The Auditor’s Role in Governance: Emulate, Evaluate, Educate Lori Cox, CIA, CGAP IIA Tucson Chapter President Director – Internal Audit, Pima Community College.
Download ReportTranscript The Auditor’s Role in Governance: Emulate, Evaluate, Educate Lori Cox, CIA, CGAP IIA Tucson Chapter President Director – Internal Audit, Pima Community College.
The Auditor’s Role in Governance: Emulate, Evaluate, Educate Lori Cox, CIA, CGAP IIA Tucson Chapter President Director – Internal Audit, Pima Community College The Auditor’s Role in Governance Agenda • Governance Defined • Governance Activities • Common Governance Components • Related Standards • Auditor Roles Defined • Navigating Roles • Challenges in the Auditor’s Role • Navigating Politics 2 What is Governance? Provide an example of Governance. 3 Governance Defined The whole set of legal, cultural, and institutional arrangements that determine what organizations can do, who controls them, how that control is exercised, and how the risks and returns from the activities they undertake are allocated. Margaret Blair, 1995 4 Governance Defined Governance involves a set of relationships between an organisation’s management, its board, its stakeholders and other stakeholders. Governance also provides the structure through which the objectives of the company are set, and the means of attaining those objectives and monitoring performance are determined. The Organisation for Economic Co-operation and Development (OECD) 5 Governance Defined A set of processes, controls, and structures generally performed within the organization by, or on behalf of, stakeholders (including the board or other body directly appointed by stakeholders – for example, a community oversight board) to ensure that that their interest are protected and their goals are achieved. The objective of organizational governance is to ensure that management is acting appropriately and consistently within the interest of stakeholders. 6 Norman Marks, IA Professional, Author, Blogger Governance Defined Governance can be defined as the mixture of processes, procedures and structures implemented by management and the board to inform, direct, manage, and monitor organizational activities. The Institute of Internal Auditors 7 Governance Defined Effective governance includes systems and associated processes and controls that promote: ethics and values; performance and accountability; risk communication; and coordination and communication among the board, external and internal auditors, and management. IIA Research Foundation 8 Governance Purpose The purpose of organizational governance is to facilitate effective and prudent management that can deliver long-term success to the organization. 9 Governance Activities Governance activities exist to help the organization meet its objectives in being well-run and accountable to its stakeholders. Governance begins with the board or oversight body. The board must understand and focus on the needs of key stakeholders. Day-to-day governance is executed by the management and the organization. 10 Common Governance Components 1. 2. 3. 4. 5. 6. 7. Board of Directors and Committees Laws and Regulations Business Practices and Ethics Disclosure & Transparency Enterprise Risk Management Monitoring Communication OECD 11 IIA Requirements Standard 2110 The internal audit activity must assess and make appropriate recommendations for improving the governance process in its accomplishment of the following objectives: Promoting appropriate ethics and values within the organization; Ensuring effective organizational performance management and accountability; Communicating risk and control information to appropriate areas of the organization; and Coordinating the activities of and communicating information among the board, external and internal auditors, 12 and management. Auditor’s Role in Governance Defined Emulate Exemplifying effective governance and living and modeling the organization’s values – in short, “walking the talk”. 13 Auditor’s Role in Governance Defined Emulate Exercise: What are three ways Internal Audit can emulate governance? 14 Auditor’s Role in Governance Defined Evaluate Conducting assessments of the organization’s governance; this may include evaluating the ethical culture, performance and management, risks, and controls. 15 Auditor’s Role in Governance Defined Evaluate Exercise: What are three ways Internal Audit can evaluate governance? 16 Auditor’s Role in Governance Defined Educate Provide the board, management, and staff with the information and guidance necessary to effective discharge their governance duties. 17 Auditor’s Role in Governance Defined Education Exercise: What are three ways Internal Audit can provide governance education? 18 Exercise Auditor Role? If so, how? Assist board of directors in its self-assessment and best practices. Assess Audit Committee effectiveness and compliance with regulators. Review the audit committee charter and help legal counsel. Help management and the audit committee hold people accountable. 19 Exercise, Cont. Auditor Role? If so, how? Bring best practices ideas about internal controls and risk management processes to audit committee members and management. Verify that the organization has identified assigned responsibilities and addressed all of the key legal and regulatory requirements. Look for opportunities to leverage compliance activities and capabilities to reduce costs and improve performance. Review the code of conduct and ethics policies, making sure they are periodically updated and communicated to management and employees. 20 Exercise, Cont. Auditor Role? If so, how? Perform an ethics review to assess the understanding and perception of compliance across organizational levels. Adhere to audit standards. Participate in ongoing dialogue with general counsel, chief financial officer, and other senior management officials. Inventory organizational risk compliance activities and strive to integrate them into a common methodology. 21 Exercise, Cont. Auditor Role? If so, how? Develop a code of ethics and conduct for auditors and have each member of the department/team sign acknowledging the code, including the CAE. Provide leadership workshops to management and staff. Assist process owners in understanding, assessing, designing, and documenting controls. Perform a strategic corporate governance audit or ensure one is conducted. 22 Exercise, Cont. Auditor Role? If so, how? Conduct annual audits and report the results to management and the audit committee. Administer and organization-wide climate survey. Serve in the ethics oversight role or confer with the organization’s ethics officer. Facilitate identification of key risk areas for the organization as well as all key processes. 23 Exercise, Cont. Auditor Role? If so, how? Include information about corporate governance in audit reports. Advise the board and management on the needed improvements and changes in the governance structure and design. Conduct audit surveys after each engagement – including assessments of auditor professionalism – and provide a copy of the results to the audit committee. Assist in establishing a governance communications calendar and solicit input on needs and articles across the organization. 24 Navigating the Auditor’s Role Emulating… Living organization’s values - walk the talk. Conduct training and stress the importance of adherence to ethical standards. Hire carefully. Communicate regularly. Promote transparency. Follow the rules. 25 Navigating the Auditor’s Role Evaluating… Implement the required standards. Include governance evaluations in audits (as applicable and appropriate). Utilize data and available tools. Monitor implementation of strategic plans. 26 Navigating the Auditor’s Role Educating… Present options and recommendations. Benchmark where possible. Communicate risk and control information to appropriate areas of the organization. Promote ethics and values. Facilitate training/workshops. Act as a catalyst for change, advisior or advocating improvements to enhance the organization’s structure and practices. 27 Governance Challenges Diversity of audience. Remaining independent and objective, yet being part of the organization. Constant development of business knowledge, insight, good judgment, and communications. No one-size-fits-all method to improve organizational governance. 28 Governance Challenges No governance system, no matter how well designed, will fully prevent greedy, dishonest people from putting their personal interest ahead of the interests ahead of others or the interest of their organization. 29 Addressing Governance Challenges & Navigating Politics Ramp up communications. Place renewed focus on risk management and governance process. Strengthen the risk assesment process. Operate with a more flexible and adaptable plan. 30 Addressing Governance Challenges & Navigating Politics Strengthen business knowledge. Strengthen your relationshsips and communications with the organization’s other governance, risk, and control functions. Enhance the efficiency of your audit process. 31 Addressing Governance Challenges & Navigating Politics Be open and honest. Don’t “discriminate” when sharing information with the oversight body. Be aware of political “firestorms”. Pick you battles. Walk the talk. 32 Summary The auditor’s role is challenging. Emulate – Walk the talk Evaluate – Review Educate – Inform Be cognizant of politics but don’t be “political”. Rise to the challenge. 33 Thank you! Contact information: [email protected] [email protected] 34