT’S RESPONSIBILITY Controlling & risk management are functions of management and are integral parts of the overall process of managing operations. As such, it is the responsibility of managers at all levels of the organization to: Identify and evaluate the exposures to loss which relate to their particular sphere of operations. Specify and establish policies, plans, and operating standards, procedures, systems, and other disciplines to be used to minimize, mitigate, and/or limit the risks associated with the exposures identified. Establish practical controlling processes that require and encourage directors, officers, and employees to carry out their duties and responsibilities in a manner that achieves the five control objectives outlined in the preceding paragraph. Maintain the effectiveness of the controlling processes they have established and foster continuous improvement to these processes. Controlling is a function of management and is an integral part of the overall process of managing operations. As such, it is the responsibility of managers at all levels of the organization to: Identify and evaluate the exposures to loss which relate to their particular sphere of operations. Specify and establish policies, plans, and operating standards, procedures, systems, and other disciplines to be used to minimize, mitigate, and/or limit the risks associated with the exposures identified. Establish practical controlling processes that require and encourage directors, officers, and employees to carry out their duties and responsibilities in a manner that achieves the five control objectives outlined in the preceding paragraph. Maintain the effectiveness of the controlling processes they have established and foster continuous improvement to these processes. July2013 CGM

19 MANAGEMENT’S RESPONSIBILITY
RISK MANAGEMENT & CONTTOLS 27 July 2009 MANAGEMENT’S RESPONSIBILITY Management is charged with the responsibility for establishing a network of processes with the objective of controlling the operations of the Company in a manner which provides the board of director’s reasonable assurance that: Data and information published either internally or externally is accurate, reliable, and timely. The actions of directors, officers, and employees are in compliance with the organization’s policies, standards, plans and procedures, and all relevant laws and regulations. The organization’s resources (including its people, systems, data/information bases, and customer goodwill) are adequately protected. Resources are acquired economically and employed profitably; quality business processes and continuous improvement are emphasized. The organization’s plans, programs, goals, and objectives are achieved. Management is charged with the responsibility for establishing a network of processes with the objective of controlling the operations of “XYZ Organization” in a manner which provides the board of director’s reasonable assurance that: Data and information published either internally or externally is accurate, reliable, and timely. The actions of directors, officers, and employees are in compliance with the organization’s policies, standards, plans and procedures, and all relevant laws and regulations. The organization’s resources (including its people, systems, data/information bases, and customer goodwill) are adequately protected. Resources are acquired economically and employed profitably; quality business processes and continuous improvement are emphasized. The organization’s plans, programs, goals, and objectives are achieved. July2013 CGM

20 NTERNAL AUDITORS & EFFECTIVE CONTROLS
RISK MANAGEMENT & CONTTOLS NTERNAL AUDITORS & EFFECTIVE CONTROLS 27 July 2009 IIA STANDARD 2100 – Nature of Work: Internal Audit must evaluate and contribute to the improvement of Governance, Risk Management, and Control processes using a systematic and disciplined approach. IIA STANDARD 2110 – Governance: IA must assess and make appropriate recommendations for improving the governance process in its accomplishment of the following objectives: Promoting appropriate ethics and values within the organization; Ensuring effective organizational performance management and accountability; Communicating risk and control information to appropriate areas of the organization; and Coordinating the activities of and communicating information among the board, external and internal auditors, and management. 2100 – Nature of Work The internal audit activity must evaluate and contribute to the improvement of governance, risk management, and control processes using a systematic and disciplined approach. 2120 – Risk Management The internal audit activity must evaluate the effectiveness and contribute to the improvement of risk management processes. Interpretation: Determining whether risk management processes are effective is a judgment resulting from the internal auditor’s assessment that: Organizational objectives support and align with the organization’s mission; Significant risks are identified and assessed; Appropriate risk responses are selected that align risks with the organization’s risk appetite; and Relevant risk information is captured and communicated in a timely manner across the organization, enabling staff, management, and the board to carry out their responsibilities. Risk management processes are monitored through ongoing management activities, separate evaluations, or both. 2120.A1 – The internal audit activity must evaluate risk exposures relating to the organization’s governance, operations, and information systems regarding the: Reliability and integrity of financial and operational information. Effectiveness and efficiency of operations. Safeguarding of assets; and Compliance with laws, regulations, and contracts. 2120.A2 – The internal audit activity must evaluate the potential for the occurrence of fraud and how the organization manages fraud risk. 2120.C1 – During consulting engagements, internal auditors must address risk consistent with the engagement’s objectives and be alert to the existence of other significant risks. 2120.C2 – Internal auditors must incorporate knowledge of risks gained from consulting engagements into their evaluation of the organization’s risk management processes. 2120.C3 – When assisting management in establishing or improving risk management processes, internal auditors must refrain from assuming any management responsibility by actually managing risks. July2013 CGM

