Achieving our potential
1 / 27

- PowerPoint PPT Presentation

  • Uploaded on

“Achieving our Potential”. IIA Northeast Florida Chapter. April 15, 2010. Rod Winters “Achieving Our Potential”. Chairman of the Board, The Institute of Internal Auditors (IIA) General Manager, Finance Operations, Microsoft Corp. Topics. “Achieving Our Potential”

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about '' - soyala

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Achieving our potential
“Achieving our Potential”

  • IIA Northeast Florida Chapter

April 15, 2010

Achieving our potential

Rod Winters

“Achieving Our Potential”

Chairman of the Board, The Institute of Internal Auditors (IIA)

General Manager, Finance Operations, Microsoft Corp


  • “Achieving Our Potential”

  • Key challenges and trends

  • Adapting the internal audit organization & plan

    • Strategies for success

  • Final thoughts on Achieving Our Potential

Achieving our potential1
“Achieving Our Potential”

  • As individual practitioners

    • Be all we can be

  • As a global institute

    • One voice

  • As a global profession

    • Pride and acknowledgement

Individual practitioner
Individual Practitioner

  • Raise expectations within our orgs

    • Audit Committees and executives

    • Our teams

    • Ourselves

  • Increase our capability and confidence

    • Drive certification, our symbol of professionalism

    • Embrace the IPPF, our roadmap to excellence

    • Increase proficiency – training, technology, methodology, benchmarking, agility

  • Strive for excellence

Global institute embrace strategic plan milestones
Global InstituteEmbrace Strategic Plan Milestones

Internal Auditing is universally recognized as a profession

  • Defines the principles of the profession and assures that the principles are available seamlessly worldwide

  • Assures adherence to professional requirements

The Global

Institute for Internal Auditors

  • Is the preferred provider in the research, development and dissemination of knowledge to advance the profession

Is seen by its members and operates as one global organization


Global profession
Global Profession

  • Raise expectations of society at large, and demonstrate that internal auditing is:

    • A fundamental pillar of a strong economy

    • A cornerstone of good governance

    • A respected, rewarding, and sought after career choice

Key challenges and trends impacting the profession
Key challenges and trends impacting the profession

Challenging times
Challenging times

  • Governance failures around the globe

  • Risk management efforts ineffective

  • Stakeholder confidence shaken

  • Legislative / regulatory response anticipated

  • Opportunity for internal audit profession to demonstrate leadership in risk management, control and governance

    • “Where were the internal auditors?”

Changing risk profiles
Changing risk profiles

  • Business risk has changed

  • Shifting focus from financial reporting controls to strategic and business risks

  • Strategic, operation, and business risk underlie 80% of the rapid declines in shareholder value

Source: PriceWaterhouseCoopers 2009

Changes in risk management
Changes in risk management


Vulnerability vs. probability

Move to continuous risk assessments, risk management competencies

Evaluate risk across the extended enterprise, incorporating counterparty and partner risks

Business continuity focus increasing


  • De-emphasize likelihood and focus on vulnerability

  • Capability to engage with leaders on strategic risk

  • Risk mitigation strategies cross organizational and political boundaries

  • Need for a flexible audit program that responds quickly to emerging risks

Globalization extended enterprise
Globalization & extended enterprise


  • Enterprises increasingly global

  • Virtual enterprises blurring organizational boundaries

  • Growth of outsourcing and off-shoring driving decentralization

  • Deep process and system integration

  • Internationalization of accounting standards (IFRS)


  • Governance and control complexity increasing

  • Compliance risks multiply with new jurisdictions

  • Political and foreign corrupt practices (FCPA) risks

  • Requires strong control system competencies

  • Cultural awareness among audit staff

Increasing automation
Increasing automation


Companies continue to look to automation as a strategy during economic downturn by gaining productivity

Technology risks will remain high, complexity increasing

Data security is a competitive advantage

Automated nature of fraud


  • Increasing IT proficiency required among audit staff – integrated auditors

  • Pre-implementation consulting on design of controls

  • Increased importance of continuous monitoring, data analysis, and fraud-detection

