1 / 46

CAE Communications with the Audit Committee

CAE Communications with the Audit Committee. State of Oregon CAE Training Salem, Oregon November 3, 2010. Training Objectives. Assess the power of face-to-face meetings with the Audit Committee and its Chair Determine what the Audit Committee wants and needs

gwylan
Download Presentation

CAE Communications with the Audit Committee

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. CAE Communications with the Audit Committee State of Oregon CAE Training Salem, Oregon November 3, 2010

  2. Training Objectives • Assess the power of face-to-face meetings with the Audit Committee and its Chair • Determine what the Audit Committee wants and needs • Consider approaches on reporting to the Audit Committee regarding • Audit Plan • Audit Engagements • Investigations • Issue tracking • Internal Audit operations • Organizational strategy

  3. Agenda • Power of face-to-face meetings • What the Audit Committee wants and needs • Reporting on the Audit Plan • Reporting on Audit Engagements • Reporting on Investigations • Reporting on Issue Tracking • Reporting on Internal Audit Operations • Reporting that contributes to Organizational Strategy

  4. Power of Face-to-Face Meetings Unit 1

  5. Credibility • The quality, capability, or power to elicit belief • The quality of being believable or trustworthy • Given credibility: derives from external validation • Acquired credibility: earned through interaction

  6. Credibility Builders • Deliver on commitments • Present information that is meaningful, accurate, and timely • Be responsive • Be honest and transparent about capabilities

  7. Trust • Firm reliance on the integrity, ability, or character of a person or thing • Built over time by evidence and through contact • Build relationships when issues are not pressing, e.g. over lunch

  8. What the Audit Committee Wants and Needs Unit 2

  9. Audit Committee Reporting • Internal audit planning • Internal audit results • Issue tracking • Internal audit operations • Audit Committee education • Organizational strategy

  10. International Professional Practices Framework • Require board communications • 1000 Purpose, Authority, and Responsibility • 1110 Organizational Independence • 1111 Direct Interaction with the Board • 1320 Reporting on the Quality Assurance and Improvement Program • 2020 Communication and Approval • 2110 Governance • 2440 Disseminating Results

  11. Audit Charters • Samples of both audit committee and internal audit charters available from the IIA • Both include mandates requiring communications with the Audit Committee

  12. Communications Plan Example • Topic Audit observations • Mode High risk – full report Medium risk – summary Low risk – simple list • Frequency Quarterly • Dates Jan 8, Apr 8, Jul 8, Oct 8

  13. Two Questions for the AC • What do you want less of? • What do you more of?

  14. Reporting on the Audit Plan Unit 3

  15. Objectives for Reporting on Audit Planning • Informs audit committee (AC) of the risk universe as you define it • Informs the AC what you will cover • Informs the AC what you will not cover • Demonstrates how your audit plan is aligned with your risk-assessment methodology • Explains how your plan does or does not support your ability to render an opinion • Informs the AC how you will deploy resources • Measures productivity of the internal audit

  16. High Performance Business Model

  17. Roles andResponsibilities Monitoring &Communication Legal,Regulatory,Standards Strategy Enterprise RiskManagement Ethics &BusinessConduct Transparency& Reporting Governance Model

  18. Other Considerations • Focus Lists • Dynamic audit plans • Including other assurance coverage • External Auditor • Regulators • Compliance groups • Management self-assessments

  19. Small-Group Activity What are the opportunities to make the risk assessment and planning processes more robust and add more value to the enterprise? • What are the underserved needs of the audit committee and executive management? • Does your process comply with standards, e.g. Governance and Risk Management? • Do you have a definable, repeatable risk-assessment process that has been reviewed with the audit committee and executive management? • Do you develop both an unconstrained and constrained plan for audit committee review? • What other organizations are providing risk assurance work? Are they included in your plan? Should they be?

  20. Reporting on Audit Engagements Unit 4

  21. Different Approaches • All reports in full • Only significant reports • Only executive summaries • Summary of observations

  22. Considerations • What do you want the AC to focus on? • What do they want: more detail, less detail? • How much time do you have for the presentation? • How skilled are you and your writers? • How effective is the staff at writing reports that convey the messages you want to get across? • Do you rate observations or reports?

