slide1 n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
PwC PowerPoint Presentation
Download Presentation
PwC

Loading in 2 Seconds...

play fullscreen
1 / 33

PwC - PowerPoint PPT Presentation


  • 86 Views
  • Uploaded on

King III @ September 2009 (Anton van Wyk – anton.b.van.wyk@za.pwc.com – 011 797 5338). King III – Apply or Explain. PwC. Mississippi Company Bubble France 1720 South Sea Bubble UK 1720. Victorian Land Boom Australia 1890. Tulip Mania Holland 1637. Railroads Bubble UK 1846.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'PwC' - Olivia


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
slide1

King III @ September 2009

(Anton van Wyk – anton.b.van.wyk@za.pwc.com – 011 797 5338)

King III – Apply or Explain

PwC

slide2

Mississippi Company Bubble

France

1720

South Sea Bubble

UK

1720

Victorian Land Boom

Australia

1890

Tulip Mania

Holland

1637

Railroads Bubble

UK

1846

1800

1700

1600

Panic of 1825 import from Bank of England

Panic of 1893 extension of 1873

Depression of 1780s

established

dollar coinage

Panic of 1837 paper credit overexpands

Panic of 1857 ends Gold Rush expansion

Panic of 1873 spurs US move to gold standard

Global “Governance events” over the centuries

King III

slide3

Masterbond

1997

Mexican

Peso Crisis

1994

Ruble Crisis

Russia

1998

Argentine

Peso Crisis

2001

Regal Treasury

2001

British

Banking Crisis

UK

1990 – 92

Nordic

Banking Crisis

Sweden,

Norway, Finland

1990 - 92

ERM Exchange Rate Crisis

Sweden, Norway,

Finland, UK, Spain, Italy

1992 – 93

Asian Financial Crisis

Indonesia, Malaysia,

South Korea, Thailand

1992 - 97

Japanese Asset

Price Bubble

1985 - 89

Nokia Bubble

Sweden, Norway,

Finland

1985 - 89

International banking crisis

2008 –

Announcement of International

Stimulus Packages

2008

Brazilian

Real Crisis

1999

Housing Bubble

UK, Ireland, Spain

2006 -

Latin American

Debt Crisis

1982

Leisurnet

2000

2000

2100

1900

Mortgage Liquidity Crisis

2008 -

Credit Crisis

2008 -

S&L Crisis

1986 – 95

Stock Market Crash

1987

9/11 attack

and global

recession

2001 - 02

Gulf War

Oil Spike

1990 - 91

Panic of 1901

first NYSE crash

King I

1994

King III

2009

King II

2002

Banker’s Panic

Kricker Bocker

Trust run

1907

Ponzi’s

Scheme

1919 - 20

Dot.Com

Bubble

1995 - 2001

Long-Term Capital

Management hedge fund collapse

1998

Florida Building Bubble

1926

The Great Crash

& Depression

1929 - 39

Housing Bubble

And Subprime Crisis

2003 -

King III

recent trends
Recent trends

BC – AD

Again, huge failings in the last 2 years

Pressures emerging to sharpen risk assessment focus

Business durability, collaboration, balance & connectivity

Information required to predict the future

Internal Financial control assurance

Searching for the “right” resources

“One view – one risk aggregation” – Combined Assurance

‘Cost of compliance’

Searching for assurance value

People/stakeholders/investors thinking differently

Perverse incentive / bonus payments – rewarding failure.

King III

recent events
Recent events

Globe unprepared for the scale, speed & severity of recent crisis

Many things happening simultaneously

Existing risk models and internal audit functionality couldn’t cope with the complexity of factors impacting the chaos

Risk Governance not linking strategy, risk management & risk bearing capacity

The weak were eliminated – at huge cost

The resilient will (mostly) prevail – cash is King

Well capitalised banks survived

Stock markets worked

The future will still offer less predictable outcomes – there will be more crises, will we be better prepared.

We have though, once again shown we are one of the most resilient countries (and people) on earth.

