1 / 47

Dave Richards, CIA, CPA Director, Internal Auditing FirstEnergy Corporation

Dave Richards, CIA, CPA Director, Internal Auditing FirstEnergy Corporation. Looking ahead: How upcoming rules and legislation might expand and alter internal auditing's roles. The Institute of Internal Auditors Webcast Series on Sarbanes-Oxley Session #4 - April 15, 2003.

consuela
Download Presentation

Dave Richards, CIA, CPA Director, Internal Auditing FirstEnergy Corporation

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Dave Richards, CIA, CPA Director, Internal Auditing FirstEnergy Corporation

  2. Looking ahead: How upcoming rules and legislation might expand and alter internal auditing's roles The Institute of Internal Auditors Webcast Series on Sarbanes-Oxley Session #4 - April 15, 2003

  3. The Webcast Series on Sarbanes-Oxley’s Impact on Internal Auditing • January 28 - Disclosure Controls* • March 3 - Annual Certification of Internal Controls* • April 1 - Coordination of Internal & External Audit Work* • April 15 - Looking Ahead to Future Changes Impacting Internal Auditing* *Available on CD Rom and online archive for one year r

  4. Agenda 1:00 - 1:10 Introduction & Overview of SOA areas not covered in Webcasts thus far – Dave Richards 1:10 - 1:20 SEC SOA Actions – Status Update – Greg Faucette 1:20 - 1:30 Future for External and Internal Auditors – Andy Dahle 1:30 - 1:40 Future for Others Impacted by the SOA – Jim DeLoach 1:45 - 1:50 Break 1:50 - 2:25 Questions & Answers – Panel 2:25 - 2:30 Concluding Remarks – Dave Richards

  5. SOA Areas • Audit Committees: • Independence • Financial Expert • Direct Responsibility for External Auditor • Code of Conduct complaints • Engage advisors • Reporting requirements • Annual Assessment of performance • Management: • Certification of quarterly and annual financials • Assessment of Disclosure Controls • Annual Assessment of internal controls • Penalties for false or misleading information • Code of Ethics for Senior Officers

  6. SOA Areas • External Auditor • Prohibited services • Independence requirements & disclosures • Quality assurance disclosures to audit committee • Attestation opinion on annual internal control assessment • Public Company Accounting Oversight Board (PCAOB) • Audit partner rotation every 5 years

  7. Handling the Future • “As the present reflects the past, so will the future reflect the present” • Actions we can take to prepare: 1. Knowledge of changes (stay in front) 2. Share your knowledge 3. Prepare for what you know is coming 4. Be proactive with your management and the audit committee 5. Prepare internal audit department staff for changes (e.g., focus on internal controls and financial issues)

  8. Handling the Future • Actions we can take: • Partner with your external auditors & third party providers to build the most flexible team • Don’t be afraid to fail!! • Listen to your internal customers • Develop a strategy (vision) of what you want to become • Take advantage of opportunities (find someone looking for help and help them)

  9. Issues • Internal auditing as a proactive function • Staying in touch with changes • Focus on financial auditing theory • Staff skills & qualifications • Scope of work for internal auditing • Working relationship with external auditors • Audit committee support & involvement • Training needs for audit committee, internal audit, and management • Resources for internal audit department • Willingness to change • Having the right strategic plan

  10. Agenda 1:00 - 1:10 Introduction & Overview of SOA areas not covered in Webcasts thus far – Dave Richards 1:10 - 1:20 SEC SOA Actions – Status Update – Greg Faucette 1:20 - 1:30 Future for External and Internal Auditors – Andy Dahle 1:30 - 1:40 Future for Others Impacted by the SOA – Jim DeLoach 1:45 - 1:50 Break 1:50 - 2:25 Questions & Answers – Panel 2:25 - 2:30 Concluding Remarks – Dave Richards

  11. SEC SOA Actions –Status Update Gregory A. Faucette Professional Accounting Fellow Office of the Chief Accountant Securities and Exchange Commission

  12. Disclaimer The Securities and Exchange Commission, as a matter of policy, disclaims responsibility for any private publication or statement by any of its employees. Therefore, the views expressed today are my own, and do not necessarily reflect the views of the Commission or the other members of the staff of the Commission.

