Post on 20-Jul-2020
www.globaliia.org
Joint IIA/ACFE Fraud ConferenceHoffman Estates, IL
May 11, 2012
Enhancing the Value of Internal Auditing
www.globaliia.org
Key Initiatives
Be a Risk and Control Expert
• Important to boards/management
• Recent financial crisis
• Many questions asked
• One other question needs to be asked?
• Required to be risk/control expert
www.globaliia.org
Enterprise Risk Assessment
• Be a catalyst
• Identify top risks
• Implement new SEC proxy disclosures of board’s role
www.globaliia.org
Enterprise Risk Assessment
• Asked by the audit committee
• Focused on identification, mitigation and quantification
• Aided by the chairman/CEO
• Formed a cross functional team
�Better understanding/buy-in
�Willingness of management to take ownership
www.globaliia.org
Enterprise Risk Assessment
• Developed a risk matrix
• Helped management realize the importance of identifying potential risks
• Embedded concept of risk into our DNA
• Invited business owners to audit committee
• Helped audit committee fulfill oversight responsibility
www.globaliia.org
Specialized Risk Assessments
• Requested by management• Management benefitted by:
�Stepping back from day-to-day operations
� Investing time to think about risks in a different way
� Identifying potential risks�Taking a fresh look at controls�Evaluating who should monitor
controls
www.globaliia.org
Specialized Risk Assessments
• Audit Team benefitted by:�Enhancing understanding of business
processes
�Improving on-going risk assessment process
�Increasing awareness of major risks and associated controls
�Building relationships and partnership with management
www.globaliia.org
Specialized Risk Assessment
• Audit Committee benefitted by:
�Helping them fulfill oversight responsibilities
�Increasing their understanding of key business risks
�Enabling them to assess management’s understanding of risk
www.globaliia.org
On-Going Audit Risk Assessment
• Enables internal auditing to develop a risk-based plan
• Complete a formal risk assessment – at least annually
• Select Risk Factors – Legal/Regulatory, Financial, Fraud, People, Technology, Operational
• Going forward, will need on-going, real time assessments
www.globaliia.org
Audit Project Level
• Assess risk during preliminary survey
• Evaluate what controls/monitoring processes in place
• Helps determine the amount of detailed testing
• Made decision about audit – go/no go
www.globaliia.org
Be A Risk And Control Expert
• Become indispensible
• Be recognized as an expert
– In assessing risk
– In evaluating what controls need to be in place
• Be focused on emerging risks
www.globaliia.org
Key Initiatives
Be Mindful of Fraud and Ethical Exposures
• Get your employees to think differently
• Identify the key elements of a fraud/ethics program
• Execute these programs (key point)
www.globaliia.org
Be Mindful of Fraud and Ethical Exposures
• Is your organization losing profit dollars to fraud?
• Will an effective program reduce these losses?
• Will management/audit committee expect more from internal auditing?
www.globaliia.org
Importance of Fraud
• Organizations lose 5% of annual revenue potential total fraud loss = $2.9 trillion.
• Average duration - 18 months
• Detection methods:
�Over 40% detected by tips
�15% by management review
�14% by internal audit
2010 ACFE Report to the Nations
www.globaliia.org
Elements of an Effective Fraud Program
Root Cause Reports
PREVENTION
RESPONSE
DETECTION
Hot Line UseFraud Risk Assessment
Continuous Monitoring
Investigative Protocols
www.globaliia.org
Performing a Fraud Risk Assessment
Have you performed a fraud risk assessment?
www.globaliia.org
Performing a Fraud Risk Assessment
• OBJECTIVES
�Determine where the organization is most susceptible to fraud
�Evaluate the controls in place
�Heighten management/audit committee’s awareness of fraud risks
www.globaliia.org
Fraud Risk Assessment Approach
• Obtain management support and buy-in
• Use a cross functional team
• Conduct brainstorming sessions with scheme and scenario approach
• Map controls to fraud scenarios
www.globaliia.org
Management’s Role in Fighting Fraud
• Setting the “Tone at the Top”
• Identifying key risks
• Implementing and monitoring controls
• Creating a culture through words and actions
�Fraud will not be tolerated
�Fraud will be dealt with swiftly and decisively
www.globaliia.org
Statement of Business Ethics
• Online statement includes policies, real life examples, and comprehension questions
• Requirement to sign the Certification of Compliance each year and make any disclosures
www.globaliia.org
Statement of Business Ethics ~
con’t…
• Follow-up mechanisms in place
• Obligation to report violations
• Disclosures are reviewed by Legal and the appropriate Department
www.globaliia.org
Auditors’ and Loss Prevention’s Role in Fighting Fraud
• Knowing the red flags of fraud
• Assessing where major fraud risks are
• Including fraud discussions and fraud audit steps on each audit
• Stress professional skepticism
• Perform data mining
www.globaliia.org
Auditors’ and Loss Prevention’s Role in Fighting Fraud
• Ensuring an effective hotline process is in place
• No retaliation policy
• Being involved in the training programs
• Benchmark with other companies
• Investigating fraud cases
• Root cause reporting
www.globaliia.org
Investigative Protocol
• Develop an investigative protocol
• Defines who is responsible for:
�Managing the investigation
�Conducting the investigation
�Reporting and communicating the results
www.globaliia.org
Investigative Protocol
• Ensures allegations are adequately researched to a conclusion
• Maintains consistency among investigations
• Specifies documentation and communication standards
www.globaliia.org
Key Initiatives
Be a Data Wizard
• Process of analyzing data from different angles to identify patterns or correlations in the data that can be summarized into useful information for the auditor to perform their detailed test work.
