Balancing sox with risk based audit planning l.jpg
This presentation is the property of its rightful owner.
Sponsored Links
1 / 31

Balancing SOX with Risk Based Audit Planning PowerPoint PPT Presentation


  • 278 Views
  • Updated On :
  • Presentation posted in: General

Balancing SOX with Risk Based Audit Planning. The Institute of Internal Auditors March 9, 2004. Dave Richards, CIA, CPA Director, Internal Auditing FirstEnergy Corporation. Balancing SOX with Risk Based Audit Planning. Introduction & Overview Dave Richards, FirstEnergy

Related searches for Balancing SOX with Risk Based Audit Planning

Download Presentation

Balancing SOX with Risk Based Audit Planning

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Balancing sox with risk based audit planning l.jpg

Balancing SOX with Risk Based Audit Planning

The Institute of Internal AuditorsMarch 9, 2004

Dave Richards, CIA, CPADirector, Internal AuditingFirstEnergy Corporation


Slide2 l.jpg

Balancing

SOX with Risk Based Audit Planning

  • Introduction & Overview

  • Dave Richards, FirstEnergy

  • Finding the Balance

  • Brian Appleton, National Penn Bancshares

  • Year 2 Audit Planning

  • Carl Balderson, Pinnacle West Capital

  • Balancing Issues for Large Shops

  • Peg Weir, United States Postal Service

  • Break

  • Q & A


Key balancing issues l.jpg

Key Balancing Issues

1. Involvement in SOX 404 Work

2. Expectations of AC & Sr. Mgt

3. Risk Model Impacts

4. Emphasis on Financial Audits

5. Increased IT General Controls Topics

6. Using 404 Results to Drive Audits

7. Dealing with SOX Issues

8. Impact on External Auditor Relationship & Work Support


Key balancing issues4 l.jpg

Key Balancing Issues

9. Using 404 Model for Operational & Compliance Topics

10. Staff Productivity Enhancements

11. IAD Tools for Control Assessments

12. Rotation of Audit Topics???

13. Building on SOX 404 Work

14. IAD Customer Relationships

15. Impact on Audit Contingency

16. Internal Control Opinions in Audits


Finding the balance l.jpg

Finding the Balance

Brian T. Appleton, CIA, MBA,CDP

Executive Vice President

Director of Internal Audit

National Penn Bancshares


Overview of company l.jpg

Overview of Company

  • Company Size

  • Audit Division

  • Client Focused Philosophy

  • Process Owner Class


Status of 404 l.jpg

Status of 404

  • Tone at the top

  • How 404 is implemented makes a difference

  • High level risk-assessment completed

  • Documentation phase in progress


Balance l.jpg

Balance

  • Identify the coordinating scheme

  • Complement, not supplement

  • Be flexible and creative

  • Focus your scope

  • Standardize the documentation

  • Take a closer look at opportunities

    • Management

    • Audit


Impact on internal clients l.jpg

Impact on Internal Clients

  • Creates a more sophisticated clientele

  • Fosters uniformity in structure

  • Increases accountability for results

  • Promotes process ownership by management


Impact on audit approach l.jpg

Impact on Audit Approach

  • Enhance auditor knowledge

  • Career growth opportunity

  • Role of auditors as facilitators

  • Expansion of skill set to educator

  • Springboard effect

    • Operational and compliance audits

    • Control Self Assessment

    • Enterprise Risk Management


Benefit to audit committee l.jpg

Benefit to Audit Committee

  • Stronger assurance of controls

  • Create new metrics

  • Published accountability through sign-offs


Summary l.jpg

Summary

  • Identify the changes, find a balance

  • Allocate resources early

  • Sell the benefit to the company

  • Find and publish the positives

  • Think of SOX 404 as complementing audit coverage


Year 2 audit planning l.jpg

Year 2 Audit Planning

Carl Balderson, CIA, CPA, CFEDirector of Audit Services

Pinnacle West Capital Corporation


Driving change l.jpg

Re-balancing is continued evolution

Changed audit committee expectations

Changed management expectations

Driving Change


Impacts of sox l.jpg

Increase management awareness of internal controls

Audit customer responsiveness

Greater emphasis on IT auditing

Verify quarterly review for IC changes

Impacts of SOX


Planning steps l.jpg

Risk based planning with pre-SOX methodology

What we Think is needed for SOX

