Financial Management Institute of Canada Professional ... · Financial Management Institute of...
Transcript of Financial Management Institute of Canada Professional ... · Financial Management Institute of...
Financial Management Institute of Canada
Professional Development Week
November 23, 2010
Gatineau, QC
Introduction
Mohammed Siddiqui
Chief Enterprise Risk Management and Audit Officer Hydro Ottawa Group of Companies
2FMI PD Week - November 23, 2010
Agenda
Who are Internal Auditors, how are they different from other auditors?
What do they do, and for whom?
Is what Internal Auditors do different based on country, industry, ownership, mission, or circumstances?
What are the major challenges faced by Internal Auditors?
Focus on stories from my experience, not on theory or standards
3FMI PD Week - November 23, 2010
Polling Questions
1. Which function do you belong to?
2. Which province do you belong to?
3. Which are the most important deliverables of IA in the Federal Government (please rank)?
4FMI PD Week - November 23, 2010
Who are Internal Auditors
The perception
People who:
Always find jobs
Get fat salaries
Don’t have any deadlines or heavy work schedules
Main job is to find fault with others
Well, wish this were true
5FMI PD Week - November 23, 2010
The Reality
Yes, well paid, but overworked
Yes, in demand, but many challenges
Serve many masters, and wide and varied scope of work
“What were you doing when the cookie jar was open or being raided?” is among the many questions they have to contend with
6FMI PD Week - November 23, 2010
Internal Auditors
Professionals who have been around for several centuries in all commercial and non-commercial organizations, in every part of the world
Trained to look at all areas of the organization, and advise and alert management of gaps and issues to help them achieve success
Typically report to top management (CEO or CFO) and to the Audit Committee of the Board/Ownership
7FMI PD Week - November 23, 2010
Membership Growth – 1980-2010North America/Outside North America
0
20,000
40,000
60,000
80,000
100,000
120,000
140,000
160,000
180,000
ONA NA
Outside NA
North America
8FMI PD Week - November 23, 2010
How are Internal Auditors Different from Other Auditors
● External: accuracy of financial reporting
● Government: compliance, mandate, integrity (ie. - tax,
revenue, etc.)
● Regulatory: compliance (ie. - safety, engineering)
● Internal Audit: Internal Controls and Risks - The CAE
juggles this complex network of relationships to keep IA
vibrant & relevant ... And so that the stakeholders sleep
well!
9FMI PD Week - November 23, 2010
Agenda
Who are Internal Auditors in the context of the corporate world, how are they different from other auditors?
What do they do, and for whom?
Is what Internal Auditors do different based on country, industry, ownership, mission, or circumstances?
What are the major challenges faced by Internal Auditors?
Focus on stories from my experience, not on theory or standards
10FMI PD Week - November 23, 2010
Public Sector Stakeholder concerns
Recession, Unemployment, Pension Loss, Higher Taxes, Crime Rate, Poor Health Facilities, Lack of Safety
Citizen Dissatisfaction, Loss of Reputation, Environment, Budget overspends, Delays in programs, non-disclosure of
major issues
Inadequate Resources, High Costs, Falling Service Levels, Bureaucracy
Cash shortages, Labor Issues, Technology Issues/IT Infrastructure, Lack of Employee Engagement
Accidents, Poor Work-Environment, Supply Chain Bottlenecks, Customer Issues
Citizens
Politicians
DM, DG, Management,
Bankers, Rating agencies
Management/ Suppliers
Line Staff/ Customers
11FMI PD Week - November 23, 2010
Stakeholder “stress” points
● Is the organization in good shape?
● Is it achieving its objectives and targets?
● What is “AT RISK” in the organization?
● What could adversely impact the mission and goals of the organization?
………….12FMI PD Week - November 23, 2010
● How to grant managers enormous discretionary power over the conduct of the business while stopping them from misusing that power…..
● Result: The Boards, C-Level Suite, Regulators, Professional bodies, Auditors…
● How is this working……?
