Enhancing the Value of Internal Auditing...• Formed a cross functional team Better...
Transcript of Enhancing the Value of Internal Auditing...• Formed a cross functional team Better...
![Page 1: Enhancing the Value of Internal Auditing...• Formed a cross functional team Better understanding/buy-in Willingness of management to take ownership. ... Getting to Know Management](https://reader034.fdocuments.net/reader034/viewer/2022050212/5f5debfbabc66a063c0d8bc1/html5/thumbnails/1.jpg)
www.globaliia.org
Joint IIA/ACFE Fraud ConferenceHoffman Estates, IL
May 11, 2012
Enhancing the Value of Internal Auditing
![Page 2: Enhancing the Value of Internal Auditing...• Formed a cross functional team Better understanding/buy-in Willingness of management to take ownership. ... Getting to Know Management](https://reader034.fdocuments.net/reader034/viewer/2022050212/5f5debfbabc66a063c0d8bc1/html5/thumbnails/2.jpg)
www.globaliia.org
Key Initiatives
Be a Risk and Control Expert
• Important to boards/management
• Recent financial crisis
• Many questions asked
• One other question needs to be asked?
• Required to be risk/control expert
![Page 3: Enhancing the Value of Internal Auditing...• Formed a cross functional team Better understanding/buy-in Willingness of management to take ownership. ... Getting to Know Management](https://reader034.fdocuments.net/reader034/viewer/2022050212/5f5debfbabc66a063c0d8bc1/html5/thumbnails/3.jpg)
www.globaliia.org
Enterprise Risk Assessment
• Be a catalyst
• Identify top risks
• Implement new SEC proxy disclosures of board’s role
![Page 4: Enhancing the Value of Internal Auditing...• Formed a cross functional team Better understanding/buy-in Willingness of management to take ownership. ... Getting to Know Management](https://reader034.fdocuments.net/reader034/viewer/2022050212/5f5debfbabc66a063c0d8bc1/html5/thumbnails/4.jpg)
www.globaliia.org
Enterprise Risk Assessment
• Asked by the audit committee
• Focused on identification, mitigation and quantification
• Aided by the chairman/CEO
• Formed a cross functional team
�Better understanding/buy-in
�Willingness of management to take ownership
![Page 5: Enhancing the Value of Internal Auditing...• Formed a cross functional team Better understanding/buy-in Willingness of management to take ownership. ... Getting to Know Management](https://reader034.fdocuments.net/reader034/viewer/2022050212/5f5debfbabc66a063c0d8bc1/html5/thumbnails/5.jpg)
www.globaliia.org
Enterprise Risk Assessment
• Developed a risk matrix
• Helped management realize the importance of identifying potential risks
• Embedded concept of risk into our DNA
• Invited business owners to audit committee
• Helped audit committee fulfill oversight responsibility
![Page 6: Enhancing the Value of Internal Auditing...• Formed a cross functional team Better understanding/buy-in Willingness of management to take ownership. ... Getting to Know Management](https://reader034.fdocuments.net/reader034/viewer/2022050212/5f5debfbabc66a063c0d8bc1/html5/thumbnails/6.jpg)
www.globaliia.org
Specialized Risk Assessments
• Requested by management• Management benefitted by:
�Stepping back from day-to-day operations
� Investing time to think about risks in a different way
� Identifying potential risks�Taking a fresh look at controls�Evaluating who should monitor
controls
![Page 7: Enhancing the Value of Internal Auditing...• Formed a cross functional team Better understanding/buy-in Willingness of management to take ownership. ... Getting to Know Management](https://reader034.fdocuments.net/reader034/viewer/2022050212/5f5debfbabc66a063c0d8bc1/html5/thumbnails/7.jpg)
www.globaliia.org
Specialized Risk Assessments
• Audit Team benefitted by:�Enhancing understanding of business
processes
�Improving on-going risk assessment process