King III

Slide 5

implications for companies boards of directors and audit committees
Implications for companies, boards of directors and audit committees
  • Scope of corporate governance framework in South Africa widened
  • Entities encouraged to tailor the Code’s principles as appropriate to the size, nature and complexity of their businesses
  • The board or those charged with governance should explain to stakeholders where a specific principle or recommendation has not been applied
big tickets from king s counsel
Big Tickets from ‘King’s Counsel’

Integrated Reporting

Assurance over the final report

Sustainability

Content assurance

The role of Internal Audit?

Combined assurance

Key integration by Internal Audit.

Strategically focussed Internal Audit

A Transformed Approach

Informing the Audit Committee

Creating better relationships

Internal Financial Control

Testing and maintenance

Internal audit’s assessment statement

Governance of Risk

Correlation of Risk Appetite and Risk Tolerance

Resilience

Fraud risk

IT Governance

Knowing this space

the governance of risk
The governance of risk

Absolute board leadership

Risk embedded within Strategy and Business Processes

Balancing Risk and Reward – taking calculated ‘smart’ risks

Assessment of cost of risk, including lost opportunities

CEO as Risk Champion

Determine the levels of risk tolerance

The risk committee or audit committee should assist the board in carrying out its risk responsibilities

Chapter 4

King III

Slide 10

the governance of risk1
The governance of risk

Management has the responsibility to design, implement and monitor the risk management plan

Risk assessments are performed on a continuous basis

Framework and methodologies are implemented to increase the possibility of anticipating unpredictable risks

Management considered and implements appropriate risk responses

Continuous risk monitoring by management

The board should receive combined assurance regarding the effectiveness of the risk management process

10 Minutes on Managing Risk ..\Risk\pwc-10minutes-managing-risk.pdf

Chapter 4

King III

Slide 11

forces of globalisation cross the spectrum of risk

Risks

Economic & financial / Energy costs, price volatility, currency fall, asset price collapse

Environmental / Climate change, weather, water, catastrophe

Geopolotocal / Globalisation retrenchment, risk governance, war, terrorism, crime

Societal / Diseases

Technological / Critical system failure or attack, nanotechnologies

Travel / Fast, flexible logistics and transport

Product demand / Responding to rising middle class

Market confluence / Finance, goods, services

Resource pressure / Food, water, energy

Communication / Inexpensive, instant, omnipresent

Globalisation factors

Forces of globalisation cross the spectrum of risk

King III

key questions for management risk
Key questions for management – Risk

Do we understand how risk appetite and tolerance is applied in our organisation?

How do we know that the biggest risk exposures to our organisation are being adequately managed?

When last did we participate in a risk assessment activity?

How often have we considered the same risk-related issue in the various management and governance meetings?

Is ICT risk actively considered in our risk management process?

Do we specifically consider compliance risk and, if so, how satisfied are we that it is effectively covered?

key questions for management risk1
Key questions for management – Risk

Are risks prioritised and ranked to focus the responses and interventions on those risks outside the board’s risk tolerance limits?

Do we have an approved annual risk management plan?

Who assures non financial risks, such as plant availability, staff capacity and competency, the impact of legislative changes on the business/organisation etc? And to which management or board committee is the assurance provided? Are we satisfied that this assurance is reliable?

Do we have a fraud risk plan to consider our fraud exposure and prevention?

Does our disclosure on the effectiveness of risk management reflect the actual position of our business/organisation?

slide15

© 2009 PricewaterhouseCoopers Inc. All rights reserved. “PricewaterhouseCoopers” refers to the network of member firms of PricewaterhouseCoopers International Limited, each of which is a separate and independent legal entity. PricewaterhouseCoopers Inc is an authorised financial services provider.

PwC

  • “A strategically positioned, competent and independent internal audit function is required to provide a written assessment of the company’s system of internal control, after having conducted a risk based internal audit. This function must have direct relationships with the audit, corporate governance and risk committees and must be strategically positioned.”
internal audit
Internal Audit

There is an effective risk based internal audit

Evaluating the company’s governance processes

Objective assessment of the effectiveness of risk management and the internal control framework

Analysing and evaluating business process and associated controls

Adhere to the IIA Standards and Code of ethics

Should follow a risk based approach to its plan

Informed by the strategy and risks of the company

Assess the company’s risks and opportunities

Chapter 7

King III

Slide 16

internal audit continues
Internal Audit - continues

Provide a written assessment of the effectiveness of the company’s system of internal controls and risk management

