1 / 33

PwC

King III @ September 2009 (Anton van Wyk – anton.b.van.wyk@za.pwc.com – 011 797 5338). King III – Apply or Explain. PwC. Mississippi Company Bubble France 1720 South Sea Bubble UK 1720. Victorian Land Boom Australia 1890. Tulip Mania Holland 1637. Railroads Bubble UK 1846.

Olivia
Download Presentation

PwC

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. King III @ September 2009 (Anton van Wyk – anton.b.van.wyk@za.pwc.com – 011 797 5338) King III – Apply or Explain PwC

  2. Mississippi Company Bubble France 1720 South Sea Bubble UK 1720 Victorian Land Boom Australia 1890 Tulip Mania Holland 1637 Railroads Bubble UK 1846 1800 1700 1600 Panic of 1825 import from Bank of England Panic of 1893 extension of 1873 Depression of 1780s established dollar coinage Panic of 1837 paper credit overexpands Panic of 1857 ends Gold Rush expansion Panic of 1873 spurs US move to gold standard Global “Governance events” over the centuries King III

  3. Masterbond 1997 Mexican Peso Crisis 1994 Ruble Crisis Russia 1998 Argentine Peso Crisis 2001 Regal Treasury 2001 British Banking Crisis UK 1990 – 92 Nordic Banking Crisis Sweden, Norway, Finland 1990 - 92 ERM Exchange Rate Crisis Sweden, Norway, Finland, UK, Spain, Italy 1992 – 93 Asian Financial Crisis Indonesia, Malaysia, South Korea, Thailand 1992 - 97 Japanese Asset Price Bubble 1985 - 89 Nokia Bubble Sweden, Norway, Finland 1985 - 89 International banking crisis 2008 – Announcement of International Stimulus Packages 2008 Brazilian Real Crisis 1999 Housing Bubble UK, Ireland, Spain 2006 - Latin American Debt Crisis 1982 Leisurnet 2000 2000 2100 1900 Mortgage Liquidity Crisis 2008 - Credit Crisis 2008 - S&L Crisis 1986 – 95 Stock Market Crash 1987 9/11 attack and global recession 2001 - 02 Gulf War Oil Spike 1990 - 91 Panic of 1901 first NYSE crash King I 1994 King III 2009 King II 2002 Banker’s Panic Kricker Bocker Trust run 1907 Ponzi’s Scheme 1919 - 20 Dot.Com Bubble 1995 - 2001 Long-Term Capital Management hedge fund collapse 1998 Florida Building Bubble 1926 The Great Crash & Depression 1929 - 39 Housing Bubble And Subprime Crisis 2003 - King III

  4. Recent trends BC – AD Again, huge failings in the last 2 years Pressures emerging to sharpen risk assessment focus Business durability, collaboration, balance & connectivity Information required to predict the future Internal Financial control assurance Searching for the “right” resources “One view – one risk aggregation” – Combined Assurance ‘Cost of compliance’ Searching for assurance value People/stakeholders/investors thinking differently Perverse incentive / bonus payments – rewarding failure. King III

  5. Recent events Globe unprepared for the scale, speed & severity of recent crisis Many things happening simultaneously Existing risk models and internal audit functionality couldn’t cope with the complexity of factors impacting the chaos Risk Governance not linking strategy, risk management & risk bearing capacity The weak were eliminated – at huge cost The resilient will (mostly) prevail – cash is King Well capitalised banks survived Stock markets worked The future will still offer less predictable outcomes – there will be more crises, will we be better prepared. We have though, once again shown we are one of the most resilient countries (and people) on earth. King III Slide 5

  6. Applicability of the Code King III

  7. Implications for companies, boards of directors and audit committees • Scope of corporate governance framework in South Africa widened • Entities encouraged to tailor the Code’s principles as appropriate to the size, nature and complexity of their businesses • The board or those charged with governance should explain to stakeholders where a specific principle or recommendation has not been applied

  8. King III chapters King III

  9. Big Tickets from ‘King’s Counsel’ Integrated Reporting Assurance over the final report Sustainability Content assurance The role of Internal Audit? Combined assurance Key integration by Internal Audit. Strategically focussed Internal Audit A Transformed Approach Informing the Audit Committee Creating better relationships Internal Financial Control Testing and maintenance Internal audit’s assessment statement Governance of Risk Correlation of Risk Appetite and Risk Tolerance Resilience Fraud risk IT Governance Knowing this space

  10. The governance of risk Absolute board leadership Risk embedded within Strategy and Business Processes Balancing Risk and Reward – taking calculated ‘smart’ risks Assessment of cost of risk, including lost opportunities CEO as Risk Champion Determine the levels of risk tolerance The risk committee or audit committee should assist the board in carrying out its risk responsibilities Chapter 4 King III Slide 10

  11. The governance of risk Management has the responsibility to design, implement and monitor the risk management plan Risk assessments are performed on a continuous basis Framework and methodologies are implemented to increase the possibility of anticipating unpredictable risks Management considered and implements appropriate risk responses Continuous risk monitoring by management The board should receive combined assurance regarding the effectiveness of the risk management process 10 Minutes on Managing Risk ..\Risk\pwc-10minutes-managing-risk.pdf Chapter 4 King III Slide 11