�Increasing awareness of major risks and associated controls
�Building relationships and partnership with management
![Page 8: Enhancing the Value of Internal Auditing...• Formed a cross functional team Better understanding/buy-in Willingness of management to take ownership. ... Getting to Know Management](https://reader034.fdocuments.net/reader034/viewer/2022050212/5f5debfbabc66a063c0d8bc1/html5/thumbnails/8.jpg)
www.globaliia.org
Specialized Risk Assessment
• Audit Committee benefitted by:
�Helping them fulfill oversight responsibilities
�Increasing their understanding of key business risks
�Enabling them to assess management’s understanding of risk
![Page 9: Enhancing the Value of Internal Auditing...• Formed a cross functional team Better understanding/buy-in Willingness of management to take ownership. ... Getting to Know Management](https://reader034.fdocuments.net/reader034/viewer/2022050212/5f5debfbabc66a063c0d8bc1/html5/thumbnails/9.jpg)
www.globaliia.org
On-Going Audit Risk Assessment
• Enables internal auditing to develop a risk-based plan
• Complete a formal risk assessment – at least annually
• Select Risk Factors – Legal/Regulatory, Financial, Fraud, People, Technology, Operational
• Going forward, will need on-going, real time assessments
![Page 10: Enhancing the Value of Internal Auditing...• Formed a cross functional team Better understanding/buy-in Willingness of management to take ownership. ... Getting to Know Management](https://reader034.fdocuments.net/reader034/viewer/2022050212/5f5debfbabc66a063c0d8bc1/html5/thumbnails/10.jpg)
www.globaliia.org
Audit Project Level
• Assess risk during preliminary survey
• Evaluate what controls/monitoring processes in place
• Helps determine the amount of detailed testing
• Made decision about audit – go/no go
![Page 11: Enhancing the Value of Internal Auditing...• Formed a cross functional team Better understanding/buy-in Willingness of management to take ownership. ... Getting to Know Management](https://reader034.fdocuments.net/reader034/viewer/2022050212/5f5debfbabc66a063c0d8bc1/html5/thumbnails/11.jpg)
www.globaliia.org
Be A Risk And Control Expert
• Become indispensible
• Be recognized as an expert
– In assessing risk
– In evaluating what controls need to be in place
• Be focused on emerging risks
![Page 12: Enhancing the Value of Internal Auditing...• Formed a cross functional team Better understanding/buy-in Willingness of management to take ownership. ... Getting to Know Management](https://reader034.fdocuments.net/reader034/viewer/2022050212/5f5debfbabc66a063c0d8bc1/html5/thumbnails/12.jpg)
www.globaliia.org
Key Initiatives
Be Mindful of Fraud and Ethical Exposures
• Get your employees to think differently
• Identify the key elements of a fraud/ethics program
• Execute these programs (key point)
![Page 13: Enhancing the Value of Internal Auditing...• Formed a cross functional team Better understanding/buy-in Willingness of management to take ownership. ... Getting to Know Management](https://reader034.fdocuments.net/reader034/viewer/2022050212/5f5debfbabc66a063c0d8bc1/html5/thumbnails/13.jpg)
www.globaliia.org
Be Mindful of Fraud and Ethical Exposures
• Is your organization losing profit dollars to fraud?
• Will an effective program reduce these losses?
• Will management/audit committee expect more from internal auditing?
![Page 14: Enhancing the Value of Internal Auditing...• Formed a cross functional team Better understanding/buy-in Willingness of management to take ownership. ... Getting to Know Management](https://reader034.fdocuments.net/reader034/viewer/2022050212/5f5debfbabc66a063c0d8bc1/html5/thumbnails/14.jpg)
www.globaliia.org
Importance of Fraud
• Organizations lose 5% of annual revenue potential total fraud loss = $2.9 trillion.