  13. Sarbanes-Oxley Act of 2002 Components of the SOA • Title I – Public Company Accounting Oversight Board • Title II – Auditor Independence • Title III – Corporate Responsibility • Certifications • Audit committee standards • Improper influence of auditors • Insider trading during pension fund blackouts • Conduct standards for attorneys

  14. Sarbanes-Oxley Act of 2002 Components of the SOA - Continued • Title IV – Enhanced Financial Disclosures • MD&A disclosures • Non-GAAP financial measures • Reporting on internal controls • Disclosures about code of ethics • Disclosures of audit committee financial expert • Accelerated reporting deadlines • Title V – Analysts Conflict of Interest • Regulation Analyst Certification (Reg AC)

  15. Sarbanes-Oxley Act of 2002 Components of the SOA - Continued • Title VI – Commission Resources and Authority • Title VII – Studies and Reports • Title VIII – Corporate and Criminal Fraud and Accountability • Title IX – White Collar Crime Penalty Enhancements • Title X – Corporate Tax Returns • Title XI – Corporate Fraud Accountability

  16. Remaining SOA Requirements • Declare the PCAOB functional (April 26, 2003) • Complete a study on principle based accounting system (July 30, 2003) • GAO to complete a study on mandatory auditor rotation (July 30, 2003) • Complete rulemaking on improper influence on conduct of audits (April 26, 2003) • Complete a study on SPE use and related financial reporting (October 7, 2004) • Complete rulemaking on management assessment of and auditor reporting on internal controls • Additional rulemaking on analyst conflicts of interest by either Commission or SROs (July 30, 2003)

  17. Other Related “To Dos” • Recognize an accounting standard setting body • Complete rulemaking on procedure for filing Section 302 and Section 906 certifications • Consider further rulemaking on professional conduct of attorneys practicing before the Commission • Complete rulemaking on mandated electronic filing and website posting for Forms 3, 4, and 5 • Consider rulemaking as necessary for disclosure on a “rapid and current basis” • Complete rulemaking on MD&A disclosure of critical accounting policies

  18. Possibilities? Rulemaking on material correcting adjustments identified by auditors

  19. Thoughts for Internal Auditors • Uniquely positioned within organizations to effect improved internal control, financial reporting and corporate governance • Possible role in compliance with Section 404 certification process • Monitor other developments from the trickle-down effect of Sarbanes-Oxley

  20. Agenda 1:00 - 1:10 Introduction & Overview of SOA areas not covered in Webcasts thus far – Dave Richards 1:10 - 1:20 SEC SOA Actions – Status Update – Greg Faucette 1:20 - 1:30 Future for External and Internal Auditors – Andy Dahle 1:30 - 1:40 Future for Others Impacted by the SOA – Jim DeLoach 1:45 - 1:50 Break 1:50 - 2:25 Questions & Answers – Panel 2:25 - 2:30 Concluding Remarks – Dave Richards

  21. Future for Externaland Internal Auditors Andrew J. Dahle, CIA, CPA, CISA, CFEPartner, Internal Audit Services PricewaterhouseCoopers

  22. Looking Ahead to Future Changes Impacting Internal Auditing

  23. Future for External Auditors • Increased focus on risks and controls • Enhanced perceived value of internal control assurance - impacts cost also • Focus on quality • PCAOB impact • COSO is being embraced by clients like never before • Enhanced respect for hard decisions

  24. Future for Internal Audit-Near Term • Expectations: The bar is rising • Resources: Cannibalization or augmentation? • Coordination: More coordination between external and internal auditor • Focus: Current swing towards financial • Objectivity: More is better • Testing: Scope requires judgment • Significance of issues: Where is the line? • Quality: Standards require

  25. Evolving Approaches to Internal Audit Involvement with SOA Certification • The top-down assurance model • The separate evaluation model • The blended model Links to Controls Maturity

  26. Potential Internal Audit Roles Review Evaluate what is there Recommend Changes and improvements Report (1) On effectiveness of changes Repair Help improve Not operate Note (1): External reporting role mandated to the external auditor

  27. Future for Internal Audit • Internal audit quality • Internal audit impact on governance • Enterprise wide risk management - optimized internal control maturity • Internal controls over non-financial measures • An integrated approach to 302 and 404 • Sustaining SOA controls assessments • Fraud risk management • Mandatory requirements for internal audit

  28. The Bar is Rising on Internal Audit Expectations

  29. Agenda 1:00 - 1:10 Introduction & Overview of SOA areas not covered in Webcasts thus far – Dave Richards 1:10 - 1:20 SEC SOA Actions – Status Update – Greg Faucette 1:20 - 1:30 Future for External and Internal Auditors – Andy Dahle 1:30 - 1:40 Future for Others Impacted by the SOA – Jim DeLoach 1:45 - 1:50 Break 1:50 - 2:25 Questions & Answers – Panel 2:25 - 2:30 Concluding Remarks – Dave Richards

  30. Future for OthersImpacted by the SOA James DeLoach Managing DirectorProtiviti

  31. What We Can Expect • SOA is here to stay • Continuation of expectations gap • More SEC rule making and new exchange listing requirements • More aggressive, less forgiving regulators • Increasingly demanding shareholder activists • Market premium for increased transparency and restoring investor confidence

