Presentation is loading. Please wait.

Presentation is loading. Please wait.

PwC Role of Internal Audit in Corporate Governance September 2010 Tumin Gültekin, Partner.

Similar presentations


Presentation on theme: "PwC Role of Internal Audit in Corporate Governance September 2010 Tumin Gültekin, Partner."— Presentation transcript:

1 PwC Role of Internal Audit in Corporate Governance September 2010 Tumin Gültekin, Partner

2 PricewaterhouseCoopers 2 Internal Audit transformation Contents SectionPage 1. Determining the role of internal audit3 2. Transforming the role regarding corporate governance11 3. Questions24

3 PricewaterhouseCoopers 3 Internal Audit transformation Determining the role of internal audit

4 PricewaterhouseCoopers Overall structure

5 PricewaterhouseCoopers 5 Determining the role of internal audit As companies move toward enterprise risk management, Internal Audit must also evolve – or risk a diminished value proposition 20 th Century Internal Audit Model Controls assurance based on cyclical or routine audit plans The Common Internal Audit Model Controls assurance based on a risk-based internal audit plan The Risk-Centric Internal Audit Model Risk and control assurance based on the effectiveness of risk and control processes implemented by management Source: Internal Audit 2012 If the view (among stakeholders) grows that all Internal Audit does is test controls, then resource levels will have to come down. Chief Audit Executive, Financial Services Industry Traditional internal auditing will probably diminish in value if the organization moves towards formal risk management. Senior Executive, Rating Agency

6 PricewaterhouseCoopers 6 Determining the role of internal audit Aligning Internal Audit activity to corporate risks; strategic objectives; driving stakeholder value Source: PwC, composite of various studies of US and UK markets 60%20%15% 5% Strategic & business Strategic, operational and business risks underlie 80% of the rapid declines in shareholder value. Gaps exist between the current focus of many Internal Audit functions and the significant risks their organisations face. Over the past five years, internal auditors have been concentrating on basic financial reporting and compliance risks. OperationalFinancialCompliance

7 PricewaterhouseCoopers 7 Determining the role of internal audit Internal Audit functions need to have a clear view of where they want to be positioned “Controls-focussed” “Strategic/Operational focus”

8 PricewaterhouseCoopers 8 Some of the typical gaps in the role of internal audit Gaps common to many internal audit functions 1Risk assessment typically not aligned with drivers of shareholder value 2Internal audit activities focus on low value activities and controls or replicates external audit procedures 3Financial and human resource limitations and constraints 4Use of technology tools is limited and they are not integrated 5Audits are planned with overly broad objectives and scope 6Routine audits do not fully leverage available data analytical tools 7Assignment process and travel requirements create significant process inefficiencies 8Communications (reports, etc) and ratings consume significant resources 9Recommendations are not impactful 10Process is weighted toward repetition vs. relevance Gaps in coverage and inefficient processes are also driving a need for change Determining the role of internal audit

9 PricewaterhouseCoopers 9 Internal Audit transformation Transforming the role regarding corporate governance

10 PricewaterhouseCoopers 10 How internal audit can add value StrategyOrganization Technology People Process Organization Board expectations Dynamic mission vs. static / limited purpose Organisational alignment Flexibility People Stature across enterprise Achieve mission/objectives Attract and retain talent Source of talent Successful progression to management roles in the organisation Potential leaders of departments or business units Strategy Implementation Enterprise strategy Stakeholders’ expectations Shareholders value drivers Risk management alignment Technology Effective utilisation Enhance risk-based approach Leveraged to change process Substitute for labor Process Process efficiency Willingness to change Effective communication Transforming the role regarding corporate governance

11 PricewaterhouseCoopers 11 How internal audit can add value – Solvency II related StrategyOrganization Technology People Process ORSA System of governance Internal control system Risk management system Solvency II project Policy and procedures, documentation Responsibilities Proper resource and expertise Assessment and improvement of... Risk management strategy Stakeholders’ expectations Policies Investment Reinsurance Risk etc Data requirements IT systems and architecture Data quality and consistency Model Technical provisions Systems security and controls Transforming the role regarding corporate governance Reporting Management Internal External

