Presentation is loading. Please wait.

Presentation is loading. Please wait.

Impact of Corporate Governance on the Internal Audit Profession

Similar presentations

Presentation on theme: "Impact of Corporate Governance on the Internal Audit Profession"— Presentation transcript:

1 Impact of Corporate Governance on the Internal Audit Profession
Today Upward Hacia arriba Onward Adelante (1941) Impact of Corporate Governance on the Internal Audit Profession Glenn E. Sumners, DBA, CIA, CFE “Internal auditing is an endless journey towards an every-changing destination.” Glenn E. Sumners Dominican Republic Punta Cana 2012

2 Presenter (presentador)
Glenn Sumners, DBA, CIA, CFE is on the faculty of Louisiana State University where he is the director of the Louisiana State University Center for Internal Auditing (LSUCIA). He was named Educator of the Year in 1987 by the IIA and received the LCPA Lifetime Achievement in Accounting Education Award in In 2006, Professor Sumners received the Bradford Cadmus Memorial Award from the IIA. He is a member of the IIA Society Emeritus. In 2012, he was inducted into the IIA American Hall of Distinguished Audit Practitioners. Three LSUCIA students have placed first in the international manuscript competition. Eighteen students from the LSUCIA Program have won international award for the highest score on the CIA exam. In 2012, The CIA Award for the highest student score was named the Dr. Glenn E. Sumners Award. He provides quality assurance reviews, consulting, and training to internal audit groups and audit committees. He has made over 1200 presentations in the last 25 years. He has been invited to speak in 25 countries. {Su foto} Glenn E. Sumners Director Louisiana State University Center for Internal Auditing

3 Governance (gobierno) Agenda (orden del día)
Adding Value: The expanding role of Internal Auditing (valor agregado) The Value Proposition (la prpuesta de valor) Addressing Governance (relación con el gobierno corporat) Infrastructure (infraestructura) Integration (Integración) Assessing Risk (evaluación de riesgos) (Borderless organizations) (organizaciones sin fronteras) Internal (interno) External (externo) (Strategies) (Estrategias) Risk Threats (riesgos amenaza) Risk Opportunities (riesgos oportunidades)

4 Governance Agenda (gobierno orden del día)
Adding Value: The expanding role of Internal Auditing (toward governance) Job enlargement Job satisfaction Job enrichment Addressing Governance (infrastructure and integration) Assessing Risk (broader perspective) (borderless organizations) Internal External (strategies) Enhancing Controls Control Activities Management Controls Plan (tactical and strategic) (planning committee) Organize (delegation of accountability) Staff (needed competencies outpacing competencies) (CFIA) (CBOK) (Surveys) Direct (policies and procedures) (control activities) Monitor (change management) (custodial managers) Environmental Controls COSO – Tone at the Top (infrastructure) (integration) (permeation) Control Environment

5 Agenda (orden del día) Enhancing Controls (mejorar los controles)
Control Activities (actividades de control) (time allocation) Management Controls (controles de gestión) Plan (Tactical and Strategic) (Comité de Planificación)) Organize (Delegation of Accountability) (organizar) Staff (I  K  W – RP) (BS and CS) (personal) Needed competencies outpacing competencies CFIA CBOK (Business Knowledge) Surveys (Encuestas) (Critical Thinking – Hours – Business) Direct (Policies and Procedures) (directo) Monitor (Oversight, Analytics, Change Management) (custodial managers) Control Environment (Entorno de control interno)) All components of COSO reside in the Control Environment) Virgin territory COSO – Tone at the Top (infrastructure) (integration) (permeation) (infraestructura) (integración) (penetración)

6 Evolution of the Profession (evolución de la profesión)
Internal Auditing: Adding Value (Auditoria Internía: Agregando Valor) External Entity Process Unit Control Environment Management Controls Control Activities Evolution of the Profession (evolución de la profesión) Controls (Controles) Risk (Riesgos) Board Audit Committee Charter Internal Audit Governance (Gobierno) (Mature) (Maduro) (Embryo) (Embrión) (Radar) Opportunities Threats Integration GRC Evaluation Check the box Reality Quality (calidad) Question: Can you be in 100% compliance and go out of business?

7 Governance (Gobierno Corporativo)
Board (Junta) Selection Process (Proceso de Seleccíon) Audit Committee (comité de auditoría) CAE Risk Committee (comité de riesgos) CRO Global Strategic (CRMA) Compensation Committee (comité de compensación) Stock options Bonus plans Counter-productive Salaries Up, up, up, and away AAA COB CEO Obj. Sub. SOD Issues (cuestiones): Accountability – Governance, Risks, and Controls (responsabilidad) King III Transparency (transparencia) Sustainability (sostenibilidad) Personal Opinion (Opinión personal):: The CEO and CFO should not be involved in selecting members of the Board, Audit Committee, Risk Committee, or Compensation Committee

8 Reporting (Reportaje)
Board (Junta) CEO Audit Committee (Comité de Auditoría) Proactive Review Functional (Funcional) Administrative (Administrativo) Primary Report Audit Plan Overview of Administrative Executive Session (Reunión Ejecutiva) Charter Performance Evaluation Promotions Hiring – Rotation - Termination Resources Office Space Budget Training Travel Staffing Best Business Crimes Mr. Kozlowski had the company’s (Tyco) internal auditors report to the board through himself, and ensured they would not audit a Tyco unit through which the fraudulent loans and other payments were made. Internal Audit (Auditoria Interna) CAE Charter (Estatutos) “The internal auditors should have an independent reporting line directly to the Audit Committee.” SAS #99 “Three principle factors contribute to independence and objectivity: the organizational positioning of the function, the corporate stature of the chief internal auditor, and the reporting of the chief internal auditor to the audit committee. For day-to-day operational purposes, the chief internal auditor should report administratively to a senior officer who is not directly responsible for preparing the company’s financial statements. The commission encourages an administrative reporting relationship in which the chief internal auditor reports directly to the CEO.” NCFFR (1987)

