Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
1CONNECT WITH THE IIA CHICAGO CHAPTER: @IIACHI | #IIACHI | WWW.FACEBOOK.COM/IIACHICAGO | HTTPS://WWW.LINKEDIN.COM/GROUPS/1123977
Small Audit Teams Can have a Big ImpactKATHY CODDINGTON, SR. DIRECTOR AUDIT & COMPLIANCE, TRIBUNE MEDIAINA ANDERSON, SR. MANAGER, DELOITTEAPRIL 1 , 2019
2
Agenda
Small Audit Teams Can have a Big Impact
Introductions
How Internal Audit faced the challenge
Questions and answers
© Institute of Internal Auditors 2019 3
Featured Guest Speakers
4
Tom Caputo, VP Audit & Compliance
Bill Moran, Director IT Audit
Calvin Stauffer, Audit Manager
Mayra Arellano, Sr. Internal Auditor
© Institute of Internal Auditors 2019 IIA CHICAGO CHAPTER | JOIN US: @IIACHI 5
Small Audit Teams Can have a Big Impact
Objectives
Small Audit Teams Can have a Big ImpactHow Internal Audit faced the challenge
- Creating clarity around Internal Audit’s value proposition- Employing effective branding- Delivering on key value drivers
6
7
Before we begin, we’d like to know more about you…
8
Creating clarity around Internal Audit’s value proposition
© Institute of Internal Auditors 2019 IIA CHICAGO CHAPTER | JOIN US: @IIACHI 9
Media EvolutionThe media industry has witnessed accelerating change since the introduction of the printing press in 1440
Tribune Media’s Evolution
© Institute of Internal Auditors 2019 IIA CHICAGO CHAPTER | JOIN US: @IIACHI 10
Pre-1950 1950s-1980’s 1990’s 2000-2006 2007-Present
Tribune Media’s Milestones
Media Milestones
© Institute of Internal Auditors 2019 IIA CHICAGO CHAPTER | JOIN US: @IIACHI 11
Tribune Media Company Snapshot$2 billion2018 operating
revenue
42 TV stations
44% US coverage
Creating Clarity around Internal Audit’s Value Proposition
© Institute of Internal Auditors 2019 IIA CHICAGO CHAPTER | JOIN US: @IIACHI 12
CHARTERINTERNAL AUDIT MISSION
Enhance and protect organizational value by
providing timely, risk-based and objective assurance,
advice, and insights.
© Institute of Internal Auditors 2019 IIA CHICAGO CHAPTER | JOIN US: @IIACHI 13
Internal Audit’s Value Proposition
Company operations and
controls expertise
Risk identification and mitigation
Synergy and best practices identification
Objective measurement of success for key
initiatives
Conduit across business functions
Compliance monitoring and
facilitation
TextUltimately Internal Audit can influence other business functions through the visibility and credibility it possesses
Independent project
management assessment
Internal Audit
© Institute of Internal Auditors 2019 IIA CHICAGO CHAPTER | JOIN US: @IIACHI 14
Internal Audit’s Value Proposition
Compliance Activities & Ethics
Hotline
SOX PMO, Testing and Remediation
Mergers, Acquisitions & Divestitures
Investigations
ERM
Operational & Risk-Based
Projects
Financial Technology
Operational Ethics & Compliance
Risk-Based Audit Plan
Strategic
IT Projects
Systems Implementation Assessments
15
Employing effective branding
© Institute of Internal Auditors 2019 IIA CHICAGO CHAPTER | JOIN US: @IIACHI 16
Creates a visual symbol that represents who we are
Team Logo Stakeholder Perception
Invites customers to get to know you
Stakeholder Influence
Reinforces and communicates values and principles
Impact on Value
Provides instant recognition on deliverables
Effective Branding of Internal Audit
Internal Audit
Our Deliverables
© Institute of Internal Auditors 2019 IIA CHICAGO CHAPTER | JOIN US: @IIACHI 17
D
DASHBOARDS OPERATIONAL ANALYTICS SOX 404
18
Delivering on key value drivers
Key Value Drivers
Right Direction
Alignment with
Stakeholders
Right People Talented Core
Team, JIT resources
Right Process Flexible, risk-
aligned, meaningful deliverables
Right Tools Value-Driven technology
19
The Right DirectionKey Drivers
Speaker:Tom Caputo
© Institute of Internal Auditors 2019 IIA CHICAGO CHAPTER | JOIN US: @IIACHI 20
© Institute of Internal Auditors 2019 IIA CHICAGO CHAPTER | JOIN US: @IIACHI 21
The Right Direction?