12 PricewaterhouseCoopers 12 An approach to transforming internal audit Strategic Objectives Understand what the strategic objectives of the organisation are Stakeholder Value Understand what drives/devalues stakeholder value within the organisation Strategic Risks Understand what the strategic risks of the organisation are Strategy & RiskPeople Process Technology Capabilities Assessment Inventory of existing skills Conduct gap analysis Determine adequacy of resources to respond to all key risks Talent Management Use of internal and external resources Consider implementing a rotational staffing model to attract and retain talent Audit Cycle Improvements Align Internal Audit with organisation’s strategic objectives Reduce audit cycle time by conducting more targeted audits Increase value derived from focus on higher-risk areas Improve communication to stakeholders through concise, impactful reports Optimisation of Technology Reduce the labor content of audits by increasing the effectiveness of lower-risk audits Provide real time monitoring of significant risks Explore areas where technology can streamline or standardise a process Test entire data populations electronically Transforming the role regarding corporate governance

13 PricewaterhouseCoopers 13 Value enhancement and efficiency This approach is focused on aligning the IA strategy with the value-producing processes and activities of the organisation, while streamlining the IA operations to drive efficiency Process Technology Operating Strategy Internal Audit Strategy Organisation People Process Technology Value Enhancement Focus Improving Inefficiencies & Managing Costs Company Strategy / Shareholder Value Drivers/ Strategic Risks Transforming the role regarding corporate governance

14 PricewaterhouseCoopers 14 Transformed vs. traditional risk assessment approach Audit plan Identify Stakeholder Value Creating Activities Understanding Enterprise Risks (Strategic, Financial, Operations, Compliance) Evaluate Impact to Shareholder Value Define Audit Universe (eg geography, business unit) Identify Risks (financial operations, compliance) Evaluate Impact of Risks within Audit Universe Traditional Approach Traditional “bottom-up” approach based on stakeholder interviews and analysis. Focus is on coverage of identified risk areas, geography and business operations. Stakeholder Value Based Approach “Top-down” approach where coverage is driven by issues that directly impact shareholder value, with clear and explicit linkage to strategic issues of the organisation. Transforming the role regarding corporate governance

15 PricewaterhouseCoopers 15 Some strategies for strengthening the role of internal audit in corporate governance Strategies 1 Identify stakeholder expectations of internal audit; ask what management, the board, and the audit committee value 2Assess overall governance structure, policies, corporate culture and ethics 3Assess risk management structure and activities 4Link the company’s strategic objectives and shareholder value drivers to internal audit’s scope 5Consider how previously unaudited areas might be audited, then align auditable risks to the audit plan 6Eliminate routine, low-value audits 7Assess financial governance and reporting processes; and fraud control and communications process 8Identify inefficient processes, develop implementation plans for process efficiencies 9Review updated internal audit plan, along with cost-reduction ideas, with key stakeholders to gain support 10Implement (add measurement, feedback and adjustment processes for continuous improvement) What would be the greatest strategic value internal audit could and should contribute? How could do the companies manage the risks to shareholder value? Transforming the role regarding corporate governance

16 PricewaterhouseCoopers 16 Internal Audit transformation Questions

17 PricewaterhouseCoopers 17 Internal Audit transformation PwC – enhancing the value delivered by internal audit © 2009 PricewaterhouseCoopers. All rights reserved. “PricewaterhouseCoopers” refers to the network of member firms of PricewaterhouseCoopers International Limited, each of which is a separate and independent legal entity. *connectedthinking is a trademark of PricewaterhouseCoopers LLP (US).


Download ppt "PwC Role of Internal Audit in Corporate Governance September 2010 Tumin Gültekin, Partner."

Similar presentations


Ads by Google