• Average duration - 18 months
• Detection methods:
�Over 40% detected by tips
�15% by management review
�14% by internal audit
2010 ACFE Report to the Nations
![Page 15: Enhancing the Value of Internal Auditing...• Formed a cross functional team Better understanding/buy-in Willingness of management to take ownership. ... Getting to Know Management](https://reader034.fdocuments.net/reader034/viewer/2022050212/5f5debfbabc66a063c0d8bc1/html5/thumbnails/15.jpg)
www.globaliia.org
Elements of an Effective Fraud Program
Root Cause Reports
PREVENTION
RESPONSE
DETECTION
Hot Line UseFraud Risk Assessment
Continuous Monitoring
Investigative Protocols
![Page 16: Enhancing the Value of Internal Auditing...• Formed a cross functional team Better understanding/buy-in Willingness of management to take ownership. ... Getting to Know Management](https://reader034.fdocuments.net/reader034/viewer/2022050212/5f5debfbabc66a063c0d8bc1/html5/thumbnails/16.jpg)
www.globaliia.org
Performing a Fraud Risk Assessment
Have you performed a fraud risk assessment?
![Page 17: Enhancing the Value of Internal Auditing...• Formed a cross functional team Better understanding/buy-in Willingness of management to take ownership. ... Getting to Know Management](https://reader034.fdocuments.net/reader034/viewer/2022050212/5f5debfbabc66a063c0d8bc1/html5/thumbnails/17.jpg)
www.globaliia.org
Performing a Fraud Risk Assessment
• OBJECTIVES
�Determine where the organization is most susceptible to fraud
�Evaluate the controls in place
�Heighten management/audit committee’s awareness of fraud risks
![Page 18: Enhancing the Value of Internal Auditing...• Formed a cross functional team Better understanding/buy-in Willingness of management to take ownership. ... Getting to Know Management](https://reader034.fdocuments.net/reader034/viewer/2022050212/5f5debfbabc66a063c0d8bc1/html5/thumbnails/18.jpg)
www.globaliia.org
Fraud Risk Assessment Approach
• Obtain management support and buy-in
• Use a cross functional team
• Conduct brainstorming sessions with scheme and scenario approach
• Map controls to fraud scenarios
![Page 19: Enhancing the Value of Internal Auditing...• Formed a cross functional team Better understanding/buy-in Willingness of management to take ownership. ... Getting to Know Management](https://reader034.fdocuments.net/reader034/viewer/2022050212/5f5debfbabc66a063c0d8bc1/html5/thumbnails/19.jpg)
www.globaliia.org
Management’s Role in Fighting Fraud
• Setting the “Tone at the Top”
• Identifying key risks
• Implementing and monitoring controls
• Creating a culture through words and actions
�Fraud will not be tolerated
�Fraud will be dealt with swiftly and decisively
![Page 20: Enhancing the Value of Internal Auditing...• Formed a cross functional team Better understanding/buy-in Willingness of management to take ownership. ... Getting to Know Management](https://reader034.fdocuments.net/reader034/viewer/2022050212/5f5debfbabc66a063c0d8bc1/html5/thumbnails/20.jpg)
www.globaliia.org
Statement of Business Ethics
• Online statement includes policies, real life examples, and comprehension questions
• Requirement to sign the Certification of Compliance each year and make any disclosures
![Page 21: Enhancing the Value of Internal Auditing...• Formed a cross functional team Better understanding/buy-in Willingness of management to take ownership. ... Getting to Know Management](https://reader034.fdocuments.net/reader034/viewer/2022050212/5f5debfbabc66a063c0d8bc1/html5/thumbnails/21.jpg)
www.globaliia.org
Statement of Business Ethics ~
con’t…
• Follow-up mechanisms in place
• Obligation to report violations
• Disclosures are reviewed by Legal and the appropriate Department
