1 / 15

Semi-Annual Audit, Compliance, and Enterprise Risk Management Update

Semi-Annual Audit, Compliance, and Enterprise Risk Management Update. Steve Byone Chief Financial Officer. Audit Update. Audit Update – August 2007. The Internal audit department has started working on the 2008 audit plan and program

raquel
Download Presentation

Semi-Annual Audit, Compliance, and Enterprise Risk Management Update

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Semi-Annual Audit, Compliance, and Enterprise Risk Management Update Steve Byone Chief Financial Officer Board of Directors Meeting

  2. Audit Update Board of Directors Meeting

  3. Audit Update – August 2007 • The Internal audit department has started working on the 2008 audit plan and program • When warranted the program is augmented by external resources (i.e. IBM for Nodal) • External audits and reviews are also conducted • Financial audit • SAS 70 Type II • Benefit program audit • Security and other reviews • Management’s formalized program to monitor audit findings and remediation plans is ongoing • Subset of Internal Control Management Program (ICMP) Board of Directors Meeting

  4. Nodal Audits performed and completed in 2007 Legend - Report Rating Board of Directors Meeting

  5. Additional Nodal Audits Planned for 2007 • Nodal Accounting • In Progress • To include allocation of support for Nodal vs. Zonal • Nodal Contractor and Vendor Billings • In Progress • Just getting started • Nodal Program Management Office • Not yet started • Targeted review of nodal program cost reporting • Planned for Q4 2007 Board of Directors Meeting

  6. Recent Audits Completed External Internal Board of Directors Meeting

  7. August 2007 Recently Completed, Open and Planned Audits • Audits Completed • (last 3 months) • Internal Audits • PMO (Non-Nodal) • Contract Audit of 21st Century • Nodal Timetracking • Nodal Delegation of Authority • Employee Background/ Reference Checks & Drug Screens (Targeted Review) • Nodal Procurement • External Audits • 2006 Final MPP • Texas Nodal Program Controls - Review #3 (IBM-managed by IAD) • Open Audits • Internal Audits • Nodal Acctg./Allocation • Nodal Vendor Billings • Cash & Investments • QSE Credit • Contractor Background/ Reference Checks & Drug Screens • External Audits • 2007 SAS70 (PwC) • 2007 401K Audit (Maxwell, Locke & Ritter) • Texas Nodal Program Controls – Review #4 (Managed by IAD) • Planned Audits • (next 3 months) • Internal Audits • Nodal PMO (Targeted Review) • Congestion Mgmt./TCRs • Disaster Recovery Plan • Ethics Agreement Reaffirmation • Protocol/Market Guide Approvals/Revisions • Debt Financing • External Audits • Texas Nodal Program Controls – Review #5 - IBM (Managed by IAD) • * NOTE: Conducted by internal resources other than Internal Audit Board of Directors Meeting

  8. Audit Update – August 2007 Status of Open Audit Points Board of Directors Meeting

  9. Compliance Update Board of Directors Meeting

  10. Management Compliance “Self Assessment” • Management conducts regular “self assessments” of compliance • applicable laws • regulations & protocols • contractual obligations • disclosure mandates • etc. • For each requirement, an assessment is made of whether the area is in compliance, ‘substantially compliant’*, or not in compliance with any ‘non-yes’ answer requiring further explanation. • Each ERCOT Officer has completed a signed attestation as to the status of Compliance Requirements within their respective organizations • For each requirement, an assessment is made of whether the area is in compliance, ‘substantially compliant’*, or not in compliance with any ‘non-yes’ answer requiring further explanation. * Substantially Compliant means compliance with essential requirements of a statutory provision, standard, policy or procedure as may be sufficient for the accomplishment of the purpose thereof.  As such, there may be an accidental mistake or a good business reason for a minor modification or deviation from the statutory provision, standard, policy or procedure, but that does not affect that substantial compliance has been met of the statutory provision, standard, policy or procedure. Board of Directors Meeting

  11. Management Compliance – Status Update • Details regarding areas deemed ‘substantially in compliance’ are included in your Executive Session materials. Board of Directors Meeting

  12. Management Compliance – Next Steps • Continue to address ‘Substantially Compliant’ items to move to ‘Full Compliance’ in all areas • Progress report to F&A in November 2007 • Continue quarterly signed Management Attestation as to the accuracy of the Compliance Certification Report • Next semi-annual review of compliance results with the Board of Directors in February 2008 Board of Directors Meeting

  13. Enterprise Risk Management Update Board of Directors Meeting

  14. Enterprise Risk Management Update • ERCOT formalized its ERM program in 2005 • Management reviews key enterprise risks on a monthly basis • Changes in management assessment of a key risk are reported to the Finance & Audit Committee monthly • Governance structure calls for a Board of Directors update semi-annually Board of Directors Meeting

  15. August 2007 Risk Inventory “Stoplight” Report Board of Directors Meeting

More Related