21 RISK MANAGEMENT & CONTTOLS
27 July 2009 INTERNAL AUDITORS IIA STANDARD 2110 – Governance 2) Must evaluate the design, implementation, and effectiveness of the organization’s ethics-related objectives, programs, and activities. 3) Must assess whether the information technology governance of the organization sustains and supports the organization’s strategies and objectives. 4) Consulting engagement objectives must be consistent with the overall values and goals of the organization. 2110 – Governance The internal audit activity must assess and make appropriate recommendations for improving the governance process in its accomplishment of the following objectives: Promoting appropriate ethics and values within the organization; Ensuring effective organizational performance management and accountability; Communicating risk and control information to appropriate areas of the organization; and Coordinating the activities of and communicating information among the board, external and internal auditors, and management. 2110.A1 – The internal audit activity must evaluate the design, implementation, and effectiveness of the organization’s ethics-related objectives, programs, and activities. 2110.A2 – The internal audit activity must assess whether the information technology governance of the organization sustains and supports the organization’s strategies and objectives. 2110.C1 – Consulting engagement objectives must be consistent with the overall values and goals of the organization. July2013 CGM

22 IIA STANDARD: 2130 – CONTROL
RISK MANAGEMENT & CONTTOLS 27 July 2009 IIA STANDARD: 2130 – CONTROL 1) Internal Audit must assist the organization in maintaining effective controls by evaluating their effectiveness and efficiency and by promoting continuous improvement. Must evaluate the adequacy and effectiveness of controls in responding to risks within the organization’s governance, operations, and information systems regarding the: Achievement of the organization’s strategic objectives Reliability and integrity of financial & operational information; Effectiveness and efficiency of operations; Safeguarding of assets; and Compliance with laws, regulations, and contracts. 2130 – Control The internal audit activity must assist the organization in maintaining effective controls by evaluating their effectiveness and efficiency and by promoting continuous improvement. 2130.A1 – The internal audit activity must evaluate the adequacy and effectiveness of controls in responding to risks within the organization’s governance, operations, and information systems regarding the: Reliability and integrity of financial and operational information; Effectiveness and efficiency of operations; Safeguarding of assets; and Compliance with laws, regulations, and contracts. 2130.A2 – Internal auditors should ascertain the extent to which operating and program goals and objectives have been established and conform to those of the organization. 2130.A3 – Internal auditors should review operations and programs to ascertain the extent to which results are consistent with established goals and objectives to determine whether operations and programs are being implemented or performed as intended. 2130.C1 – During consulting engagements, internal auditors must address controls consistent with the engagement’s objectives and be alert to significant control issues. 2130.C2 – Internal auditors must incorporate knowledge of controls gained from consulting engagements into evaluation of the organization’s control processes. July2013 CGM

23 bf…..IIA STANDARD: 2130 – CONTROL
RISK MANAGEMENT & CONTTOLS 27 July 2009 bf…..IIA STANDARD: 2130 – CONTROL 3) Should ascertain the extent to which operating and program goals and objectives have been established and conform to those of the organization. 4) Should review operations and programs to ascertain the extent to which results are consistent with established goals and objectives to determine whether operations and programs are being implemented or performed as intended. 2130 – Control The internal audit activity must assist the organization in maintaining effective controls by evaluating their effectiveness and efficiency and by promoting continuous improvement. 2130.A1 – The internal audit activity must evaluate the adequacy and effectiveness of controls in responding to risks within the organization’s governance, operations, and information systems regarding the: Reliability and integrity of financial and operational information; Effectiveness and efficiency of operations; Safeguarding of assets; and Compliance with laws, regulations, and contracts. 2130.A2 – Internal auditors should ascertain the extent to which operating and program goals and objectives have been established and conform to those of the organization. 2130.A3 – Internal auditors should review operations and programs to ascertain the extent to which results are consistent with established goals and objectives to determine whether operations and programs are being implemented or performed as intended. 2130.C1 – During consulting engagements, internal auditors must address controls consistent with the engagement’s objectives and be alert to significant control issues. 2130.C2 – Internal auditors must incorporate knowledge of controls gained from consulting engagements into evaluation of the organization’s control processes. July2013 CGM

