Академический Документы
Профессиональный Документы
Культура Документы
A Reminder
Following the webinar, all attendees will receive a link to a copy of the recorded webinar. You can download a PDF version of the slides through the Attachments link. If you are experiencing technical difficulties during the webinar, let us know by clicking on the Questions link at the top of your screen. Please provide your e-mail address for a swift reply.
We will have a formal Q&A at the end of this webinar, we encourage you to submit your questions throughout the webcast. We will address your content questions at the end of the webinar.
If you are having trouble hearing the audio through the computer, separate phone lines are available. International United States Conference ID +44 (0) 1452 552 630 +1 877 894 4122 31151469
2014 Protiviti Inc. An Equal Opportunity Employer. This document may not be copied nor distributed to any third party. Protiviti is not licensed or registered as a public accounting firm and does not issue opinions on financial statements or offer attestation services.
You can download the the CPE Course Evaluation Form through the Attachments link.
Return this evaluation form to Lark Scheierman at Protiviti via e-mail: lark.scheierman@protiviti.com Download the PDF version of todays presentation and related publications through the Attachments link.
Trouble hearing the audio through the computer? Dial in! Phone: + 1 877 894 4122, Conference ID: 31151469
3
2014 Protiviti Inc. An Equal Opportunity Employer. This document may not be copied nor distributed to any third party. Protiviti is not licensed or registered as a public accounting firm and does not issue opinions on financial statements or offer attestation services.
Todays Presenters
Brian Christensen is a member of Protivitis executive leadership team and is the global leader of the firms Internal Audit and Financial Advisory Solution. In this role, he is responsible for the development and execution of Protivitis internal audit products. He has more than 25 years of experience in helping clients increase the value of their internal audit function. He holds a bachelors degree in accounting from the University of Wisconsin. He is a frequent speaker on auditing and risk topics at national conferences. Brian.Christensen@protiviti.com
Dave Brand is a Managing Director in Protivitis Chicago office. He leads the global IT Audit practice for Protiviti. He has over 15 years experience working with companies across multiple industries in the areas of IT Auditing, Computer Aided Auditing Techniques, audit formation, risk assessments and audit committee reporting. David.Brand@protiviti.com
Trouble hearing the audio through the computer? Dial in! Phone: + 1 877 894 4122, Conference ID: 31151469
4
2014 Protiviti Inc. An Equal Opportunity Employer. This document may not be copied nor distributed to any third party. Protiviti is not licensed or registered as a public accounting firm and does not issue opinions on financial statements or offer attestation services.
Todays Presenters
Keith Keller is a Managing Director in Protivitis Atlanta office. He is a member of the Financial Services team and serves as the market lead for the Internal Audit and Financial Advisory Solution. Keith is a seasoned executive with more than 30 years of business experience working with a variety of organizations to enhance their business performance through risk management, operational effectiveness and enhanced governance. Keith.Keller@protiviti.com
Trouble hearing the audio through the computer? Dial in! Phone: + 1 877 894 4122, Conference ID: 31151469
5
2014 Protiviti Inc. An Equal Opportunity Employer. This document may not be copied nor distributed to any third party. Protiviti is not licensed or registered as a public accounting firm and does not issue opinions on financial statements or offer attestation services.
Trouble hearing the audio through the computer? Dial in! Phone: + 1 877 894 4122, Conference ID: 31151469
6
2014 Protiviti Inc. An Equal Opportunity Employer. This document may not be copied nor distributed to any third party. Protiviti is not licensed or registered as a public accounting firm and does not issue opinions on financial statements or offer attestation services.
Increased Demands
The demands and expectations placed on internal audit are growing constantly: Management
Audit Committees
Standard Setters IIA Standards and Practice Advisories Regulatory Bodies New COSO Framework
Regulators And new and emerging risks are arising that need to be addressed
7
2014 Protiviti Inc. An Equal Opportunity Employer. This document may not be copied nor distributed to any third party. Protiviti is not licensed or registered as a public accounting firm and does not issue opinions on financial statements or offer attestation services.
Process Issues
IT Matters
Risk Management
Corruption Risk
Sustainability
Regulatory Matters
2014 Protiviti Inc. An Equal Opportunity Employer. This document may not be copied nor distributed to any third party. Protiviti is not licensed or registered as a public accounting firm and does not issue opinions on financial statements or offer attestation services.
