Managing Your Audit Function Webinar Series October 6th – 10:00 to 12:00 CST Presented by Del Rush ABA: Managing Your Audit Function Webinar: October 6, 2011 © Frost, PLLC

Topics Review of FDIC Rules for Auditors and Audit Committees – Part 363 What Impacts the Internal and External Audit Function? Audit Committee Oversight Responsibilities Management Responsibilities Evaluating External Auditors Evaluating the Internal Audit Function ABA: Managing Your Audit Function Webinar: October 6, 2011 © Frost, PLLC

Topics Indicators of Issues with the Audit Function Best Practices in Managing the Audit Function Risk Oversight – Who is responsible? Balancing Audit Cost with Benefits and Risk Performance Measurements for Internal Audit NACD – Ten principles of Effective Audit Committee Oversight ABA: Managing Your Audit Function Webinar: October 6, 2011 © Frost, PLLC

Session Objectives Inform the participants about key responsibilities, roles and evaluation criteria in order to manage the audit function Discuss issues, changes and trends impacting the oversight of the audit function ABA: Managing Your Audit Function Webinar: October 6, 2011 © Frost, PLLC

Key Challenges Current Economy – Need for profitability Regulatory and Compliance Changes to Financial Reporting – More complex Impact due to Larger Company Issues Anxiety at the Board Level – Legal ABA: Managing Your Audit Function Webinar: October 6, 2011 © Frost, PLLC

Part 363 Annual Reports and Other Required Reports Section 36 of the Federal Deposit Insurance Act (FDI Act) and Part 363 of the FDIC's regulations impose annual audit and reporting requirements on insured depository institutions with $500 million or more in total assets ABA: Managing Your Audit Function Webinar: October 6, 2011 © Frost, PLLC

The Impact of Asset Size on Compliance Requirements FDICIA has two main categories that are based on the asset size of the institution at the beginning of the institution’s fiscal year. The two main categories are:   >$500 million to $1billion in assets, referred to here as Tier II. >$1 billion in assets, referred to here as Tier I.   ABA: Managing Your Audit Function Webinar: October 6, 2011 © Frost, PLLC

Specifics of Part 363 Annual Reporting Requirements Independent Public Accountants Filing and Notice Requirements Audit Committees Scope ABA: Managing Your Audit Function Webinar: October 6, 2011 © Frost, PLLC

Specifics of Part 363 Management assessment Internal Control Framework Disclosure of Material Weaknesses Independence Standards for Auditors ABA: Managing Your Audit Function Webinar: October 6, 2011 © Frost, PLLC

Specifics of Part 363 Specifies the duties of the Audit Committee Required Communications Retention Requirements for Working Papers ABA: Managing Your Audit Function Webinar: October 6, 2011 © Frost, PLLC

Specifics of Part 363 Documentation and Guidance for AC Independence Compliance with Part 363 at the Holding Company Level Included Illustrative Reports ABA: Managing Your Audit Function Webinar: October 6, 2011 © Frost, PLLC

Tier II Institutions Audited comparative annual financial statements with the independent public accountant’s audit report. A management report containing management’s responsibilities.   ABA: Managing Your Audit Function Webinar: October 6, 2011 © Frost, PLLC

Tier I Institutions – Additional Requirements Management Assessment of ICFR at Year-end Disclosure of Material Weaknesses not Remediated Public Accountant Attestation on ICFR ABA: Managing Your Audit Function Webinar: October 6, 2011 © Frost, PLLC

Audit Committee Impacts of 363 Independent Outside Directors – depends on size Annual independence evaluation of AC members Compensation Auditor engagement ABA: Managing Your Audit Function Webinar: October 6, 2011 © Frost, PLLC

What Impacts the Internal and External Audit Function? ABA: Managing Your Audit Function Webinar: October 6, 2011 © Frost, PLLC

Corporate Governance - defined Governance can be defined as the processes for managing an organization’s affairs or for ensuring accountability. Governance can include various activities such as setting business strategies and objectives, determining risk appetite, establishing culture and values, developing internal policies, and monitoring performance. ABA: Managing Your Audit Function Webinar: October 6, 2011 © Frost, PLLC

Key Items Impacting Auditors Tone at the Top and with Executive Management Involvement of Owners Is the AC really Effective and Trained? Involved with Management? Business Changes – Internal and External How Management Addresses Issues - Skills ABA: Managing Your Audit Function Webinar: October 6, 2011 © Frost, PLLC

Factors Causing Change Today Indirect impact from PCAOB, SEC, AICPA Regulatory – FHA – Dodd-Frank Act Other – Risk Management and Testing GAAP – Impact of IFRS and Fair Value Economic Environment ABA: Managing Your Audit Function Webinar: October 6, 2011 © Frost, PLLC

