Upload
truongduong
View
218
Download
1
Embed Size (px)
Citation preview
Danny M. Goldberg
National Professional Development Practice
Director
Sunera
Evolution of Auditing: How
The Recession Is Changing
the Industry
2© 2011 Sunera LLC. All rights reserved
Agenda Who am I?
The Recession: 2008–Present
The Recession‘s Effect on Internal Audit
How Can We Help?
Recovery Strategies
How Can Auditors Help Themselves?
Where is IA Heading over the Next 10 Years?
3© 2011 Sunera LLC. All rights reserved
4© 2011 Sunera LLC. All rights reserved
Professional Development Practice
Director, Sunera
(www.sunera.com)
Founding Partner, SOFT GRC
(www.thesoftaudit.com)
Former Director of Corporate
Audit/SOX at Dr Pepper Snapple
Group & Tyler Technologies
Established/Assisted in Establishing
three Internal Audit/SOX Departments
Texas A&M University—97/98
Father of two beautiful kids!
Danny M. Goldberg
5© 2011 Sunera LLC. All rights reserved
CPA – Since 2000 CIA – Since 2008 CISA – Since 2008 CGEIT (Certification in the Governance of Enterprise IT) – Since 2009 CCSA (Certification in Control Self-Assessment) – Since 2007 Served on the Audit Committee of the Dallas Independent School
District Board Member – American Lung Association Dallas Chapter Former IIA Volunteer Instructor Published Author
– Internal Auditor Articles (August 2007, December 2007, October 2010)
– ISACA Online Article – December 2009
– June 2010 – Audit Report – Cover Article – ―How the Recession is Changing is Internal Audit‖
– December 2010 New Perspectives - Sell Your Work: How to Deliver Best Practice Audit Reports
– November 2010 – Bureau of National Affairs - Internal Audit: Fundamental Principles and Best Practices
– January 2011 – Dallas Business Journal – The Yes Man Phenomenon
– March 2011 – Audit Report – Top 11 Issues for 2011
Danny M. Goldberg (cont.)
6© 2011 Sunera LLC. All rights reserved
Professional consultancy focused on regulatory
compliance, internal audit, information technology, and
accounting advisory services
Founded by former public accounting partners and
professionals
Delivered more than 1200 projects to over 300 clients
across a broad spectrum of industries
Employ 100+ full-time professionals in eleven offices
across the United States and Canada
PCI Qualified Security Assessor (QSA) and Approved
Scanning Vendor (ASV)
Registered with NASBA to offer CPEs for our ACL and
Internal Audit training courses
Certified integration partner for leading continuous
controls monitoring solutions, including ACL, Approva
and SAP
Sunera Snapshot
7© 2011 Sunera LLC. All rights reserved
Our ValuesThought
LeadersWe deliver proactive, unbiased, tried and true guidance.
Quality
We deploy fulltime, trained, and certified professionals with
appropriate oversight utilizing proven, pragmatic methodologies to
ensure our teams deliver consistent results. Our professionals are
accustomed to working together using standardized approaches and
delivery methods resulting in a unified engagement team.
Collaborative
We tailor each project to your specific needs. Our flexible, client-
centric approach enables us to deploy teams that complement our
clients‘ internal capabilities, address resource constraints, and facilitate
knowledge transfer.
Responsive
We readily adhere to your timetable, unlike ―Big-4‖ firms, which are
burdened by onerous internal risk management practices and busy
season restrictions.
Solution
Focused
We are known for completing projects that achieve anticipated
benefits, on-time and within budget. Our rigorous project
management discipline combined with our finance and IT capabilities
enables us to successfully deliver a wide-range of services.
Balanced
Perspective
We recognize that ―best practices‖ are not always appropriate and
provide cost-effective solutions that find the right balance between risk
and control.
8© 2011 Sunera LLC. All rights reserved
Sunera Offices
Miami
Tampa
Orlando
AtlantaDallas
Toronto
Vancouver Calgary
Boston
New YorkPhoenix
9© 2011 Sunera LLC. All rights reserved
Professional Development Clients Since 2010
10© 2011 Sunera LLC. All rights reserved
IIA General Audit Management (“GAM”) Conference
Regional/National Conferences
11© 2011 Sunera LLC. All rights reserved
In 2011, Presented at:
Chicago IIA 51st Spring Seminar
Miami IIA Risk and Technology Conference
DFW Refinery Group Symposium
NMIA Annual Conference
ASQ Audit Division 20th Annual Conference
12© 2011 Sunera LLC. All rights reserved
13© 2011 Sunera LLC. All rights reserved
Since 2008, How Has the Economy Affected Us?
