Keeping the Supervisory Board informed and involved: Audit Committee and Internal Audit Function - PowerPoint PPT Presentation

Loading...

PPT – Keeping the Supervisory Board informed and involved: Audit Committee and Internal Audit Function PowerPoint presentation | free to view - id: 20ef6d-MDhhZ



Loading


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation
Title:

Keeping the Supervisory Board informed and involved: Audit Committee and Internal Audit Function

Description:

Review of the key responsibilities of the Board and its Audit Committee ... EXTERNAL AUDITORS ASSESS AND OPINE ON. BOARD, IN PARTICULAR, THE AUDIT. COMMITTEE. OVERSEES ... – PowerPoint PPT presentation

Number of Views:140
Avg rating:3.0/5.0
Slides: 35
Provided by: agr2
Category:

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: Keeping the Supervisory Board informed and involved: Audit Committee and Internal Audit Function


1
Keeping the Supervisory Boardinformed and
involvedAudit Committee and Internal Audit
Function
May 2006 Yerevan
2
ROAD MAP OF PRESENTATION
  • Brief discussion of survey results relating to
    Audit Committee and Internal Audit
  • Review of the key responsibilities of the Board
    and its Audit Committee
  • The direct links to the IA function
  • Defining the IA function
  • Internal Audit vs. Internal Control
  • The major tasks of the IA function and how they
    relate to the Boards responsibilities
  • Controls, Compliance and Risk Management
  • Structure and Standards of IA function
  • In-house vs. Outsourced
  • Professional and Industry Standards
  • Summary of AC and IAs role in Corporate
    Governance

3
Key Functions of a Board OECD Corporate
Governance Principles Section VI
  • Reviewing and guiding corporate strategy and risk
    policy.
  • Monitoring effectiveness of the companys
    governance.
  • Selecting and monitoring executives.
  • Aligning executive and board remuneration.
  • Ensuring transparent board election process.
  • Monitoring and managing potential conflicts of
    interest.
  • Ensuring the integrity of the firms accounting
    and financial reporting systems, including the
    independent audit and that appropriate controls
    are in place, in particular, systems for risk
    management, financial and operational control,
    and compliance with the law and relevant
    standards.
  • Oversee disclosure and communications.

4
OECD 7. Ensuring the integrity of the
corporations reporting systems
  • requires that the Board
  • Set and enforce clear lines of responsibility and
    accountability
  • Ensure appropriate oversight by senior management
  • A key way to do this is by implementing an
    internal audit function which directly reports to
    the Board of Directors/Audit Committee
  • Set up internal programs to monitor compliance
  • Internal audit also assists in monitoring
    compliance

5
Defining the Internal Audit Function
an independent, objective assurance and
consulting activity designed to add value and
improve an organization's operations.  It helps
an organization accomplish its objectives by
bringing a systematic, disciplined approach to
evaluate and improve the effectiveness of risk
management, control, and governance processes.
6
Internal Audit Objectives and Tasks
  • To advise management if the organization has
    sound systems of internal controls to protect the
    organization against loss.
  • Evaluate system of controls.
  • Assess risks / Component of risk
    management.
  • Test operations of systems (including IT).
  • Communication, recommendations
    for improvement and follow up.

7
IA Task 1 Internal Audit vs. Internal Control
  • Internal Controls system / processes
  • Internal Audit a function to assess the IC
  • IC processes encompass the means by which senior
    management seeks reasonable assurance that
  • The entitys accounting and operating reporting
    is complete and reliable
  • Operations are being conducted in accordance with
    the entitys prescribed policies and procedures
  • The entity is in compliance with applicable laws
    and regulations
  • The entitys assets and information are protected
    from improper use.

8
Internal Control Framework
  • Under a number of jurisdictions (e.g. US, EU),
    top management has to make certain disclosures
    about the controls and procedures in place, and
    whether they are in compliance with a
    recognizable framework.
  • COSO provides an internationally recognizable
    framework for internal control system.

9
COSO on internal controls
  • COSO ERM provides the following
    definition of
    Internal Control
  • A process effected by an entitys Board of
    Directors, management and other personnel,
    designed to provide reasonable assurance
    regarding the achievement of objectives in the
    following categories
  • Reliability of financial reporting
  • Effectiveness and efficiency of operations
  • Compliance with applicable laws and regulations
  • IC System a synonym for internal control
    applied in an entity.
  • The effectiveness of an internal control system
    is measured by its capacity to provide reasonable
    assurance to the board of directors and
    management that these three objectives have been
    met.

10
COSO on internal controls - continued
  • In addition to these goals, coso identified five
    interrelated components of internal control
  • The control environment, which includes the
    integrity, ethical values, and competence of an
    organization's people.
  • Risk assessment.
  • Control activities.
  • Information and communication, which encompasses
    the methods for identifying, capturing, and
    communicating pertinent information in a time
    frame that enables people to carry out their
    responsibilities.
  • Monitoring.
  • These components combine to form an integrated
    system of controls. To conclude that internal
    control is effective in any category of
    objectives-operations, financial reporting, or
    compliance-all five components must be present
    and functioning.