Risk Assessments
Risk Universe
Components, Objectives,
and Priorities
Audit Universe
Prioritize projects and
available resources
Internal Audit Plan
Tribune’s Audit Planning Process
Audit Plan
A flexible, risk-aligned
Audit Plan starts with
understanding risks and
stakeholder expectations
© Institute of Internal Auditors 2019 IIA CHICAGO CHAPTER | JOIN US: @IIACHI 22
• Enterprise Risk• Fraud Risk• SOX 404• Prior Audit Results
• Business Units• Business Processes• Technology• Company Strategy• Stakeholder
Expectations
• Mandated activities• Committed projects• Audit universe
Audit Plan - Internal Audit Activities
© Institute of Internal Auditors 2019 IIA CHICAGO CHAPTER | JOIN US: @IIACHI 23
Key Risk Area DescriptionQ1 ’18
Q2 ‘18
Q3 ’18
Q4 ’18
Q1 ‘19 Comments
Business Continuity
Re-assess status of Tribune Media’s Business Continuity plans
________________________________________ ________________________________________
ERM, Governance & Compliance
Department of Justice Antitrust Compliance (new responsibility)
________________________________________ ________________________________________
New Accounting Standards
Readiness assessment and review of new/enhanced controls
________________________________________ ________________________________________
FCC Spectrum and Repack
Evaluate processes, risks and controls over accounting and related operational activities
________________________________________ ________________________________________
Third Party Agreements
Inventory and risk-rank significant agreements, identify audit rights, etc.
________________________________________ ________________________________________
Completed In Progress Planned Deferred
© Institute of Internal Auditors 2019 IIA CHICAGO CHAPTER | JOIN US: @IIACHI 24
The Right PeopleKey Drivers
Internal Audit Transformation
25
SOX Approach, Rationalize Controls
Implementation Reviews
Risk-Based Audit Plan/ERM
Refresh IA Mission, Tools, Deliverables
Internal Audit Transformation
SOX Testing Plan
Documentation
Controls
Management Awareness
Transforming Into One Team
26
Team Engagement
Accountability
Coordination
OPP
OR
TUN
ITIE
S
Standard, streamlined
Key Learnings
Continued Evolution
TransformationObjectives
Resources and Expertise
27
VP/Internal Audit
Sr. Director/ Internal Audit
Director/IT Audit
Deloitte Financial Audit Team
Manager/Internal Audit
Sr. Auditor Intern (PT)
Deloitte Partner
Deloitte Engagement Management
Deloitte IT Audit Team
Audit Committee(Functionally)
Chief Financial Officer(Administratively)
Intern (PT)
Celebrate Your Successes!
© Institute of Internal Auditors 2019 IIA CHICAGO CHAPTER | JOIN US: @IIACHI 28
© Institute of Internal Auditors 2019 IIA CHICAGO CHAPTER | JOIN US: @IIACHI 29
The Right ProcessKey Drivers
Speaker:Bill Moran
Risk-based, Value driven,
Timely
Collaboration, Transparency, Accountability
Frequent Communication, MeaningfulDeliverables,
Ongoing insights
Flexibility, Adaptability
Leverage analytics
for insights and
outliers
Adjust as you go; dothe “right” amount
of work at the right time
Timely, Risk-based and Objective, Advice and Insights
30
APPROACH BENEFITS
• Internal Audit viewed as a partner not an adversary
• Iterative risk assessment aligns with changing business needs
• Time and effort focused on things that matter
• Risk-specific insights and deliverables provided throughout the audit project
• Stakeholder collaboration and buy-in allows for practical and relevant outcomes
Process to Remediation
31
IT General Controls
Material WeaknessIdentified in 2015
Control Type Segment Application2014
Deficiency2015 Deficiency
Assessment Control Deficiency Aggregation factorsAggregation Assessment Material Weakness Factors
TV&E Medea CD
TV&E SIMS CD
Gracenote Salesforce CD
TV&E WideOrbit Traffic CD
TV&E WideOrbit Networks - CD
Gracenote Oracle CD
Corporate Workday CD
Corporate G Treasury - CD
Gracenote People to Oracle - SD
TV&E WideOrbit Networks - CD
Corporate PeopleSoft to Workday CD
SIMS CD
WideOrbit Traffic (Database)
CD
Corporate Workday - CD
Gracenote Salesforce CD
Oracle CD
SalesForce CD
Corporate Workday SD
WideOrbit Traffic CD
WideOrbit Networks CD
SIMS CD
Computer Operations
Corporate Workday CD* Inappropriate access to integrations(EIB) modify, schedule and launch privileges. CD
IT Governance All All CD * No IT governance process in place CD
Change Management
* Enterprise wide change management process was not consistently implemented throughout the fiscal year.* Not all changes flowed through the formalized change management process.* For changes that followed the change management process, management was unable to provide substantiation of effective testing for all changes.* Ineffective change population monitoring by management
SD
* Significant technology changes without a consistent change management process increased the risk of accidental, inappropriate or unauthorized changes that are not identified timely.