9 Risk Management Process (Proceso de Administractión de Riesgos)
Audit Committee (comité de auditoría) of Board of Directors (oversight) CEO (Responsibility) CRO (Execution) Risk Management (gestión de riesgos) Auditor in Charge (AIC) Micro (Engagement Planning) CAE Macro (Resource Allocation) Oversight Comprehensive Report Audit Priority Feedback Input (Integration and Linkage) (Integración y conexion) Fraud Risk Analytics Limitations (limitaciones): Limited Oversight Limited Knowledge Limited Experience Limited Accountability Technology Interconnectivity Factors (factores): Chaos Theory Prediction Butterfly Effect Tipping Point Organizations (5/9) Ethics Long-term Planning Integration Status (Estado): Check the box Reality (Realidad) The Risk Complexity Multiplier (El multiplicador de la complejidad de riesgo) 10 x 100 x 1000 What does CRMA really mean? (Certified Risk Management Assurance)

10 ERM Implementation (Endless Activity) (Adapt to Change)
Governance Integration ERM Implementation (Endless Activity) (Adapt to Change) Risk Environment Oversight Accountability Ownership Monitor-Adjust Need Globalization Technology Information Market Volatility Interconnectivity Staffing Rate of Change Context Identify Priority Risks Strategic Operational Financial Compliance Risk Management Status Gap Analysis Desired ERM Business Plan Integration Dynamic Process Size Industry Strategy Competition Cycle Challenge Change Continuous Integration Process Governance Challenges: Control Environment Internal Environment Goals and Objectives Tone at the Top

11 Question (Pregunta) “V O l l” = ________________________________
What are the five primary reasons controls fail? (Cuales son las 5 razones principales por las cuales los controles fallen?) ________________________________ Why? (Porqúe?) Increase Sugar 10 Times Milk 9 Eggs 12 Bacon 16 Stamps 15 Fraud ? Why “V O l l” = Technically, Ken is innocent.

12 Internal Control – Failures
(Control Interno – Fracasos) What are the five primary reasons controls fail? Lack of integrity Weak control environment Inconsistent objectives Poor communication (Up, Down, and Across) Inability to understand and react to changing conditions Internal Control – Integrated Framework Question: How many of these relate to “Governance”?

13 COSO Control (Addressing Governance)
Challenge (desafío): Evolving from Control Activities to the Control Environment Operations Financial Reporting Compliance Aggregate (agregado) Entity (entidad) Process (proceso) Unit (unidad) Monitoring Activity 2 Activity 1 Info. & Communication Unit B Unit A Control Activities Risk Assessment Control Environment (Entorno de Control) “Management should periodically check the batteries in their moral compass.” GES

14 Audit Plan to Address Governance
Review Audit Committee – Best Practices Charter Checklist GAP Analysis Documentation Approach Unit Entity Mandatory Audits - Entity Employee Survey ERM Conflict of Interest Complaint Process Executive Expense Report Analytical Audit Ethics Audit Governance Accruals Change Reserves (Step #1) Transformation Transactions Top-side Closing Revenue Recognition Compensation Question: How much time does it take to do an entity level audit?

15 (Componentes del control)
section title COSO Risk (Riesgo) TIPS Focus: Internal Environment Strategies Integration Control Components (Componentes del control) Objectives (Objetivos) Event Identification Risk Assessment Risk Response Control Activities Info. & Communication Internal Environment (Ambiente de Control) Monitoring Strategic (Estratégios) Operations Reporting Compliance Division Business Unit Subsidiary Entity Objective Setting ERM – Conceptual Framework

16 Audit plans from top down that parallel the business plan.
Corporate Governance, Risk and Controls (Gobierno Corporativo, Riesgos y Controles) Rationalization (racionalización) R Opportunity (oportunidad) O o Monitoring (monitoreo) M Controls (controles) C (Riesgos) Risks R Override (anular) OR Pressure (presión) P Organization Beneficial Audit Focus Objective Subjective Job Specificity A Detrimental AAA COSO Risk Objectives Strategic Operations Compliance Financial COSO Components Control Environment Monitoring Information & Communication Risk Control Activities Question: What is the solution? Audit plans from top down that parallel the business plan.

17 Enterprise Risk Management Integrated Framework (gestión del riesgo institucional del marco integrado) (Strategies) (Estrategias) Linkage: Objectives Risk Strategies Timely Transparent Reporting Reasonable Assurance External: Uncontrollable Strategies Operations Internal: Controllable Compliance Internal Auditing (Auditoría Interna)

18 Other Governance Challenges for Board, Audit Committee, and CAE
Technology (Tecnología) Continuous Monitoring Globalization (Globalización) Risk Interconnectivity Staffing (Dotación de Personal) Business Knowledge Technology Risk Governance Control Environment CFIA CBOX Surveys Critical Thinking Hours of Preparation Who Studies Fraud (Fraude) Detection to Prevention Detrimental to Beneficial Analytics (Análisis) Integration Monitoring Process Audit Process Embody Governance

19 Preguntas y Respuestas
Questions & Answers

20 Información de contacto
Glenn E. Sumners, DBA, CIA, CFE 8222 Walden Road Baton Rouge, LA USA

21 Conclusiones The primary challenge of the internal audit profession will be fulfilling the prime directive to add value through enhancing governance, risks, and controls. These challenges will lead to the job enlargement and job enrichment of the profession.

Download ppt "Impact of Corporate Governance on the Internal Audit Profession"

Similar presentations

Ads by Google