Kickstart 2014
Planning Ahead
As we enter 2014, what can we expect in the year ahead? No one knows for sure, but change will be a big part of what is on the horizon.
The challenges and opportunities highlighted in this presentation are based on our experiences and input from audit leaders and their departments We spent 2013 in partnership with organizations from around the world, through benchmarking surveys, client projects, and interviews, to gain insight into the key areas of concern for their organizations We are happy to share our insight with you today to help kickstart 2014 Different industries face different issues and priorities. The applicability and prioritization of the challenges included in this presentation will vary by industry.
10
2014 Protiviti Inc. An Equal Opportunity Employer. This document may not be copied nor distributed to any third party. Protiviti is not licensed or registered as a public accounting firm and does not issue opinions on financial statements or offer attestation services.
Discuss major challenges the organization currently faces and will likely face in the near term
Summarize top-of-mind issues facing your organization and key stakeholders
11
2014 Protiviti Inc. An Equal Opportunity Employer. This document may not be copied nor distributed to any third party. Protiviti is not licensed or registered as a public accounting firm and does not issue opinions on financial statements or offer attestation services.
IT Audit Survey
12
2014 Protiviti Inc. An Equal Opportunity Employer. This document may not be copied nor distributed to any third party. Protiviti is not licensed or registered as a public accounting firm and does not issue opinions on financial statements or offer attestation services.
Poll Question #1
Do you believe you are well informed on COSOs updated Internal Control Integrated Framework 2013?
Yes
No
Unsure
14
2014 Protiviti Inc. An Equal Opportunity Employer. This document may not be copied nor distributed to any third party. Protiviti is not licensed or registered as a public accounting firm and does not issue opinions on financial statements or offer attestation services.
NYSE currently requires all listed companies to have an internal audit function The exchange recently approved a one-year transition period for newly listed companies to establish this function We expect the NASDAQ to offer this same flexibility to listed companies when it resubmits is proposal
15
2014 Protiviti Inc. An Equal Opportunity Employer. This document may not be copied nor distributed to any third party. Protiviti is not licensed or registered as a public accounting firm and does not issue opinions on financial statements or offer attestation services.
Updates to IIA Standards Standards 1110, 2010.A2 and 2410.A1, 2450. New Practice Advisories 2320-4, 2120-3, 2320-3
On December 10, 2012, the PCAOB issued the report Observations from 2010 Inspections of Domestic Annually Inspected Firms regarding Deficiencies in Audits of Internal Control over Financial Reporting Summarizes inspection observations related to deficiencies in registered public accounting firms audits of ICFR for public companies Describes the most pervasive deficiencies On October 24, 2013, the PCAOB issued Practice Alert #11,which highlights areas in which significant auditing deficiencies have been cited frequently in PCAOB inspection reports over the last three years
16
2014 Protiviti Inc. An Equal Opportunity Employer. This document may not be copied nor distributed to any third party. Protiviti is not licensed or registered as a public accounting firm and does not issue opinions on financial statements or offer attestation services.
PCAOB Auditing Standard No. 16, Communications with Audit Committees, and Amendments to other PCAOB Standards Approved by SEC
PCAOB Reproposes Auditing Standard, Related Parties, and Related Amendments, Including Amendments Regarding Significant Unusual Transactions
17
2014 Protiviti Inc. An Equal Opportunity Employer. This document may not be copied nor distributed to any third party. Protiviti is not licensed or registered as a public accounting firm and does not issue opinions on financial statements or offer attestation services.
Diebold - SEC charged the Ohio-based manufacturer of ATMs and bank security systems with violating the FCPA by bribing officials at government-owned banks with pleasure trips to popular tourist destinations in order to illicitly win business. Diebold agreed to pay $48 million to settle SEC and Justice Department cases. (10/22/13)
Source: http://www.sec.gov/spotlight/fcpa/fcpa-cases.shtml
18
2014 Protiviti Inc. An Equal Opportunity Employer. This document may not be copied nor distributed to any third party. Protiviti is not licensed or registered as a public accounting firm and does not issue opinions on financial statements or offer attestation services.
Reflects increased relevance of technology Incorporates an enhanced discussion of governance concepts (the oversight role of the board and its committees) Expands the reporting category of objectives to include non-financial and internal
Increases the focus on non-financial reporting objectives to broaden use Additional approaches and examples for operations, compliance and non-financial reporting objectives
8
21
COSOs IT Implications
Register via the Attachments Link for our January 15, 2014 webinar where we will discuss the IT implications associated with the 2013 COSO Framework.