24 IIA STANDARD 2010 - PLANNING
The chief audit executive must establish a risk-based plans to determine the priorities of the internal audit activity, consistent with the organization’s goals. Interpretation: The chief audit executive is responsible for developing a risk-based plan. The chief audit executive takes into account the organization’s risk management framework, including using risk appetite levels set by management for the different activities or parts of the organization. If a framework does not exist, the chief audit executive uses his/her own judgment of risks after consideration of input from senior management and the board. The chief audit executive must review and adjust the plan, as necessary, in response to changes in the organization’s business, risks, operations, programs, systems, and controls. KW Rationale: Organizations and their risks are changing more rapidly than ever. Planning audits only once per year creates potential audit risks. The audit plan needs to be updated timely to reflect changes in management direction, objectives, emphasis, and focus. This change will now require re-assessing the organization’s business and associated risks, and adjustment of annual audit plan during the year in response to changes in the organization’s business and operations. July2013 CGM 24 01 FEBRUARY 2013

25 Examples of Governance Risks that must be controlled for Good Governance
Directors Breach of Fiduciary Duties Lack of Director Proficiency & Care Misdirection of Organization Reckless Risk Taking Uncontrolled Organization Mis-procurement Corruption & Bribery Conflict of Interest Group Think Board Room Bullying Financial Reporting & Disclosures Corporate Fraud Financial Distress Poor Corporate Performance Loss of License to operate Business Interruption/ discontinuity Impaired Auditors - lack of Independence, Objectivity, Professionalism & Integrity Lack of Audit Proficiency & Care False Assurance Limitation of Audit Scope Non Implementation of Audit Recommendations Ineffective Corporate Social Responsibility Corporate Non-Compliance & Unethical Conduct Breach of Public Trust July2013 CGM

26 EFFECTIVE INTERNAL AUDITING & CONTROLS FOR GOOD CORPORATE GOVERNANCE
Comes from within the Board of Directors, Board Audit Committee , Executive Management and the Internal Audit Function. Factors that make an Internal Audit Function ineffective: Insufficient focus on Areas of High Risk & Strategic Priorities Lack of adequate resource & compensation Limitation of Scope Communication Barriers between Internal Audit and BAC, Board and Senior Management Lack of Proficiency and Care in conduct of duties – BAC or IA Non compliance with Professional/Regulatory Standards for the practice of Internal Auditing &Corporate Governance Conflict of Interest Lack of independence, objectivity, integrity - Board Audit Committee or Internal Audit. July2013 CGM

27 INTERNAL AUDIT INDEPENDENCE
IIA Standard Organizational Independence The chief audit executive must report to a level within the organization that allows the internal audit activity to fulfill its responsibilities. The chief audit executive must confirm to the board, at least annually, the organizational independence of the internal audit activity. Interpretation: Organizational independence is effectively achieved when the chief audit executive reports functionally to the board. July2013 CGM

28 INTERNAL AUDIT INDEPENDENCE
Examples of functional reporting to the board involve the board: Approving the internal audit charter; Approving the risk based internal audit plan; Approving the internal audit budget and resource plan; Receiving communications from the chief audit executive on the internal audit activity’s performance relative to its plan and other matters; Approving decisions regarding the appointment and removal of the chief audit executive; Approving the remuneration of the chief audit executive; and Making appropriate inquiries of management and the chief audit executive to determine whether there are inappropriate scope or resource limitations. July2013 CGM

29 All PILLARS OF GOVERNANCE
MUST BE OF SINGULAR MIND IN INTEGRITY, PROFICIENCY & PROFESSIONALISM FOR GOOD CORPORATE GOVERNANCE, EFFECTIVE INTERNAL AUDITING AND CONTROLS:- The Board of Directors, Board Audit Committee, Chief Executive Officer, Company Secretary, External Auditor & the Chief Audit Executive/Internal Audit. July2013 CGM

30 July2013 CGM


Download ppt "Presenter Claire Gomez Miller CIA CRMA FCCA Chief Audit Executive"

Similar presentations


Ads by Google