Financial Management Institute of Canada Professional ... · Financial Management Institute of...

Financial Management Institute of Canada

Professional Development Week

November 23, 2010

Gatineau, QC

http://www.fmi.ca/pages/home/

Introduction

Mohammed Siddiqui

Chief Enterprise Risk Management and Audit Officer Hydro Ottawa Group of Companies

2FMI PD Week - November 23, 2010

Agenda

Who are Internal Auditors, how are they different from other auditors?

What do they do, and for whom?

Is what Internal Auditors do different based on country, industry, ownership, mission, or circumstances?

What are the major challenges faced by Internal Auditors?

Focus on stories from my experience, not on theory or standards


Polling Questions

1. Which function do you belong to?

2. Which province do you belong to?

3. Which are the most important deliverables of IA in the Federal Government (please rank)?


Who are Internal Auditors

The perception

People who:

Always find jobs

Get fat salaries

Don’t have any deadlines or heavy work schedules

Main job is to find fault with others

Well, wish this were true


The Reality

Yes, well paid, but overworked

Yes, in demand, but many challenges

Serve many masters, and wide and varied scope of work

“What were you doing when the cookie jar was open or being raided?” is among the many questions they have to contend with


Internal Auditors

Professionals who have been around for several centuries in all commercial and non-commercial organizations, in every part of the world

Trained to look at all areas of the organization, and advise and alert management of gaps and issues to help them achieve success

Typically report to top management (CEO or CFO) and to the Audit Committee of the Board/Ownership


Membership Growth – 1980-2010North America/Outside North America

0

20,000

40,000

60,000

80,000

100,000

120,000

140,000

160,000

180,000

ONA NA

Outside NA

North America


How are Internal Auditors Different from Other Auditors

● External: accuracy of financial reporting

● Government: compliance, mandate, integrity (ie. - tax,

revenue, etc.)

● Regulatory: compliance (ie. - safety, engineering)

● Internal Audit: Internal Controls and Risks - The CAE

juggles this complex network of relationships to keep IA

vibrant & relevant ... And so that the stakeholders sleep

well!


Agenda

Who are Internal Auditors in the context of the corporate world, how are they different from other auditors?






Public Sector Stakeholder concerns

Recession, Unemployment, Pension Loss, Higher Taxes, Crime Rate, Poor Health Facilities, Lack of Safety

Citizen Dissatisfaction, Loss of Reputation, Environment, Budget overspends, Delays in programs, non-disclosure of

major issues

Inadequate Resources, High Costs, Falling Service Levels, Bureaucracy

Cash shortages, Labor Issues, Technology Issues/IT Infrastructure, Lack of Employee Engagement

Accidents, Poor Work-Environment, Supply Chain Bottlenecks, Customer Issues

Citizens

Politicians

DM, DG, Management,

Bankers, Rating agencies

Management/ Suppliers

Line Staff/ Customers


Stakeholder “stress” points

● Is the organization in good shape?

● Is it achieving its objectives and targets?

● What is “AT RISK” in the organization?

● What could adversely impact the mission and goals of the organization?

………….12FMI PD Week - November 23, 2010

● How to grant managers enormous discretionary power over the conduct of the business while stopping them from misusing that power…..

● Result: The Boards, C-Level Suite, Regulators, Professional bodies, Auditors…

● How is this working……?

The CORPORATE GOVERNANCE Challenge


Governance and Control Framework

• AICPA, CA, • CGA

• Suppliers• Customers

• External Auditors

• Regulators• Legislation

Owners,

Shareholders

Board/Audit Committee

Internal Audit ERM Compliance

Executive

(C Suite)


Fannie Mae/Freddie Mac AIG

Enron WorldCom

Sponsorship Adelphia Vivendi

Satyam Computer Global Crossing Societe Generale

Stock Options Backdating, Financial Statement Re-Statements,

Wall Street Financial Meltdown = Lehmann, Goldman Sachs;

Madoff, Stanford scams, etc. (a disturbing sample!)

Specter of Disasters


Company Ethics? Greed Incomp? Arrogance External/ Political

Earthquake

Barings No

Enron No

WorldCom Maybe No

FnM&FrM No

Societe G No

Madoff No

Satyam C No

What Went Wrong?


What could have caused businesses to fail in recent years?

12.5%

75.0%

5.5% 7.0%

Incompetence Dishonesty External Factors Other


Incompetence Dishonesty External Factors Other

Why are the issues continuing to create disasters in the Corporate World?

37%35%

14% 14%

0%

5%

10%

15%

20%

25%

30%

35%

40%

Board and Governance

mechanisms are ineffective

Executive teams are too powerful

Regulators are not competent

Globalization of Economy


Board and Governance

mechanisms are ineffective

Executive teams are too powerful

Regulators are not competent

Globalization of Economy

IA’s Primary Role

13.8%

20.7%

65.5%

0.0%0.0%

10.0%

20.0%

30.0%

40.0%

50.0%

60.0%

70.0%

In the areas audited

For the organization as a

whole

Both 1 and 2 Not sure

Providing an opinion on the status of governance, risk, compliance and control to management and audit committee


In the areas audited

For the organization as

a whole

Both 1 and 2 Not sure

When the Bosses are at PLAY,

No one can have their SAY

Whether we report functionally or administratively

To the Top Cat or the Almighty,

Our freedom is compromised, effectively and completely

And our toes will get stepped on,

SOX or no SOX

Into the Top Cat’s Lair


Polling Questions

Should Internal Auditors take some of the blame for not highlighting governance, risk and control failures in an organization?

