1 / 40

GOJ Audit Commission Conference 2013

GOJ Audit Commission Conference 2013. “RECALIBRATING YOUR AUDIT COMMITTEE: PERFORMANCE AT THE NEXT LEVEL” Tuesday, October 15, 2013 Registration 8:30am JAMAICA CONFERENCE CENTRE TOPIC : “ Audit Committees Blueprint to Monitoring IA’s Performance”

ulrich
Download Presentation

GOJ Audit Commission Conference 2013

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. GOJ Audit Commission Conference 2013 “RECALIBRATING YOUR AUDIT COMMITTEE: PERFORMANCE AT THE NEXT LEVEL” Tuesday, October 15, 2013 Registration 8:30am JAMAICA CONFERENCE CENTRE TOPIC : “Audit Committees Blueprint to Monitoring IA’s Performance” PRESENTED BY : Collin A. A. Greenland, B.Sc., MBA, FJIM, CFSA, CFE, CFC.

  2. To offer members of audit committees an overview and insights into audit committees’ leading practices that can be used as a “blueprint” in meeting, and even exceeding the expectations of organisational stakeholders.

  3. SOURCE :“BLUEPRINT FOR AUDIT COMMITTEE EFFECTIVENESS : WHAT REALLY WORKS!” 4th Edition Item No. : 5000 ISBN : 978-0-89413-792-1 Publisher : The IIA Research Foundation Publish Date : June 2011 Authors : PricewaterhouseCoopers: • Catherine L. Bromilow, CPA, • Donald P. Keller, CPA

  4. CONTENTS OF PRESENTATION • BLUEPRINT FOR AUDIT COMMITTEE EFFECTIVENESS : WHAT REALLY WORKS! a. Financial Reporting & Disclosure b. Risk Management & Internal Control c. Culture & Compliance d. Oversight of Management & Internal Audit e. Relationship With External Auditors f. Financial Statement Errors & Fraud Investigations g. Composition of Committee h. Meetings i. Charter, Evaluations, Training, Resources. • 20 QUESTIONS DIRECTORS SHOULD ASK INTERNAL AUDIT. • THE BROKEN TRIANGLE – Improving The Relationship Between Internal Audit, Management, and the Audit Committee.

  5. BLUEPRINT FOR AUDIT COMMITTEE EFFECTIVENESS : WHAT REALLY WORKS! a. FINANCIAL REPORTING & DISCLOSURE • Financial reporting disclosure requirements have been steadily increasing for a number of years, in tandem with the complexity of accounting standards. • Regulators and financial statement users continue to press companies for more information and to get that information sooner. This environment makes the audit committee’s responsibility to oversee the company’s financial reporting more difficult. • The committee therefore must be aware of the financial reporting risks to focus its attention appropriately and cannot lose sight of the need to maintain its skepticism. The audit committee audit therefore must understand and monitor the company’s financial reporting.

  6. BLUEPRINT FOR AUDIT COMMITTEE EFFECTIVENESS : WHAT REALLY WORKS! (contd.) • RISK MANAGEMENT & INTERNAL CONTROL • The board and audit committee should ensure that the organisation is addressing risk appropriately. • One of the difficulties facing the audit committee is clearly defining its risk responsibility relative to that of the entire board. • While the company’s system of internal control is designed to help mitigate risk, the audit committee focuses particularly on controls relating to financial reporting, fraud, and compliance. • Audit Committees must understand the risks that most likely fall within its scope and how to monitor whether the company is addressing those risks appropriately.

  7. BLUEPRINT FOR AUDIT COMMITTEE EFFECTIVENESS : WHAT REALLY WORKS! (contd.) • CULTURE & COMPLIANCE • The company’s culture and code of conduct are critical factors in creating an environment that encourages compliance with laws and regulations. • The audit committee must recognize how critical the right tone at the top of the company is and ensure what it’s hearing in the boardroom is what employees are hearing throughout the company. • The audit committee must understand what elements compliance programs should have to promote proper conduct and behavior throughout the company.

  8. BLUEPRINT FOR AUDIT COMMITTEE EFFECTIVENESS : WHAT REALLY WORKS! (contd.) . d. OVERSIGHT OF MANAGEMENT & INTERNAL AUDIT • The audit committee needs to oversee management while taking care not to step into management’s role. • Establishing an effective relationship with management is essential — it allows the committee to effectively monitor the company’s financial reporting practices and evaluate management’s competence. • Similarly, the committee relies heavily on internal audit to provide an objective view on how the company is handling a number of key risks, including those relating to financial reporting and compliance. • Effective relationships must be built and maintained with both management and internal audit (See Broken Triangle below).