![Page 22: Enhancing the Value of Internal Auditing...• Formed a cross functional team Better understanding/buy-in Willingness of management to take ownership. ... Getting to Know Management](https://reader034.fdocuments.net/reader034/viewer/2022050212/5f5debfbabc66a063c0d8bc1/html5/thumbnails/22.jpg)
www.globaliia.org
Auditors’ and Loss Prevention’s Role in Fighting Fraud
• Knowing the red flags of fraud
• Assessing where major fraud risks are
• Including fraud discussions and fraud audit steps on each audit
• Stress professional skepticism
• Perform data mining
![Page 23: Enhancing the Value of Internal Auditing...• Formed a cross functional team Better understanding/buy-in Willingness of management to take ownership. ... Getting to Know Management](https://reader034.fdocuments.net/reader034/viewer/2022050212/5f5debfbabc66a063c0d8bc1/html5/thumbnails/23.jpg)
www.globaliia.org
Auditors’ and Loss Prevention’s Role in Fighting Fraud
• Ensuring an effective hotline process is in place
• No retaliation policy
• Being involved in the training programs
• Benchmark with other companies
• Investigating fraud cases
• Root cause reporting
![Page 24: Enhancing the Value of Internal Auditing...• Formed a cross functional team Better understanding/buy-in Willingness of management to take ownership. ... Getting to Know Management](https://reader034.fdocuments.net/reader034/viewer/2022050212/5f5debfbabc66a063c0d8bc1/html5/thumbnails/24.jpg)
www.globaliia.org
Investigative Protocol
• Develop an investigative protocol
• Defines who is responsible for:
�Managing the investigation
�Conducting the investigation
�Reporting and communicating the results
![Page 25: Enhancing the Value of Internal Auditing...• Formed a cross functional team Better understanding/buy-in Willingness of management to take ownership. ... Getting to Know Management](https://reader034.fdocuments.net/reader034/viewer/2022050212/5f5debfbabc66a063c0d8bc1/html5/thumbnails/25.jpg)
www.globaliia.org
Investigative Protocol
• Ensures allegations are adequately researched to a conclusion
• Maintains consistency among investigations
• Specifies documentation and communication standards
![Page 26: Enhancing the Value of Internal Auditing...• Formed a cross functional team Better understanding/buy-in Willingness of management to take ownership. ... Getting to Know Management](https://reader034.fdocuments.net/reader034/viewer/2022050212/5f5debfbabc66a063c0d8bc1/html5/thumbnails/26.jpg)
www.globaliia.org
Key Initiatives
Be a Data Wizard
• Process of analyzing data from different angles to identify patterns or correlations in the data that can be summarized into useful information for the auditor to perform their detailed test work.
![Page 27: Enhancing the Value of Internal Auditing...• Formed a cross functional team Better understanding/buy-in Willingness of management to take ownership. ... Getting to Know Management](https://reader034.fdocuments.net/reader034/viewer/2022050212/5f5debfbabc66a063c0d8bc1/html5/thumbnails/27.jpg)
www.globaliia.org
Effectively Leveraging Technology
Importance of Effectively Leveraging Technology
Not important
at allSomewhat important Important
Very important
Extremely important
4% 19% 37% 31% 9%
Current Performance
Emerging Trends and Leading Practices Spring 2011IIA– Audit Executive Network
InadequateLimited/
developing AdequateAbove
average Exceptional
8% 40% 38% 12% 2%
![Page 28: Enhancing the Value of Internal Auditing...• Formed a cross functional team Better understanding/buy-in Willingness of management to take ownership. ... Getting to Know Management](https://reader034.fdocuments.net/reader034/viewer/2022050212/5f5debfbabc66a063c0d8bc1/html5/thumbnails/28.jpg)
www.globaliia.org
Data Analytics
• CBOK 2010: 10 imperatives for change
Step up your use of audit technology and tools!