Talent and staffing
Talent and staffing


Generational differences in work styles and motivations

Comfort and proficiency with technology

New competencies and skills required for auditors

Global teams in multiple geographies, dispersed

Rotational staffing models on the rise


  • Flexible organization, management and development models

    • Balance professional and rotational resources

    • Virtual teams, with different work styles

    • 24/7 work environment

  • Cultural and geographical diversity

  • Business acumen and IT skills are essential

Adapting for success
Adapting for success


Being responsive to economic crisis
Being responsive to economic crisis

  • March 2009 survey shows:

    • 47% have increased coverage of operational risks

    • 48% have increased coverage of cost/expense reduction or containment

    • 35% have increased coverage of the effectiveness of risk management

    • 40% have increased coverage of their companies exposure to third parties in financial distress

Source: Audit Director Roundtable Research & Institute of Internal Auditors

Risk of not responding
Risk of not responding

  • Diminished stature of internal audit in anticipating and addressing emerging risks

    • Seen as inflexible and non-responsive to emerging risk

  • Significantly reduced credibility as a trusted governance partner and strategic asset

  • Diminished perception of value of internal audit activities and talent

  • No seat at the governance table

  • No voice in the risk management debate

Leading the ia team
Leading the IA team

  • Increase coverage without increasing staff

    • Focus on boulders not rocks

    • Leverage technology

    • Leverage management control functions for leveraged assurance

    • Challenge existing audit approach for higher impact, lower cost execution

    • Clear roles & responsibilities – avoid duplication of effort or inefficiencies

  • Continue to increase auditor competencies

    • Internal Auditor Competency Framework

  • Value quality

    • International Professional Practices Framework

    • External Quality Assessments

    • Require CIA certifications

Leverage technology
Leverage technology

  • Maximize use of technology to enhance efficiency, effectiveness, and quality

    • Knowledge management and sharing

    • Automate workpapers, risk assessment

    • Automate issue tracking and reporting

    • Leverage data mining and analysis to detect errors and test data populations

    • Technology-enabled continuous assurance to embed sustained monitoring

Increase coverage through technology enabled continuous assurance
Increase coverage through Technology Enabled Continuous Assurance









Monitoring control owned by business

Periodically reviewed by IA

Greater coverage

Less manual testing

Created as needed

Repetitive; not project based

More automated testing

Centralized process

Engaging on strategic business risks
Engaging on strategic & business risks

  • Challenge management assumptions

    • Participate in cross functional ‘what if’ discussions to reconsider risks and identify action plans

  • Advise on design of risk management and monitoring controls responsive to changing conditions and cost reductions

  • Redirect audit resources to re-assessed highest risk areas

    • Complex decision models – such as risk monitoring and valuation

    • Physical and system security in the aftermath of layoffs

    • Operational reviews in processes that MUST continue to work

    • Investment diversification policy

    • Consumer loan, credit policy

    • Liquidity management, hedging policy

    • Governance roles, responsibilities, practices

    • Extended enterprise reviews

Financial assurance is still core
Financial assurance is still core

  • Audit committee’s heightened desire for assurance on financial reporting risks

  • Evaluate management’s judgments, estimates, and forecasts

    • Basis for goodwill assets, reserves, guidance

  • Financial fraud assurance

    • Technology based population testing for key fraud indicators

    • Significant JE’s

    • Etc.

  • Anticipate changes in regulatory environment

    • Proactive assurance to AC on changing regulatory landscape

    • E.g. - upcoming changes to disclosure rules for compensation policies & executive pay

Flexible audit plan
Flexible audit plan

  • 12+ months out

  • Exploring potential projects

  • Current 6 months

  • Committed projects

  • Part of current year risk coverage plan

  • 6+ months out

  • Planning projects with stakeholders

  • Part of current year risk coverage plan

Key theme: Responsive to changing risks

Achieving our potential2
Achieving our potential

  • Demonstrate value to the business

    • Be a leader on issues of corporate governance and risk management

    • Anticipate, don’t wait to be asked

    • Be a change agent and catalyst

    • Be a trusted advisor

  • Raise stakeholder expectations of internal audit

    • Build skills, capabilities, and reputation to meet heightened expectations and more strategic role

  • Hold ourselves accountable for our own future and the future of the profession

    • Comply with the IPPF

    • Require CIA certification

    • Volunteer locally, nationally, globally

    • Advocate for the profession