How many in attendance:
– Are currently in transition?
– Know someone that is currently in transition?
– Personally been affected by the economic downturn?
Job Market for Internal Auditors
– Weaker than previous years HOWEVER
– Consistently Stronger than other professions
– Everyone still needs auditors!
14© 2011 Sunera LLC. All rights reserved
Economic Lifestyle Changes Have your spending habits changed?
Have your Company‘s spending habits changed?
Have you been asked to cut your budget?
What has changed around you?
15© 2011 Sunera LLC. All rights reserved
May 2011 Jobless Rates increased
to 9.1%
The labor force
participation rate
remained flat at 64.2%
(all-time low for the 5th
straight month)
16© 2011 Sunera LLC. All rights reserved
National Unemployment Rates, 2008 - 2011 Annual Jan. Feb. Mar. April May June July Aug. Sept. Oct. Nov. Dec. Average
2011 9.0 8.9 8.9 8.8 9.1 9.0 2010 9.7 9.7 9.7 9.9 9.7 9.5 9.5 9.6 9.6 9.6 9.8 9.4 9.6 2009 7.6 8.1 8.5 8.9 9.4 9.5 9.4 9.7 9.8
10.2 10.0 10.0 9.3 2008 4.9 4.8 5.1 5.0 5.5 5.6 5.8 6.2 6.2 6.6 6.8 7.2 5.8
2007 4.6 4.5 4.4 4.5 4.4 4.6 4.7 4.6 4.7 4.7 4.7 5.0 4.6
2006 4.7 4.8 4.7 4.7 4.6 4.6 4.7 4.7 4.5 4.4 4.5 4.4 4.6
2005 5.3 5.4 5.2 5.2 5.1 5.0 5.0 4.9 5.0 5.0 5.9 4.9 5.2
2004 5.7 5.6 5.8 5.6 5.6 5.6 5.5 5.4 5.4 5.5 5.4 5.4 5.5
2003 5.8 5.9 5.9 6.0 6.1 6.3 6.2 6.1 6.1 6.0 5.8 5.7 6.0
2002 5.7 5.7 5.7 5.9 5.8 5.8 5.8 5.7 5.7 5.7 5.9 6.0 5.8
2001 4.2 4.2 4.3 4.4 4.3 4.5 4.6 4.9 5.0 5.3 5.5 5.7 4.7
2000 4.0 4.1 4.0 3.8 4.0 4.0 4.0 4.1 3.9 3.9 3.9 3.9 4.0
1995 5.6 5.4 5.4 5.8 5.6 5.6 5.7 5.7 5.6 5.5 5.6 5.6 5.6
1990 5.4 5.3 5.2 5.4 5.4 5.2 5.5 5.7 5.9 5.9 6.2 6.3 5.6
1985 7.3 7.2 7.2 7.3 7.2 7.4 7.4 7.1 7.1 7.1 7.0 7.0 7.2
1980 6.3 6.3 6.3 6.9 7.5 7.6 7.8 7.7 7.5 7.5 7.5 7.2 7.2
17© 2011 Sunera LLC. All rights reserved
A New Normal Unemployment A ―new normal‖ is emerging for the U.S. jobs market and a growing
number of economists warn that unemployment will remain
persistently high, at 7 percent or more, for years to come
The 9.1 percent unemployment rate reported in May remains high by
post-World War II standards long after the economy resumed growth
following the worst recession in 70 years
1980s - the unemployment rate hovered between 6 percent and 7.5
percent.
Mid-1990s, the rate fell steadily to around what economists came to
consider the rate of full employment — 5 percent.
– Anything above that would signal inefficiencies in the economy.
2000 - Hovered around 4 percent most of the year, then dipped to 3.9
percent during the final four months. Those numbers were stronger
than most economists thought possible without triggering inflation.
Current state suggests a wide mismatch between available jobs and
the skills that unemployed workers possess. Economists call this a
structural shift in the workforce, and a growing body of research
increasingly suggests that‘s what‘s happening now.
SOURCE: 6/12/11 Article – Kevin Hall, McClatchy Newspapers
18© 2011 Sunera LLC. All rights reserved
What Is the New Economic Norm?