* More than half of the direct financial controls have some degree of underlying IT dependencies (Reports, application controls, workflows, etc)
* Inconsistent control effectiveness during the year. Some controls failed multiple times. (Control Failure Rate - Interim 50% Rollforward/Remediation 25%)
* Go forward sustainability could not be assessed before year end
* Pervasiveness of control issues across all financially critical systems - compensating controls are not designed a level of precision to fully mitigate related risks
* Standard/consistent IT Governance is not in place across all segments of the organization
* Control owners were not always clearly defined and related responsibilities were not consistently understood
* Repeat SD from prior year around SDLC and Change Management
* Pervasiveness of SoD issues across all systems - control was either not present or compensating controls are not designed at a level of precision to fully mitigate related risks
* Lack of understanding of the impact of certain security roles with Workday which lead to certain users being granted inappropriate access to auto complete EIBS that may enable users to bypass automated review and approval workflow
* Limited controls governing the use of EIB autocomplete feature within Workday
SDLC
* Unable to validate proper testing occurred for the implementations* Performance of implementation controls could not be substantiated.* Business Process design and security around auto-complete EIB uploads not fully considered and/ or documented.
SD
ITGC Security
TV&E
* Limited understanding of intersection security within Workday and its impact on EIB Integrations* Inappropriate access granted around roles that enabled users to utilize automcomplete EIB integrations that can potentially bypass of business review and approval workflow with Workday* SoD Issues identified during the semi annual user access review
SD
SOD
Gracenote* User identified with privileged access to both Database and application level (3)* Management did not perform SoD review for in broadcast revenue & broadcast rights systems in 2015* All results from the Oracle SoD review were not properly remediated during 2015* Workday annual SoD review did not include assessment of access to EIB intregations
SD
TV&E
For Powerpoint
Control TypeSegmentApplication2014 Deficiency2015 Deficiency AssessmentControl Deficiency Aggregation factorsAggregation AssessmentMaterial Weakness FactorsITGC Aggregation Roll-Up
Change Management TV&EMedeaüCD* Enterprise wide change management process was not consistently implemented throughout the fiscal year.* Not all changes flowed through the formalized change management process.* For changes that followed the change management process, management was unable to provide substantiation of effective testing for all changes.* Ineffective change population monitoring by managementSD* Significant technology changes without a consistent change management process increased the risk of accidental, inappropriate or unauthorized changes that are not identified timely.