The CORPORATE GOVERNANCE Challenge
13FMI PD Week - November 23, 2010
Governance and Control Framework
• AICPA, CA, • CGA
• Suppliers• Customers
• External Auditors
• Regulators• Legislation
Owners,
Shareholders
Board/Audit Committee
Internal Audit ERM Compliance
Executive
(C Suite)
14FMI PD Week - November 23, 2010
Fannie Mae/Freddie Mac AIG
Enron WorldCom
Sponsorship Adelphia Vivendi
Satyam Computer Global Crossing Societe Generale
Stock Options Backdating, Financial Statement Re-Statements,
Wall Street Financial Meltdown = Lehmann, Goldman Sachs;
Madoff, Stanford scams, etc. (a disturbing sample!)
Specter of Disasters
15FMI PD Week - November 23, 2010
Company Ethics? Greed Incomp? Arrogance External/ Political
Earthquake
Barings No
Enron No
WorldCom Maybe No
FnM&FrM No
Societe G No
Madoff No
Satyam C No
What Went Wrong?
16FMI PD Week - November 23, 2010
What could have caused businesses to fail in recent years?
12.5%
75.0%
5.5% 7.0%
Incompetence Dishonesty External Factors Other
18FMI PD Week - November 23, 2010
Incompetence Dishonesty External Factors Other
Why are the issues continuing to create disasters in the Corporate World?
37%35%
14% 14%
0%
5%
10%
15%
20%
25%
30%
35%
40%
Board and Governance
mechanisms are ineffective
Executive teams are too powerful
Regulators are not competent
Globalization of Economy
19FMI PD Week - November 23, 2010
Board and Governance
mechanisms are ineffective
Executive teams are too powerful
Regulators are not competent
Globalization of Economy
IA’s Primary Role
13.8%
20.7%
65.5%
0.0%0.0%
10.0%
20.0%
30.0%
40.0%
50.0%
60.0%
70.0%
In the areas audited
For the organization as a
whole
Both 1 and 2 Not sure
Providing an opinion on the status of governance, risk, compliance and control to management and audit committee
20FMI PD Week - November 23, 2010
In the areas audited
For the organization as
a whole
Both 1 and 2 Not sure
When the Bosses are at PLAY,
No one can have their SAY
Whether we report functionally or administratively
To the Top Cat or the Almighty,
Our freedom is compromised, effectively and completely
And our toes will get stepped on,
SOX or no SOX
Into the Top Cat’s Lair
21FMI PD Week - November 23, 2010
Polling Questions
Should Internal Auditors take some of the blame for not highlighting governance, risk and control failures in an organization?
Which stakeholder derives the maximum value from Internal Audit?
22FMI PD Week - November 23, 2010
Should IA take some blame for not Highlighting Governance, Risk and Control Failures?
10.3%
69.0%
3.4%
17.2%
0.0%
10.0%
20.0%
30.0%
40.0%
50.0%
60.0%
70.0%
80.0%
YES
NONO
YES
23FMI PD Week - November 23, 2010
Yes to a large extent
Yes, jointly with other oversight functions
No. Management is fully responsible. Internal Auditors
do their job in most cases.
Management and boards does not
take action.
No. Internal Auditors cannot be expected to identify and stop bad business decisions,
autocratic and unethical behaviour;
which are the root causes of these
disasters.
Internal AuditValue is “in-the-eye-of-the-beholder” and specific to the DNA of each organization
Board/Audit Committee – assurance that things working as they should be and risks are being adequately mitigated
Operational Management – help us improve our business processes & meet our strategic objectives
Finance & Accounting – Controls are adequate (alert us, but don’t make us look bad)
The true entrepreneur relies on it for objective and “once removed” insights and advice
24FMI PD Week - November 23, 2010
Stakeholder Maximum Value Gained from IA
37% Audit Committee
30% Executive Management
22% Line Management
1% External Agencies
10% Shareholders
Final Ranking
26FMI PD Week - November 23, 2010
Agenda
Who are Internal Auditors in the context of the corporate world, how are they different from other auditors?
What do they do, and for whom?
Is what Internal Auditors do different based on country, industry, ownership, mission, or circumstances?
What are the major challenges faced by Internal Auditors?