It will be years before we are back to the levels of
prosperity of 10–15 years ago
– Job market
– Conservative hiring practices
– Many bankruptcies
– Tumultuous times in the Middle East
– Showing signs of a recovery, but recoveries are all
relative
19© 2011 Sunera LLC. All rights reserved
20© 2011 Sunera LLC. All rights reserved
Ramifications of Actions Economic Downturn = Increased Risk
People Cuts = Control Cuts = Increased Risk
Cost cutting becomes a main priority Certain risk areas
might lack focus necessary during normal economic times.
―It is not time to decrease controls; it’s time to strengthen the
control environment.‖
21© 2011 Sunera LLC. All rights reserved
The Ever-Changing Field of Internal Audit
50 percent of the respondents feel that budget cuts across their organization would damage its control environment and its ability to achieve business outcomes this year.
The survey said auditors should be reviewing what the organization is doing to maintain its control coverage, but the majority (58 percent) have no plans to do any work on this risk.
SOURCE: IIA Gain Knowledge Report:
2009 Hot Topics for the Internal Audit
Profession, January 2009
22© 2011 Sunera LLC. All rights reserved
2010 Results A peak to trough economic contraction of 6 percent has
seemingly resulted in a 1 percent loss in the number of people working in internal auditing
Very little evidence that in response to the recession, companies have resorted to general cuts in the numbers of internal auditors they employ
Recession has actually increased the demands on many internal audit departments as they have become involved in risk and cost reduction programs
– Due to the increasingly specialist nature of internal audit work, many companies lack the ability to recruit internally
SOURCE: Barclays Simpson –
Winter 2010
23© 2011 Sunera LLC. All rights reserved
Corporate Role and Value of IA
Corporate management is asking internal audit to find new ways to help achieve strategic objectives.
Internal auditors are expected to extend their role and use quantitative skills and risk knowledge to help improve risk management and processes, and reduce complexity and costs. – Increased role of IA in the ERM process?
SOURCE: KPMG Audit Committee Institute
24© 2011 Sunera LLC. All rights reserved
Changing Focus of IA
Deteriorating economic conditions have led to a shift in the focus of internal auditors, with 47 percent telling a new survey that the downturn has led to more work on issues of operational risk. – Same figure has also seen an increase in cost reduction work as
companies tighten their belts in the face of the recession.
Furthermore, the IIA found that the economic crisis is fueling increased integration between risk management, compliance and internal audit. Thirty-five percent of auditors said they had increased their oversight of risk controls.
SOURCE: www.barclaysimpson.com, ―Recession has put
focus on risk for internal auditors, March 30, 2009
25© 2011 Sunera LLC. All rights reserved
―Fortune 500 companies reduced their internal audit staff
by a lower percentage than did the overall population of
internal audit departments we surveyed,‖ said IIA
president and CEO Richard Chambers in a statement.
―This may indicate that Fortune 500 companies are
looking to their internal audit functions as a source of
insight and assurance during the current economic crisis
while they right-size their overall workforce.‖
The Recession’s Effect on Internal Audit
SOURCE: IIA Survey 10/2009
26© 2011 Sunera LLC. All rights reserved
Internal Audit—Circa 2010
Still rooted in SOX
– AS 5 Rationalization is not complete
– Lack of leveraging knowledge into other areas
Risk focused
– Significant segregation between Operations and IT
– Still working in silo‘s
27© 2011 Sunera LLC. All rights reserved
2011 Update—The IA Agenda Richard Chambers, president of the Institute of Internal
Auditors
"Internal auditors have almost an inherent understanding of key risks to the company," IIA Chambers says. "As companies, boards and managers are under greater pressure to demonstrate their acumen in managing risk, a lot of them are turning to internal audit."
Key Areas:
– Staffing and budgeting trends
– How auditors can better align with senior management's priorities
– Internal audit's biggest opportunity to add value to the organization
28© 2011 Sunera LLC. All rights reserved
2011 and Beyond "As is said about the markets—internal auditing has undergone a
major ‗correction,' " said Richard Chambers, IIA's president and
CEO. "Given the cautious economic outlook for the coming years, it
is unlikely that internal audit resources will be restored at a rate
faster than the overall economic recovery.‖
Fifty-one percent of Fortune 500 internal audit respondents indicated
their budgets were smaller in 2010 than in 2007, while 41 percent
overall reported smaller staffing levels
Thirty-four percent think their budgets will increase in 2011 and
nearly one in five said they expect a higher head count
SOURCE: http://www.allbusiness.com/economy-economic-
indicators/economic-conditions-recession/15479036-1.html
29© 2011 Sunera LLC. All rights reserved
Risk Tolerance of Audit Committees
With budget cuts, how do IAD‘s adjust?