11
COSO on internal controls - continued
  • Objectives Categories
  • Strategic.
  • Effectiveness and efficiency of operations
    (including performance and profitability goals
    safeguarding resources against loss).
  • Reliability of reporting.
  • Compliance with applicable laws and regulations.

12
Division of Responsibilities
  • Management
  • Establish and maintain an adequate and effective
    system of internal controls
  • Develop a system to monitor and control risks
  • Internal Audit
  • Assist management in the efficient and effective
    discharge of their responsibilities
  • Advise and make recommendations on internal
    control and corporate governance

13
Internal Audit helps to monitor the Internal
Controls
  • BOARD,
  • IN PARTICULAR,
  • THE AUDIT
  • COMMITTEE
  • OVERSEES

BOARD, IN PARTICULAR, THE AUDIT COMMITTEE
OVERSEES
INTERNAL AUDIT FUNCTION EVALUATES
Monitoring the Internal Control Process
MANAGERS HAVE PRIMARY TASK TO DESIGN AND
MAINTAIN CONTROLS
EXTERNAL AUDITORS ASSESS AND OPINE ON
14
IA Task 2 Evaluate System of Internal Controls
  • The Board has oversight responsibilities over the
    internal control system.
  • The Internal Audit Functions
  • Evaluates efficiency and effectiveness of
    controls.
  • Recommends new controls where needed or
    discontinuing unnecessary controls.
  • Use control frameworks COSO, Basle, etc. in its
    work.
  • Lead control self-assessment.
  • Provide education on risks and controls.

15
IA Task 3 Assess Risk / Risk Management
  • The Board has overall responsibility that risks
    are managed.
  • The internal audit function provides objective
    assurance to the board on the effectiveness of
    risk management processes.
  • Core internal auditing roles in regard to
    enterprise risk management
  • Giving assurance on risk management process
  • Giving assurance that risks are correctly
    evaluated
  • Evaluating risk management processes
  • Evaluating and reporting on the key risks
  • Reviewing the management of key risks

16
IA Task 4 Testing Operations / Reviewing
Compliance
  • The Board also has oversight for compliance with
    laws and relevant standards
  • The Internal Audit function is valuable support
    in its compliance and operations role
  • Ensure the managements policies and procedures
    are followed
  • Evaluate procedures to safeguard assets
  • Analyze impact of changes in procedures
  • Assure compliance with laws and regulations
  • Review objectives for adherence to organizations
    mission, culture and climate
  • Provide insight to the impact of noncompliance

17
An Effective IA Function may be established with
Various Organizational Structures
18
Regardless of Structure High StandardsMust Be Met
  • Professional (e.g., IIA Standards) and industry
    standards (e.g., BASLE principles) apply
  • The Internal Audit Standard Board (UK) has
    developed Standards for the Professional Practice
    of Internal Auditing.
  • IIA Standards for reporting include
  • 1000 Purpose, Authority and Responsibility
  • 1110 Organizational Independence
  • 2020 Communication and Approval
  • 2060 Reporting to the Board and Senior Management

19
Standards Independence and Communication
  • The chief audit executive should report to a
    level within the organization that allows the
    internal audit activity to fulfill its
    responsibilities. (1110)
  • The internal audit activity should be free from
    interference in determining the scope of internal
    auditing, performing work, and communicating
    results. (1110)
  • The chief audit executive should communicate the
    internal audit activitys plans and resource
    requirements, including significant interim
    changes, to senior management and to the board
    for review and approval. The chief audit
    executive should also communicate the impact of
    resource limitations (2020)

20
Other Relevant IA Guidance
  • There may be other regional or industry specific
    standards
  • BASEL Internal Audit Principles in Banks and the
    Supervisor's Relationship with Auditors (2001)
  • Continuity
  • Independence
  • Audit charter
  • Impartiality
  • Professional competence
  • Scope of activity

Basel Committee on Banking
Supervision INTERNAL AUDIT Principles

21
CG Relationship Diagram (1)
STAKEHOLDERS
22
CG Relationships (2)
  • AGM

c o n t r o l e n v i r o n m e n t
Supervisory Board
Company
Management Board
External Auditor
23
The Audit Committee and the IA Function
  • The responsibilities of the audit committee
    include
  • Corporate Governance
  • Internal Control and Risk Mgmt.
  • Compliance and Ethics
  • Financial Reporting and Disclosure
  • The internal audit function should report to the
    BoD/Audit Committee. (No independence if it
    reports solely to management)
  • More effective if reports to the Audit Committee
  • Objectivity is a personal quality of the auditor

24
Audit Committee Composition
  • Minimum 3 members
  • Members should be independent directors
  • Tighter standards on independence than for other
    independent directors
  • No compensation from company other than director
    fees
  • All members must be financially literate
  • At least 1 member (typically the chair) must be
    an audit committee financial expert

