Académique Documents
Professionnel Documents
Culture Documents
Unquestioning analysts
Ineffective internal audit
Government Responses
IIA Inc submission to Congress NYSE recommendation on internal audit Sarbanes-Oxley
Sarbanes-Oxley
Management must assess the effectiveness of the
internal controls and procedures for financial reporting assessment made by management
EU Proposals
Annual corporate governance statement
to include:
Composition
Details
The
and consulting activity designed to add value and improve an organisations operation.
by bringing a systematic, disciplined approach to evaluate and improve effectiveness of risk management, control and corporate governance processes.
Letter of Assurance
Risk Registers
INTERNAL AUDIT Review of Control Framework and Risk Management Process THE BOARD Assessment of Effectiveness of Internal Control EXTERNAL AUDIT Effectiveness of processes & information supporting the statutory accounts BUSINESS UNITS Specific studies/reviews INTERNAL AUDIT Effectiveness of management of Group & Business Unit Key Risks BUSINESS UNITS Views of Senior Management
The Directors should, at least annually, conduct a review of the effectiveness of the Groups system of OBJECTIVE: (LSE Combined Code) controls including financial, operational and compliance controls and risk management internal controls and should report to shareholders that they have done so. The review should cover all controls Section D.2.1 including financial, operational and compliance controls and risk management
Provide assurance
Benefits of ERM
Fewer surprises
Successful change
Maintaining & developing the ERM framework Central co-ordinating point for ERM Consolidated reporting on risks
Facilitating risk responses Reviewing the management of key risks Evaluating risk management reporting Giving assurance that risks assessed appropriately Giving assurance on risk management processes
ERM and Internal Audit The Safeguards Management is responsible for risk management
Undermine management accountability Manage risks on managements behalf Make risk management decisions
Give assurance on any part of the ERM framework for which it is responsible
If satisfactory then:
If unsatisfactory then:
and targets
Identify likelihood and impact of those threats Identify target likelihood and impact Agree key risk areas Identify controls to reduce risk to target levels
Risk Review
Identify:
Verify those controls are in place and working Identify possible improvements and redundant controls
Advantages
Enables annual opinion
Focuses on big issues
Reporting
Report on:
Assurance process
Key objectives
Individual risks to achievement of key objectives
Audit Plan
H H
TOTAL RISKS
AUDIT COVERAGE
HM / MH
M M
HL / LH
ML / LM
PROBABILITY/IMPACT
Professional standards Independent reviews Peer reviews Publications for Audit Committees Comparative data Performance measures
Performance Measures
No right answers Measure both inputs and outputs Must mean something to the business