Internal Audit & Corporate Governance
Transcript of Internal Audit & Corporate Governance
![Page 1: Internal Audit & Corporate Governance](https://reader031.fdocuments.net/reader031/viewer/2022012921/61c8f1ab0b372f1bfc646eb0/html5/thumbnails/1.jpg)
Internal Audit & Corporate GovernancePRESENTATION BY:
CA ASHWANI JHAMB
![Page 2: Internal Audit & Corporate Governance](https://reader031.fdocuments.net/reader031/viewer/2022012921/61c8f1ab0b372f1bfc646eb0/html5/thumbnails/2.jpg)
IIA CORPORATE GOVERNANCE
MODEL
![Page 3: Internal Audit & Corporate Governance](https://reader031.fdocuments.net/reader031/viewer/2022012921/61c8f1ab0b372f1bfc646eb0/html5/thumbnails/3.jpg)
STRONG GOVERNANCE PROCESS
Board
Responsible
For
Operating
Controls
Controls
Working
Effectively
Management
Responsible
For
High
Ethical
Standards
Monitoring
Corporate
Performance
Internal Audit Department • Provides Objective Assurance, Insight on the effectiveness of Risk Management,
Internal Controls and Governance processes.
• Complements management's assurance that the systems are working effectively
Providing
Assurance
to the Board
Establish
Structures and
Processes/Controls
Guiding
Strategy and
Risk Policy
![Page 4: Internal Audit & Corporate Governance](https://reader031.fdocuments.net/reader031/viewer/2022012921/61c8f1ab0b372f1bfc646eb0/html5/thumbnails/4.jpg)
INTERNAL AUDIT EVOLUTION
Scandals occurred in the late nineties
Collapse of Enron and WorldCom
Investors raised questions on the board of directors and
senior management executives and the oversight bodies
and the internal and external auditors.
Time to move from mere audits of financial records and
traditional tick box approach.
![Page 5: Internal Audit & Corporate Governance](https://reader031.fdocuments.net/reader031/viewer/2022012921/61c8f1ab0b372f1bfc646eb0/html5/thumbnails/5.jpg)
CORPORARE GOVERNANCE SHORTCOMINGS
Lack Of Board Effectiveness
Board’s Risk Oversight
Poor Leadership And Ethics Culture
Defective Communication
Conflicts Of Interest
Accountability Issues
Lack Of Transparency
![Page 6: Internal Audit & Corporate Governance](https://reader031.fdocuments.net/reader031/viewer/2022012921/61c8f1ab0b372f1bfc646eb0/html5/thumbnails/6.jpg)
EXPECTATIONS FROM
STAKEHOLDERS
Focus on most significant risk areas
Timely communicating with the
Management and the Board about
assessment of risks.
Move beyond its comfort zone help
organizations bring internal audit
perspective on strategic initiatives and
changes – e.g digitalization,
cybersecurity.
Change the approach from “trust
based” to “internal controls
effectiveness”.
![Page 7: Internal Audit & Corporate Governance](https://reader031.fdocuments.net/reader031/viewer/2022012921/61c8f1ab0b372f1bfc646eb0/html5/thumbnails/7.jpg)
MEETING STAKEHOLDER EXPECTATIONS
Value preservation (control focus)
Value creation (performance focus)
Be more concerned with identifying opportunities, threats, and
requirements, while also understanding the performance, risk, and
compliance impact.
Align with stakeholder expectations:
•Providing assurance perspective that the Board and the
Management understands.
![Page 8: Internal Audit & Corporate Governance](https://reader031.fdocuments.net/reader031/viewer/2022012921/61c8f1ab0b372f1bfc646eb0/html5/thumbnails/8.jpg)
WHAT IS REQUIRED FROM IA?
Focus of Strategic Risks:
•Strategic risks, as well as operational, financial and compliance risks.
• Strategic risks are risks that affect or are created by an organization’s business
strategy and strategic objectives.
