DAA and GEP Orlando 20081 Audit & Compliance or Audit vs. Compliance.

DAA and GEP Orlando 2008 1

Audit & Compliance or

Audit vs. Compliance


Debbie Austin – CTCP, CFSA,

VP Fiduciary Compliance Manager

PNC Bank, Philadelphia, PA

Gary Pelcak – CTA, CFSA, CFE

Chief Audit Executive

Central National Bank, Junction City, Ks


AGENDA

• Introduction

• Rules of Engagement

• Differences and Similarities

• Role of Audit and Compliance in today’s Environment

• The relationship of continuous Auditing, Monitoring, and Assurance


AGENDA (cont)

• Key Steps to Implementation

• Benefits of an Audit / Compliance Partnership

• Summary

• Questions

• Closing


• Differences and Similarities– Both considered part of the Risk Management

Process– Audit Reports ultimately to the Board– Compliance reports to a joint risk committee– Compliance testing moved to IA


Some Definitions To Help UsInternal auditing is an independent, objective, assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.


Some Definitions to Help Us

Compliance is a broad term routinely applied to a financial institution’s responsibility to adhere to state and federal laws and regulations, many of which are intended to protect consumers.


Audit and compliance together should:

Add Value = Value is provided by improving opportunities to achieve organizational objectives, identifying operational improvement, and/or reducing risk exposure through both assurance and consulting services.


The audit function should provide

Assurance Services = An objective examination of evidence for the purpose of providing an independent assessment on risk management, control, or governance processes for the organization. Examples include financial, performance, compliance, system security, and due diligence engagements.


and should work with compliance on

Consulting Services = Advisory and related client service activities, the nature and scope of which are agreed with the client and are intended to add value improve an organization’s governance, risk management, and control processes without the internal auditor assuming management responsibility. Examples: counsel, advice, facilitation, training.


• Role of Audit and Compliance in today’s Environment– Today’s audit and compliance challenges

• Regulatory compliance & controls

• 12CFR 9.9(b) Continuous Audit - Audit of Fiduciary Activities

• Internal audit value and independence• Availability of skilled resources• Determining appropriate technology solutions

– Need for timely, on-going assurance over risk management and control systems


• Role of Audit and Compliance in today’s environment (cont)– Provide more frequent, more timely, analyses

to better manage control deficiencies and risk.


• The relationship of continuous Auditing, Monitoring, and Assessment– Continuous Auditing

• Method used to perform audit related activities on a continuous basis.

• Includes control and risk assessment• Performed by internal audit


– Compliance Monitoring• IA Schedule and Compliance Schedule• Specific Requests to IA• Dashboard

– conduct monthly “Where are we at?” and “What are you seeing?” meetings

• On the same committees• Invited to all Entrance & Exit Meetings• Copied on all reports & memos


– Continuous Monitoring• Processes to ensure policies / processes are

operating effectively and to assess adequacy / effectiveness of controls

• Performed by operational / financial management; audit independently evaluates adequacy of management activities


– Continuous Assurance• Combination of continuous auditing and audit

oversight of continuous monitoring


Relationship of Continuous Auditing/Monitoring/Assurance• Role of continuous auditing dependent on management’s role in

continuous monitoring of controls– Inverse relationship: the

greater the role of management, the less of a direct role of internal audit

• True continuous assurance – Depends on effective monitoring by

management of internal controls and Audit’s independent assessment of that function


Application Areas• Continuous control assessment

– Identification of control deficiencies– Identification of fraud, waste, abuse

• Continuous risk assessment– Examination of consistency of processes– Development of enterprise audit / compliance plan– Support to individual audits and compliance requests– Support / Follow-up on compliance recommendations


• Key Steps to Implementation– Establish the requirements for audit and

compliance objectives– Gain executive – level support– Ascertain degree to which management is

performing monitoring role– Select appropriate technology solutions– Identify information sources and gain access


• Key Steps to Implementation (cont)– Understand business processes and identify key

controls and risks– Build audit and compliance skill set– Manage and report results


• Benefits of an Audit /Compliance Partnership– Increased scope of audit activities– Increased ability to mitigate risk– Reduced cost of internal control assessment– Increased confidence in financial results– Improvements to financial operations


• Benefits (cont)– Reduced financial errors and potential for

fraud– Reduced revenue leakage for improved

bottom – line results– Sustainable and cost effective means to

support compliance


• Summary– Differences and Similarities– Role of Audit and Compliance in today’s

Environment– The relationship of continuous Auditing,

Monitoring, and Assurance– Key Steps to Implementation– Benefits of an Audit / Compliance Partnership

DAA and GEP Orlando 20081 Audit & Compliance or Audit vs. Compliance.

Documents

Transcript of DAA and GEP Orlando 20081 Audit & Compliance or Audit vs. Compliance.