View
221
Download
3
Category
Tags:
Preview:
Citation preview
Els HostynPartner
Internal Audit, Risk & Compliance ServicesForensic
13 October 2009
FORENSIC
ADVISORY
Internal Audit and other assurance providers
2
MANAGE RISKS: Sound risk governance based on the three lines of defense model, puts Risk as part of the daily conversation and views Risk from an enterprise-wide perspective. The CRO not only needs to have a seat at the table but is to be an active participant in all key business decisions.
REVISE STRATEGY: If you are able to make the right strategic changes to your business now, you can significantly increase your competitive advantage in the future. Reviewing strategic choices depend on the state the company is in today (stressed – distressed – at risk - robust companies).
SECURE FINANCING: Credit will remain scarce for some time and banks will be more selective in providing it. Debt renegotiation and corporate financial restructuring will be at the heart of challenging discussions with the lenders, with sound cost management practice as a prerequisite.
Challenges for succeeding in turbulent timesChallenges for succeeding in turbulent times
5 themes stand out:
CASH IS KING: Unlike sales, costs and margins, working capital management is generally given little or no attention. And yet it is a key indicator for companies, not only of their financial management but also of their operational management of the purchasing cycle, sales cycle, as well as of inventory.
SAVE COSTS: Key challenge is to move to a low cost operating model that preserves flexibility and capacity to respond to future change, while embedding rigorous cost management and culture throughout the organization.
3
Increase added valueIncrease added value
4
Challenges & responses for Internal AuditChallenges & responses for Internal Audit
Continuous & Cost-efficient
Auditing
Integrated assurance
Increased added value
Strive for integrated assurance
5
New practice advisoryNew practice advisory
2050 Coordination
The chief audit executive should share information and coordinate activities with other internal and external providers of assurance and consulting services to ensure proper coverage and minimize duplication of efforts.
6
Classes of assurance providersClasses of assurance providers
Those who report to management and/or are part of management
Those who report to the board, including internal audit.
Those who report to external stakeholders
7
Different risk and control functionsDifferent risk and control functions
Internal auditExternal auditComplianceFraudQuality, Health & SafetyRisk managementSecurityLine managementBudgeting and controllingSustainability…
8
Roles & ResponsibilityRoles & Responsibility
Executive Management
and Group Board
1ST
2ND
3RD
The three lines of defence provide increased comfort
Business operations: Establish the risk and control environment
Oversight Functions: Corporate Risk Management, Finance, Treasury, etc
Strategic management, policy setting, functional oversight
Internal Audit: Independent challenge and assurance
Risk
Risk
Risk
Where are you ?
9
Internal Audit and External AuditInternal Audit and External Audit
Focus
Management
Audit Committee
Standards
Approach
Independence
Results
Risk and Control
Follow up
10
Internal Audit and Risk ManagementInternal Audit and Risk Management
11
Internal audit and fraud
1200 – Proficiency and Due Professional Care
1210-A2 – Internal auditors must have sufficient knowledge to evaluate the risk of fraud and the manner in which it is managed by the organization, but are not expected to have the expertise of a person whose primary responsibility is detecting and investigating fraud.
1220 – Due Professional Care
1220. A1 – Internal auditors must exercise due professional care by considering the:
•Extent of work needed to achieve the engagement’s objectives;
•Related complexity, materiality, or significance of matters to which assurance procedures are applied;
•Adequacy and effectiveness of governance, risk management, and control processes;
•Probability of significant errors, fraud, or noncompliance; and
•Cost of assurance in relation to potential benefits.
2060 – Reporting to Senior Management and the Board
The chief audit executive (CAE) must report periodically to senior management and the board on the internal audit activity’s purpose, authority, responsibility, and performance relative to its plan. Reporting must also include significant risk exposures and control issues, including fraud risks, governance issues, and other matters needed or requested by senior management and the board.
12
Internal audit and fraud
2120 – Risk Management2120. A2 – The internal audit activity must evaluate the potential for the occurrence of fraud and how the organization manages fraud risk.
2210 – Engagement Objectives2210. A2 – Internal auditors must consider the probability of significant errors, fraud, noncompliance, and other exposures when developing the engagement objectives.
13
Internal audit and Quality audit
• Organizational
• People • Scope/objectives
• Fieldwork • Regulations
14
Single audit Single audit
SINGLE AUDIT ?
Leve
l of (
inhe
rent
) ris
k(=
f(im
pact
, pro
babi
lity)
)
Current level of risk management (indicative of exposure to risk)
Hig
hLo
w
HighLow
Quadrant IIInternal audit performs
assurance work: “Is management correct in assessing these risks as
under control?”
Area of ex-post control. If no assurance can be given, back
to QI
Quadrant IManagement action plans
answer:”How can we manage the risk in a cost-
effective manner?”
Finance Inspection performs ex-ante review
Quadrant IIIInternal audit performs
advisory work: “Can these controls be reduced to free
means for QI management?”
Area of ex-post control. Traditional area of micro
management
Quadrant IVManagement and project monitoring: “Aren’t these risks evolving in a manner they need to be managed
more actively?”
Lower priority ex-ante review by Finance Inspection
15
The integrated assurance mapThe integrated assurance map
Role of the internal auditor ? Internal Audit to express an ‘integrated’ opinion on internal control ? Are we ready for the challenge ?
IIA Practice Guide on ‘Formulating and Expressing Internal Audit Opinions’
16
The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation.
© 2008 KPMG [Insert Legal Entity]), a Belgian civil CVBA/SCRL and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Belgium.
Presenter’s contact details:
Els Hostyn
PartnerKPMG Advisory+32 2 708 43 62ehostyn@kpmg.comwww.kpmg.be
Recommended