Performing governance assessments
This presentation is the property of its rightful owner.
Sponsored Links
1 / 20

Performing Governance Assessments PowerPoint PPT Presentation


  • 145 Views
  • Uploaded on
  • Presentation posted in: General

Performing Governance Assessments. Myrk Harkins CIA, CBM. Agenda. Who Is Myrk Harkins? A little about the Southern Company Risk Based Auditing Governance Model. Myrk Harkins. Director of Internal Auditing West Bachelor of Science Civil Engineering

Download Presentation

Performing Governance Assessments

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Performing governance assessments

Performing Governance Assessments

Myrk Harkins CIA, CBM


Agenda

Agenda

  • Who Is Myrk Harkins?

  • A little about the Southern Company

  • Risk Based Auditing

  • Governance Model


Myrk harkins

Myrk Harkins

  • Director of Internal Auditing West

  • Bachelor of Science Civil Engineering

  • Certified Internal Auditor & Certified Business Manager

  • 33 Years Experience with Southern Company

    • Power Plant Construction

    • Plant Operations and Maintenance

    • 10 Years Internal Auditing


The southern company

The Southern Company

  • 4.3 Million Customers

  • Alabama Power, Georgia Power, Mississippi Power, Gulf Power, Southern Power & Southern Link

  • 42,000 MW of Generation (1 MW = 600 Homes)

  • Revenue of $14.3 Billion

  • Net Income of $1.6 Billion


Southern company internal auditing

Southern Company Internal Auditing

We are a Risked Based Audit

Organization


Sample company enterprise risk management

Likelihood

Scope of Control

Sample CompanyEnterprise Risk Management

Risk Placement Guidelines:

Place risk here if…:

$$$

RED…focused management attention is required

Current Level of Residual Risk

YELLOW…on-going active monitoring by management is required

Materiality of Impact

Qualitative estimate of the potential risk’s impact on the specific function/entity

GREEN…current management action is sufficient

$


2007 sample company risk profile

2007 Sample Company Risk profile

$$$

Environmental

legislation or

regulation

Loss of constructive state regulatory environment

10

4

Nuclear

1

Governance failure

3

2

11

6

Exposure to fuel price/availability

Strategy selection and implementation

Change in federal regulatory or legislative policy

Execution of the financial plan

7

5

Materiality

of impact

8

Workforce issues

Catastrophic business interruption

9

Deterioration of corporate image

$

Likelihood


2007 sample company fraud risk profile

2007 Sample Company Fraud risk profile

Inappropriate Capitalization of Expenses

4

False Compliance Reporting (EPA, OSHA, FERC, etc.

1

Political (Bribery of Public Officials, Illegal Contributions)

2

3

Improper Use of Estimates and Judgments

Strategy selection and implementation

6

Competitive Practices (Unfair Competition – Antitrust, Violation of Territorial Service Agreements, Wholesale Competition)

7

Inappropriate Executive Compensation

Materiality

of impact

8

Intentional Mistreatment of Affiliate Transactions

5

Vendor Fraud (Bid Rigging, Kickbacks, etc.

9

Employee Fraud/Misappropriation of Assets

$

Likelihood


Audit planning process

Audit Planning Process

SOCO Risk Profile

Annual

Residual

Risk

Assessment

Engagement

Risk

Assessment

Audit

Fraud Risks

Engagement

Risk

Assessment

Annual

Audit Plan

Audit

Executive Input

IA Staff Input

Audit

Engagement

Risk

Assessment


Coso southern company s control framework

COSO Southern Company’s Control Framework


Understanding governance

Understanding Governance

What is Governance

Governance is composed of the key business processes utilized by representatives of an organizations stakeholders (e.g. Shareholders (BOD), management, etc.) to optimize value by providing reasonable assurance that an entity achieves it business objectives.

SOCO ERM Program broadly defines governance as those business processes, internal controls, decision tools, oversight structures and corporate culture elements (Southern Style) that reasonably ensure achievement of the Company’s goals and objectives.

(ERM at SOCO = Our Methodology for Managing the Business)


A simplified approach to governance company functional activity business unit etc

A Simplified Approach to Governance(Company, Functional Activity, Business Unit, etc.)

  • Everything Starts with Business Objectives

  • Identify and Evaluate Significant Risks (Anything that could prevent achievement of business objectives)

  • Business Processes (Internal Controls & Governance Processes) to Reasonably Ensure Achievement of Business Objectives

  • Assurance (Monitoring Level of Achievement and Reporting)


Performing governance assessments

Business Objectives

Risk Assesment

Assurance

Business Processes

A Simplified Approach to Governance

Tone at the Top

Information

Communication

Information

Communication

Information

Communication

Information

Communication


Performing governance assessments

Objective Setting

“What are you trying to accomplish”

  • Strategic

  • Operational

  • Reporting

  • Compliance

  • Mission,

  • Purpose

  • Strategic Direction & Business Plan

  • Goals


Performing governance assessments

Internal Environment

“Tone at the Top”

  • Risk Appetite

  • Management Commitment

  • Ethics

  • Competence

  • Responsibilities and Accountability


Performing governance assessments

Risk Assessment Process

“What is going to keep you from your goals”

  • Identification

  • Assessment

  • Response


Performing governance assessments

  • Business Processes

    • Control Activities

      • Company Policies

      • Procedures / Guidelines

      • Internal Controls

    • Information and Communication

      • Appropriate

      • Availability

      • Accurate / Complete

      • Timely


Assurance monitoring

Assurance“Monitoring”

  • Ongoing Activities

    • Supervision

    • Performance Measurement & Reporting

  • Assessment Processes

    • Self

    • Corp. Oversight (Internal Auditing)

    • Independent

  • Reporting Deficiencies

    • Follow Up & Corrective Actions


Practical application

Practical Application

  • Any Audit or Consulting Project


Questions comments

Questions & Comments

Myrk Harkins ([email protected])

Phone – (205-257-2135)


  • Login