– Less Audits?
– Same Audits but not as deep?
– Is not completing the audit plan an alternative?
What are the A/C‘s expectations?
– Mature organization?
Categorize Audits between required
vs. nice to have?
30© 2011 Sunera LLC. All rights reserved
31© 2011 Sunera LLC. All rights reserved
What Can We Do to Help?
Refresh the Audit Risk Assessment
Increased Focus on Fraud
Increase Value-Added Services
Decrease IA Costs—How?
Integrate Audit Approaches/Focus on
Operational Auditing
32© 2011 Sunera LLC. All rights reserved
Refresh the Audit/IT Risk Assessment
Audit Risk Assessment should be refreshed annually and
reviewed periodically
Changing economic times = changing risks
Audit Risk should be constantly monitored and assessed
with increased scrutiny
Continuous Audit Risk Assessment
– Assessed in conjunction with IT
Changing economic times = changing risks
Considering the instability of the market and of business,
risk should be assessed continuously or as risk factors
change or information arises.
33© 2011 Sunera LLC. All rights reserved
Increased Focus on Fraud
Desperate times can call for desperate measures
– Increase in fraud
– Increase in time spent on frauds
Cost/Benefit to all investigations
– More investigations but less staff?
34© 2011 Sunera LLC. All rights reserved
Focus on Fraud—Fraud Guidance
IIA published a new guide, ―Internal Auditing and Fraud,‖
that gives auditors general guidance to help internal
auditors comply with professional standards
Discusses how IA should be aware of the risk of fraud,
including fraud indicators, and explains who in an
organization has what roles with respect to preventing
and detecting fraud
Explains auditor‘s role during audit engagements and
addresses fraud risk assessment, prevention, detection,
and investigation
Provides reference materials, questions to be
considered, and a fraud risk assessment template
35© 2011 Sunera LLC. All rights reserved
Decrease IA Costs
Decrease Travel
– Remote testing
Training Costs
– Bring training in-house
Outsourcing
36© 2011 Sunera LLC. All rights reserved
Cost of CPE Training
Reasons to maintain your CPA certificate
Opportunity cost—what is your time worth?
Options to consider
– Live training (i.e., monthly association meetings)
– Online training
– Live webinars
37© 2011 Sunera LLC. All rights reserved
Increase Value-Added Services
Study of 2,000 IA in late 2009 (still relevant and growing
currently) by PwC revealed assessing risk for the BoD is
common, but more involvement is wanted and needed at
a strategic level
20 percent stated IA helps assess the company‘s risk
appetite and tolerance and 43 percent assess emerging
risks
> half assess the effectiveness of risk mitigation
initiatives and 65 percent assess key enterprise risks
38© 2011 Sunera LLC. All rights reserved
Increase Value-Added Services
How can we add value to the business?
Lean Six Sigma
Process Improvement
Focus on Cost/Benefit
Justify your Budget
Continuous Auditing/Monitoring
Operational Auditing
– Revenue Enhancer, Not Just Overhead!
39© 2011 Sunera LLC. All rights reserved
Integrating Audit Approaches
Don‘t work in silo‘s
Integrate SOX testing with operational audits, etc.
– Don‘t visit a site twice
– One round of SOX testing?
Cross-train auditors
Risk Management, Compliance, and Audit Integration
40© 2011 Sunera LLC. All rights reserved
41© 2011 Sunera LLC. All rights reserved
Audit 2020: Where We Are Heading
Transparency
Continuous Risk Assessment
Audit Team Compilation
IFRS
Continuous Auditing/Monitoring
The Resurrection of Operational Auditing
The Rise of Audit Flex Time
The Rise of the CRO/CCO
42© 2011 Sunera LLC. All rights reserved
Transparency
43© 2011 Sunera LLC. All rights reserved
Transparency
The key modern word for Internal Auditing
Many audit shops embrace this theory
Transparency breeds trust
Trust breeds honesty
Honesty breeds efficient and effective audits
44© 2011 Sunera LLC. All rights reserved
Transparency (cont.)
Surprise audits might be necessary, but if not . . .