  9. BLUEPRINT FOR AUDIT COMMITTEE EFFECTIVENESS : WHAT REALLY WORKS! (contd.) . • RELATIONSHIP WITH EXTERNAL AUDITORS • The audit committee has to select the right external auditors to conduct a quality audit. • As part of executing their audit plan, the external auditors provide the audit committee with assurance regarding the company’s financial reporting. • Additionally, external auditors are in a unique position to provide unfiltered and unbiased feedback to the committee about management and the organization's processes. • The Audit committee must effectively appoint and evaluate and auditors and to develop and maximize the value of external audit relationships.

  10. BLUEPRINT FOR AUDIT COMMITTEE EFFECTIVENESS : WHAT REALLY WORKS! (contd.) • FINANCIAL STATEMENT ERRORS & FRAUD INVESTIGATIONS • At times, breakdowns in financial reporting processes lead to potential errors in previously issued financial statements. Management and the audit committee have to assess whether an error is material and, if it is, take steps to resolve the situation. • The situation can become more complex if the error results from fraud and in such cases, the committee may have to oversee an investigation. • The committee must consider when therefore any possible restatement is necessary or when they must oversee an investigation.

  11. BLUEPRINT FOR AUDIT COMMITTEE EFFECTIVENESS : WHAT REALLY WORKS! (contd.) g. COMPOSITION OF COMMITTEE • Composition and leadership are critical in supporting the audit committee’s ability to carry out its responsibilities effectively. • The committee needs the right combination of skills and experience. • It also needs a chair with the knowledge and commitment to drive the committee’s work. • The considerations for selecting committee members and the chair and for determining how large the committee are the Roles of the Audit Commission as per the FAA Act. • .

  12. BLUEPRINT FOR AUDIT COMMITTEE EFFECTIVENESS : WHAT REALLY WORKS! (contd.) h. MEETINGS • To ensure committee meetings run well, the committee needs to have the right agenda and receive the right materials beforehand. • The attendees, and how they interact with committee members, also influence the success of meetings. • Given how many responsibilities the committee has, it needs to ensure it is meeting often enough and at the right points during the year. • The audit committee must create an effective meeting environment, allowing the members to engage in meaningful discussion and make the most of private sessions.

  13. BLUEPRINT FOR AUDIT COMMITTEE EFFECTIVENESS : WHAT REALLY WORKS! (contd.) i. CHARTER, EVALUATIONS, TRAINING, RESOURCES • The charter documents the audit committee’s purpose, roles, and responsibilities. It helps distinguish the committee’s responsibilities from those of the full board of directors. • An audit committee that periodically evaluates its performance will be able to identify ways to improve its effectiveness. • Orientation training for new members and ongoing development for all members are essential, particularly given the velocity of changes to financial reporting and governance standards. • The audit committee’s must develop / comply with its charter, develop effective methods to assess its performance, and ways to meet its training objectives.

  14. 20 QUESTIONS DIRECTORS SHOULD ASK INTERNAL AUDIT. SOURCE : Publication titled “20 Questions Directors Should Ask about Internal Audit” Authors : John Fraser, CA, CIA, CISA Hugh Lindsay, FCA, CIP ISBN 1-55385-092-0 IN CONJUNCTION WITH :

  15. 20 QUESTIONS DIRECTORS SHOULD ASK INTERNAL AUDIT (contd.). The questions in this briefing are designed to help directors understand the contribution of Internal Audit and to provide guidance to Audit Committee members on what to ask their Chief Audit Executives. With each question there are some recommended best practices offered as answers. • SHOULD WE HAVE AN INTERNAL AUDIT FUNCTION? Recommended practices: In organizations that have no internal audit function the Audit Committee periodically requests from management a review of the need for an internal audit function and, on the basis of this review, determines whether such a function should be instituted.

  16. 20 QUESTIONS DIRECTORS SHOULD ASK INTERNAL AUDIT (contd.). The Audit Committee may consider contracting outside assistance to review the need for an internal audit function if the Committee is concerned that management may not have the objectivity or qualifications to conduct the review. 2. WHAT SHOULD OUR INTERNAL AUDIT FUNCTION DO? Recommended practices: The Chief Audit Executive, in consultation with senior management and the Audit Committee, establishes the scope of activities of the internal audit function. The process takes into account the cost justification of each element of audit activity. The role of Internal Audit is formally defined in a written Internal Audit Charter (See Question 3) and the audit activities are set out in the annual audit plan (Question 9). The Audit Committee approves the Internal Audit Charter periodically and the Audit Plan annually.