  12. Risks Economic & financial / Energy costs, price volatility, currency fall, asset price collapse Environmental / Climate change, weather, water, catastrophe Geopolotocal / Globalisation retrenchment, risk governance, war, terrorism, crime Societal / Diseases Technological / Critical system failure or attack, nanotechnologies Travel / Fast, flexible logistics and transport Product demand / Responding to rising middle class Market confluence / Finance, goods, services Resource pressure / Food, water, energy Communication / Inexpensive, instant, omnipresent Globalisation factors Forces of globalisation cross the spectrum of risk King III

  13. Key questions for management – Risk Do we understand how risk appetite and tolerance is applied in our organisation? How do we know that the biggest risk exposures to our organisation are being adequately managed? When last did we participate in a risk assessment activity? How often have we considered the same risk-related issue in the various management and governance meetings? Is ICT risk actively considered in our risk management process? Do we specifically consider compliance risk and, if so, how satisfied are we that it is effectively covered?

  14. Key questions for management – Risk Are risks prioritised and ranked to focus the responses and interventions on those risks outside the board’s risk tolerance limits? Do we have an approved annual risk management plan? Who assures non financial risks, such as plant availability, staff capacity and competency, the impact of legislative changes on the business/organisation etc? And to which management or board committee is the assurance provided? Are we satisfied that this assurance is reliable? Do we have a fraud risk plan to consider our fraud exposure and prevention? Does our disclosure on the effectiveness of risk management reflect the actual position of our business/organisation?

  15. © 2009 PricewaterhouseCoopers Inc. All rights reserved. “PricewaterhouseCoopers” refers to the network of member firms of PricewaterhouseCoopers International Limited, each of which is a separate and independent legal entity. PricewaterhouseCoopers Inc is an authorised financial services provider. PwC • “A strategically positioned, competent and independent internal audit function is required to provide a written assessment of the company’s system of internal control, after having conducted a risk based internal audit. This function must have direct relationships with the audit, corporate governance and risk committees and must be strategically positioned.”

  16. Internal Audit There is an effective risk based internal audit Evaluating the company’s governance processes Objective assessment of the effectiveness of risk management and the internal control framework Analysing and evaluating business process and associated controls Adhere to the IIA Standards and Code of ethics Should follow a risk based approach to its plan Informed by the strategy and risks of the company Assess the company’s risks and opportunities Chapter 7 King III Slide 16

  17. Internal Audit - continues Provide a written assessment of the effectiveness of the company’s system of internal controls and risk management An integral part of the combined assurance model as internal assurance provider Internal controls should be established not only over financial matters, but also operational, compliance and sustainability issues Internal audit should provide a written assessment of internal controls and risk management to the board Written assessment of internal financial controls to the audit committee The audit committee should be responsible for the oversight of internal audit Subjected to an independent quality review Should be strategically positioned to achieve its objectives The CAE should have standing invitation to attend executive committee meetings Internal audit function should be appropriately resourced and have sufficient budget allocated to the function Skilled and resourced as is appropriate for the complexity and volume of risk and assurance needs The CAE should develop and maintain a quality assurance and improvement programme Written assessment of internal financial controls made available to the audit committee King III Slide 17

  18. Here are highlights of what the respondents to the PwC ‘State of the Profession’ 2009 survey, had to say about internal audit budgets and resources: • 19% reported budget reductions in 2008 compared with 10% in 2007. • 49% expect budgets to remain flat and 36% expect a decrease in the coming year, compared with projections of 49% and 14%, respectively, in the prior year’s survey. • 51% of Fortune 500 respondents believe that there is a medium-to-high risk of the economic downturn causing an unexpected reduction in the internal audit budget during 2009. King III

  19. Stakeholder Value Based Approach “Top-down” approach where coverage is driven by issues that directly impact stakeholder value, with clear and explicit linkage to strategic issues of the organisation. Identify Stakeholder Value Creating Activities Understanding Enterprise Risks (Strategic, Financial, Operations, Compliance) Evaluate Impact to Stakeholder Value Audit plan Traditional Approach Traditional “bottom-up” approach based on stakeholder interviews and analysis. Focus is on coverage of identified risk areas, geography and business operations. Evaluate Impact of Risks within Audit Universe Identify Risks (Financial Operations, Compliance) Define Audit Universe (e.g., geography, business unit, etc.) Risk based Internal Audit

  20. Financial 57 % 21 % Operational 53 % 34 % Compliance 33 % 30 % Information Technology 31 % 36 % Strategic / Business Consulting 13 % 9 % 38 % 28 % Percentage of internal audit departments that contribute 25 % or more of their resources to key categories of risks Percentage of internal audit departments that increased coverage in each area during 2008 Composition of auditing activities King III