www.globaliia.org
Effectively Leveraging Technology
Importance of Effectively Leveraging Technology
Not important
at allSomewhat important Important
Very important
Extremely important
4% 19% 37% 31% 9%
Current Performance
Emerging Trends and Leading Practices Spring 2011IIA– Audit Executive Network
InadequateLimited/
developing AdequateAbove
average Exceptional
8% 40% 38% 12% 2%
www.globaliia.org
Data Analytics
• CBOK 2010: 10 imperatives for change
Step up your use of audit technology and tools!
IIA Research Foundation –March 31, 2011
www.globaliia.org
Barriers to Using Data Analytics
• Audit staff does not have the required skill sets
• Audit staff does not have access to the systems or data warehouses
• Audit management does not see the value of data analytics
• We own this challenge – we control the solution
www.globaliia.org
Major Benefits of Using Data Analytics
• Ability to review the entire population
• Provides a more complete analysis and improves audit coverage
• Improves auditor efficiency and effectiveness
• Drives down audit costs
• Share example of coupon monitoring/ ad coverage
www.globaliia.org
Definition of Continuous Monitoring
An automatic method used to perform control and risk assessments on a frequent basis.
www.globaliia.org
Continuous Monitoring
• Vendor to Employee data matches– email address– name– TIN to SSN– bank #– phones (home, emergency, work, and
fax)
www.globaliia.org
Continuous Monitoring ~ con’t…
• Changes in supplier critical fields including bank account information
• Payments to suppliers without a contract on file
• Reimbursements for entertainment
• Cash advance on corporate credit card vs. delinquencies
• Pcard abuse
www.globaliia.org
Key Initiatives
Be proactive in building relationships and communicating with your stakeholders
• Senior management
• Operating management
• Audit committee
• External auditors
• Audit team
www.globaliia.org
Getting to Know Management in Informal
Settings
• Set up lunches
� Discuss current events
� Cover their priorities
� Ask how auditing can help
• Participate in company sponsored events
� Community service projects
� Food drives
� United Way campaigns
www.globaliia.org
Be Cognizant of How You Do Not Want To
Be Perceived
• As people who criticize all things others are doing wrong
• As people who come in after the battle –shoot the wounded
• As adversaries
www.globaliia.org
Be Cognizant of How You Want To Be
Perceived
• As employees to help achieve business objective
• As employees who provide value
• As a valuable asset to management and the audit committee
• As auditors who provide assurance and insight and are objective
www.globaliia.org
Skills Necessary to Build Effective
Relationships
• Understand the business
• Proficient at conducting audits/projects
• Good listener - empathetic
• Adept at seeing the big picture
• Understand what moves the needle
• Effective negotiator
www.globaliia.org
Other Considerations
• Mention the positives
• Give credit for prompt action
• Communicate findings in a constructive manner
• Call a spade a spade
• Be mindful of how we interact and communicate with management
www.globaliia.org
Other Considerations
• Be viewed as a trusted business ally
• Meet regularly with senior management –bring your team
• Interact with audit committee – bring your team
• Build relationships based upon mutual trust/respect
www.globaliia.org
Other Considerations
• Build the relationship before you need it
• Building trust and understanding requires an investment of time and energy
• Process of building and sustaining relationships is never-ending
www.globaliia.org
Challenge Yourself To Do All You Can To
Enhance Your Value
• Be a risk/control expert
• Be mindful of fraud and ethical exposures
• Be a data wizard
• Be proactive in building relationships
www.globaliia.org
Enhancing the Value of Internal Auditing
Questions?
www.globaliia.org
Enhancing the Value of Internal Auditing
Thank you!