22
2014 Protiviti Inc. An Equal Opportunity Employer. This document may not be copied nor distributed to any third party. Protiviti is not licensed or registered as a public accounting firm and does not issue opinions on financial statements or offer attestation services.
Technology Considerations
Poll Question #2
Does your organization conduct an IT audit risk assessment? Yes, it is conducted separately from the overall risk assessment Yes, it is conducted as part of the overall risk assessment process No, an IT audit risk assessment is not conducted
24
2014 Protiviti Inc. An Equal Opportunity Employer. This document may not be copied nor distributed to any third party. Protiviti is not licensed or registered as a public accounting firm and does not issue opinions on financial statements or offer attestation services.
Fraud: Monitoring
Auditing IT: New Technologies Fraud: Fraud Risk Assessment Data Analysis Tools: Statistical Analysis Fraud: Fraud Detection/Investigation Fraud: Management/Prevention Computer-Assisted Audit Tools (CAATs) Data Analysis Tools: Sampling
3.4
2.9 3.4 3.3 3.4 3.5 3.1 3.4
2 (tie)
3 (tie)
4 (tie)
5
1
2 3
3.2
3.1 3.4 3.3 3.3 3.7
4
Data Analysis Tools: Statistical Analysis 5 Fraud: Fraud Risk Assessment
Failed to test controls over completeness and accuracy of delivery data received electronically from vendors. Further failed to evaluate the implications of the significant differences between the delivery and invoice date in testing unbilled revenue
27
2014 Protiviti Inc. An Equal Opportunity Employer. This document may not be copied nor distributed to any third party. Protiviti is not licensed or registered as a public accounting firm and does not issue opinions on financial statements or offer attestation services.
2012
Information security (including data privacy, storage and management) Cloud computing Social media
Sarbanes-Oxley Compliance
Poll Question #3
Does your organization have plans to continue automating controls to gain efficiencies within the SOX compliance process? Yes No
Unsure
34
2014 Protiviti Inc. An Equal Opportunity Employer. This document may not be copied nor distributed to any third party. Protiviti is not licensed or registered as a public accounting firm and does not issue opinions on financial statements or offer attestation services.
Poll Question #4
In the last year, has your organization experienced an increased level of reliance by the external auditor on the work of internal audit? Yes No
Unsure
35
2014 Protiviti Inc. An Equal Opportunity Employer. This document may not be copied nor distributed to any third party. Protiviti is not licensed or registered as a public accounting firm and does not issue opinions on financial statements or offer attestation services.
Identify and sufficiently test controls that are intended to address the risks of material misstatement Sufficiently test the design and operating effectiveness of management review controls that are used to monitor the results of operations Obtain sufficient evidence to update the results of testing of controls from an interim date to the company's year end (i.e., the roll-forward period) Sufficiently test controls over the system-generated data and reports that support important controls Sufficiently perform procedures regarding the use of the work of others; and Sufficiently evaluate identified control deficiencies
37
2014 Protiviti Inc. An Equal Opportunity Employer. This document may not be copied nor distributed to any third party. Protiviti is not licensed or registered as a public accounting firm and does not issue opinions on financial statements or offer attestation services.
The automation of controls remains an enticing option and perhaps the final frontier for achieving significant improvements and efficiencies
Source: 2013 Sarbanes-Oxley Survey
38
2014 Protiviti Inc. An Equal Opportunity Employer. This document may not be copied nor distributed to any third party. Protiviti is not licensed or registered as a public accounting firm and does not issue opinions on financial statements or offer attestation services.
Companies Are
Poll Question #5
Do The IIA Standards support internal audits role in managing risk? Yes No Unsure
42
2014 Protiviti Inc. An Equal Opportunity Employer. This document may not be copied nor distributed to any third party. Protiviti is not licensed or registered as a public accounting firm and does not issue opinions on financial statements or offer attestation services.
IIA Performance Standard 2010.A1 - The internal audit activitys plan of engagements should be based on a risk assessment, undertaken at least annually. The input of senior management and the board should be considered in this process.
