Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
Audi-Wire Celebrating 25 years Page | 1 ISSUE # 2013/2
Weekly Newsletter
On behalf of the Executive, I would like to
welcome the Board of Governors for the 2013-
2014 term, led by the Chairman Mr. Larry
Kowlessar and Deputy Chairman – Mrs. Natasha
Elias-Wilson. I would also like to thank the
outgoing Board for their invaluable contribution
and support over the year. For the second year of
our Executive term, we intend to focus on building
both the Internal Audit Profession and Internal
Audit Professionals. The 25th
anniversary
activities held during the month of May 2013 were
from all reports quite successful. The Chapter
intends to continue the celebrations throughout the
year.
The Executive recognizes the need for the Institute
to ignite action in both the private and public
sector in promulgating the value of internal audit in
an organization's corporate governance structure,
especially given the current challenges presented in
our environment.
One of the key initiatives which we will be focusing
on during this calendar year will be the hosting of
one week of training seminars in September 2013.
We also intend to continue forging close
relationships with both the Public Sector and
Tobago Internal Auditors during the upcoming year,
with the aim of simultaneously building
relationships and technical competencies.
A Caribbean Region Workshop is scheduled for
September 2013 in Bahamas themed, “Set Sail on
Leadership……..Progress Together”, where Chapter
Leaders from across the Region will be gathering to
discuss issues affecting the profession and Chapters.
We encourage you to nominate yourself to serve in
the various activities held by the Chapter as your
Executive remains committed to building your
Chapter in Trinidad & Tobago, so that the Chapter
can remain on solid footing for another 25 years and
beyond.
Roger Ramdwar
President
Audi-
Wire NEWSLETTER
JULY 2013
L to R: IIATT President, Roger Ramdwar and IIA,
Inc. Chapter Relations Manager, Michael Russell
Audi-Wire Celebrating 25 years Page | 2 ISSUE # 2013/2
Neil Bhola Manager Advisory Services,
KPMG
It is 7:30 am on a Monday morning. You’re late for
work and approaching the traffic light at the
Churchill Roosevelt highway interchange. The light
turns amber. What do you do? Speed up or slow
down? Instinctively your decision should be pegged
against your values, principles and approach to risk,
in other words, your approach to risk management.
We all face risk management issues daily and make
decisions based upon our risk appetite and overall
objectives even though we may not have defined
these specifically. Similarly, all organizations
manage risks even though a formal Enterprise Risk
Management (ERM) system may not exist. If no
ERM existed in an organization there will be
absolutely no controls, no objectives, no guidance
nor direction-basically everyone will “do their own
thing” as they see fit. It’s quite clear that if this
were the case, such an organization cannot continue
to exist for too long.
As organizations, our approach to risk is at the very
minimum governed through established working
practices, organization objectives, hierarchy and
delegation of authority. Risks are managed through
embedded internal controls. This is the basic stage
of the ERM maturity continuum and although most
organizations tend to function within this stage for
some time, it is not a long term solution for
addressing risks as business complexities and
stakeholder influence increases. These changes may
expose varying risks appetites amongst functional
heads resulting in the acceptance of different
degrees of risk exposure and inconsistent
approaches to risk management. The above may
result in organizations accepting an unacceptable
risk exposure which could ultimately erode
stakeholder value and may also lead to missed
opportunities to improve performance. Risk
management must be seen as continuous process
whereby key risks are actively and continuously
identified, managed, monitored and reported on.
Internal Audit (IA) has a vital role to play in ERM
and should not be a passive spectator of the process,
particularly as the IIA Standards require IA to
evaluate the effectiveness and contribute to the
improvement of risk management processes. Indeed
IA as the pulse of the organization and with in-depth
knowledge of the risks and controls within various
departments, through the execution of internal audit
plans and development of risk assessments, has
strong knowledge of risks and how they are
currently being managed which would allow them to
contribute significantly to the establishment of a
formal ERM function. The unique position which
IA holds coupled with its independence and
objectivity should also place IA on the front burner
of any ERM initiative.
However, care must be taken to act in an advisory
role only with regard to decision-making and
responsibility for implementation of ERM activities
to avoid impairment of independence and
objectivity. The Board and Executive Management
must take overall responsibility for ERM and
accentuate its importance. The responsibility for
monitoring and reporting on risk management
efforts must reside with functional heads and not IA
(IA can facilitate the process if needed). Apart from
perception of independence being compromised, the
bigger issue is that risk management is everyone’s
responsibility. If department heads don’t accept this
responsibility and demonstrate this by actively
implementing monitoring and reporting
mechanisms, the entire ERM framework could fail.
Internal Audit’s Role in Enterprise Risk Management
Audi-Wire Celebrating 25 years Page | 3 ISSUE # 2013/2
IA can contribute significantly in promoting the
following ERM activities:
1 Embedding Risk Management Culture (Risk
Governance) – Assist the board and
management to understand the role of ERM by
emphasizing its relevance, importance and
impact on performance. This can be facilitated
through awareness sessions on ERM to firstly
the Board and Executive Management and, with
the latter’s support, the wider organization.