IIA Research Foundation –March 31, 2011
![Page 29: Enhancing the Value of Internal Auditing...• Formed a cross functional team Better understanding/buy-in Willingness of management to take ownership. ... Getting to Know Management](https://reader034.fdocuments.net/reader034/viewer/2022050212/5f5debfbabc66a063c0d8bc1/html5/thumbnails/29.jpg)
www.globaliia.org
Barriers to Using Data Analytics
• Audit staff does not have the required skill sets
• Audit staff does not have access to the systems or data warehouses
• Audit management does not see the value of data analytics
• We own this challenge – we control the solution
![Page 30: Enhancing the Value of Internal Auditing...• Formed a cross functional team Better understanding/buy-in Willingness of management to take ownership. ... Getting to Know Management](https://reader034.fdocuments.net/reader034/viewer/2022050212/5f5debfbabc66a063c0d8bc1/html5/thumbnails/30.jpg)
www.globaliia.org
Major Benefits of Using Data Analytics
• Ability to review the entire population
• Provides a more complete analysis and improves audit coverage
• Improves auditor efficiency and effectiveness
• Drives down audit costs
• Share example of coupon monitoring/ ad coverage
![Page 31: Enhancing the Value of Internal Auditing...• Formed a cross functional team Better understanding/buy-in Willingness of management to take ownership. ... Getting to Know Management](https://reader034.fdocuments.net/reader034/viewer/2022050212/5f5debfbabc66a063c0d8bc1/html5/thumbnails/31.jpg)
www.globaliia.org
Definition of Continuous Monitoring
An automatic method used to perform control and risk assessments on a frequent basis.
![Page 32: Enhancing the Value of Internal Auditing...• Formed a cross functional team Better understanding/buy-in Willingness of management to take ownership. ... Getting to Know Management](https://reader034.fdocuments.net/reader034/viewer/2022050212/5f5debfbabc66a063c0d8bc1/html5/thumbnails/32.jpg)
www.globaliia.org
Continuous Monitoring
• Vendor to Employee data matches– email address– name– TIN to SSN– bank #– phones (home, emergency, work, and
fax)
![Page 33: Enhancing the Value of Internal Auditing...• Formed a cross functional team Better understanding/buy-in Willingness of management to take ownership. ... Getting to Know Management](https://reader034.fdocuments.net/reader034/viewer/2022050212/5f5debfbabc66a063c0d8bc1/html5/thumbnails/33.jpg)
www.globaliia.org
Continuous Monitoring ~ con’t…
• Changes in supplier critical fields including bank account information
• Payments to suppliers without a contract on file
• Reimbursements for entertainment
• Cash advance on corporate credit card vs. delinquencies
• Pcard abuse
![Page 34: Enhancing the Value of Internal Auditing...• Formed a cross functional team Better understanding/buy-in Willingness of management to take ownership. ... Getting to Know Management](https://reader034.fdocuments.net/reader034/viewer/2022050212/5f5debfbabc66a063c0d8bc1/html5/thumbnails/34.jpg)
www.globaliia.org
Key Initiatives
Be proactive in building relationships and communicating with your stakeholders
• Senior management
• Operating management
• Audit committee
• External auditors
• Audit team
![Page 35: Enhancing the Value of Internal Auditing...• Formed a cross functional team Better understanding/buy-in Willingness of management to take ownership. ... Getting to Know Management](https://reader034.fdocuments.net/reader034/viewer/2022050212/5f5debfbabc66a063c0d8bc1/html5/thumbnails/35.jpg)
www.globaliia.org
Getting to Know Management in Informal
Settings
• Set up lunches
� Discuss current events
� Cover their priorities
� Ask how auditing can help
• Participate in company sponsored events
� Community service projects
� Food drives
� United Way campaigns
![Page 36: Enhancing the Value of Internal Auditing...• Formed a cross functional team Better understanding/buy-in Willingness of management to take ownership. ... Getting to Know Management](https://reader034.fdocuments.net/reader034/viewer/2022050212/5f5debfbabc66a063c0d8bc1/html5/thumbnails/36.jpg)
www.globaliia.org
Be Cognizant of How You Do Not Want To