An integral part of the combined assurance model as internal assurance provider

Internal controls should be established not only over financial matters, but also operational, compliance and sustainability issues

Internal audit should provide a written assessment of internal controls and risk management to the board

Written assessment of internal financial controls to the audit committee

The audit committee should be responsible for the oversight of internal audit

Subjected to an independent quality review

Should be strategically positioned to achieve its objectives

The CAE should have standing invitation to attend executive committee meetings

Internal audit function should be appropriately resourced and have sufficient budget allocated to the function

Skilled and resourced as is appropriate for the complexity and volume of risk and assurance needs

The CAE should develop and maintain a quality assurance and improvement programme

Written assessment of internal financial controls made available to the audit committee

King III

Slide 17

slide18

Here are highlights of what the respondents to the PwC ‘State of the Profession’ 2009 survey, had to say about internal audit budgets and resources:

  • 19% reported budget reductions in 2008 compared with 10% in 2007.
  • 49% expect budgets to remain flat and 36% expect a decrease in the coming year, compared with projections of 49% and 14%, respectively, in the prior year’s survey.
  • 51% of Fortune 500 respondents believe that there is a medium-to-high risk of the economic downturn causing an unexpected reduction in the internal audit budget during 2009.

King III

risk based internal audit

Stakeholder Value Based Approach

“Top-down” approach where coverage is driven by issues that directly impact stakeholder value, with clear and explicit linkage to strategic issues of the organisation.

Identify Stakeholder Value Creating Activities

Understanding Enterprise Risks (Strategic, Financial, Operations, Compliance)

Evaluate Impact to Stakeholder Value

Audit plan

Traditional Approach

Traditional “bottom-up” approach based on stakeholder interviews and analysis. Focus is on coverage of identified risk areas, geography and business operations.

Evaluate Impact of Risks within Audit Universe

Identify Risks (Financial Operations, Compliance)

Define Audit Universe (e.g., geography, business unit, etc.)

Risk based Internal Audit
composition of auditing activities

Financial

57 %

21 %

Operational

53 %

34 %

Compliance

33 %

30 %

Information Technology

31 %

36 %

Strategic / Business

Consulting

13 %

9 %

38 %

28 %

Percentage of internal audit departments that contribute 25 % or more of their resources to key categories of risks

Percentage of internal audit departments that increased coverage in each area during 2008

Composition of auditing activities

King III

stakeholders perspectives on the future of internal audit
Stakeholders’ perspectives on the future of Internal Audit

Internal Audit focus should evolve to align with emerging/changing risks

Internal Audit should balance its focus on all key elements in the risk domain

The portfolio of stakeholders will expand to include business unit management and other key executives, as well as other committees of the Board

Internal Audit should enhance its understanding of (and focus on) risk management in general and ERM in particular. Internal Audit should become a key source of insight on the risks facing the organisation.

Internal Audit needs to enhance its communications with management and the Board. Communications need to become more impactful and timely.

Internal Audit management and staff need to develop greater business knowledge and enhance IT skills

  • A heightened focus on the cost of IA versus the value added
  • IA will be expected to deliver a written assessment on the adequacy
  • of the entire system of internal control
  • IA will be expected to become a strategic partner to the Board

King III

implications for companies boards of directors and audit committees1

Risk-based internal audit

Implications for companies, boards of directors and audit committees
  • Internal audit planning and approach should be risk-based rather than compliance-based
  • A CAE of appropriate stature, who has the respect and cooperation of the board and management, should be appointed
  • Internal audit reporting lines to be evaluated – internal audit should report at a level in the company that allows it to remain independent and objective to ensure it fully achieves its responsibilities
  • CAE invited to attend company’s executive committee
key questions for management internal audit
Key questions for management – Internal Audit
  • Is internal audit aligned to strategy and does its plan focus on areas that are most likely to impact stakeholder value?
  • Is internal audit effective and frequent enough in its communications with the audit committee and us?
  • When last was an objective assessment as to whether internal audit has the appropriate level of technical and analytical skills required to address the industry risk and risk requirements of your business?
  • Is our internal audit function poised to lead a combined assurance initiative? Is there sufficient assurance of our ethics and risk management programmes?
  • Does internal audit utilise technology in its processes and use existing systems and data effectively in the performance of its work?
  • What were our most recent loss events and what comfort did internal audit provide us with on these?
  • How does our internal audit function compare against its peers in benchmark studies?
  • Is our Chief Audit Executive subjected to a robust annual assessment based on key attributes relevant to our business?
  • What is our true absorbed cost of internal audit?
  • Is our internal audit agile enough to address emerging business issues?
the practical application of king iii
The practical application of King III

