Embed Size (px)
Citation preview
The Auditor’s Role in Governance:
Emulate, Evaluate, Educate
Lori Cox, CIA, CGAPIIA Tucson Chapter President
Director – Internal Audit, Pima Community College
2
Agenda•Governance Defined•Governance Activities •Common Governance Components •Related Standards•Auditor Roles Defined•Navigating Roles•Challenges in the Auditor’s Role•Navigating Politics
The Auditor’s Role in Governance
3
What is Governance?
Provide an example of Governance.
Governance Defined
The whole set of legal, cultural, and institutional arrangements that determine what organizations can do, who controls them, how that control is exercised, and how the risks and returns from the activities they undertake are allocated.
Margaret Blair, 19954
Governance Defined
Governance involves a set of relationships between an organisation’s management, its board, its stakeholders and other stakeholders. Governance also provides the structure through which the objectives of the company are set, and the means of attaining those objectives and monitoring performance are determined.
The Organisation for Economic Co-operation and Development (OECD)
5
Governance Defined A set of processes, controls, and structures generally performed within the organization by, or on behalf of, stakeholders (including the board or other body directly appointed by stakeholders – for example, a community oversight board) to ensure that that their interest are protected and their goals are achieved. The objective of organizational governance is to ensure that management is acting appropriately and consistently within the interest of stakeholders.
Norman Marks, IA Professional, Author, Blogger6
Governance Defined
Governance can be defined as the mixture of processes, procedures and structures implemented by management and the board to inform, direct, manage, and monitor organizational activities.
The Institute of Internal Auditors
7
Governance Defined
Effective governance includes systems and associated processes and controls that promote: ethics and values; performance and accountability; risk communication; and coordination and communication among the board, external and internal auditors, and management.
IIA Research Foundation
8
Governance Purpose
The purpose of organizational governance is to facilitate effective and prudent management that can deliver long-term success to the organization.
9
Governance Activities Governance activities exist to help the organization meet its objectives in being well-run and accountable to its stakeholders. Governance begins with the board or oversight body.The board must understand and focus on the needs of key stakeholders.Day-to-day governance is executed by the management and the organization.
10
Common Governance Components
1. Board of Directors and Committees2. Laws and Regulations3. Business Practices and Ethics4. Disclosure & Transparency 5. Enterprise Risk Management6. Monitoring 7. Communication
OECD
11
IIA Requirements
Standard 2110The internal audit activity must assess and make appropriate recommendations for improving the governance process in its accomplishment of the following objectives:Promoting appropriate ethics and values within the organization;Ensuring effective organizational performance management and accountability;Communicating risk and control information to appropriate areas of the organization; andCoordinating the activities of and communicating information among the board, external and internal auditors, and management.
12
Auditor’s Role in GovernanceDefined
Emulate
Exemplifying effective governance and living and modeling the
organization’s values – in short, “walking the talk”.
13
Auditor’s Role in GovernanceDefined
Emulate
Exercise:
What are three ways Internal Audit can emulate governance?
14
Auditor’s Role in GovernanceDefined
Evaluate
Conducting assessments of the organization’s governance; this
may include evaluating the ethical culture, performance and
management, risks, and controls.
15
Auditor’s Role in GovernanceDefined
Evaluate
Exercise:
What are three ways Internal Audit can evaluate governance?
16
Auditor’s Role in GovernanceDefined
Educate
Provide the board, management, and staff with the information and
guidance necessary to effective discharge their governance duties.
17
Auditor’s Role in GovernanceDefined
Education
Exercise:
What are three ways Internal Audit can provide governance education?
18
Exercise Auditor Role? If so, how?
Assist board of directors in its self-assessment and best practices.
Assess Audit Committee effectiveness and compliance with regulators.
Review the audit committee charter and help legal counsel.
Help management and the audit committee hold people accountable.
19
Exercise, Cont. Auditor Role? If so, how?
Bring best practices ideas about internal controls and risk management processes to audit committee members and management.
Verify that the organization has identified assigned responsibilities and addressed all of the key legal and regulatory requirements.
Look for opportunities to leverage compliance activities and capabilities to reduce costs and improve performance.
Review the code of conduct and ethics policies, making sure they are periodically updated and communicated to management and employees.
20
Exercise, Cont. Auditor Role? If so, how?
Perform an ethics review to assess the understanding and perception of compliance across organizational levels.
Adhere to audit standards. Participate in ongoing dialogue with
general counsel, chief financial officer, and other senior management officials.
Inventory organizational risk compliance activities and strive to integrate them into a common methodology.
21
Exercise, Cont. Auditor Role? If so, how?
Develop a code of ethics and conduct for auditors and have each member of the department/team sign acknowledging the code, including the CAE.
Provide leadership workshops to management and staff.
Assist process owners in understanding, assessing, designing, and documenting controls.
Perform a strategic corporate governance audit or ensure one is conducted.
22
Exercise, Cont. Auditor Role? If so, how?
Conduct annual audits and report the results to management and the audit committee.
Administer and organization-wide climate survey.
Serve in the ethics oversight role or confer with the organization’s ethics officer.
Facilitate identification of key risk areas for the organization as well as all key processes.
23
Exercise, Cont. Auditor Role? If so, how?
Include information about corporate governance in audit reports.
Advise the board and management on the needed improvements and changes in the governance structure and design.
Conduct audit surveys after each engagement – including assessments of auditor professionalism – and provide a copy of the results to the audit committee.
Assist in establishing a governance communications calendar and solicit input on needs and articles across the organization.
24
Navigating the Auditor’s Role
Emulating…Living organization’s values - walk the talk.Conduct training and stress the importance of adherence to ethical standards.Hire carefully.Communicate regularly. Promote transparency.Follow the rules.
25
Navigating the Auditor’s Role
Evaluating…Implement the required standards.Include governance evaluations in audits (as applicable and appropriate). Utilize data and available tools. Monitor implementation of strategic plans.
26
Navigating the Auditor’s Role
Educating…Present options and recommendations.Benchmark where possible.Communicate risk and control information to appropriate areas of the organization.Promote ethics and values.Facilitate training/workshops. Act as a catalyst for change, advisior or advocating improvements to enhance the organization’s structure and practices.
27
Governance ChallengesDiversity of audience. Remaining independent and
objective, yet being part of the organization.
Constant development of business knowledge, insight, good judgment, and communications.
No one-size-fits-all method to improve organizational governance.
28
Governance Challenges
No governance system, no matter how well designed, will fully prevent
greedy, dishonest people from putting their personal interest ahead of the
interests ahead of others or the interest of their organization.
29
Addressing Governance Challenges & Navigating
PoliticsRamp up communications.Place renewed focus on risk
management and governance process. Strengthen the risk assesment process. Operate with a more flexible and
adaptable plan.
30
Addressing Governance Challenges & Navigating
PoliticsStrengthen business knowledge.Strengthen your relationshsips and
communications with the organization’s other governance, risk, and control functions.
Enhance the efficiency of your audit process.
31
Addressing Governance Challenges & Navigating
PoliticsBe open and honest.Don’t “discriminate” when sharing
information with the oversight body.Be aware of political “firestorms”. Pick you battles. Walk the talk.
32
Summary
The auditor’s role is challenging.Emulate – Walk the talk Evaluate – ReviewEducate – InformBe cognizant of politics but don’t be
“political”.Rise to the challenge.33