* More than half of the direct financial controls have some degree of underlying IT dependencies (Reports, application controls, workflows, etc)
* Inconsistent control effectiveness during the year. Some controls failed multiple times. (Control Failure Rate - Interim 50% Rollforward/Remediation 25%)
* Go forward sustainability could not be assessed before year end
* Pervasiveness of control issues across all financially critical systems - compensating controls are not designed a level of precision to fully mitigate related risks
* Standard/consistent IT Governance is not in place across all segments of the organization
* Control owners were not always clearly defined and related responsibilities were not consistently understood
* Repeat SD from prior year around SDLC and Change Management
* Pervasiveness of SoD issues across all systems - control was either not present or compensating controls are not designed at a level of precision to fully mitigate related risks
* Lack of understanding of the impact of certain security roles with Workday which lead to certain users being granted inappropriate access to auto complete EIBS that may enable users to bypass automated review and approval workflow
* Limited controls governing the use of EIB autocomplete feature within WorkdayMW
TV&ESIMSüCD
GracenoteSalesforceüCD
TV&EWideOrbit TrafficüCD
TV&EWideOrbit Networks-CD
GracenoteOracleüCD
CorporateWorkday üCD
CorporateG Treasury-CD
SDLCGracenotePeople to Oracle-SD* Unable to validate proper testing occurred for the implementations* Performance of implementation controls could not be substantiated.* Business Process design and security around auto-complete EIB uploads not fully considered and/ or documented.SD
TV&EWideOrbit Networks-CD
CorporatePeopleSoft to Workday üCD
ITGC SecurityTV&ESIMSüCD* Limited understanding of intersection security within Workday and its impact on EIB Integrations* Inappropriate access granted around roles that enabled users to utilize automcomplete EIB integrations that can potentially bypass of business review and approval workflow with Workday* SoD Issues identified during the semi annual user access review * Not all users were reviewed during the 2nd half review* User Provisioning issuesSD
WideOrbit Traffic (Database)üCD
CorporateWorkday-CD
GracenoteSalesforceüCD
SODGracenoteOracleüCD* User identified with privileged access to both Database and application level (3)* Management did not perform SoD review for in broadcast revenue & broadcast rights systems in 2015* All results from the Oracle SoD review were not properly remediated during 2015* Workday annual SoD review did not include assessment of access to EIB intregationsSD
SalesForceCD
CorporateWorkdaySD
TV&EWideOrbit TrafficüCD
WideOrbit NetworksCD
SIMSCD
Computer OperationsCorporateWorkdayCD* Inappropriate access to integrations(EIB) modify, schedule and launch privileges. * Use of EIB(Bulk upload) autocomplete process with limited monitoring * Limited understanding of the privileges required to modify, schedule and launch integrationsCD
IT GovernanceAllAllüCD* No IT governance process in placeCD
Notes:
(1) - Scale is from 1 to 5 with 5 as the highest. The ratings are subjective but in general, low severity was given to items with a lower risk profile and with less significant issues identified during testing. High severity items included items such as The PeopleSoft to Oracle implementation where performance of the implementations could not be substantiated.
(2) Ekta Bhandari and Anthony Moisant managed Gracenote side of the Workday Implementation.
Original
Control TypeSegmentApplicationApplication DescriptionSeverity of 2015 Deficiency (scale of 1 to 5) (1)2014 Deficiency2015 Deficiency Assessment2015 Accountable PersonOrganizationControl Deficiency Aggregation factorsAggregation AssessmentMaterial Weakness FactorsITGC Aggregation Roll-Up
Change Management TV&EMedeainvoicing, account receivable, collections for Tower Distribution4üCDAndy RosenbergTower Finance* Enterprise wide change management process was not consistently implemented throughout the fiscal year.* Not all changes flowed through the formalized change management process.* For changes that followed the change management process, management was unable to provide substantiation of effective testing for all changes.* Ineffective change population monitoring by managementSD* Significant technology changes without a consistent change management process increased the risk of accidental, inappropriate or unauthorized changes that are not identified timely.
* More than half of the direct financial controls have some degree of underlying IT dependencies (Reports, application controls, workflows, etc)
* Inconsistent control effectiveness during the year. Some controls failed multiple times. (Control Failure Rate - Interim 50% Rollforward/Remediation 25%)
* Go forward sustainability could not be assessed before year end
* Pervasiveness of control issues across all financially critical systems - compensating controls are not designed a level of precision to fully mitigate related risks
* Standard/consistent IT Governance is not in place across all segments of the organization
* Control owners were not always clearly defined and related responsibilities were not consistently understood
* Repeat SD from prior year around SDLC and Change Management