  23. Reporting on Investigations Unit 5

  24. Investigations by IA or Others • Internal audit usually gets the “Big Three” • Big people • Big money • Big issue • May be in conjunction with legal, security, procurement, IT, others

  25. Considerations • How will you separate noise from issues? • How will you report on trends that emerge? • What level of detail is the AC seeking?

  26. Typical Summaries • Number of allegations by time period or business unit • Nature of allegations, e.g. theft, conflicts of interest, ethical violations • Number open, in progress, closed • Recommended actions, e.g. letter to file, pay cut, termination, referral to police

  27. Reporting on Issue Tracking Unit 6

  28. Tracking Parameters • Aging of open issues • Reset resolution dates • Risk-rating • Risk category: strategic, reporting, operational, compliance • Processes • Business units • Geographies

  29. Audit Process Definition • The audit process begins with the timely identification of risks to an entity's strategic, reporting, operational, or compliance objectives…The audit process ends when the audit committee has accepted management actions to manage observed residual risks to within the risk appetitive of the entity.

  30. Repeat Audit Observations • Defect in the audit process • Inability to focus audit committee on management’s inattention • Residual risk in excess of the entity’s risk appetite

  31. Considerations • Invite managers with overdue open issues to the audit committee to explain delays

  32. Reporting on Internal Audit Operations Unit 7

  33. General Reporting Topics • Risk Assessment Methodology • Staffing and Staff Development • Budget • Salaries • Co-sourced resources • Training and development • Technology investment • Travel • Quality Assurance and Improvement Process

  34. Reporting that Contributes to Organizational Strategy Unit 8

  35. Audit Committee Training • Audit Committee best practices • Regulatory environment • Risk and control models • Governance and ERM

  36. Becoming More Strategic • Ensure risk assessment is aligned with the entity’s strategy • Seek ways to add value that are not focused on compliance and financial reporting • Focus on the foundation of the business model

  37. High Performance Business Model

  38. Are you focused on the right risks? • How value is destroyed in companies • Where are your audit resources focused? • PwC Advisory, An Opportunity for Transformation, 2008

  39. Small-Group Activity Where are your audit resources focused? • In your group, reach consensus on the percentage of your resources assigned to strategic, operational, financial, and compliance risk? • Identify 3 risk areas where you could be more strategic.

  40. Questions for your Chief Audit Executive • What is the criteria for establishing the annual and long-range audit plan? • What assurance do you have that you are in compliance with Standards? • Does your risk assessment include all known risks to the organization? • How do you prioritize IA efforts? • Are there areas of high priority where IA work has been deferred?

  41. Questions for your Chief Audit Executive • What is the level of respect internally for IA? • What are management’s practices for responding to IA reports? • Who in management has reviewed the risk assessment? • What risk factors do you consider in developing the audit plan? • How will you provide assurance for governance processes?

  42. Questions for your Chief Audit Executive • Has IA identified areas of serious concern relative to the corporate internal control environment? • Are there other matters that you believe should be of concern to the committee? • Putting yourself in the audit committee’s position, are there questions you believe we should ask?

  43. Questions for your Chief Audit Executive • What processes are not being assured this year due to resource constraints? • What processes have never been assured? • What are your risk-assessment and risk-based auditing methodologies? • What professional certifications do you and the staff hold, e.g. CPA, CIA, CISA? • What are the metrics to ensure the audit processes meet objectives?

  44. Questions for your Chief Audit Executive • How much resource and time does it take to publish a final audit report? • What is the process to follow with management to complete actions to resolve residual risk? • How do you track and report aged open actions? • Do you believe that management is taking risk beyond their delegation levels or in excess of the organization’s risk appetite?

  45. Implications • Audit committees are concerned about risk management and governance • Internal audit improve their standing in the enterprise with assurance and consulting activities in these areas • Developing a strategy is essential • To include communications plan for the audit committee

  46. Contact Information Jim Key, Partner Shenandoah Group, L.L.P. PO Box 1323 Beaufort, SC 29901 U.S.A jckey@hargray.com 1.843.812.6647

More Related