Which stakeholder derives the maximum value from Internal Audit?


Should IA take some blame for not Highlighting Governance, Risk and Control Failures?

10.3%

69.0%

3.4%

17.2%

0.0%

10.0%

20.0%

30.0%

40.0%

50.0%

60.0%

70.0%

80.0%

YES

NONO

YES


Yes to a large extent

Yes, jointly with other oversight functions

No. Management is fully responsible. Internal Auditors

do their job in most cases.

Management and boards does not

take action.

No. Internal Auditors cannot be expected to identify and stop bad business decisions,

autocratic and unethical behaviour;

which are the root causes of these

disasters.

Internal AuditValue is “in-the-eye-of-the-beholder” and specific to the DNA of each organization

Board/Audit Committee – assurance that things working as they should be and risks are being adequately mitigated

Operational Management – help us improve our business processes & meet our strategic objectives

Finance & Accounting – Controls are adequate (alert us, but don’t make us look bad)

The true entrepreneur relies on it for objective and “once removed” insights and advice


Internal Auditing Core Value Elements


Stakeholder Maximum Value Gained from IA

37% Audit Committee

30% Executive Management

22% Line Management

1% External Agencies

10% Shareholders

Final Ranking


Play video – Value from IA


Agenda







CEO’s Expectations of IA

Monitor organization’s risk environment and risk profile.

Give recommendations on risk mitigation strategies.

Provide objective view on effectiveness of organizational processes.

Ensure integrity of financial reporting.

Assess organization’s compliance with applicable standards.


CFO, Hydro Ottawa: Value I seek from IA

● Assurance: financial and management information controls are sound leading to accurate results

● Improvements: processes, productivity, business performance

● Advice : give me the broad perspective, NOT a narrow, sectional view

“As a CFO, I’d be very nervous if the organization I worked in did not have a strong ERM-IA regime.”


● Protect through “Early Warning Signals” which will help identify, manage and respond to actual and potential adverse situations (APAS)

● Improve through a discipline of Benchmarks and Tolerances and by building capabilities and processes to strengthen performance

● Optimize by implementing a process to Balance “risk and return” for routine and growth initiatives

(Story)

Internal Audit Deliverables Universal Applicability


● Regulated vs Non-Regulated Environments

● Public vs Private Sector

● DNA of the Organization

● Industry Type

● Developing vs Developed World

Focus could Change Based on :


Emirates experience

● IA’s place within Emirates

• Reports to highest level of executive management

• Head of Audit has access to the ownership, if needed

● Works at every level of the organisation: from mail room to board room

● Seen as counsellor & conscience-keeper to the business

(Governance, audit committee, board……..)


Agenda







Major challenges for the IA profession

Reporting structure under emerging governance and regulatory regimes

Consistency of skills, competency, acceptability and experience of the Internal Audit Professional


IA’s dual reporting situation

Management takes the lead in identifying resources needed for ERM-IA, tapping into its value

Audit Committees have their own stake and will derive value from ERM-IA as they see fit

Mandating regulatory protection for IA is not a solution


Dual Reporting challenge

Two stakeholders: Audit Committee/Owners and Management

Both have an interest in a good, efficient IA set-up. There is no need for conflict!

If IA does its job well, both stakeholders will give it the independence it needs, each for their own reasons & interests….or may not, precisely for the same reasons

“Need to create enough value and they’ll line up at your door/or show you the door!”


Internal Audit and Fraud Prevention

Fraud is NOT always a part of corporate life.

Fraud happens. We know that. We know too that neither IA nor anyone else can always prevent it.

My Experience

Internal Audit and a robust ICF can detect a fraud, probably after the fact.

That in itself can serve as a deterrent to fraud.


Polling Questions

Who in your experience has the biggest say in hiring and firing the CAE?


Who in your experience has a bigger influence on the Audit Committee and Board?

41.12%

14.02%

23.36%21.50%

0.00%

5.00%

10.00%

15.00%

20.00%

25.00%

30.00%

35.00%

40.00%

45.00%

CEO CAE CFO External Auditor


CEO CAE CFO External Auditor

Kipling’s Preposterous “IF”…

If you were required by Law to track behaviour in its full form

If you were to have “Direct Access” to a smart and committed BOSS

If you were trained and able to provide, fearlessly:

“Views and sound advice on anything and everything”

“…then, you’ll be a true Internal Auditor, my son!”

Then, the world will be your stage forever.....


Financial Management Institute of Canada Professional ... · Financial Management Institute of...

Documents

Transcript of Financial Management Institute of Canada Professional ... · Financial Management Institute of...