Once ERM is given its significance, then
designing the framework can commence. This
will include establishing a Risk Committee
(RC), defining risk appetites and risk rating
criteria, facilitating Enterprise Risk Assessments
(ERA) and agreement of key risks, managing,
monitoring and reporting by functional heads to
the RC on such risks as well as emerging risks.
2 Enterprise Risk Assessment – An ERA should
be conducted as the first phase of the program
where key risks should be identified and ranked
based on the company’s objectives, risk appetite
and tolerance levels. Risks should be ranked
based on possible impact on organizational
strategies and operations, and the likelihood of
occurrence. Input should be obtained from all
key stakeholders including management, the
board, the audit committee, legal counsel and
external auditors/regulators.
3 Monitoring and Reporting of Key Risks - Key
risks identified and agreed (based on their
rankings) should then be actively monitored and
reported upon. On-going monitoring and
reporting will assist in instilling formal
accountability by operational management to the
RC periodically (at least quarterly) on their keys
risks and how they are being managed.
4 IA’s Continuous Role and Assessment - IA
should also provide input to the RC based on
their activities and outcome of IA reviews.
Likewise, the work of the RC should also guide
the efforts of IA in addressing high priority areas
and adjusting its own risk assessment and IA
plan to reflect such. Finally, IA should
periodically conduct reviews of the ERM
framework and provide recommendations for
improvement where deficiencies are noted to
facilitate the continuous improvement of the
framework in accordance with the IIA
Standards.
Risk management is not a one-time activity. It is an
ongoing activity which has to be actively managed
and monitored. Also, ERAs should be updated at
least annually or more frequently upon the
occurrence of significant events such as mergers and
acquisitions, restructuring, new product launches
and changes in the external environment.
Internal Audit can take the lead in helping to
develop an ERM framework, but support and
ownership must come from the Board and Executive
Management.
So, whenever you’re faced with amber at a traffic
light, you should have assessed the impact and
likelihood of the risk of speeding up versus the
benefit derived from the desired outcome (saving a
few of minutes in traffic) and arrive at the
appropriate response consistently.
Neil Bhola: [email protected]
Audi-Wire Celebrating 25 years Page | 4 ISSUE # 2013/2
“When last has your IA function been
assessed?”
Standard 1300 – Quality Assurance and
Improvement Program
The chief audit executive must develop and maintain
a quality assurance and improvement program that
covers all aspects of the internal audit activity. Interpretation:
A quality assurance and improvement program is
designed to enable an evaluation of the internal
audit activity’s conformance with the Definition of
Internal Auditing and the Standards and an
evaluation of whether internal auditors apply the
Code of Ethics. The program also assesses the
efficiency and effectiveness of the internal audit
activity and identifies opportunities for
improvement.
1310 – Requirements of the Quality Assurance
and Improvement Program
The quality assurance and improvement program
must include both internal and external assessments.
Read more on this Standard at:
https://na.theiia.org/standards-guidance/mandatory-
guidance/Pages/Standards.aspx
Joanna Mrowicka, CIA, CGAP, CRMA
Recipient of the 10,000th
CRMA
As we cross the threshold into the 40th
anniversary
year of the Certified Internal Auditor® (CIA
®)
designation, we cannot help but marvel at how far
the profession has come over the last four decades.
When the first candidates sat for the CIA exam in
1974, they knew they were pushing the profession
into a new sphere of existence; one that would
solidify internal auditing as a distinguished
profession. The excitement they must have felt will
now be shared by those who pursue their
Certification in Risk Management Assurance™
(CRMA™).
The CRMA, The IIA’s most recently developed
designation, is a symbol of the evolution of the
profession and its commitment to rise to the
increasing demands placed on it by stakeholders. It
demonstrates a professional’s ability to evaluate the
dynamic components that comprise an
organization’s governance and enterprise risk
management program and provide advice and
assurance around these issues. As risk management
has taken a front row seat in the auditorium of issues
facing the profession today, it serves as an
invaluable credential for those seeking to build
confidence and credibility with stakeholders.
A Symbol of the Evolution of the
Profession
Audi-Wire Celebrating 25 years Page | 5 ISSUE # 2013/2
Although the first official CRMA exam will not be
administered until July, The IIA offered a limited
qualifying period in which those individuals with
extensive risk assurance, governance process,
quality assurance, and control self-assessment
experience could earn the designation by way of on-
the-job experience and current designations, as well
as thorough reference and background checks. The
IIA held a similar qualifying period in 1973 for the
CIA program, where more than 8,000 CIAs were
awarded. We have seen a similarly overwhelming
response for the CRMA and as a result, the 10,000th
candidate, Joanna Mrowicka, was awarded her
CRMA designation in May of this year.