Trends Impacting the Internal Audit Function Risk-Centric Mindset A Real-Time Dimension Shortage of Audit Talent Technological Advancement ABA: Managing Your Audit Function Webinar: October 6, 2011 © Frost, PLLC

Oversight Committees - Basics Know the People Understand the Business Exercise Skepticism Insist on Accountability for Management and the Board ABA: Managing Your Audit Function Webinar: October 6, 2011 © Frost, PLLC

Audit Committee Oversight Responsibilities Financial Reporting Overseeing the Annual Audit External Audit Internal Audit Risk Management & Internal Control Maintaining & Measuring Effectiveness Communicating & Reporting Regulatory, Compliance & Ethical Matters ABA: Managing Your Audit Function Webinar: October 6, 2011 © Frost, PLLC

Management Responsibilities Primary Corporate Governance Responsibilities Rest with Management Include Internal Control, Ethics, Risk Management, Compliance with Laws and Regulations Every Manager’s Responsibility ABA: Managing Your Audit Function Webinar: October 6, 2011 © Frost, PLLC

Evaluating External Auditors Industry Experience Support Network Independence Reasonableness of Audit Plan Ability to Toe the Line ABA: Managing Your Audit Function Webinar: October 6, 2011 © Frost, PLLC

Evaluating External Auditors Form and Frequency Lack of Surprises Partner and Manager Time Quality Control Procedures Using the Work of Others ABA: Managing Your Audit Function Webinar: October 6, 2011 © Frost, PLLC

Evaluating External Auditors Usefulness of Recommendations Team Chemistry ABA: Managing Your Audit Function Webinar: October 6, 2011 © Frost, PLLC

Evaluating the Internal Audit Function Routine oversight by the Audit Committee Appraising the quality of the IA staff Inquiries of the independent auditor Metrics ABA: Managing Your Audit Function Webinar: October 6, 2011 © Frost, PLLC

Evaluating the Internal Audit Function - Questions Proper funding/Cost Effective Responsive based on current environment Up-to-date Experts in the field Are expectations between CAE, Sr. Mgmt and the AC reconciled Viewed as objective and competent Complies with IIA standards ABA: Managing Your Audit Function Webinar: October 6, 2011 © Frost, PLLC

Indicators of Issues with the Audit Function Unexpected Adjustments Material Weakness or Significant Deficiency Delays in Meeting Financial Statement Deadlines Lack of Communication or Meetings Partner Involvement/Manager Involvement Out of period adjustments – Not just at year-end Everything is Great and There are No Issues or Problems ABA: Managing Your Audit Function Webinar: October 6, 2011 © Frost, PLLC

Indicators of Issues with the Audit Function Turnover – Internal or External Refiled Regulatory Reports Employee Fraud Inability to Meet Annual Audit Plan or Getting Pulled into Other projects ABA: Managing Your Audit Function Webinar: October 6, 2011 © Frost, PLLC

QAR - Common Problems Found in Internal Audit Departments Incomplete Risk Assessments Policies and Charters were Outdated Time Management and Productivity Professional Education   ABA: Managing Your Audit Function Webinar: October 6, 2011 © Frost, PLLC

Best Practices for Audit Committees Assess Management Be Informed Review AC Charter Hold at Least Quarterly Meetings Keep Minutes ABA: Managing Your Audit Function Webinar: October 6, 2011 © Frost, PLLC

Best Practices for Audit Committees Review AC Membership Meet with Outside Auditors and Counsel Stay Engaged Ask the Tough Questions Have Open Communication ABA: Managing Your Audit Function Webinar: October 6, 2011 © Frost, PLLC

Best Practices in Managing the Audit Function Define the Role of Internal Audit Routine and Regular Communication Identify a process when issues arise that will impact cost or execution Discuss Areas for Improvement at the end of the Audit Set Fees on an Engagement Basis Evaluate Both Internal and External Audit Functions ABA: Managing Your Audit Function Webinar: October 6, 2011 © Frost, PLLC

Risk Oversight – Who is Responsible? Greater Board Involvement ERM Process Impact to Management ABA: Managing Your Audit Function Webinar: October 6, 2011 © Frost, PLLC

Risk Oversight – Who is Responsible? Drivers of Risks Traditional Approach vs ERM Meant to be value adding ABA: Managing Your Audit Function Webinar: October 6, 2011 © Frost, PLLC

Risk Oversight – Who is Responsible? Role of Audit Committees Tone at the Top Explicit Responsibilities Considered by Debt Rating Agencies ABA: Managing Your Audit Function Webinar: October 6, 2011 © Frost, PLLC

Risk Oversight – Who is Responsible? Developing Audit Committee Processes Best Practices and Training Evaluation of Risk Information Received ABA: Managing Your Audit Function Webinar: October 6, 2011 © Frost, PLLC