‘Exotics’

  • ‘Boards and directors, acting in the best interests of the company, form the focal point of corporate governance’
observation on the impact of internal financial control
Observation on the Impact of Internal Financial Control
  • It is worth noting that Sarbanes-Oxley legislation established a new paradigm for corporate accountability. Responsibilities of the audit committee, CEO and CFO were clearly established at higher levels than in the past. It created a new standard for companies regarding the reporting of internal control effectiveness and has raised the bar for the design, documentation, and operation of financial internal control.

Good internal control will ensure sustained business development!

typical internal financial control project approach
Typical Internal Financial Control Project Approach

Continuous Improvement

Management

Internal Auditor

Document

and

Evaluate

Control Design

Test

Operating

Effective-

ness

Prepare

Report on

Internal

Control

and embed

through

Training &

accountability

Initiate Project

And

Assess Risk

Remediate

Monitor

and

Report

Project Management Support

audit committee expectations of internal audit function
Audit committee expectations of internal audit function

Internal audit required to

Identify risks to financial reporting

Evaluate whether financial controls exist to address the risks identified

Evaluate design, implementation and operation of identified controls

Document the review in a comprehensive manner to support its conclusions

Adequate skilled resources in internal audit function

The changing role of the audit committee

Slide 27

key questions for management internal financial control
Key questions for management – Internal Financial Control

Is there a control framework (e.g. COSO) governing financial reporting in the organisation?

Have we identified and documented all probable risks to fair presentation in the financial statements and disclosures? (Fair presentation implies that the numbers and disclosures are not materially misstated).

Are there controls in place to address these risks and are they adequately designed to prevent or detect material misstatements in the financial statements and disclosures?

Do the controls identified operate as they are supposed to and are they appropriately evidenced?

Have we examined or tested the controls identified above to ensure that our report to the audit committee is accurate and complete?

Have we appropriately evidenced our assessment?

Is a process in place to ensure that the framework remains relevant over time?

combined assurance what is combined assurance
Combined assuranceWhat is combined assurance?

A coordinated approach to all assurance activities

to ensure that assurance provided by

  • management;
  • internal assurance providers (such as internal audit); and
  • external assurance providers (such as external audit or sustainability assurance providers)

adequately addresses significant risks facing the company and that

suitable controls exist to mitigate and reduce these risks

“Integrating and aligning assurance processes in an organisation to maximise risk and governance oversight and control efficiencies, and optimise overall assurance to the Audit and Risk Committee, considering the organisation’s risk appetite”

implications for audit committees

Combined assurance

Implications for audit committees
  • Audit committees are able to assess significant risks facing the company with information to hand
  • Assessment to be made of in-house skills and qualifications and track record of external service providers
  • Audit committees to coordinate the utilisation of appropriate assurance providers in the assurance model (management, internal or external assurance providers) to provide assurance on the identified risks
  • May result in the increased utilisation of external assurance providers
slide33
Internal Audit’s journey

INTEGRATED REPORT

ACCOUNTABILITY

CORPORATE

CULTURE

COMPLIANCE

REQUIREMENTS

ETHICS

LEGAL

CONDUCT

REGULATORY

POLICY

AUTHORITIES

Corporate Governance Framework

COMBINED ASSURANCE

RISK

MANAGEMENT

FINANCIAL

SOCIAL &

ETHICAL

ENVIRON-

MENTAL

INTERNAL

CONTROLS

OPERATIONS

PEOPLE

SYSTEMS

PROCESS

STRATEGY

STRUCTURE

PERFORMANCE

MEASUREMENT

PURPOSE

VALUES

GOALS