Focus on stories from my experience, not on theory or standards
28FMI PD Week - November 23, 2010
CEO’s Expectations of IA
Monitor organization’s risk environment and risk profile.
Give recommendations on risk mitigation strategies.
Provide objective view on effectiveness of organizational processes.
Ensure integrity of financial reporting.
Assess organization’s compliance with applicable standards.
29FMI PD Week - November 23, 2010
CFO, Hydro Ottawa: Value I seek from IA
● Assurance: financial and management information controls are sound leading to accurate results
● Improvements: processes, productivity, business performance
● Advice : give me the broad perspective, NOT a narrow, sectional view
“As a CFO, I’d be very nervous if the organization I worked in did not have a strong ERM-IA regime.”
30FMI PD Week - November 23, 2010
● Protect through “Early Warning Signals” which will help identify, manage and respond to actual and potential adverse situations (APAS)
● Improve through a discipline of Benchmarks and Tolerances and by building capabilities and processes to strengthen performance
● Optimize by implementing a process to Balance “risk and return” for routine and growth initiatives
(Story)
Internal Audit Deliverables Universal Applicability
31FMI PD Week - November 23, 2010
● Regulated vs Non-Regulated Environments
● Public vs Private Sector
● DNA of the Organization
● Industry Type
● Developing vs Developed World
Focus could Change Based on :
32FMI PD Week - November 23, 2010
Emirates experience
● IA’s place within Emirates
• Reports to highest level of executive management
• Head of Audit has access to the ownership, if needed
● Works at every level of the organisation: from mail room to board room
● Seen as counsellor & conscience-keeper to the business
(Governance, audit committee, board……..)
33FMI PD Week - November 23, 2010
Agenda
Who are Internal Auditors in the context of the corporate world, how are they different from other auditors?
What do they do, and for whom?
Is what Internal Auditors do different based on country, industry, ownership, mission, or circumstances?
What are the major challenges faced by Internal Auditors?
Focus on stories from my experience, not on theory or standards
34FMI PD Week - November 23, 2010
Major challenges for the IA profession
Reporting structure under emerging governance and regulatory regimes
Consistency of skills, competency, acceptability and experience of the Internal Audit Professional
35FMI PD Week - November 23, 2010
IA’s dual reporting situation
Management takes the lead in identifying resources needed for ERM-IA, tapping into its value
Audit Committees have their own stake and will derive value from ERM-IA as they see fit
Mandating regulatory protection for IA is not a solution
36FMI PD Week - November 23, 2010
Dual Reporting challenge
Two stakeholders: Audit Committee/Owners and Management
Both have an interest in a good, efficient IA set-up. There is no need for conflict!
If IA does its job well, both stakeholders will give it the independence it needs, each for their own reasons & interests….or may not, precisely for the same reasons
“Need to create enough value and they’ll line up at your door/or show you the door!”
37FMI PD Week - November 23, 2010
Internal Audit and Fraud Prevention
Fraud is NOT always a part of corporate life.
Fraud happens. We know that. We know too that neither IA nor anyone else can always prevent it.
My Experience
Internal Audit and a robust ICF can detect a fraud, probably after the fact.
That in itself can serve as a deterrent to fraud.
38FMI PD Week - November 23, 2010
Polling Questions
Who in your experience has the biggest say in hiring and firing the CAE?
39FMI PD Week - November 23, 2010
Who in your experience has a bigger influence on the Audit Committee and Board?
41.12%
14.02%
23.36%21.50%
0.00%
5.00%
10.00%
15.00%
20.00%
25.00%
30.00%
35.00%
40.00%
45.00%
CEO CAE CFO External Auditor
40FMI PD Week - November 23, 2010
CEO CAE CFO External Auditor
Kipling’s Preposterous “IF”…
If you were required by Law to track behaviour in its full form
If you were to have “Direct Access” to a smart and committed BOSS
If you were trained and able to provide, fearlessly:
“Views and sound advice on anything and everything”
“…then, you’ll be a true Internal Auditor, my son!”
Then, the world will be your stage forever.....
41FMI PD Week - November 23, 2010