Mrowicka is a shining example of the type of
professional who pursues the CRMA. As an
accomplished general internal auditor and member
of the Group for Risk Management in one of the
largest hospitals in Poland, she brings more than 14
years of experience in financial, organizational, and
management mechanism auditing to the table. The
CRMA is her third IIA designation, having already
earned her CIA and her Certified Government
Auditing Professional® (CGAP
®).
After learning about The IIA’s newest designation at
The IIA European Conference in Madrid in 2011,
she reviewed it with her employer and was
encouraged to pursue it. She credits her continual
pursuit of professional designations with helping her
succeed in her career. “I have my MBA, which
greatly helps me with regard to my risk management
responsibilities on a daily basis,” says Mrowicka. “I
pursued my CRMA because it is, within the world
of audit, the equivalent of what an MBA is to the
business community. I am proud to have both!”
Mrowicka’s employer, the Central Clinical Hospital
of the Ministry of Internal Affairs in Warsaw,
Poland, has 18 auditors on staff who focus on
quality management and a risk management team of
nine. She is the first of the group to earn the CRMA,
but her organization has set the expectation that all
those involved in risk management will earn their
CRMA within the next three years.
Mrowicka advises those who are considering sitting
for the exam to read extensively about Management
and take an active role in The IIA’s annual
Governance, Risk, and Control Conference, as well
as other applicable training opportunities. In
addition, she encourages exam candidates to seek
opportunities to gain experience in the practical
functioning of their organizations. She believes it is
well worth the investment of time and effort.
“Getting my CRMA is a confirmation of my
competence in the field of management, which I
think will help me further develop my career.”
Audi-Wire Celebrating 25 years Page | 6 ISSUE # 2013/2
Message from the Vice President, Global Professional Certifications –
The IIA, Inc.
Cyndi Plamondon, CIA,
CCSA, CFSA, CGAP, CRMA Vice President, Global
Professional Certifications
As you can imagine, the 2nd
quarter has been very
busy for the Professional Certifications Board,
Exam Development Committee, and our entire
headquarters’ certification team as we work toward
the launch of the first offering of Certification in
Risk Management Assurance™ (CRMA®) exam
and the introduction of the 3-part Certified Internal
Auditor®(CIA
®) exam on 1 July. Both of these
occurrences mark great milestones in the evolution
of The IIA’s certification program.
The CRMA has already been awarded to more than
11,000 individuals during the Professional
Experience Recognition (PER) period that ended 31
March. You’ll be introduced to our 10,000th
CRMA
certificant in this issue’s Certification Spotlight. If
you haven’t earned your CRMA and are considering
it, I encourage you to explore the CRMA special
introductory offer, now extended to 31 July.
The launch of our 3-part CIA exam also coincides
with the kick-off of our 40th
anniversary of the CIA
program. We will be celebrating at the upcoming
2013 International Conference, 14-17 July in
Orlando, and I invite you to take a nostalgic walk
through the last 40 years of progress in A Sign of the
Times. You too can contribute to the advancement
of our CIA program, by participating in our Delayed
Score Exam (DSE) if you are not currently certified
or authoring exam questions if you are. Learn more
about both opportunities in this issue.
In addition to preparing for these three auspicious
occasions, we continued the work of streamlining
processes and creating efficiencies for our
candidates. As of 30 April, the Document Upload
Portal became the official method of document
submission for all IIA certification programs.
Every day, we are working to lay the foundation for
the next 40 years of evolution for The IIA’s and
internal audit profession’s certification programs,
and it is truly an exciting time for me as an internal
audit professional to watch the bar be continually
raised as more and more audit professionals set their
sights on earning an internal audit credential.
For those of you who earned your credentials this
quarter, I congratulate you, and for those who are
continuing your journey, I applaud you. It takes
commitment to earn a designation, such as the CIA
or CRMA, and the rewards are endless as you
possess a new tool to showcase your competence
and enhance your credibility with stakeholders,
management, and your peers.
Take pride in your achievements and don’t forget to
visit the Certifications eStore for high-quality,
useful items that display your achievement.
Audi-Wire Celebrating 25 years Page | 7 ISSUE # 2013/2
The IIATT was a proud sponsor of the ISACA
Trinidad and Tobago Chapter Training Week which
took place the week of May 13 – 17, 2013. We
were happy to continue our relationship with
ISACA T&T in this venture and look forward to
partnering again in the future.
IIATT Partners with ISACA T&T for
2013 Training Week
IIATT 25th Anniversary
Gala Spotlight
Audi-Wire Celebrating 25 years Page | 10 ISSUE # 2013/2
Professional Centre, Rooms B301/302,
#11-13 Fitz Blackman Drive, Wrightson Road Ext.,
Port of Spain, Trinidad
Phone: 625-5558 Fax: 623-4560 Mobile: 769-1671
Email: [email protected]
Website: https://chapters.theiia.org/trinidad-and-tobago/Pages/default.aspx