• Operational risks are major risks that affect an organization’s ability to execute its
strategic plan.
• Financial risks include areas such as financial reporting, valuation, market,
liquidity, and credit risks.
• Compliance risks relate to legal and regulatory compliance.
![Page 9: Internal Audit & Corporate Governance](https://reader031.fdocuments.net/reader031/viewer/2022012921/61c8f1ab0b372f1bfc646eb0/html5/thumbnails/9.jpg)
WHAT IS REQUIRED FROM IA?
Focus of Strategic Risks:
•Periodically evaluate and communicate risks to the Board and
Executive Management.
•Alert operational management to emerging issues and changing
regulatory and risk scenarios.
•Risk-based approach to develop the audit universe.
![Page 10: Internal Audit & Corporate Governance](https://reader031.fdocuments.net/reader031/viewer/2022012921/61c8f1ab0b372f1bfc646eb0/html5/thumbnails/10.jpg)
RISK AREAS – TO INCLUDE IN AUDIT PLAN
RISK AREAS
Culture And Ethics
Data Privacy
Data Governance
Third Party Risks
Cybersecurity
![Page 11: Internal Audit & Corporate Governance](https://reader031.fdocuments.net/reader031/viewer/2022012921/61c8f1ab0b372f1bfc646eb0/html5/thumbnails/11.jpg)
WHAT IS REQUIRED FROM IA?
Think Beyond the Scope:
•Connect the dots considering enterprise-wide implications.
•To illustrate an ability (or inability) to associate one idea with
another, to find the “big picture”.
•Broaden the focus on operations, compliance and nonfinancial
reporting issues.
•Watch for patterns and signs indicating a deteriorating risk culture.
![Page 12: Internal Audit & Corporate Governance](https://reader031.fdocuments.net/reader031/viewer/2022012921/61c8f1ab0b372f1bfc646eb0/html5/thumbnails/12.jpg)
WHAT IS REQUIRED FROM IA?
Add more value through Consulting which can result in:
•Strengthening the lines of defense;
•More effective collaboration with other independent functions focused
on managing risk and compliance
•Leveraging technology enabled auditing
• Improvements in control structure, including greater use of automated
controls; and
•Suggestions for improving and streamlining compliance
![Page 13: Internal Audit & Corporate Governance](https://reader031.fdocuments.net/reader031/viewer/2022012921/61c8f1ab0b372f1bfc646eb0/html5/thumbnails/13.jpg)
INTERNAL AUDIT LIMITATIONS
Positioning and reporting of the Internal Audit Department
Management’s influence
Lack of strong support from the Board.
Lack of Board evaluating the scope of Internal audit activities and discuss with CAE.
Lack of adequate resources and skills in terms of experience, training and staff shortage.
Lack of adequate budget to cover the significant risks and critical areas in the audit
plan.
Lack of adequate tools to automate and digitize the Internal Audit Activity.
Lack of adequate access and transparency to the information.
![Page 14: Internal Audit & Corporate Governance](https://reader031.fdocuments.net/reader031/viewer/2022012921/61c8f1ab0b372f1bfc646eb0/html5/thumbnails/14.jpg)
WHAT IA SHOULD DO TOSEEK SUPPORT
Escalating the limitations and concerns to the Audit Committee,
Board and Management on requirement of resources and tools which
may limit the effective functioning of Internal Audit department.
External and Internal quality assurance reviews may assist in
identifying the gaps on which improvement is required.
![Page 15: Internal Audit & Corporate Governance](https://reader031.fdocuments.net/reader031/viewer/2022012921/61c8f1ab0b372f1bfc646eb0/html5/thumbnails/15.jpg)
PERSEVERE AND IMPROVE
IA needs to expand and strengthen itself in following areas:
Adapting with changing technological landscape
Focus and strengthen itself in the areas of risk management and
governance
Use of quantitative skills and knowledge of risk.