* Pervasiveness of SoD issues across all systems - control was either not present or compensating controls are not designed at a level of precision to fully mitigate related risks
* Lack of understanding of the impact of certain security roles with Workday which lead to certain users being granted inappropriate access to auto complete EIBS that may enable users to bypass automated review and approval workflow
* Limited controls governing the use of EIB autocomplete feature within WorkdayMW
TV&ESIMSProgram asset management system for all stations (Broadcast Rights and related amortization)4üCDDavid WeintrobIT Support
GracenoteSalesforceRevenue recognition and contract management for Gracenote Music and Video4üCDAnthony Moisant* / Mathew LeedsGracenote IT
TV&EWideOrbit TrafficCustomer information, order entry, traffic, invoicing, AR, and collections for television stations 3üCDDavid MurrayIT Apps
TV&EWideOrbit NetworksCustomer information, order entry, traffic, invoicing, AR, and collections for WGNA3-CDDavid MurrayIT Apps
GracenoteOracleFinancial accounting system for Gracenote, including invoicing for Gracenote Music3üCDAnthony Moisant* / Mathew LeedsGracenote IT
CorporateWorkday HR system Financial accounting system for Tribune Media3üCDDavid DoolittleIT Apps
CorporateG TreasuryWire transfers, manage cash balances, etc.1-CDDan BeezieTreasury
SDLCGracenotePeople to OracleReplaced TMS PeopleSoft Financials with Gracenote's Oracle EBS - Financial Accounting system5-SDAnthony Moisant*/Ekta Bhandari*Gracenote IT and Finance * Unable to validate proper testing occurred for the implementations* Performance of implementation controls could not be substantiated.* Business Process design and security around auto-complete EIB uploads not fully considered and/ or documented.SD
TV&EWideOrbit NetworksReplaced WideOrbit Traffic and DealMaker - Customer information, order entry, traffic, invoicing, AR, and collections for WGNA4-CDDavid Murray/Cindy LaCheyIT Apps
CorporatePeopleSoft to Workday Replaced PeopleSoft Financials with Workday Financials3üCDErik BurnsAnthony Moisant*/Ekta Bhandari*(2)IT PMO / Gracenote
ITGC SecurityTV&ESIMSProgram asset management system for all stations (Broadcast Rights and related amortization)2üCDDavid Weintrob / Judy Juds*IT Support* Limited understanding of intersection security within Workday and its impact on EIB Integrations* Inappropriate access granted around roles that enabled users to utilize automcomplete EIB integrations that can potentially bypass of business review and approval workflow with Workday* SoD Issues identified during the semi annual user access review * Not all users were reviewed during the 2nd half review* User Provisioning issuesSD
WideOrbit Traffic (Database)Underlying database supporting the WideOrbit Traffic system - Customer information, order entry, traffic, invoicing, AR, and collections for local television stations 2üCDSyed Ali*IT DBA
CorporateWorkdayHR system and Financial Accounting system for Tribune Media 2-CDDuane SmithIT Compliance
GracenoteSalesforceRevenue recognition and contract management for Gracenote Music and Video2üCDAnthony Moisant*/Mea MillerGracenote IT and Sales
SODGracenoteOracleFinancial accounting system for Gracenote, including invoicing for Gracenote Music4üCDAnthony Moisant*/Don KowallGracenote IT* User identified with privileged access to both Database and application level (3)* Management did not perform SoD review for in broadcast revenue & broadcast rights systems in 2015* All results from the Oracle SoD review were not properly remediated during 2015* Workday annual SoD review did not include assessment of access to EIB intregationsSD
SalesForceRevenue recognition and contract management for Gracenote Music and Video3CDEileen Parker / Mea MillerGracenote IT
CorporateWorkdayHR system and Financial Accounting system for Tribune Media 5SDJim Ragas* / Dan HartmanShared Services
TV&EWideOrbit TrafficCustomer information, order entry, traffic, invoicing, AR, and collections for television stations 3üCDCindy LaChey / David MurrayShared Services
WideOrbit NetworksCustomer information, order entry, traffic, invoicing, AR, and collections for WGNA3CDCindy LaChey / David MurrayShared Services
SIMSProgram asset management system for all stations (Broadcast Rights and related amortization)2CDJudy Juds* / Dave WeintobBoroadcasting Group Office
Computer OperationsCorporateWorkdayHR system and Financial Accounting system for Tribune Media 4CDDavid DoolittleIT APPS* Inappropriate access to integrations(EIB) modify, schedule and launch privileges. * Use of EIB(Bulk upload) autocomplete process with limited monitoring * Limited understanding of the privileges required to modify, schedule and launch integrationsCD
IT GovernanceAllAll4üCDDuane SmithIT Compliance* No IT governance process in placeCD
* - Employee is no longer working for the company
Notes:
(1) - Scale is from 1 to 5 with 5 as the highest. The ratings are subjective but in general, low severity was given to items with a lower risk profile and with less significant issues identified during testing. High severity items included items such as The PeopleSoft to Oracle implementation where performance of the implementations could not be substantiated.
(2) Ekta Bhandari and Anthony Moisant managed Gracenote side of the Workday Implementation.