  17. 20 QUESTIONS DIRECTORS SHOULD ASK INTERNAL AUDIT (contd.). • WHAT SHOULD BE THE MANDATE OF THE INTERNAL AUDIT FUNCTION? Recommended practices: The mandate of the internal audit function is set out in a written charter that is compatible with the charter of the Audit Committee and consistent with the Standards of the Institute of Internal Auditors. • WHAT IS THE RELATIONSHIP BETWEEN INTERNAL AUDIT AND THE AUDIT COMMITTEE? (See Broken Triangle below) 5. TO WHOM DOES INTERNAL AUDIT REPORT ADMINISTRATIVELY? Recommended practices: The internal audit function reports administratively to the CEO or other senior executive and has a functional reporting relationship to the Audit Committee to ensure objectivity in the planning and execution of internal audit work.

  18. 20 QUESTIONS DIRECTORS SHOULD ASK INTERNAL AUDIT (contd.). • HOW IS THE INTERNAL AUDIT FUNCTION STAFFED? Recommended practices: The staffing of the internal audit function is based on the number of skilled individuals required to cover the activities identified in the approved audit plan. The Chief Audit Executive, in consultation with senior management and the Audit Committee determines the most cost-effective mix of in-house and outsourced internal audit staffing. The size of the internal audit function is benchmarked against similar organizations. The Audit Committee reviews and assesses the appropriateness and expertise of the resources as part of the annual audit plan. Where material, the Audit Committee reviews and approves the appointment of outsourced audit firms and subsequently monitors the effectiveness of this arrangement. • HOW DOES INTERNAL AUDIT GET AND MAINTAIN THE EXPERTISE IT NEEDS TO CONDUCT ITS ASSIGNMENTS? Recommended practices: The qualifications of internal auditors are established and included in job descriptions and postings, recruits only people with appropriate qualifications and/or experience in auditing, accounting, information technology, organizational analysis, industry knowledge, etc.

  19. 20 QUESTIONS DIRECTORS SHOULD ASK INTERNAL AUDIT (contd.). • ARE THE ACTIVITIES OF INTERNAL AUDIT APPROPRIATELY COORDINATED WITH THOSE OF THE EXTERNAL AUDITORS? Recommended practices: As far as possible, the presentations of audit plans are developed and coordinated to help the Audit Committee members understand their combined scope. The Audit Committee reviews the plans of the external and internal auditors and questions any situations where areas are apparently not covered or duplicated. 9. HOW IS THE INTERNAL AUDIT PLAN DEVELOPED? Recommended practices: The Chief Audit Executive prepares an annual audit plan based on a comprehensive review and analysis of the organization’s business activities and associated risks. Where an enterprise risk management process is already in place, this will provide a critical basis for developing an audit plan aligned with corporate priorities.

  20. 20 QUESTIONS DIRECTORS SHOULD ASK INTERNAL AUDIT (contd.). • WHAT DOES THE INTERNAL AUDIT PLAN NOT COVER? Recommended practices: The Internal Audit plan includes a list of those areas of risk that ranked just below those selected for inclusion in the audit plan. This enables the Audit Committee to assess what risks management and the committee will accept by excluding them from the plan. 11. HOW ARE INTERNAL AUDIT FINDINGS REPORTED? Recommended practices: Audit reports, as historical records of audit work and findings, are in writing and include the scope and objectives of the audit, the findings and recommendations for improving control.

  21. 20 QUESTIONS DIRECTORS SHOULD ASK INTERNAL AUDIT (contd.). 12. HOW ARE CORPORATE MANAGERS REQUIRED TO RESPOND TO INTERNAL AUDIT FINDINGS AND RECOMMENDATIONS? Recommended practices: Line management is required to review all audit findings and provide action plans and dates for implementation before or soon after the audit report is issued. Where management recommends that no action be taken, the decision to accept the related risk is approved at the appropriate level. Management accepts responsibility for monitoring corrective action on weaknesses reported by Internal Audit. 13. WHAT SERVICES DOES INTERNAL AUDIT PROVIDE IN CONNECTION WITH FRAUD? Recommended practices: Internal Audit includes fraud as a risk to be evaluated and included in the audit plan. The organization should have a system for investigating activities that appear to be fraudulent and should be expressed in a fraud policy.Theprocess involves individuals with legal and human resources expertise to ensure that individual rights to privacy are respected and that the investigation will support prosecution by the police and law courts.

