PwC Role of Internal Audit in Corporate Governance September 2010 Tumin Gültekin, Partner.
-
date post
20-Dec-2015 -
Category
Documents
-
view
219 -
download
3
Transcript of PwC Role of Internal Audit in Corporate Governance September 2010 Tumin Gültekin, Partner.
PricewaterhouseCoopers 2
Internal Audit transformation
ContentsSection
Page
1. Determining the role of internal audit
3
2. Transforming the role regarding corporate governance
11
3. Questions
24
PricewaterhouseCoopers
Overall structure
Board / Audit Committee
Inte
rna
lau
dit
Executive Management
Risk Committee (not required)Risk Committee (not required)
Risk Management System
ORSA Process
Internal Model
Internal Control system
Risk Management Function
Actuarial Function
ORSA
Compliance function
PricewaterhouseCoopers 5
Determining the role of internal audit
As companies move toward enterprise risk management, Internal Audit must also evolve – or risk a diminished value proposition
20th Century InternalAudit Model
Controls assurance based on cyclical or routine audit plans
The Common InternalAudit Model
Controls assurance based on a risk-based internal audit plan
The Risk-CentricInternal Audit Model
Risk and control assurance based on the effectiveness of risk and control processes implemented by management
Source: Internal Audit 2012
If the view (among stakeholders) grows that all Internal Audit does is test controls, then resource levels will have to come down. Chief Audit Executive, Financial Services Industry
Traditional internal auditing will probably diminish in value if the organization moves towards formal risk management. Senior Executive, Rating Agency
PricewaterhouseCoopers 6
Determining the role of internal audit
Aligning Internal Audit activity to corporate risks; strategic objectives; driving stakeholder value
Source: PwC, composite of various studies of US and UK markets
60% 20% 15% 5%
Strategic & business
• Strategic, operational and business risks underlie 80% of the rapid declines in shareholder value.
• Gaps exist between the current focus of many Internal Audit functions and the significant risks their organisations face.
• Over the past five years, internal auditors have been concentrating on basic financial reporting and compliance risks.
Operational Financial Compliance
PricewaterhouseCoopers 7
Determining the role of internal audit
Internal Audit functions need to have a clear view of where they want to be positioned
“Controls-focussed”“Strategic/Operational
focus”
PricewaterhouseCoopers 8
Some of the typical gaps in the role of internal audit
Gaps common to many internal audit functions
1 Risk assessment typically not aligned with drivers of shareholder value
2 Internal audit activities focus on low value activities and controls or replicates external audit procedures
3 Financial and human resource limitations and constraints
4 Use of technology tools is limited and they are not integrated
5 Audits are planned with overly broad objectives and scope
6 Routine audits do not fully leverage available data analytical tools
7 Assignment process and travel requirements create significant process inefficiencies
8 Communications (reports, etc) and ratings consume significant resources
9 Recommendations are not impactful
10 Process is weighted toward repetition vs. relevance
Gaps in coverage and inefficient processes are also driving a need for change
Determining the role of internal audit
PricewaterhouseCoopers 9
Internal Audit transformation
Transforming the role regarding corporate governance
PricewaterhouseCoopers 10
How internal audit can add value
Strategy Organization
Technology People
Process
Organization
• Board expectations
• Dynamic mission vs. static / limited purpose
• Organisational alignment
• Flexibility
People
• Stature across enterprise
• Achieve mission/objectives
• Attract and retain talent
• Source of talent
• Successful progression to management roles in the organisation
• Potential leaders of departments or business units
Strategy Implementation
• Enterprise strategy
• Stakeholders’ expectations
• Shareholders value drivers
• Risk management alignment
Technology
• Effective utilisation
• Enhance risk-based approach
• Leveraged to change process
• Substitute for labor Process
• Process efficiency
• Willingness to change
• Effective communicationTransforming the role regarding corporate governance
PricewaterhouseCoopers 11
How internal audit can add value – Solvency II related
Strategy Organization
Technology People
Process
• ORSA
• System of governance
• Internal control system
• Risk management system
• Solvency II project
• Policy and procedures, documentation
• Responsibilities
• Proper resource and expertise
Assessment and improvement of...
