1 / 14

Complementary role played by CAE and CRO towards good governance and sustainable service delivery

Complementary role played by CAE and CRO towards good governance and sustainable service delivery . Makhosandile Kwaza IMFO Audit & Risk Indaba 08 April 2013 . Agenda . Who is the CAE What is Internal Auditing Role of Internal Audit in Governance processes in terms of ISPIA

deanne
Download Presentation

Complementary role played by CAE and CRO towards good governance and sustainable service delivery

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Complementary role played by CAE and CRO towards good governance and sustainable service delivery Makhosandile Kwaza IMFO Audit & Risk Indaba 08 April 2013

  2. Agenda • Who is the CAE • What is Internal Auditing • Role of Internal Audit in Governance processes in terms of ISPIA • Role of Internal Audit in Risk Management in terms of ISPIA • Role of Internal Audit in control as required by ISPIA • Who is the CRO in terms of the COSO framework • Definition of RM in term of the COSO framework • Risk Management process in terms of the COSO framework – complementary role of the CAE and CRO

  3. Who is the Chief Audit Executive (CAE) • According to the IIA ISPIA glossary: - Top position within the organisation responsible for internal audit activities. Normally this would be internal audit director. - In the case where internal audit activities are obtained from outside service providers, the CAE is the person responsible for overseeing the service contract and the overall quality assurance of these activities, reporting to the senior management and the board regarding internal audit activities and follow-up engagement results. - The term also include such titles as general auditor, chief internal auditor and inspector general.

  4. What is Internal Auditing • Independent, objective assurance and consulting services designed to add value and improve an organization’s operations. • The internal audit activity helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the: - effectiveness of governance, - risk management, and - control processes.

  5. Standard 2110 – Governance • The internal audit activity must assess and make appropriate recommendations for improving the governance process in its accomplishment of the following objectives: • Promoting appropriate ethics and values within the organization; • Ensuring effective organizational performance management and accountability; • Communicating risk and control information to appropriate areas of the organization; and • Coordinating the activities of and communicating information among the board, external and internal auditors, and management.

  6. Standard 2120 – Risk Management • The internal audit activity must evaluate the effectiveness and contribute to the improvement of risk management processes. • Determining whether risk management processes are ffective is a judgment resulting from the internal auditor’s assessment that: • Organizational objectives support and align with the organization’s mission; • Significant risks are identified and assessed; • Appropriate risk responses are selected that align risks with the organization’s risk appetite; • Relevant risk information is captured and communicated in a timely manner across the organization, enabling staff, management, and the board to carry out their responsibilities. • Risk management processes are monitored through ongoing management activities, separate evaluations, or both.

  7. Standard 2130 – Control • The internal audit activity must assist the organization in maintaining effective controls by evaluating their effectiveness and efficiency and by promoting continuous improvement. • The internal audit activity must evaluate the adequacy and effectiveness of controls in responding to risks within the organization’s governance, operations, and information systems regarding the: • Reliability and integrity of financial and operational information; • Effectiveness and efficiency of operations; • Safeguarding of assets; and • Compliance with laws, regulations, and contracts.

  8. Who is the Chief Risk Officer (CRO) • According to COSO Integrated Framework, CRO is a centrally coordinated point within an organisation established to facilitate the enterprise risk management. • CRO works with other managers in establishing effective risk management in their areas of responsibility. • The office of the CRO is established by and under the auspices of the chief executive and therefore CRO has the resources to help effect enterprise risk management across departments, functions and activities.

  9. COSO Definition of Risk Management • Risk management is a continuous, proactive and systematic process, effected by a municipal Council, Municipal Manager, management and other personnel, • applied in strategic planning and across the organisation, designed to identify potential events that may affect the municipality, and manage risks to be within its risk tolerance, to provide reasonable assurance regarding the achievement of the municipal objectives.

  10. Risk Defined

  11. COSO Framework • COSO : Committee of Sponsoring Organisations of Treadway commission • Internal control – Integrated framework

  12. COSO in brief Internal Environment Risk Management Philosophy and Risk Appetite Objective Setting Objectives and Unit of measure Inventory of opportunities Risk Tolerance Event Identification Inventory of risks Risk Assessment Inherent risks Risk response Residual risk Risk Response Risk responses & Portfolio Control Activity Information and Communication Outputs, Indicators, Reports Monitoring

  13. THE END

More Related