Publish the audit schedule
Publish the audit risk assessment
Walk auditees through the preliminary risk assessment
Enlighten auditees as soon as findings are identified
– No surprises!
45© 2011 Sunera LLC. All rights reserved
Audit Team Compilation
46© 2011 Sunera LLC. All rights reserved
Multi-Purpose Auditors
The days of CPAs/CIAs and CISAs are past
One audit team will perform the audit
General auditors will have to have some semblance of IT
knowledge and ability
CFE qualities and capabilities will also integrate
47© 2011 Sunera LLC. All rights reserved
Specialty Auditors
Focus on technical auditing, including forensics and IT
– CISSP
– IT Security
– Penetration Testing
48© 2011 Sunera LLC. All rights reserved
Pulled into IFRS
Becoming the global standard for the preparation of
public company financial statements
– Convergence is occurring now!
Who better to help apply these new standards
– More difficult than SOX
– Changing the way accountants think; not formalizing
what is already in place
49© 2011 Sunera LLC. All rights reserved
What Is the Difference Between Convergence and Adoption?
Adoption would mean that the SEC sets a specific
timetable when publicly listed companies would be
required to use IFRS as issued by the IASB.
Convergence means that the U.S. Financial Accounting
Standards Board (FASB) and the IASB would continue
working together to develop high quality, compatible
accounting standards over time.
– More convergence will make adoption easier and less costly and
may even make adoption of IFRS unnecessary.
– Supporters of adoption, however, believe that convergence alone
will never eliminate all of the differences between the two sets of
standards.
SOURCE: www.ifrs.com
50© 2011 Sunera LLC. All rights reserved
IFRS—IA’s Role
As with SOX, IA provides a specialty that can assist the
company with new projects. Numerous roles could be
played, including:
– Training
– System implementation
– Strategy implementation
– Project management specialist
51© 2011 Sunera LLC. All rights reserved
Continuous Auditing/Monitoring
52© 2011 Sunera LLC. All rights reserved
Continuous Auditing/Monitoring
Changing technology in business
– Think about it: How much have things changed since you were in
college?
Real-time auditing
Changing auditing technology landscape
– Continuous auditing/monitoring
– Data mining
Data Mining/Risk Analysis, and Risk Assessment
predicted as highest gainers in skill set importance
How to really apply continuous auditing?
Watch out for becoming the control
53© 2011 Sunera LLC. All rights reserved
The Resurrection of Operational Auditing
The New Economic Norm
How do we become more than SGA?
– Can we be viewed as Revenue Enhancers?
Leverage current knowledge and expertise
– Change the perception of SOX
– Change the name of SOX?
Look for the low-hanging fruit
Lean Six Sigma
Focus on Cost/Benefit
54© 2011 Sunera LLC. All rights reserved
The Resurrection of Operational Auditing
Be relevant, not redundant
Partner with other risk and control functions within
the company
Stay in front of the business rather than lagging
behind it
Be involved in company changes and system
implementations without impairing independence
Take a flexible approach to the work; do not be
constrained by the annual plan; ensure there is
flexibility and sufficient time to address developing
issues
55© 2011 Sunera LLC. All rights reserved
SOX Optimized
Auditing Standard No. 5 Maximized
More preventive vs. detective controls
Focus on entity-level controls
– Direct
– Indirect
Alignment with external auditors
Capturing changes in the dynamic business
environment
Part of project implementation teams
Controls rationalization
56© 2011 Sunera LLC. All rights reserved
The Rise of Audit Flex Time
Flexibility of Audit Schedule
– 25–30% of schedule
Ever-changing spectrum of risks
Allocation to fraud investigations
General idea of key risks to audit annually
Traditional audit approach—more reactive than proactive
– Adopt a continuous, comprehensive approach to audit and risk
assessment—use technology (continuous auditing)
57© 2011 Sunera LLC. All rights reserved
The Rise of the CCO/CRO
Executive accountable for enabling the efficient and
effective governance of significant risks and related
opportunities to a business and its various segments
– Commonly In-House Counsel
Cross-training and leveraging of compliance and risk
groups throughout organization
– ERM
– SOX
– Audit
– Fraud
– FCPA
One unified, integrated approach to compliance and risk
58© 2011 Sunera LLC. All rights reserved
Summary
Auditors must continue to be value-added resources.
We must continue to evolve with our organizations.
The New Economic Norm will continue to play into the
role of internal audit.
Always look for ways to add additional value; do not be
afraid to work outside your box.