• Risk management strategy
• Stakeholders’ expectations
• Policies
• Investment
• Reinsurance
• Risk etc
• Data requirements
• IT systems and architecture
• Data quality and consistency
• Model
• Technical provisions
• Systems security and controls
Transforming the role regarding corporate governance
• Reporting
• Management
• Internal
• External
PricewaterhouseCoopers 12
An approach to transforming internal audit
Strategic Objectives
• Understand what the strategic objectives of the organisation are
Stakeholder Value
• Understand what drives/devalues stakeholder value within the organisation
Strategic Risks
• Understand what the strategic risks of the organisation are
Strategy & Risk People Process Technology
Capabilities Assessment
• Inventory of existing skills
• Conduct gap analysis
• Determine adequacy of resources to respond to all key risks
Talent Management
• Use of internal and external resources
• Consider implementing a rotational staffing model to attract and retain talent
Audit Cycle Improvements
• Align Internal Audit with organisation’s strategic objectives
• Reduce audit cycle time by conducting more targeted audits
• Increase value derived from focus on higher-risk areas
• Improve communication to stakeholders through concise, impactful reports
Optimisation of Technology
• Reduce the labor content of audits by increasing the effectiveness of lower-risk audits
• Provide real time monitoring of significant risks
• Explore areas where technology can streamline or standardise a process
• Test entire data populations electronically
Transforming the role regarding corporate governance
PricewaterhouseCoopers 13
Value enhancement and efficiency
This approach is focused on aligning the IA strategy with the value-producing processes and activities of the organisation, while streamlining the IA operations to drive efficiency
Process
Technology
Operating Strategy
Internal Audit Strategy
Organisation
People
Process
Technology
Value Enhancement Focus
Improving Inefficiencies & Managing Costs
Company Strategy / Shareholder Value Drivers/ Strategic Risks
Transforming the role regarding corporate governance
PricewaterhouseCoopers 14
Transformed vs. traditional risk assessment approach
Audit plan
Identify Stakeholder Value Creating Activities
Understanding Enterprise Risks (Strategic, Financial, Operations, Compliance)
Evaluate Impact to Shareholder Value
Define Audit Universe (eg geography, business unit)
Identify Risks (financial operations, compliance)
Evaluate Impact of Risks within Audit Universe
Traditional Approach
Traditional “bottom-up” approach based on stakeholder interviews and analysis. Focus is on coverage of identified risk areas, geography and business operations.
Stakeholder Value Based Approach
“Top-down” approach where coverage is driven by issues that directly impact shareholder value, with clear and explicit linkage to strategic issues of the organisation.
Transforming the role regarding corporate governance
PricewaterhouseCoopers 15
Some strategies for strengthening the role of internal audit in corporate governance
Strategies
1Identify stakeholder expectations of internal audit; ask what management, the board, and the audit committee value
2 Assess overall governance structure, policies, corporate culture and ethics
3 Assess risk management structure and activities
4 Link the company’s strategic objectives and shareholder value drivers to internal audit’s scope
5 Consider how previously unaudited areas might be audited, then align auditable risks to the audit plan
6 Eliminate routine, low-value audits
7 Assess financial governance and reporting processes; and fraud control and communications process
8 Identify inefficient processes, develop implementation plans for process efficiencies
9 Review updated internal audit plan, along with cost-reduction ideas, with key stakeholders to gain support
10 Implement (add measurement, feedback and adjustment processes for continuous improvement)
What would be the greatest strategic value internal audit could and should contribute?How could do the companies manage the risks to shareholder value?
Transforming the role regarding corporate governance
PricewaterhouseCoopers 17
Internal Audit transformation
PwC – enhancing the value delivered by internal audit
© 2009 PricewaterhouseCoopers. All rights reserved. “PricewaterhouseCoopers” refers to the network of member firms of PricewaterhouseCoopers International Limited, each of which is a separate and independent legal entity. *connectedthinking is a trademark of PricewaterhouseCoopers LLP (US).