Presentation is loading. Please wait.

Presentation is loading. Please wait.

Supervisory Committee Communications with Management and the Board

Similar presentations

Presentation on theme: "Supervisory Committee Communications with Management and the Board"— Presentation transcript:

1 Supervisory Committee Communications with Management and the Board
Association of Credit Union Internal Auditors June 21, 2012 Vicki A. McIntyre, CIA, CPA Vice President, FirstPlus Resolutions, Inc.

2 Agenda Champion the Audit Activity The Risk-Based Audit Plan
Impact of Resource Limitations Supervisory Committee Evaluation of Internal Audit Supervisory Committee considerations Top 10 Worst Things You Can Do Questions?

3 Champion the Audit Activity
Know the purpose, authority and responsibility of your audit activity. Understand key concepts of governance, risk and control. Empower and challenge internal audit to add value.

4 Definition of Internal Audit
“An independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.”

5 IA’s Purpose, Authority & Responsibility
The Audit Activity Charter Code of Ethics Independence & reporting lines Access Nature of Assurance & Consulting Services

6 What is Governance ? Governance is the combination of processes and structures implemented by the board to inform, direct, manage, and monitor the activities of the organization toward the achievement of its objectives. It is the culture, values, mission, structure and layers of processes, policies and measures by which organizations are directed and controlled.

7 IA’s Role in Governance
IA must assess and make appropriate recommendations for improving the governance process in its accomplishment of the following objectives: Promoting appropriate ethics and values within the organization Ensuring effective organizational performance management and accountability Communicating risk and control information to appropriate areas of the organization Coordinating the activities of and communicating information among the board, external and internal auditors, and management

8 What is Risk? The possibility of an event occurring that will have an impact on the achievement of objectives. Risk is measured in terms of impact and likelihood. Risks to the Internal Audit Activity: Audit failure False assurance Reputation risks

9 What is Control? Any action taken by management, the board, and other parties to manage risk and increase the likelihood that established objectives and goals will be achieved. Management plans, organizes and directs the performance of sufficient actions to provide reasonable assurance that objectives and goals will be achieved.

10 Hard vs. Soft Controls Policies/Procedures Competence
Organizational Structure Bureaucracy Restrictive Formal Processes Competence Trust Shared Values Strong Leadership High Expectations Openness High Ethical Standards

11 Empower & Challenge IA to Add Value
Become more relevant to broader business objectives Enhance ability to identify emerging risks Improve risk assessment processes Reduce audit fatigue on the business

12 The Risk-Based Audit Plan
Consider risk appetite levels Consider organizational risk management framework Consult with senior management and the Board IA exercises judgment of risks

13 The Risk-Based Audit Plan
Ask the critical questions: What keeps you up at night? Is IA providing assurance in those areas? Does IA cover the right things at the right time? Can IA identify emerging risks; is the audit plan flexible enough to provide coverage? Is IA perceived as a valued business partner?

14 Are Audit Resources Aligned with Risk?
Root causes of organizations loosing a large percentage of shareholder value in a short period of time: 60% - Business or strategic risks 20% - Operational risks 15% - Financial risks 5% - Compliance risks

15 Impact of Resource Limitations
Must communicate to senior management and the Board Advocate for IA Be sure resources are effectively deployed

16 Impact of Resource Limitations
Beware of SALY and JELLY (Same as last year & just exactly like last year) Beware of pet projects Beware of isolated concerns of constituents Consider management’s responsibility for monitoring and self-assessment

17 Evaluation of Internal Audit
Does the Board have confidence in IA’s assurance activities? Does the Board believe it is sufficiently and timely informed of IA’s significant findings? Does the Board believe IA has the skills and foresight to build emerging risks into the audit plan? Does the Board believe the audit plan is sufficiently broad in scope and executed in a timely manner? Does management believe audit reports are actionable? Does management perceive IA as a valued business partner? Does management believe it gets superior value for its investment in IA? Is the Board and management confident of IA’s independence, objective and fair-minded approach and that IA is empowered and sufficiently staffed and resourced?

18 Evaluation of Internal Audit
How well does the IA director respond to probing by the Supervisory Committee? How knowledgeable is the IA director in the company’s accounting and financial reporting policies? How well does the senior management respect the IA director, and how healthy is the tension between them? How well do the external auditors respect the IA director? Does the IA director provide adequate assurance in areas requested by the audit committee? Is the IA director respected within the auditing profession? Examples would be as a frequent speaker, writing articles, participating in industry organizations, etc.

19 Supervisory Committee Considerations
Promote effective Sup Committee functioning; staff with sufficient expertise Promote an open, transparent relationship with IA and other organizational control functions Consider term limits for committee members Perform an annual self-assessment Request candid feedback from the Board and IA

20 The Top 10 Worst Things You Can Do……
Not being a proactive communicator Fail to remain up-to-date on your CU’s business, the CU industry and IA successful practices Not being aware of your CU’s risk management activities Not having an audit plan that adds value Fail to support IA independence

21 The Top 10 Worst Things You Can Do……
Ineffective evaluation of the Chief Audit Executive; not making a needed change Fail to perform regular self-assessments Failure to honor high ethical standards; integrity, objectivity, confidentiality and competency Fail to deliver bad news to the Board timely Paralysis – do nothing - not knowing what to do when there are serious problems

22 Questions? 22

23 Vicki A. McIntyre, CIA, CPA
FirstPlus Resolutions, Inc. Tustin, CA

24 Bibliography “Top 10 Worst Things…” adapted from Managing Director of the IA Division of the MIS Training Institute, Joel Kramer’s presentation titled “Best Practices in Educating the Audit Committee.” “Are Audit Resources Aligned…” adapted from IIA CEO Richard Chambers’ presentation on the state of the IA profession, IIA So Cal District Conference, Anaheim, CA, 6/4/2012. “Evaluation of Internal Audit…” adapted from Alan Siegfried’s (former Chair IIA North American Board) presentation on Audit Committee Expectations of IA-Best Practices

Download ppt "Supervisory Committee Communications with Management and the Board"

Similar presentations

Ads by Google