Download presentation
Presentation is loading. Please wait.
Published byCedric Middlemiss Modified over 9 years ago
2
Performing Governance Assessments Myrk Harkins CIA, CBM
3
2 Agenda Who Is Myrk Harkins? A little about the Southern Company Risk Based Auditing Governance Model
4
3 Myrk Harkins Director of Internal Auditing West Bachelor of Science Civil Engineering Certified Internal Auditor & Certified Business Manager 33 Years Experience with Southern Company Power Plant Construction Plant Operations and Maintenance 10 Years Internal Auditing
5
4 The Southern Company 4.3 Million Customers Alabama Power, Georgia Power, Mississippi Power, Gulf Power, Southern Power & Southern Link 42,000 MW of Generation (1 MW = 600 Homes) Revenue of $14.3 Billion Net Income of $1.6 Billion
6
5 Southern Company Internal Auditing We are a Risked Based Audit Organization
7
6 Sample Company Enterprise Risk Management Qualitative estimate of the potential risk’s impact on the specific function/entity RED …focused management attention is required GREEN …current management action is sufficient YELLOW …on-going active monitoring by management is required Risk Placement Guidelines: Place risk here if…: $$$ Materiality of Impact Scope of Control Likelihood Current Level of Residual Risk $
8
7 2007 Sample Company Risk profile Materiality of impact RiskAccountability 1. Environmental legislation or regulation Evans/Johnson 2. Exposure to fuel prices/availability Johnson 3. Loss of constructive state regulatory environment Operating Company CEOs 4.Nuclear Brown 5. Catastrophic business interruption Management Council 6. Change in federal regulatory or legislative policy Smith/Evans 7.Execution of the financial plan Farmer 8.Workforce issues Management Council 9. Deterioration of corporate image Management Council 10Governance failure Ratcliffe/Farmer 11 Strategy selection and implementation Ratcliffe/Management Council 9 8 Loss of constructive state regulatory environment Nuclear Change in federal regulatory or legislative policy Governance failure Workforce issues Execution of the financial plan 4 3 11 6 Likelihood $ $$$ 1 2 5 10 Exposure to fuel price/availability Catastrophic business interruption Environmental legislation or regulation 7 Strategy selection and implementation Deterioration of corporate image
9
8 2007 Sample Company Fraud risk profile Materiality of impact Fraud RiskAccountability 1. Inappropriate Capitalization of Expenses Evans/Taylor 2. Improper Use of Estimates and Judgments Ballard 3. False Compliance Reporting (EPA, OSHA, FERC, etc.) Operating Co CEOs 4. Political (Bribery of Public Officials, Illegal Contributions) Beasley 5. Vendor Fraud (Bid Rigging, Kickbacks, etc.) Management Council 6. Competitive Practices (Unfair Competition - Antitrust, Violation of Territorial Service Agreements, Wholesale Competition) Smith/Evans 7. Intentional Mistreatment of Affiliate Transactions Farmer 8. Inappropriate Executive Compensation Management Council 9. Employee Fraud / Misappropriation of Assets Management Council 9 8 False Compliance Reporting (EPA, OSHA, FERC, etc. Political (Bribery of Public Officials, Illegal Contributions) Competitive Practices (Unfair Competition – Antitrust, Violation of Territorial Service Agreements, Wholesale Competition) Inappropriate Executive Compensation Intentional Mistreatment of Affiliate Transactions 4 3 6 Likelihood $ 1 2 5 Improper Use of Estimates and Judgments Vendor Fraud (Bid Rigging, Kickbacks, etc. Inappropriate Capitalization of Expenses 7 Strategy selection and implementation Employee Fraud/Misappropriation of Assets
10
9 Audit Planning Process Fraud Risks Annual Residual Risk Assessment Executive Input IA Staff Input SOCO Risk Profile Annual Audit Plan Audit Engagement Risk Assessment Engagement Risk Assessment Engagement Risk Assessment
11
10 COSO Southern Company’s Control Framework
12
11 What is Governance Governance is composed of the key business processes utilized by representatives of an organizations stakeholders (e.g. Shareholders (BOD), management, etc.) to optimize value by providing reasonable assurance that an entity achieves it business objectives. SOCO ERM Program broadly defines governance as those business processes, internal controls, decision tools, oversight structures and corporate culture elements (Southern Style) that reasonably ensure achievement of the Company’s goals and objectives. (ERM at SOCO = Our Methodology for Managing the Business) Understanding Governance
13
12 A Simplified Approach to Governance ( Company, Functional Activity, Business Unit, etc.) Everything Starts with Business Objectives Identify and Evaluate Significant Risks (Anything that could prevent achievement of business objectives) Business Processes (Internal Controls & Governance Processes) to Reasonably Ensure Achievement of Business Objectives Assurance (Monitoring Level of Achievement and Reporting)
14
13 Tone at the Top Business Objectives Business Processes Assurance Information Communication Information Communication Information Communication Risk Assesment Information Communication A Simplified Approach to Governance
15
14 Mission, Purpose Strategic Direction & Business Plan Goals Strategic Operational Reporting Compliance Objective Setting “What are you trying to accomplish”
16
15 Internal Environment “Tone at the Top” Risk Appetite Management Commitment Ethics Competence Responsibilities and Accountability
17
16 Risk Assessment Process “What is going to keep you from your goals” Identification Assessment Response
18
17 Business Processes Control Activities Company Policies Procedures / Guidelines Internal Controls Information and Communication Appropriate Availability Accurate / Complete Timely
19
18 Assurance “Monitoring” Ongoing Activities Supervision Performance Measurement & Reporting Assessment Processes Self Corp. Oversight (Internal Auditing) Independent Reporting Deficiencies Follow Up & Corrective Actions
20
19 Practical Application Any Audit or Consulting Project
21
Questions & Comments Myrk Harkins (rmharkin@southernco.com)@southernco.com Phone – (205-257-2135)
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.