  22. 20 QUESTIONS DIRECTORS SHOULD ASK INTERNAL AUDIT (contd.). • HOW DO YOU ASSESS THE EFFECTIVENESS OF YOUR INTERNAL AUDIT FUNCTION? Recommended practices: The Chief Audit Executive develops performance measures for the internal audit function and agrees them with the Audit Committee. Examples of measurement techniques include: customer satisfaction surveys, post audit debriefing and internal quality assurance reviews. • DOES INTERNAL AUDIT HAVE SUFFICIENT RESOURCES? Chief Audit Executives who answer “no” must be prepared to provide the Audit Committee with a comprehensive analysis of the situation including the steps they have taken to resolve the problems with management. 16. DOES THE INTERNAL AUDIT FUNCTION GET APPROPRIATE SUPPORT FROM THE CEO AND SENIOR MANAGEMENT TEAM? See Broken Triangle Below

  23. 20 QUESTIONS DIRECTORS SHOULD ASK INTERNAL AUDIT (contd.). 17. ARE YOU SATISFIED THAT THIS ORGANIZATION HAS ADEQUATE INTERNAL CONTROLS OVER ITS MAJOR RISKS? In preparing to report its conclusions to the Board the Committee should seek information and opinions from a range of sources including the CEO, Chief Risk Officer and Chief Legal Officer as well as the external auditors and Chief Audit Executive. • ARE THERE ANY OTHER MATTERS THAT YOU WISH TO BRING TO THE AUDIT COMMITTEE’S ATTENTION? See Broken Triangle below. 19. ARE THERE OTHER WAYS IN WHICH INTERNAL AUDIT AND THE AUDIT COMMITTEE COULD SUPPORT EACH OTHER? See Broken Triangle below.

  24. 20 QUESTIONS DIRECTORS SHOULD ASK INTERNAL AUDIT (contd.). 20. ARE WE (THE AUDIT COMMITTEE) SATISFIED WITH OUR INTERNAL AUDIT FUNCTION? The following are some additional questions that Audit Committee members could ask themselves or use in a discussion following their meetings with the CEO, Chief Audit Executive and External Auditors: • How well does the Chief Audit Executive respond to probing by the Audit Committee? • How well respected is the Chief Audit Executive by senior management and how healthy is the tension between them? • How well respected is the Chief Audit Executive by the external auditors and how healthy is the tension between them?

  25. 20 QUESTIONS DIRECTORS SHOULD ASK INTERNAL AUDIT (contd.). 20. ARE WE (THE AUDIT COMMITTEE) SATISFIED WITH OUR INTERNAL AUDIT FUNCTION? • How often do we get surprises where something that the Internal Audit has audited subsequently reveals control problems that were not identified by their reports? • Does the Chief Audit Executive provide adequate assurance in areas requested by the Audit Committee? • Is the Chief Audit Executive respected within the auditing profession? (Examples would be as a frequent speaker,writing articles, industry organizations, etc.).

  26. THE BROKEN TRIANGLE :IMPROVING THE RELATIONSHIP BETWEEN INTERNAL AUDIT, MANAGEMENT, AND THE AUDIT COMMITTEE. According to Hani Mounir Khoury from Deloitte Touche Tohmatsu, The disconnect between internal audit, executive management, and the audit committee is nothing new. The broken triangle has existed for decades at many organizations, with varying degrees of severity. But dysfunction that was deemed tolerable in the ’80s, ’90s, and ’00s is unacceptable today. The stakes — both personal and corporate — have been ratcheted to a new level. Regulators, analysts, stakeholders, and even litigators all have a keen interest in how well this corporate trio, so essential to good governance and effective risk management, works together to protect and propel the organization.

  27. THE BROKEN TRIANGLE :IMPROVING THE RELATIONSHIP BETWEEN INTERNAL AUDIT, MANAGEMENT, AND THE AUDIT COMMITTEE (contd.). SYMPTOMS OF A BROKEN TRIANGLE? • Financial restatements. • Material weaknesses. • Regulatory noncompliance. • Contentious or ineffectual board meetings. • Voluntary and involuntary turnover. • Missed earnings. • Excessive litigation. • Failed partnerships and alliances. • Unmitigated risk. And so on.

