Example: stock market

Internal Audit Plan Preparation – Providing Value for the ...

Internal Audit Plan Preparation Providing Value for the OrganizationRichard Arthurs CMA, MBA, CIAMy Background20+ Years of International Finance, Audit and Risk Management Experience13 Years with General Mills Inc. in Canada, US and UK Managed audits, investigations, and risk in over 40 countries. Now CAE with AltaLink/Berkshire Hathaway Energy in CalgaryChair of IIA Canada - National Thought Leadership CommitteeChair of Benchmarking Committee - Strategic Risk Council Conference Board of CanadaERM Facilitator - Institute of Corporate Directors1. Your Internal Audit Value PropositionValue starts with the strategy and objectives of the businessAchieving Strategy = Effective Controls + Risk Management(Make the connection easy to see)Supporting Corporate Strategy20xx Company StrategyInternal AuditSupporting StrategiesDrive Profitable Growth in Developed MarketsAggressively Capture GrowthAssure Organizational Readiness t

Supplier Performance Supplier Availability /Sole Source Availability of Goods and Services ... Code of Conduct Risk Ethics / Conflict of Interest 1-800 Ethics Line Management Fraud (Anti Fraud Program) Legal Risk ... (SNC-ATP) ICFR: C-SOX / Disclosure Controls Payroll & Expense Reporting Capital Overhead Allocation (I.e. E&S) ...

Tags:

  Code, Conduct, Code of conduct, Supplier

Information

Domain:

Source:

Link to this page:

Please notify us if you found a problem with this document:

Other abuse

Transcription of Internal Audit Plan Preparation – Providing Value for the ...

1 Internal Audit Plan Preparation Providing Value for the OrganizationRichard Arthurs CMA, MBA, CIAMy Background20+ Years of International Finance, Audit and Risk Management Experience13 Years with General Mills Inc. in Canada, US and UK Managed audits, investigations, and risk in over 40 countries. Now CAE with AltaLink/Berkshire Hathaway Energy in CalgaryChair of IIA Canada - National Thought Leadership CommitteeChair of Benchmarking Committee - Strategic Risk Council Conference Board of CanadaERM Facilitator - Institute of Corporate Directors1. Your Internal Audit Value PropositionValue starts with the strategy and objectives of the businessAchieving Strategy = Effective Controls + Risk Management(Make the connection easy to see)Supporting Corporate Strategy20xx Company StrategyInternal AuditSupporting StrategiesDrive Profitable Growth in Developed MarketsAggressively Capture GrowthAssure Organizational Readiness to Resource Future Growth1.

2 World-Class Risk Assessment and Insight2. Integrated Assurance Partnerships3. Optimized Resource and Technology UtilizationAddressing Accelerating Change3yr. GIA LRPS upporting Strategies1. World-Class Risk Assessment and Insight2. Integrated Assurance Partnerships3. Optimized Resource and Technology UtilizationAcquisitionsGlobalizationEmer ging Technology3rdParty RelianceEconomic UncertaintyEmerging MarketsAccelerating ChangeIf you do not make it simple for leaders to Value Internal Audit they probably won Year Accomplishments(Market Your Internal Audit Value ) Recovered $M Due to 3rdParty Billing Errors Supported Key Strategic Decisions Reduced Work Time Required by # Hours/Month Significantly Enhanced Cyber Security Controls Identified & Investigated Fraud Cases2.

3 Optimize Your Continuous Risk Assessment Agility Never before has the risk universe of a business seen so much constant change. New emerging risk is becoming very Strategy 1: World-Class Risk Assessment & Insight 1. World-Class Risk Assessment and Insight2. Integrated Assurance Partnerships3. Optimized Resource and Technology UtilizationRisk Universe (Excluding Fraud & IT)* Ernst & YoungGovernance Risk Board Performance Tone at the Top / Corporate Culture Enterprise Risk Management Risk MitigationsPlanning & Resource Allocation Risk Organizational Structure Change Strategic Planning Long Term Planning JV s, Alliances and Partnerships Decision SpeedTechnology change Risk AMI, smart grid Industry Changes (Gas Generation)

4 Customer Demand Changes Risk Customer Demand ChangesCompetition Risk Client Services / Satisfaction Communication Strategy and PlanEnterprise Portfolio Risk Alliance/Partnerships Trademark/Brand Name Wholly Owned AffiliatesGovernment Policy Risk Regulatory ChangesPolitical Risk Political ChangesLifecycle Risk Industry & Demand (30+ Year Rate Base Projection)Organizational Structure Risk Performance Management (STIP/LTIP)Business Development Risk Mergers and Acquisition and Divestiture Opportunity Capture Executing Captured Opportunity Due Diligence: Risk Assessment & ManagementMajor Initiatives Risk Planning and Execution Measurement and Monitoring Technology Implementations Business AcceptanceCommunication/Investor Relation Risk Government/Media/Public Relations Land Owner Consultation & Relations Stakeholder/Investor Relations Reputation Management Crisis Management Regulatory/Legal Response Plan Employee CommunicationPeople Risk Employee Fraud and Investigations Organizational Capacity & Capabilities Employee & labor relations Contractor Management & Excessive Usage Health & Welfare & Safety Excessive Recruitment and Turnover Timely & Effective Training