  21. Stakeholders’ perspectives on the future of Internal Audit Internal Audit focus should evolve to align with emerging/changing risks Internal Audit should balance its focus on all key elements in the risk domain The portfolio of stakeholders will expand to include business unit management and other key executives, as well as other committees of the Board Internal Audit should enhance its understanding of (and focus on) risk management in general and ERM in particular. Internal Audit should become a key source of insight on the risks facing the organisation. Internal Audit needs to enhance its communications with management and the Board. Communications need to become more impactful and timely. Internal Audit management and staff need to develop greater business knowledge and enhance IT skills • A heightened focus on the cost of IA versus the value added • IA will be expected to deliver a written assessment on the adequacy • of the entire system of internal control • IA will be expected to become a strategic partner to the Board King III

  22. Risk-based internal audit Implications for companies, boards of directors and audit committees • Internal audit planning and approach should be risk-based rather than compliance-based • A CAE of appropriate stature, who has the respect and cooperation of the board and management, should be appointed • Internal audit reporting lines to be evaluated – internal audit should report at a level in the company that allows it to remain independent and objective to ensure it fully achieves its responsibilities • CAE invited to attend company’s executive committee

  23. Key questions for management – Internal Audit • Is internal audit aligned to strategy and does its plan focus on areas that are most likely to impact stakeholder value? • Is internal audit effective and frequent enough in its communications with the audit committee and us? • When last was an objective assessment as to whether internal audit has the appropriate level of technical and analytical skills required to address the industry risk and risk requirements of your business? • Is our internal audit function poised to lead a combined assurance initiative? Is there sufficient assurance of our ethics and risk management programmes? • Does internal audit utilise technology in its processes and use existing systems and data effectively in the performance of its work? • What were our most recent loss events and what comfort did internal audit provide us with on these? • How does our internal audit function compare against its peers in benchmark studies? • Is our Chief Audit Executive subjected to a robust annual assessment based on key attributes relevant to our business? • What is our true absorbed cost of internal audit? • Is our internal audit agile enough to address emerging business issues?

  24. The practical application of King III ‘Exotics’ • ‘Boards and directors, acting in the best interests of the company, form the focal point of corporate governance’

  25. Observation on the Impact of Internal Financial Control • It is worth noting that Sarbanes-Oxley legislation established a new paradigm for corporate accountability. Responsibilities of the audit committee, CEO and CFO were clearly established at higher levels than in the past. It created a new standard for companies regarding the reporting of internal control effectiveness and has raised the bar for the design, documentation, and operation of financial internal control. Good internal control will ensure sustained business development!

  26. Typical Internal Financial Control Project Approach Continuous Improvement Management Internal Auditor Document and Evaluate Control Design Test Operating Effective- ness Prepare Report on Internal Control and embed through Training & accountability Initiate Project And Assess Risk Remediate Monitor and Report Project Management Support

  27. Audit committee expectations of internal audit function Internal audit required to Identify risks to financial reporting Evaluate whether financial controls exist to address the risks identified Evaluate design, implementation and operation of identified controls Document the review in a comprehensive manner to support its conclusions Adequate skilled resources in internal audit function The changing role of the audit committee Slide 27

  28. Cost Benefit Analysis

  29. Key questions for management – Internal Financial Control Is there a control framework (e.g. COSO) governing financial reporting in the organisation? Have we identified and documented all probable risks to fair presentation in the financial statements and disclosures? (Fair presentation implies that the numbers and disclosures are not materially misstated). Are there controls in place to address these risks and are they adequately designed to prevent or detect material misstatements in the financial statements and disclosures? Do the controls identified operate as they are supposed to and are they appropriately evidenced? Have we examined or tested the controls identified above to ensure that our report to the audit committee is accurate and complete? Have we appropriately evidenced our assessment? Is a process in place to ensure that the framework remains relevant over time?

  30. Combined assuranceWhat is combined assurance? A coordinated approach to all assurance activities to ensure that assurance provided by • management; • internal assurance providers (such as internal audit); and • external assurance providers (such as external audit or sustainability assurance providers) adequately addresses significant risks facing the company and that suitable controls exist to mitigate and reduce these risks “Integrating and aligning assurance processes in an organisation to maximise risk and governance oversight and control efficiencies, and optimise overall assurance to the Audit and Risk Committee, considering the organisation’s risk appetite”

  31. Combined assurance (continued)What is combined assurance? Combined assurance

  32. Combined assurance Implications for audit committees • Audit committees are able to assess significant risks facing the company with information to hand • Assessment to be made of in-house skills and qualifications and track record of external service providers • Audit committees to coordinate the utilisation of appropriate assurance providers in the assurance model (management, internal or external assurance providers) to provide assurance on the identified risks • May result in the increased utilisation of external assurance providers

  33. Internal Audit’s journey INTEGRATED REPORT ACCOUNTABILITY CORPORATE CULTURE COMPLIANCE REQUIREMENTS ETHICS LEGAL CONDUCT REGULATORY POLICY AUTHORITIES Corporate Governance Framework COMBINED ASSURANCE RISK MANAGEMENT FINANCIAL SOCIAL & ETHICAL ENVIRON- MENTAL INTERNAL CONTROLS OPERATIONS PEOPLE SYSTEMS PROCESS STRATEGY STRUCTURE PERFORMANCE MEASUREMENT PURPOSE VALUES GOALS

More Related