Be Perceived
• As people who criticize all things others are doing wrong
• As people who come in after the battle –shoot the wounded
• As adversaries
![Page 37: Enhancing the Value of Internal Auditing...• Formed a cross functional team Better understanding/buy-in Willingness of management to take ownership. ... Getting to Know Management](https://reader034.fdocuments.net/reader034/viewer/2022050212/5f5debfbabc66a063c0d8bc1/html5/thumbnails/37.jpg)
www.globaliia.org
Be Cognizant of How You Want To Be
Perceived
• As employees to help achieve business objective
• As employees who provide value
• As a valuable asset to management and the audit committee
• As auditors who provide assurance and insight and are objective
![Page 38: Enhancing the Value of Internal Auditing...• Formed a cross functional team Better understanding/buy-in Willingness of management to take ownership. ... Getting to Know Management](https://reader034.fdocuments.net/reader034/viewer/2022050212/5f5debfbabc66a063c0d8bc1/html5/thumbnails/38.jpg)
www.globaliia.org
Skills Necessary to Build Effective
Relationships
• Understand the business
• Proficient at conducting audits/projects
• Good listener - empathetic
• Adept at seeing the big picture
• Understand what moves the needle
• Effective negotiator
![Page 39: Enhancing the Value of Internal Auditing...• Formed a cross functional team Better understanding/buy-in Willingness of management to take ownership. ... Getting to Know Management](https://reader034.fdocuments.net/reader034/viewer/2022050212/5f5debfbabc66a063c0d8bc1/html5/thumbnails/39.jpg)
www.globaliia.org
Other Considerations
• Mention the positives
• Give credit for prompt action
• Communicate findings in a constructive manner
• Call a spade a spade
• Be mindful of how we interact and communicate with management
![Page 40: Enhancing the Value of Internal Auditing...• Formed a cross functional team Better understanding/buy-in Willingness of management to take ownership. ... Getting to Know Management](https://reader034.fdocuments.net/reader034/viewer/2022050212/5f5debfbabc66a063c0d8bc1/html5/thumbnails/40.jpg)
www.globaliia.org
Other Considerations
• Be viewed as a trusted business ally
• Meet regularly with senior management –bring your team
• Interact with audit committee – bring your team
• Build relationships based upon mutual trust/respect
![Page 41: Enhancing the Value of Internal Auditing...• Formed a cross functional team Better understanding/buy-in Willingness of management to take ownership. ... Getting to Know Management](https://reader034.fdocuments.net/reader034/viewer/2022050212/5f5debfbabc66a063c0d8bc1/html5/thumbnails/41.jpg)
www.globaliia.org
Other Considerations
• Build the relationship before you need it
• Building trust and understanding requires an investment of time and energy
• Process of building and sustaining relationships is never-ending
![Page 42: Enhancing the Value of Internal Auditing...• Formed a cross functional team Better understanding/buy-in Willingness of management to take ownership. ... Getting to Know Management](https://reader034.fdocuments.net/reader034/viewer/2022050212/5f5debfbabc66a063c0d8bc1/html5/thumbnails/42.jpg)
www.globaliia.org
Challenge Yourself To Do All You Can To
Enhance Your Value
• Be a risk/control expert
• Be mindful of fraud and ethical exposures
• Be a data wizard
• Be proactive in building relationships
![Page 43: Enhancing the Value of Internal Auditing...• Formed a cross functional team Better understanding/buy-in Willingness of management to take ownership. ... Getting to Know Management](https://reader034.fdocuments.net/reader034/viewer/2022050212/5f5debfbabc66a063c0d8bc1/html5/thumbnails/43.jpg)
www.globaliia.org
Enhancing the Value of Internal Auditing
Questions?
![Page 44: Enhancing the Value of Internal Auditing...• Formed a cross functional team Better understanding/buy-in Willingness of management to take ownership. ... Getting to Know Management](https://reader034.fdocuments.net/reader034/viewer/2022050212/5f5debfbabc66a063c0d8bc1/html5/thumbnails/44.jpg)
www.globaliia.org
Enhancing the Value of Internal Auditing
Thank you!