Balancing Audit Cost with Benefits and Risk Compare your institution to peers and leading companies Consider the impact of non-compliance Evaluate the value received Don’t try to be an expert in everything Understand situations that cause problems Communicate, plan and then communicate again Understand that everyone has a job to do (Internal, External, Management and BOD) ABA: Managing Your Audit Function Webinar: October 6, 2011 © Frost, PLLC

Performance Measures for Internal Audit IIA Practice Advisory 1311-2 – recommends a balanced scorecard approach Three Broad Categories to Track Performance Stakeholder Expectations Audit Process Innovation ABA: Managing Your Audit Function Webinar: October 6, 2011 © Frost, PLLC

Reasons for Performance Measures Clarify the mission and vision of the organization Assist in translating its strategy into measurable objectives Allows the organization to measure progress Understand what improves results Improved accountability and decision making Alignment of operational activates and resources with strategic objectives Encouragement of dialogue A shared understanding of activities planned to deliver objectives Clear communication of expectations to all organizational levels ABA: Managing Your Audit Function Webinar: October 6, 2011 © Frost, PLLC

Identifying Performance Category Strategies & Measurements Stakeholder Expectations – Internal vs External Risk Assessment/Audit Planning Planning and Performing the Audit Engagement Communication and Reporting Innovation and Capability Training Use of Technology Industry Knowledge ABA: Managing Your Audit Function Webinar: October 6, 2011 © Frost, PLLC

Measurements - Stakeholder • At least 70% of the time is spent on direct audit hours • Over a three year cycle, at least 1,000 hours will be spent on: o Compliance audits o Consulting o Information technology audits o Performance measurement o Operational auditing o Risk Management o Value for money audits • Fraud Investigations are concluded within 60 days of employee being suspended • Client survey is conducted for every operational audit and results summarized for the Audit Committee. ABA: Managing Your Audit Function Webinar: October 6, 2011 © Frost, PLLC

Measurements - Processes • An in-depth risk assessment will be conducted every three years • Risk Assessment profile will be updated annually • Over a three-year cycle, some aspect of every department will be audited even if no activity is identified in risk assessment ranking • All audit assignments over 50 hours have an audit plan • Audit projects are within 10% of the approved budget or maximum of 50 hours over budget • Operational Audit Reports are issued within six weeks after exit interview • Final reports are issued two weeks after management responses received • Management implements over 75% of the recommendations within two years of audit report issuance • Management accepts over 90% of the recommendations in the audit reports. ABA: Managing Your Audit Function Webinar: October 6, 2011 © Frost, PLLC

Measurements - Innovation • All staff at Associate level and higher will have at least one auditing designation [CIA, CFE, CFI, CISA, etc] • At least 10% of the staff time is spent on professional development • All staff proficiently use data analysis tools [ACL, IDEA, etc] • Staff understand the role of Legislation, Regulation, Policy, directives, and program procedures in relation to employees and public. ABA: Managing Your Audit Function Webinar: October 6, 2011 © Frost, PLLC

NACD – Ten Principles of Effective Audit Committees Focus Transparency Communications ABA: Managing Your Audit Function Webinar: October 6, 2011 © Frost, PLLC

NACD – Ten Principles of Effective Audit Committees Question and Be up-to-date Risk Management Set Expectations ABA: Managing Your Audit Function Webinar: October 6, 2011 © Frost, PLLC

NACD – Ten Principles of Effective Audit Committees Resources Tone at the Top ABA: Managing Your Audit Function Webinar: October 6, 2011 © Frost, PLLC

NACD – Ten Principles of Effective Audit Committees Change and Risk Management Evaluate AC Effectiveness ABA: Managing Your Audit Function Webinar: October 6, 2011 © Frost, PLLC

Looking Ahead – External Auditor Oversight Speech by James Doty, Chairman of the PCAOB April 4, 2011 Even Though the PCAOB Regulates Audit Firms Serving Public Clients – Wider Impact is Likely ABA: Managing Your Audit Function Webinar: October 6, 2011 © Frost, PLLC

Key Topics in the Speech The Role of the Auditor and Value of an Audit Cost of a Failed Model Future of Auditor Oversight Analysis of Audits Affected by the Economic Crisis Firm Management and Monitoring Enhancing the Auditor Reporting Model ABA: Managing Your Audit Function Webinar: October 6, 2011 © Frost, PLLC

Terminology NACD – National Association of Corporate Directors IFRS – International Financial Reporting Standards ERM – Enterprise Risk Management QAR – Quality Assurance Review (IIA) ABA: Managing Your Audit Function Webinar: October 6, 2011 © Frost, PLLC

Resources www.nacdonline.org www.aicpa.org/ForThePublic/AuditCommitteeEffectiveness/ www.theiia.org www.coso.org ABA: Managing Your Audit Function Webinar: October 6, 2011 © Frost, PLLC

Contact Del Rush 501.975.0233 drush@frostpllc.com ABA: Managing Your Audit Function Webinar: October 6, 2011 © Frost, PLLC