Follow-up open issues

Test changed process documentation

Test Key controls

Integrate to avoid duplication

Alternate depth of efforts with future years

Allocate available resources

Planning Steps


Productivity initiatives l.jpg

Automated Work Papers

Productive Time Targets

Emphasize Project Budgets

In-house and Local Training

Productivity Initiatives


Contingency planning l.jpg

Small number of hours unallocated

Renewed emphasis on “Stop & Go” auditing

Administrative assistant/secretary vs. para-professional auditor

Be more selective in what we address

Contingency Planning


Driving long term value l.jpg

Integrate SOX compliance and risk management processes

Examine risk management processes for efficiency

Documentation of new systems

Integrate SOX documentation with business resumption plans

Utilize documentation for training

Driving Long-Term Value


Balancing issues for large shops l.jpg

Balancing Issues for Large Shops

Margaret (Peg) Weir

Manager, Internal Control Group

United States Postal Service


Slide21 l.jpg

Independent government entity

Self-sustaining

Annual operating revenue +/- $70B

Second largest civilian employer

38,000 Post Offices

Office of Inspector General

United States Postal Service


Internal control group l.jpg

Internal Control Group

  • CFO vision

  • Established ICG organization

    • Complements OIG function

    • “End-to-end” process

    • Looks for efficiencies and risks of inefficiencies


Internal audit internal control policy vs process l.jpg

Internal Audit-Internal Control“Policy vs. Process”

  • Internal Audit - Financial Statements fairly represent operations

    • Monies

    • Expenses

    • Work hours

    • Assets

  • Internal Control - Reasonable Assurance – achievement of fundamental business goals

    • Reliability

    • Exist, effective, efficient

    • Compliance with laws/regulations


  • Internal control group24 l.jpg

    Internal Control Group

    • Identify risk through data and process analysis

    • Partner with process owner to mitigate prioritized risk

    • Analyze trends and indicators

    • Conduct internal control reviews

    • Develop improved controls to meet goals and objectives


    Sarbanes oxley act l.jpg

    Sarbanes-Oxley Act

    • Voluntarily adopting parts of Section 404

    • Makes good business sense


    Internal control group26 l.jpg

    Internal Control Group

    • Senior management provides direction and oversight

    • Focus based on:

      • Guidance

      • Risk analysis

      • Risk prioritization

    • Resources support mandate


    Internal control group27 l.jpg

    Internal Control Group

    • Enterprise-wide from corporate to local

    • Interdependencies vs. stovepipes

    • Partnership with process owners

    • Data driven

    • Targeted reviews

    • Standardized approach using COSO framework

      • Root causes

      • Meaningful recommendations to improve controls

    • Reasonable assurance goals & objectives will be met


    Internal control group status l.jpg

    Internal Control Group Status

    • Implemented preliminary activities of COSO framework

    • Adjusted as lessons learned

    • Developing additional training

    • Enhancing the analytical & reporting tool


    Internal control group29 l.jpg

    Internal Control Group

    • Internal Control Group complements internal audit process

    • Internal Control Group supports performance-based culture

    • Internal Control Group establishes foundation for long-term enterprise-wide improvements and efficiencies

    • Internal Control Group is dynamic & evolving


    Conclusions l.jpg

    Conclusions

    • SOX 404 WILL IMPACT what we do

    • What impact it has must be managed

    • Upfront drivers for impact must be understood

    • Changes in approach, scope, & results expectations must be communicated

    • AC, Sr. Mgt. & IAD Customers must recognize the impact on identifying & performing work

    • IAD must be more productive to meet this challenge

    • External Auditor relationship must be managed


    Next webcast l.jpg

    Next Webcast

    April 13, 2004

    “Strategies for Internal & External Relationships”

    See you at our next webcast!


  • Login