Presentation on theme: "Els Hostyn Partner Internal Audit, Risk & Compliance Services Forensic 13 October 2009 FORENSIC ADVISORY Internal Audit and other assurance providers."— Presentation transcript:
Els Hostyn Partner Internal Audit, Risk & Compliance Services Forensic 13 October 2009 FORENSIC ADVISORY Internal Audit and other assurance providers
2 MANAGE RISKS: Sound risk governance based on the three lines of defense model, puts Risk as part of the daily conversation and views Risk from an enterprise-wide perspective. The CRO not only needs to have a seat at the table but is to be an active participant in all key business decisions. REVISE STRATEGY: If you are able to make the right strategic changes to your business now, you can significantly increase your competitive advantage in the future. Reviewing strategic choices depend on the state the company is in today (stressed – distressed – at risk - robust companies). SECURE FINANCING: Credit will remain scarce for some time and banks will be more selective in providing it. Debt renegotiation and corporate financial restructuring will be at the heart of challenging discussions with the lenders, with sound cost management practice as a prerequisite. Challenges for succeeding in turbulent times 5 themes stand out: CASH IS KING: Unlike sales, costs and margins, working capital management is generally given little or no attention. And yet it is a key indicator for companies, not only of their financial management but also of their operational management of the purchasing cycle, sales cycle, as well as of inventory. SAVE COSTS: Key challenge is to move to a low cost operating model that preserves flexibility and capacity to respond to future change, while embedding rigorous cost management and culture throughout the organization.
3 Increase added value
4 Challenges & responses for Internal Audit Continuous & Cost- efficient Auditing Integrated assurance Increased added value Strive for integrated assurance
5 New practice advisory 2050 Coordination The chief audit executive should share information and coordinate activities with other internal and external providers of assurance and consulting services to ensure proper coverage and minimize duplication of efforts.
6 Classes of assurance providers Those who report to management and/or are part of management Those who report to the board, including internal audit. Those who report to external stakeholders
7 Different risk and control functions Internal audit External audit Compliance Fraud Quality, Health & Safety Risk management Security Line management Budgeting and controlling Sustainability …
8 Roles & Responsibility Executive Management and Group Board 1 ST 2 ND 3 RD The three lines of defence provide increased comfort Business operations: Establish the risk and control environment Oversight Functions: Corporate Risk Management, Finance, Treasury, etc Strategic management, policy setting, functional oversight Internal Audit : Independent challenge and assurance Risk Where are you ?
9 Internal Audit and External Audit Focus Management Audit Committee Standards Approach Independence Results Risk and Control Follow up
10 Internal Audit and Risk Management
11 Internal audit and fraud 1200 – Proficiency and Due Professional Care 1210-A2 – Internal auditors must have sufficient knowledge to evaluate the risk of fraud and the manner in which it is managed by the organization, but are not expected to have the expertise of a person whose primary responsibility is detecting and investigating fraud – Due Professional Care A1 – Internal auditors must exercise due professional care by considering the: Extent of work needed to achieve the engagements objectives; Related complexity, materiality, or significance of matters to which assurance procedures are applied; Adequacy and effectiveness of governance, risk management, and control processes; Probability of significant errors, fraud, or noncompliance; and Cost of assurance in relation to potential benefits – Reporting to Senior Management and the Board The chief audit executive (CAE) must report periodically to senior management and the board on the internal audit activitys purpose, authority, responsibility, and performance relative to its plan. Reporting must also include significant risk exposures and control issues, including fraud risks, governance issues, and other matters needed or requested by senior management and the board.
12 Internal audit and fraud 2120 – Risk Management A2 – The internal audit activity must evaluate the potential for the occurrence of fraud and how the organization manages fraud risk – Engagement Objectives A2 – Internal auditors must consider the probability of significant errors, fraud, noncompliance, and other exposures when developing the engagement objectives.
13 Internal audit and Quality audit Organizational People Scope/objectives Fieldwork Regulations
14 Single audit SINGLE AUDIT ?
15 The integrated assurance map Role of the internal auditor ? Internal Audit to express an integrated opinion on internal control ? Are we ready for the challenge ? IIA Practice Guide on Formulating and Expressing Internal Audit Opinions