Participate in value creation
Use knowledge of enterprise risks
Bring discipline to risk management activities,
Strengthen control design and effectiveness, continuous monitoring &
enhance compliance.
![Page 16: Internal Audit & Corporate Governance](https://reader031.fdocuments.net/reader031/viewer/2022012921/61c8f1ab0b372f1bfc646eb0/html5/thumbnails/16.jpg)
AUTOMATION
Digitize The Internal Audit;
Implementation Of Data Analytics Tool;
IA Needs To Utilize Mainstream Technology;
Data Mining And Analytics;
Graphical Audit Reporting;
Issue Tracking.
![Page 17: Internal Audit & Corporate Governance](https://reader031.fdocuments.net/reader031/viewer/2022012921/61c8f1ab0b372f1bfc646eb0/html5/thumbnails/17.jpg)
GROUP LEVEL ISSUES (PARENT AND SUBSIDIARY)
Uniform implementation of key policies, such as whistle-blower policy,
across the entire group irrespective of the size and location of
subsidiaries.
Internal Audit can implement technology-based solutions to monitor and
review the group activities as a whole.
Related Party transactions.
![Page 18: Internal Audit & Corporate Governance](https://reader031.fdocuments.net/reader031/viewer/2022012921/61c8f1ab0b372f1bfc646eb0/html5/thumbnails/18.jpg)
WHAT IS REQUIRED FROM BOARD?
Facilitate effective, high quality communication
Elevate stature and perspective
![Page 19: Internal Audit & Corporate Governance](https://reader031.fdocuments.net/reader031/viewer/2022012921/61c8f1ab0b372f1bfc646eb0/html5/thumbnails/19.jpg)
THREE LINES OF DEFENCE
![Page 20: Internal Audit & Corporate Governance](https://reader031.fdocuments.net/reader031/viewer/2022012921/61c8f1ab0b372f1bfc646eb0/html5/thumbnails/20.jpg)
FUTURE OF INTERNAL AUDITING
RBIA (Risk Based Internal Audit) focuses more on objectives and high-risk impact
areas instead of simply examining internal controls, it may just be the tool of the
future.
Focus Areas to be covered by IA:
Corporate governance reviews
Audits of enterprise risk management processes
Reviews addressing linkage of strategy and company performance
Ethics audits
International Financial Reporting Standards (IFRS)
Social and sustainability audits
Disaster recovery testing and support
Source: Author's research conducted to five reports by the Institute of Internal Auditors
![Page 21: Internal Audit & Corporate Governance](https://reader031.fdocuments.net/reader031/viewer/2022012921/61c8f1ab0b372f1bfc646eb0/html5/thumbnails/21.jpg)
REGULATIONS IN OMAN
Oman’s Corporate Governance framework and regulations by Capital Market Authority
Oman (CMA) are regarded as one of the best not only in the region but globally.
The CMA brought a new Code of Corporate Governance in the year 2016 that had taken
corporate governance to an entirely new level. Recently, CMA also issued another code
applicable to Government Companies that will bring in unprecedented transparency,
objectivity and discipline to these companies and help protect public money.
CMA Regulation no.10/2018 has clearly explained the role of Audit Committee and
Internal Audit which have provided mandate to Internal Audit and strengthens the most
important pillar of Corporate Governance and the Internal Auditors can now discharge
their statutory obligations without fear of reprisal.
![Page 22: Internal Audit & Corporate Governance](https://reader031.fdocuments.net/reader031/viewer/2022012921/61c8f1ab0b372f1bfc646eb0/html5/thumbnails/22.jpg)
Internal audit is the primary resource of the audit committee in carrying out its duties and responsibilities and one of the cornerstones of good governance. - IIA
THANK YOU
![Page 23: Internal Audit & Corporate Governance](https://reader031.fdocuments.net/reader031/viewer/2022012921/61c8f1ab0b372f1bfc646eb0/html5/thumbnails/23.jpg)
QUESTIONS AND ANSWERS
- NEIL ARMSTRONG