5 And DevelopmentProject/Operations Management Risk Contract Commitments Scheduling & Forecasting Documentation & Standards Design, Mapping and Drafting Procurement / Competitive Bidding Vendor Selection / Contract Management Vendor / Contractor Management Project Execution (Stage Gate) & Management Change Notice & Management New Technology: Smart Grid Client & Service Interaction Quality Assurance & Control Incident Management & Investigation Safety & Reliability Fleet Purchases, Maintenance and Management Asset Management Environment Management Strategy Land Management Strategy Performance Management Gaps/KPI s Physical Security/Disturbance Analysis Privacy & Confidentiality Business Continuity / Disaster RecoveryExternal Risk Catastrophic/Natural Disaster/Weather Sabotage / Terrorist 3rd Party Contractor (Earned Value )

6 Customer/3rd Party/Land Manager Fraud supplier Performance supplier Availability /Sole Source Availability of Goods and Services IT & Control Center Risk Third Party Suppliers and Outsourcing Control Center Operations Programs and Change Management Security and Privacy (Firewalls, Access Management) Physical Environment Staffing/Operations/Disaster Recovery Data Security Infrastructure Applications and Databases Legal and Regulatory Telecommunications Load and Demand Balancing Outage Scheduling & Management Safety and Environmental SystemsStrategicOperationalEnterprise Risk UniverseComplianceCode of conduct Risk Ethics / Conflict of Interest 1-800 Ethics Line Management Fraud (Anti Fraud Program)

7 Legal Risk Contracts Stranded Asset Issue IP and Patents Liability Protection, Regulation & Insurance Anti-CorruptionRegulatory Risk Due Diligence Process GTA Hearing, IR & Processes AESO/AUC/Prudency Audits & Enforcement Alberta Reliability Standards Labor Standards Engineering Standards Environment Quality, Health and Safety Data Protection, Availability, and Privacy International Laws and Standards ( FCPA) Tax Compliance Customs Discriminatory PracticesFinancialRate Base and Cost Recovery Risk Regulated Tariff: Unapproved Costs/Prudency Deferral (DACDA) and Reserve Accounts Capital Budgeting and Cost Management (ABC) Transmission and Miscellaneous Revenue Customer DepositsFinancial Accounting & Reporting Risk Accounts Payable / Receivable Inventory, Prepaid Expenses & Deposits Budget & Planning Forecasts Accounting/External Reporting - IFRS Fund Investment & Evaluation Management/ Internal Reporting Inter-affiliate Transactions (SNC-ATP) ICFR.

8 C-SOX / Disclosure Controls Payroll & Expense Reporting Capital Overhead Allocation ( E&S) Taxes and InsuranceLiquidity, Credit, and Equity Risk Corporate Funding / Equity Management Access to Capital Markets Debt Maturity Profile Flexibility in Capital Spending Budget Contingency Funding Collateral Requirements Capital Availability Fund Diversification Credit Risk Management/Credit DowngradeCash Flow Risk Daily Operational Funding Cash Flow Projections/ForecastingProfitability Risk Return on Capital / DebtMarket Sensitivity Risk Commodity Price Commodity Volatility Interest Rates Security Prices Foreign ExchangeVolume Risk Attrition Economic Factors Variable LoadMarket Liquidity Risk Market Tightness, Depth.

9 And ResilienceInvestment Performance Risk Pension FundIT Risk Universe OperationsSecurity & PrivacyStaffingThird-party Suppliers & OutsourcingLegal & RegulatoryApplications & DatabasesInfrastructureData Non-compliance with regulators Non-compliance with software license contracts Poor service levels Data leakage Inadequate support Lack of assurance Budget overruns Significant delays Poor quality of deliverables Ineffective change control Intrusion of malware Virus attacks Website attacks Poor patch management Utilities failures Natural disasters Labour strikes Environmental sanctions Loss of key resources Inability to recruit IT staff Mismatch skills Lack of business knowledge Operator errors during backup or maintenance Breakdown of operational processes Disclosure of sensitive data Corruption of data Unauthorized access Failure to mine information Damage to services Inflexible IT architecture Theft Obsolete technology Unsupported applications Critical system failures Unable to handle load Configuration issues* Ernst & YoungIT Risk UniverseAssess RiskPrioritize RiskKnowledge and Prior Audit

10 ResultsSurveySurveyInterviewsInterviewsW orkshopWorkshopSurveySurveyInterviewsInt erviewsWorkshopWorkshopFinancialFinancia lFinancialFinancialComplianceComplianceC omplianceComplianceOperationsOperationsO perationsOperationsStrategicStrategicStr ategicStrategicIdentify RisksMgmt(Exec. & BU)Key Initiatives & Changes in BusinessFraud & Geographic RisksExternal / IndustryIssuesExternal AuditorValue proposition: Demonstrate linkage between risk assessment and Audit plans Clear linkage to business strategy, ERM and IA priorities Justifiable Audit plan coverage to Audit Committee, External Auditors, etc. Provide proactive risk prevention & management advisory services*Ernst & Young LLPA udit Plan DevelopmentPrioritizedRisks fromRisk AssessmentC-SOX/SOXC omplianceManagementand AuditCommitteeExpectationsRotationAndFol low-UpPrioritize ProjectsSpecialProjects orUnplannedAuditsReconcile with Audit CommitteeNot all risks are covered in the PlanAllocate Against Available ResourcesFinalize Audit Plan Projects* Ernst & YoungAudit Plan Development3.