  28. THE BROKEN TRIANGLE :IMPROVING THE RELATIONSHIP BETWEEN INTERNAL AUDIT, MANAGEMENT, AND THE AUDIT COMMITTEE (contd.). PLEASE NOTE HOWEVER : We are not suggesting that every instance of material weakness, financial restatement, regulatory noncompliance, and the like is directly attributable to the broken triangle. These problems may arise despite a functional relationship between the three parties. Nonetheless, we contend that in most cases, a dysfunctional relationship is a contributing cause, and in some cases, a primary cause. If your organization exhibits any of these symptoms, you have an obligation to seek a cure. A good place to start may be to examine the structural integrity of the triangle.

  29. THE BROKEN TRIANGLE :IMPROVING THE RELATIONSHIP BETWEEN INTERNAL AUDIT, MANAGEMENT, AND THE AUDIT COMMITTEE (contd.). WHO’S YOUR BOSS? • Give your CAE clout along with responsibility. • Make him or her a true senior executive of the company to provide the respect and visibility accorded to such positions. • Remove any ambiguity as to whom the CAE reports. • And make sure the boss sits high in the organizational chart. THE NAME GAME. • Titles confer respect. A name is a powerful tool, both practically and psychologically. Consider renaming the function “Audit Services” which will provide more of an association with value and service rather than connotations around internal affairs and policing. • “Audit Services” presents an entirely different image to the world and a fresh approach to the function. It is more accurate and descriptive, and it better informs others what they should expect from the function.

  30. THE BROKEN TRIANGLE :IMPROVING THE RELATIONSHIP BETWEEN INTERNAL AUDIT, MANAGEMENT, AND THE AUDIT COMMITTEE (contd.). GREAT EXPECTATIONS? • At a high level, we usually find that the audit committee and the board want reassurance and value protection, while management seeks strategic focus and value creation. Unfortunately, if everyone expects something different from internal audit, no one is likely to be satisfied. PERFECT ASSURANCE? • The audit committee and management sometimes have a false sense of reassurance as to the scope of internal audit’s activities. For example, they may believe that all periods in a financial review are covered, or that 100% of transactions have been audited. This, of course, is rarely the case. • To avoid nasty surprises, the audit committee and management must understand the depth and breadth of coverage by internal audit. Audit plans and risk coverage should be clearly explained so that everyone understands exactly what work is being done – and not done.

  31. THE BROKEN TRIANGLE :IMPROVING THE RELATIONSHIP BETWEEN INTERNAL AUDIT, MANAGEMENT, AND THE AUDIT COMMITTEE (contd.). EMBRACING RISK • ERM consistently fall short perhaps because internal audit is not sufficiently integrated in ERM activities. Considering IA’s knowledge, objectivity and methodologies, and in light of its ability to provide input to stakeholders regarding risk exposures, risk reporting and risk management, it’s stunning to discover how infrequently ERM activities and/or projects appear on IA’s audit plan. • The potential for IA to enhance the effectiveness of an organization's risk management activities is immense. But to do so, internal audit needs to break free of its traditional role. Visionary IA groups can expand their job description to include roles such as Advisor, Prognosticator, Aggregator, Efficiency Specialist, Advocate, Subject Matter Specialist and Trouble Shooter.

  32. THE BROKEN TRIANGLE :IMPROVING THE RELATIONSHIP BETWEEN INTERNAL AUDIT, MANAGEMENT, AND THE AUDIT COMMITTEE (contd.). COP, DETECTIVE, OR COUNSEL? • Popular TV crime shows often have three main character types - cop, detective and lawyer - a cast apparently ripped straight from internal audit. • The police model for example is often a dead end, fostering resentment instead of collaboration. Most internal auditors don’t see themselves as police officers. Care must be taken to ensure that the rest of the company doesn’t perceive them that way either. • For which role is internal audit most suited? In our experience, organisations are best served when internal audit predominantly takes on a counsel role, while secondarily performing the other roles as needed.

  33. THE BROKEN TRIANGLE :IMPROVING THE RELATIONSHIP BETWEEN INTERNAL AUDIT, MANAGEMENT, AND THE AUDIT COMMITTEE (contd.). ACROSS THE (AUDIT) UNIVERSE • New threats and opportunities arise continuously, and organisations that are focused intently on the past (financial reporting) and the present (cash flows and quarterly earnings) may get eclipsed. • The expanding universe of internal audit provides a prime opportunity to improve collaboration with management and the audit committee. Working together to identify areas of greatest need and value strengthens the triangle. DO MORE WITH LESS • Increasingly, internal audit is being asked to rein in expenses. At the same time, IA is under pressure to expand coverage. Risks are increasing and audit committees and boards are concerned. • Internal audit should be providing more risk mitigation and comfort. This “do more with less” mentality creates stress at best, dangerous gaps at worst. This seemingly unsolvable riddle can be approached as follows:

  34. THE BROKEN TRIANGLE :IMPROVING THE RELATIONSHIP BETWEEN INTERNAL AUDIT, MANAGEMENT, AND THE AUDIT COMMITTEE (contd.). • Make greater use of technology and continuous monitoring tools. This, of course, may require an upfront investment of (scarce) funds. Not always, though: some existing technology tools - most notably the latest versions of ERM systems - include control monitoring tools that are often underutilized or unused. • Appeal to the audit committee. In most organisations, the AC approves the internal audit budget. But the audit committee holds additional power it almost never exercises - the ability to direct management to increase internal audit’s budget. Now may be an opportune time for the audit committee to flex its muscles. 3. Acquire outside services to address areas of concern. An outside service can often provide a more cost-effective means of tackling labor-intensive, complex, or limited-duration projects - with short term, non-recurring costs.

  35. THE BROKEN TRIANGLE :IMPROVING THE RELATIONSHIP BETWEEN INTERNAL AUDIT, MANAGEMENT, AND THE AUDIT COMMITTEE (contd.). DOES YOUR MODEL FIT TO A T? Many chief audit executives deliberately shun any discussion About outsourcing or co-sourcing, operating under the belief that these models can undermine or even make redundant their position. Yet dismissing these models outright can ignore some significant benefits in Cost, Talent, Flexibility, Objectivity and Capabilities! UNATTENDED ELEPHANTS • Frequently, the audit committee and/or management has harbored mistaken assumptions about the activities of internal audit and these differing expectations mean that the CAE is almost inevitably disappointing someone. • This represents a loss of opportunity and a squandering of resources. The value that internal audit can bring to the organisation is too great to be frittered away and it may mean CAEs adopting more assertive roles than in the past.

  36. THE BROKEN TRIANGLE :IMPROVING THE RELATIONSHIP BETWEEN INTERNAL AUDIT, MANAGEMENT, AND THE AUDIT COMMITTEE (contd.). • The CAE therefore should ensure that management and the audit committee have full visibility into the activities of internal audit and are full partners in the development of the internal audit objectives, audit plan and related activities. • CAEs need to have an appropriate level of executive/boardroom presence and leadership skills to position their functions for success, need firm hands at the wheel; as they cannot allow their functions to get blockaded or diverted off course. • They will face resistance as they attempt to refocus their organizations toward a more strategic and consultative role; this resistance must be overcome. • A changing competitive landscape, evolving needs of the business, turnover of personnel, and other factors necessitate constant review, refreshing and alignment of internal audit needs regularly - It can never be “set and forget”. The broken triangle has existed for far too long. Don’t ignore the elephant in the room.. (Unattended elephants tend to make huge messes.)

  37. THE BROKEN TRIANGLE :IMPROVING THE RELATIONSHIP BETWEEN INTERNAL AUDIT, MANAGEMENT, AND THE AUDIT COMMITTEE (contd.). MAKE THE TRIANGLE SING Make the triangle sing - Here are eleven practical steps to bring harmony to your triangle: • Communicate : Be open about the relationships between internal audit the audit committee and executive management. • Check your reporting lines: Determine whether your current reporting structure for the CAE is optimal. • Rebrand: Consider renaming your internal audit group as “audit services” or other more descriptive and appropriate name. • Align expectations: Ensure that IA’s audit plan and areas of strategic focus are understood and agreed upon by all parties. 5. Manage expectations: There’s no such thing as perfect assurance. 6. Embrace risk: Expand your attention to risks that can impede your growth and profitability objectives.

  38. THE BROKEN TRIANGLE :IMPROVING THE RELATIONSHIP BETWEEN INTERNAL AUDIT, MANAGEMENT, AND THE AUDIT COMMITTEE (contd.). MAKE THE TRIANGLE SING (contd) 7. Define IA’s identity: Cop, detective, or counsel? 8. Expand your audit scope: Address emerging issues and trends. • Take control of your budget: Can you do more with less? • Adopt a workable model: Determine what fits best for your organization: In-house? Co-source? Outsource? • Make the CAE an officer: Bestow a title that helps garner the respect accorded to those in leadership positions.

  39. REMEMBER : PRAY, AS IF EVERY THING DEPENDS ON GOD, BUT, WORK, AS IF EVERYTHING DEPENDS ON YOU !!

  40. THANK YOU FOR LISTENING !

More Related