25
Audit Committee Role in Governance
  • The Institute of Internal Auditors provide the
    following logo describing AC role
  • Noses In - Fingers Out.
  • In a nutshell, the AC should provide oversight
    of
  • Financial reporting
  • Risk management
  • Internal Control
  • Compliance
  • Internal Auditors
  • External Auditors

26
Audit Committee Responsibilities
  • Some detailed Audit Committee responsibilities
    include
  • Ensuring that financial statements are
    understandable, transparent, and reliable
  • Ensuring the risk management process is
    comprehensive and ongoing, rather than partial
    and periodic
  • Helping achieve an organization-wide commitment
    to strong and effective internal controls,
    emanating from the tone at the top

27
Audit Committee Responsibilities (continued)
  • Reviewing corporate policies relating to
    compliance with laws and regulations, ethics,
    conflicts of interest, and the investigation of
    miscondsuct and fraud
  • Reviewing current and pending corporate-governance
    related litigation or regulatory proceedings to
    which the organization is a party
  • Continually communicating with senior management
    regarding status, progress, and new developments,
    as well as problematic areas

28
Audit Committee Responsibilities (continued)
  • Ensuring the internal auditors access to the
    audit committee, encouraging communication beyond
    scheduled committee meetings
  • Reviewing internal audit plans, reports, and
    significant findings
  • Establishing a direct reporting relationship with
    the external auditors

29
Internal Audit Reporting
  • In various governance and organizational
    structures the IA reports to SB (Audit Committee
    in particular) and senior management
  • internal audit activitys purpose
  • authority
  • responsibility
  • performance relative to its plan
  • Also report separately on
  • significant risk exposures and control issues
  • corporate governance issues
  • other matters needed or requested by SB and MB

30
Breakout Sesson Audit Committee and Internal
Audit
  • 3 groups will have approx 10-15 minutes for the
    following tasks
  • Group 1 Develop annual plan for the AC.
  • Group 2 IA has submitted its annual plan for the
    AC consideration. It includes annual audit of
    headoffice functions as well as of all branches.
    Plus semi-annual reporting to the AC (BoD).
    Provide comments and/or suggestions.
  • Group 3 Develop criteria for self-assessment of
    AC effectiveness (after 1 year of its
    functioning).
  • Group presentations (approx 5 minutes each)
  • Discussion of group presentations (approx 5
    minutes each).
  • The base material for discussion sample ToR for
    the AC (distributed in advance)

31
COSO on internal audit
  • COSO ERM provides the following
    definition of Internal Audit
  • Internal audit functions typically provide an
    assessment of risk and control activities of a
    business unit, process or department. In some
    cases particular attention is given to risk
    identification analysis of likelihood and impact,
    risk response, control activities, as well as
    information and communication.

32
Self-Assessment and Monitoring
  • Self-assessment or monitoring can provide
    oversight of an enterprises control system
    performance. Self-assessment should be performed
    at all levels of IC system
  • BoD
  • AC
  • IA
  • Top Management
  • Departments

33
Board Self-Assessment or Monitoring
  • Yes or No Questions
  • ?? ?? Does the board review the actions
    management takes to deal with material control
    weaknesses and verify that those actions are
    objective and adequate?
  • ?? ?? Do audit reports contain sufficient detail?
  • ?? ?? Are audit reports timely enough to allow
    for resolution and appropriate action?
  • ?? ?? Does the board or audit committee approve
    the selection of key internal
  • audit personnel?
  • ?? ?? Does the board or audit committee approve
    the overall scope of review activities (such as
    audit or financing coverage)?
  • ?? ?? Does the board or audit committee review
    results of audits?
  • ?? ?? Does the board or audit committee approve
    the system of internal controls?
  • ?? ?? Does the board or audit committee
    periodically review audit or other key control
    systems?
  • ?? ?? Is line management held accountable if they
    do not follow up satisfactorily or effectively on
    control weaknesses?

34
Benefits of a Strong Internal Audit Function
  • When the internal audit function is properly
    established with adequate authority, scope, and
    resources, it can professionally and proficiently
    aid in the following areas and contribute to good
    corporate governance
  • Governance law and regulations
  • Internal controls
  • Disclosure and transparency
  • Risk management
  • Compliance
  • Ethics and Communication

35
Applicable Literature/Guidance
  • Institute of Internal Auditors ltwww.theiia.orggt
  • Basle Committee on Banking Supervision
    ltwww.bis.orggt
  • Committee of Sponsoring Organizations of the
    Treadway Commission (COSO) ltwww.coso.orggt
  • International Federation of Accountants
    ltwww.ifac.orggt

36
Contact details
IFC Yerevan 9 V. Sargssyan str. Yerevan 375010,
Armenia Tel (37410) 545241, 545242 Fax (37410)
545245
About PowerShow.com