  32. Trends: Senior Management • The raised bar will drive emphasis on restoring trust in the investing community • Controls more repeating, defined and managed • Improve entity-level analytics and monitoring • Emphasis on keeping disclosure process fresh • Enterprise-wide risk management builds upon disclosure controls and procedures • Renewed focus on ethical behavior and responsible business practices

  33. Trends: Board of Directors • Reevaluate independence standards and restructure board committees • Increased attention on senior management compensation and loans • Become more anticipatory and proactive • Hold more executive sessions and increase influence of independent directors • Increase focus on business risk • Increase emphasis on corporate performance • Review board and director performance

  34. Trends: Audit Committees • More aggressive and assertive • Inclusion of financial experts • Increased need for independent advisors • Pay close attention to feedback from “whistleblowers” and the complaint process • Oversee 302 and 404 compliance processes • Broadening of risk focus

  35. Trends: Unit Management • Support of and provide resources to 404 compliance • Increased accountability for effects of decisions and change on: • Internal control structure • Public reporting • Increased focus on developing more robust business plans

  36. Trends: Process Owners • Document and support control design and assume accountability for control operation • Timely follow-up on implementing control improvements • Self-assessment will become common practice • Balancing responsibility for monitoring processes at entity and process levels • Opportunity to broaden focus to compliance and operational controls

  37. Trends: External Auditors • No reward for under-scoping and risk-taking • Higher audit fees • Expect: • Less tolerance for errors, omissions and exceptions • Increased skepticism and insistence on supporting evidence • More probing questions • The unexpected • Increased emphasis on appearance of independence

  38. Agenda 1:00 - 1:10 Introduction & Overview of SOA areas not covered in Webcasts thus far – Dave Richards 1:10 - 1:20 SEC SOA Actions – Status Update – Greg Faucette 1:20 - 1:30 Future for External and Internal Auditors – Andy Dahle 1:30 - 1:40 Future for Others Impacted by the SOA – Jim DeLoach 1:45 - 1:50 Break 1:50 - 2:25 Questions & Answers – Panel 2:25 - 2:30 Concluding Remarks – Dave Richards

  39. Agenda 1:00 - 1:10 Introduction & Overview of SOA areas not covered in Webcasts thus far – Dave Richards 1:10 - 1:20 SEC SOA Actions – Status Update – Greg Faucette 1:20 - 1:30 Future for External and Internal Auditors – Andy Dahle 1:30 - 1:40 Future for Others Impacted by the SOA – Jim DeLoach 1:45 - 1:50 Break 1:50 - 2:25 Questions & Answers – Panel 2:25 - 2:30 Concluding Remarks – Dave Richards

  40. Agenda 1:00 - 1:10 Introduction & Overview of SOA areas not covered in Webcasts thus far – Dave Richards 1:10 - 1:20 SEC SOA Actions – Status Update – Greg Faucette 1:20 - 1:30 Future for External and Internal Auditors – Andy Dahle 1:30 - 1:40 Future for Others Impacted by the SOA – Jim DeLoach 1:45 - 1:50 Break 1:50 - 2:25 Questions & Answers – Panel 2:25 - 2:30 Concluding Remarks – Dave Richards

  41. Webcast Summary • Webcast #1: SOA 302 Disclosure Controls • Disclosure controls identification • Disclosure controls testing within 90 days of Certification • Disclosure committee participation • Certification process flow • Sub-certification process & need for guidance in preparing documentation to support opinion statement

  42. Webcast Summary • Webcast #2 - SOA 404 - Annual Assessment of Internal Controls • New attestation standards • FDICIA assessment process (1991) • Process for doing 404 assessment • Use of CSA as a tool for assessment supplemented by testing • Use of COSO model to serve as benchmark for control assessment

  43. Webcast Summary • Webcast #3 - External / Internal Auditors Relationship • Options for relationship • Reliance on internal audit for 404 work • Material weakness and control deficiency definitions • Impact of SOA on internal audit annual plan • Audit committee changing expectations of external and internal auditor coordination and responsibilities

  44. Webcast Summary • Webcast #4 - The Future Impacts of SOA • The need for proactive involvement by internal audit • SEC actions still pending as a result of SOA • PCAOB impact on external audit future • External providers of services partner for success • Overview of other sections of SOA where internal audit should be active

  45. Webcast Summary • Key internal audit takeaways : • Cannot sit back and wait • Need to partner with external auditors • Need to be proactive with management • Work closely with audit committee to help drive closure on issues impacting the audit committee • Lead control awareness, assessment, testing, and reporting • Stay involved in the quarterly disclosure controls assessment

  46. In Short: Internal Auditing needs to develop a strategy on how it wants to be involved in the many aspects of SO to further their efforts to add value to their organization. Opportunity is Knocking - will you answer?

  47. Thank you for your participation! Don’t miss our next Webcast series beginningMay 6, 2003

More Related