IIA Performance Standard 2120.A1 - Based on the results of the risk assessment, the internal audit activity should evaluate the adequacy and effectiveness of controls encompassing the organizations governance, operations, and information systems. This should include: (a) reliability and integrity of financial and operational information, (b) effectiveness and efficiency of operations, (c) safeguarding of assets, and (d) compliance with laws, regulations, and contracts.
43
2014 Protiviti Inc. An Equal Opportunity Employer. This document may not be copied nor distributed to any third party. Protiviti is not licensed or registered as a public accounting firm and does not issue opinions on financial statements or offer attestation services.
The IIAs Position Paper, The Three Lines of Defense in Effective Risk Management and Control, addresses how organizations can holistically mitigate risks in a business environment that is continuously growing in complexity
The paper is designed to provide guidance to organizations regardless of their size or the level of formality to their risk management approach It discusses the uses for risk management frameworks, But more importantly it highlights a critical component that most frameworks do not adequately address; how specific duties should be assigned and coordinated within the organization
44
2014 Protiviti Inc. An Equal Opportunity Employer. This document may not be copied nor distributed to any third party. Protiviti is not licensed or registered as a public accounting firm and does not issue opinions on financial statements or offer attestation services.
45
2014 Protiviti Inc. An Equal Opportunity Employer. This document may not be copied nor distributed to any third party. Protiviti is not licensed or registered as a public accounting firm and does not issue opinions on financial statements or offer attestation services.
What are our emerging risks? How do we identify these and how often? How do we determine if we are doing the right thing in accepting, reducing, sharing or avoiding risk? Have we articulated a statement of risk appetite?
46
2014 Protiviti Inc. An Equal Opportunity Employer. This document may not be copied nor distributed to any third party. Protiviti is not licensed or registered as a public accounting firm and does not issue opinions on financial statements or offer attestation services.
Many organizations want to lower their risk profile by fostering a collaborative culture where everyone in the organization understands risk and their role in helping the business to manage and mitigate them. The call for both greater collaboration, and an enterprise focus on risk, is accelerating internal audits path to the top table in the organisation, where it can be a true partner to management and the board.
Seeking Alignment
Executive Management
Board of Directors Audit Committee
External Audit
Issue Management Procedures
Internal Audit
Risk Management
Legal
Systems
Process Owners
48
2014 Protiviti Inc. An Equal Opportunity Employer. This document may not be copied nor distributed to any third party. Protiviti is not licensed or registered as a public accounting firm and does not issue opinions on financial statements or offer attestation services.
Economic conditions in current markets may not present significant growth opportunities
Succession challenges and the ability to attract and retain top talent may constrain efforts to achieve operational targets
5
49
Source: Setting the 2014 Audit Committee Agenda The Bulletin Volume 5, Issue 5
2014 Protiviti Inc. An Equal Opportunity Employer. This document may not be copied nor distributed to any third party. Protiviti is not licensed or registered as a public accounting firm and does not issue opinions on financial statements or offer attestation services.
Uncertainty surrounding costs of complying with healthcare reform legislation will limit growth
Anticipated volatility in global financial markets and currencies may create challenges Other challenges such as the inability of the organizations operations to meet performance expectations as well as competitors; disruption of the organizations business model; and an unexpected crisis that could impact the organization
10
50
Source: Setting the 2014 Audit Committee Agenda The Bulletin Volume 5, Issue 5
2014 Protiviti Inc. An Equal Opportunity Employer. This document may not be copied nor distributed to any third party. Protiviti is not licensed or registered as a public accounting firm and does not issue opinions on financial statements or offer attestation services.
Register via the Attachments Link for our January 15, 2014 webinar where we will discuss the IT implications associated with the 2013 COSO Framework.
51
2014 Protiviti Inc. An Equal Opportunity Employer. This document may not be copied nor distributed to any third party. Protiviti is not licensed or registered as a public accounting firm and does not issue opinions on financial statements or offer attestation services.
Brian Christensen
Executive Vice President Global Internal Audit Phone: +1 602 273 8020
Brian.Christensen@protiviti.com Phoenix, AZ
David Brand
Managing Director
Phone: +1 312 476 6401 David.Brand@protiviti.com Chicago, IL
Keith Keller
Managing Director
Phone: +1 404 443 8224 Keith.Keller@protiviti.com Atlanta, GA
52
2014 Protiviti Inc. An Equal Opportunity Employer. This document may not be copied nor distributed to any third party. Protiviti is not licensed or registered as a public accounting firm and does not issue opinions on financial statements or offer attestation services.