Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Balancing SOX with Risk Based Audit Planning The Institute of Internal Auditors March 9, 2004 Dave Richards, CIA, CPA Director, Internal Auditing FirstEnergy.

Similar presentations

Presentation on theme: "1 Balancing SOX with Risk Based Audit Planning The Institute of Internal Auditors March 9, 2004 Dave Richards, CIA, CPA Director, Internal Auditing FirstEnergy."— Presentation transcript:

1 1 Balancing SOX with Risk Based Audit Planning The Institute of Internal Auditors March 9, 2004 Dave Richards, CIA, CPA Director, Internal Auditing FirstEnergy Corporation

2 2 Introduction & Overview Dave Richards, FirstEnergy Finding the Balance Brian Appleton, National Penn Bancshares Year 2 Audit Planning Carl Balderson, Pinnacle West Capital Balancing Issues for Large Shops Peg Weir, United States Postal Service Break Q & A Balancing SOX with Risk Based Audit Planning

3 3 Key Balancing Issues 1. Involvement in SOX 404 Work 2. Expectations of AC & Sr. Mgt 3. Risk Model Impacts 4. Emphasis on Financial Audits 5. Increased IT General Controls Topics 6. Using 404 Results to Drive Audits 7. Dealing with SOX Issues 8. Impact on External Auditor Relationship & Work Support

4 4 Key Balancing Issues 9. Using 404 Model for Operational & Compliance Topics 10. Staff Productivity Enhancements 11. IAD Tools for Control Assessments 12. Rotation of Audit Topics??? 13. Building on SOX 404 Work 14. IAD Customer Relationships 15. Impact on Audit Contingency 16. Internal Control Opinions in Audits

5 5 Finding the Balance Brian T. Appleton, CIA, MBA,CDP Executive Vice President Director of Internal Audit National Penn Bancshares

6 6 Overview of Company Company Size Audit Division Client Focused Philosophy Process Owner Class

7 7 Status of 404 Tone at the top How 404 is implemented makes a difference High level risk-assessment completed Documentation phase in progress

8 8 Balance Identify the coordinating scheme Complement, not supplement Be flexible and creative Focus your scope Standardize the documentation Take a closer look at opportunities »Management »Audit

9 9 Creates a more sophisticated clientele Fosters uniformity in structure Increases accountability for results Promotes process ownership by management Impact on Internal Clients

10 10 Enhance auditor knowledge Career growth opportunity Role of auditors as facilitators Expansion of skill set to educator Springboard effect – Operational and compliance audits – Control Self Assessment – Enterprise Risk Management Impact on Audit Approach

11 11 Stronger assurance of controls Create new metrics Published accountability through sign-offs Benefit to Audit Committee

12 12 Summary Identify the changes, find a balance Allocate resources early Sell the benefit to the company Find and publish the positives Think of SOX 404 as complementing audit coverage

13 13 Year 2 Audit Planning Carl Balderson, CIA, CPA, CFE Director of Audit Services Pinnacle West Capital Corporation

14 14 Driving Change Re-balancing is continued evolution Changed audit committee expectations Changed management expectations

15 15 Impacts of SOX Increase management awareness of internal controls Audit customer responsiveness Greater emphasis on IT auditing Verify quarterly review for IC changes

16 16 Planning Steps Risk based planning with pre-SOX methodology What we Think is needed for SOX –Follow-up open issues –Test changed process documentation –Test Key controls Integrate to avoid duplication Alternate depth of efforts with future years Allocate available resources

17 17 Productivity Initiatives Automated Work Papers Productive Time Targets Emphasize Project Budgets In-house and Local Training

18 18 Contingency Planning Small number of hours unallocated Renewed emphasis on Stop & Go auditing Administrative assistant/secretary vs. para-professional auditor Be more selective in what we address

19 19 Driving Long-Term Value Integrate SOX compliance and risk management processes Examine risk management processes for efficiency Documentation of new systems Integrate SOX documentation with business resumption plans Utilize documentation for training

20 20 Balancing Issues for Large Shops Margaret (Peg) Weir Manager, Internal Control Group United States Postal Service

21 21 Independent government entity Self-sustaining Annual operating revenue +/- $70B Second largest civilian employer 38,000 Post Offices Office of Inspector General United States Postal Service

22 22 Internal Control Group CFO vision Established ICG organization –Complements OIG function –End-to-end process –Looks for efficiencies and risks of inefficiencies

23 23 Internal Audit-Internal Control Policy vs. Process Internal Audit - Financial Statements fairly represent operations Monies Expenses Work hours Assets Internal Control - Reasonable Assurance – achievement of fundamental business goals Reliability Exist, effective, efficient Compliance with laws/regulations

24 24 Internal Control Group Identify risk through data and process analysis Partner with process owner to mitigate prioritized risk Analyze trends and indicators Conduct internal control reviews Develop improved controls to meet goals and objectives

25 25 Sarbanes-Oxley Act Voluntarily adopting parts of Section 404 Makes good business sense

26 26 Internal Control Group Senior management provides direction and oversight Focus based on: –Guidance –Risk analysis –Risk prioritization Resources support mandate

27 27 Internal Control Group Enterprise-wide from corporate to local Interdependencies vs. stovepipes Partnership with process owners Data driven Targeted reviews Standardized approach using COSO framework –Root causes –Meaningful recommendations to improve controls Reasonable assurance goals & objectives will be met

28 28 Internal Control Group Status Implemented preliminary activities of COSO framework Adjusted as lessons learned Developing additional training Enhancing the analytical & reporting tool

29 29 Internal Control Group Internal Control Group complements internal audit process Internal Control Group supports performance-based culture Internal Control Group establishes foundation for long-term enterprise-wide improvements and efficiencies Internal Control Group is dynamic & evolving

30 30 Conclusions SOX 404 WILL IMPACT what we do What impact it has must be managed Upfront drivers for impact must be understood Changes in approach, scope, & results expectations must be communicated AC, Sr. Mgt. & IAD Customers must recognize the impact on identifying & performing work IAD must be more productive to meet this challenge External Auditor relationship must be managed

31 31 Next Webcast April 13, 2004 Strategies for Internal & External Relationships See you at our next webcast!

Download ppt "1 Balancing SOX with Risk Based Audit Planning The Institute of Internal Auditors March 9, 2004 Dave Richards, CIA, CPA Director, Internal Auditing FirstEnergy."

Similar presentations

Ads by Google