Post on 08-Feb-2016
description
Clyde Rogers clyde.rogers@sympaClyde Rogers clyde.rogers@sympatico.catico.ca
11
Continuous Continuous Monitoring Monitoring
Continuous AuditingContinuous AuditingOrganizational Readiness Organizational Readiness What Needs To Be Done What Needs To Be Done
Making It Happen Making It Happen
22
Research & Information Research & Information Sources Sources
Professional Experience – Senior Professional Experience – Senior Director, Continuous Auditing at Major Director, Continuous Auditing at Major BankBank
Industry – Barclay’s, RBS, Wells Fargo, Industry – Barclay’s, RBS, Wells Fargo, Citigroup, RBC, FleetCitigroup, RBC, Fleet
Organizations – IIA & ADROrganizations – IIA & ADR External Firms – Deloitte, KPMG, E&YExternal Firms – Deloitte, KPMG, E&Y Academic – Centre for Continuous Academic – Centre for Continuous
Auditing – Rutgers, U of WaterlooAuditing – Rutgers, U of Waterloo
33
Guiding Principles - MindsetGuiding Principles - Mindset Improve Efficiency and/or Effectiveness – Improve Efficiency and/or Effectiveness –
Needs to Business Case, Be Important, Needs to Business Case, Be Important, $’s, Benefits $’s, Benefits
COSO/COCO Frameworks, Enterprise COSO/COCO Frameworks, Enterprise Wide Risk Management, Control Self-Wide Risk Management, Control Self-AssessmentAssessment
Changing Regulatory Requirements – Changing Regulatory Requirements – SOX, BaselSOX, Basel
Partner with Client & Governance GroupsPartner with Client & Governance Groups Validate - Cross Organization Roles & Validate - Cross Organization Roles &
Responsibilities & Acceptance Responsibilities & Acceptance
44
Guiding Principles – MindsetGuiding Principles – Mindset Client Monitors & Manages Risk and Client Monitors & Manages Risk and
ComplianceCompliance Audit Gets Assurance From Client & Audit Gets Assurance From Client &
Partner Processes as well as Partner Processes as well as Independent Testing Independent Testing
Information Technology is an Enabler – Information Technology is an Enabler – Larger Than ThatLarger Than That
Staged and Incremental Implementation Staged and Incremental Implementation – Business Line & Phases– Business Line & Phases
55
Success DriversSuccess Drivers Promoted/Championed by Senior Promoted/Championed by Senior
Executive – Chief Auditor & Business Executive – Chief Auditor & Business Line Executive Line Executive
Focus On a “Quick Win” – Business Line Focus On a “Quick Win” – Business Line Readiness – Operating ModelsReadiness – Operating Models
Business Line Buy-In also Influences Business Line Buy-In also Influences Governance and Support Groups Governance and Support Groups
Leverage/Benchmark to Industry & Non-Leverage/Benchmark to Industry & Non-Industry Leaders and Best Practices Industry Leaders and Best Practices
66
CM – CA Model/ProcessesCM – CA Model/Processes
Traditional Auditing
Risk and Frequency Model
Continuous Auditing Warehouse
Traditional Auditing
Risk and Frequency Model
Continuous Auditing Warehouse
Proceed with auditAs scheduled
Suggested
Action
External/Regulatory
Early Warning Systems
Staffing
Issues
Whistle
Blower
Operational Losses
Key Performance
RiskTeams
NIAP
Advisory Support
Lines
Prior Audit Results
Operational Risk
Inherent Risk
Strong or Satisfactory
Requires Improvement
Accelerate audit activity
Unsatisfactory
Quarterly Audit
Planning and
Reporting
No Action
77
Business Line ProfileBusiness Line Profile Standard Operating Environment – Standard Operating Environment –
1,000 locations – National – 4 1,000 locations – National – 4 Segmented Client OffersSegmented Client Offers
Confusion/Duplication Between Confusion/Duplication Between Functions in Roles & Responsibilities Functions in Roles & Responsibilities – 4 Major Risk Teams– 4 Major Risk Teams
Quick Win – Risk Teams – Duplication Quick Win – Risk Teams – Duplication & Costs& Costs
Conflicting Reporting to Clients & Conflicting Reporting to Clients & StakeholdersStakeholders
88
Benefits – Phase I – Risk Benefits – Phase I – Risk TeamsTeams
Align Risk Teams Coverage to Meet the Needs Align Risk Teams Coverage to Meet the Needs of all Groups – 1 Group – Audit Leverages (QA)of all Groups – 1 Group – Audit Leverages (QA)
Roles & Responsibilities Defined and Aligned Roles & Responsibilities Defined and Aligned to Changing and Emerging Regulatory to Changing and Emerging Regulatory Requirements – SOX, BaselRequirements – SOX, Basel
Improve Effectiveness & Efficiency – Less Improve Effectiveness & Efficiency – Less Branch Disruption – Also $2 million SavingsBranch Disruption – Also $2 million Savings
Move to Continuous Monitoring/Auditing Model Move to Continuous Monitoring/Auditing Model – Foundational to Phase II – Further Benefits– Foundational to Phase II – Further Benefits
99
Phase IPhase I
Q1 2005
Q1 2006Q2 2005
Reduced On-site Testing Through:• Inventorying current on-site testing activities
• Changing/adding/deleting tested activities
• Identifying duplication
• Migrating duplicated testing to FRS
• Eliminating migrated testing from groups
• Developing process to audit FRS
• Focusing on routine activities
• Processes review with product groups
Basel
Compliance
Internal Audit
Business Risk
SOX
On-
site
test
ing
SOX
Basel
Compliance
Business Risk
W/M
W/M
Internal AuditInternal Audit
1010
Benefits – Phase II - EWSBenefits – Phase II - EWS Leverage Information Technology - Consists of Leverage Information Technology - Consists of
Data Mining and AnalyticsData Mining and Analytics Whole Portfolios – Holistic View – Real TimeWhole Portfolios – Holistic View – Real Time Additional Efficiencies - $5 millionAdditional Efficiencies - $5 million Major Step Towards Continuous Major Step Towards Continuous
Monitoring/Auditing ModelMonitoring/Auditing Model Monitoring Capability Enhanced:Monitoring Capability Enhanced:
- Reduces Onsite Testing- Reduces Onsite Testing- Risk Indicators/Trends To Support On-site - Risk Indicators/Trends To Support On-site TestingTesting- Improves Earlier Identification – More Predictive- Improves Earlier Identification – More Predictive
1111
Phase IIPhase IIQ1 ‘07
On-
site
test
ing
SOX
BaselW/M
Business Risk
Compliance
SOX
Basel
W/M
Compliance
Internal Audit
Business Risk
Reduced On-site Testing Through:
• Develop central monitoring capability
• Enhanced technology platform
• Leverage existing knowledge (NRM/EWS/CRS)
• Central monitoring for select activities
• Further on-site testing eliminated
• Majority of on-site testing migrated to FRS
Internal Audit
Internal Audit/Basel
1212