Sheet2
SegmentApplicationDescriptionIT Point Person(s)
AllAllDuane Smith
CorporateG TreasuryWire transfers, manage cash balances, etc.Dan Beezie
TV&EMedeainvoicing, account receivable, collections for Tower DistributionAndy Rosenberg
GracenoteOracleFinancial accounting system for Gracenote, including invoicing for Gracenote MusicMatthew Leads/Don Kowall
GracenoteSalesforceRevenue recognition and contract management for Gracenote Music and VideoMatthew Leads/Eileen Parker/Mea Miller
TV&ESIMSProgram asset management system for all stations (Broadcast Rights and related amortization)David Weintrob
TV&EWideOrbit NetworksReplaced WideOrbit Traffic and DealMaker - Customer information, order entry, traffic, invoicing, AR, and collections for WGNADavid Murray/Cindy LaChey
TV&EWideOrbit TrafficCustomer information, order entry, traffic, invoicing, AR, and collections for television stations David Murray/Cindy LaChey
CorporateWorkdayHR system and Financial Accounting system for Tribune Media Dan Hartman/David Doolittle/Chris Lewis (Fin)/Vishal Khubani (HR)
Process to Remediation
32
IT General Controls
Material WeaknessRemediated!
New SOX and IT Governance processes
New/improved policies, procedures and controls
Required training and awareness programs
Clearly defined ownership and responsibilities
New IT compliance resources, activities and tools
Real-time monitoring of remediation actions/test results
Standardized segregation of duties processes
© Institute of Internal Auditors 2019 IIA CHICAGO CHAPTER | JOIN US: @IIACHI 33
The Right ToolsKey Drivers
Speakers:Calvin StaufferMayra Arellano
Value-Driven Technology
© Institute of Internal Auditors 2019 IIA CHICAGO CHAPTER | JOIN US: @IIACHI 34
Auditor Self-Service Workpapers, Analytics, ReportingCompliance
SOX 404 Compliance Tool
35
Benefits include:
Centralized, standardized, and integrated: multiple systems were consolidated; testing scripts were standardized; information is linked across the risk and
control universe
Assignment of ownership for controls, processes and tasks improved accountability
Improved transparency by providing real-time dashboard and reporting metrics
We use SOXHUB for:
Managing the risk and control universe, and centralizing annual SOX testing
Facilitating quarterly and annual business unit certifications
Performing ad-hoc surveys and assessments ERM and Fraud Risk SOC1
Obtaining statistics, status and results for dashboard, metrics and other reporting
© Institute of Internal Auditors 2019 IIA CHICAGO CHAPTER | JOIN US: @IIACHI 36
How we met the challenge!
© Institute of Internal Auditors 2019 IIA CHICAGO CHAPTER | JOIN US: @IIACHI 37
Small Audit Teams Can have a Big Impact
Questions and AnswersEND OF PRESENTATION
© Institute of Internal Auditors 2019 38CONNECT WITH THE IIA CHICAGO CHAPTER: @IIACHI | #IIACHI | WWW.FACEBOOK.COM/IIACHICAGO | HTTPS://WWW.LINKEDIN.COM/GROUPS/1123977
Thank you for your time and attention!I IA CHAPTER CHICAGO | 59TH ANNUAL SEMINAR
© Institute of Internal Auditors 2019 39CONNECT WITH THE IIA CHICAGO CHAPTER: @IIACHI | #IIACHI | WWW.FACEBOOK.COM/IIACHICAGO | HTTPS://WWW.LINKEDIN.COM/GROUPS/1123977
Slide Number 1Small Audit Teams Can have a Big ImpactAgendaFeatured Guest SpeakersSlide Number 5ObjectivesSlide Number 7Slide Number 8Media Evolution�The media industry has witnessed accelerating change since the introduction of the printing press in 1440Tribune Media’s EvolutionSlide Number 11Creating Clarity around Internal Audit’s Value PropositionSlide Number 13Slide Number 14Slide Number 15Slide Number 16Our DeliverablesSlide Number 18Key Value DriversThe Right Direction�Slide Number 21Audit Plan�Audit Plan - Internal Audit ActivitiesSlide Number 24�Internal Audit TransformationTransforming Into One TeamResources and ExpertiseCelebrate Your Successes!The Right Process�Timely, Risk-based and Objective, �Advice and InsightsProcess to RemediationProcess to RemediationThe Right Tools�Value-Driven TechnologySOX 404 Compliance ToolSlide Number 36Slide Number 37Questions and AnswersThank you for your time and attention!