auditing corporate governance€¦ · auditing corporate governance . ... definition “the...

May 20, 2015

Auditing Corporate Governance

Presented by: Daniel Villa

2

Definition

“The combination of processes and structures implemented by the board to inform, direct, manage, and monitor the activities of the organization toward the achievement of its objectives.”

The Institute of Internal Auditors

3

History of Corporate Governance

1929 US Stock

Market Crash

- 1933 Securities Act - 1934 Securities Exchange Act

1989 Savings & Loan

Crisis

- 1989 Financial Institutions Reform, Recovery and Enforcement Act

2000 - Corruption - Fraud (e.g., Enron,Tyco, WorldCom…)

- 2002 US Sarbanes Oxley Act

2008 Financial Crisis

- 2010 Dodd Frank Act

4

Public Company Accounting Oversight Board (PCAOB) Title II- Auditor Independence Section 301 – Audit Committee Member Independence Section 302 – CEO and CFO Financial Statement Certification Section 404 – Managements Responsibility for Internal Controls

History: Sarbanes-Oxley Act of 2002

5

Selected Market Provisions of DFA Financial Stability Oversight Council Consumer Financial Protection Bureau Enhanced Prudential Standards Resolution Planning Hedge Fund Registration and Oversight Savings and Loan Holding Companies Role of Class A Board of Directors Volcker Rule

History: Dodd-Frank Act of 2010

6

The Federal Reserve System is comprised of 12 regional Reserve Banks under the general oversight of the Board of Governors (or Federal Reserve Board).

The Federal Reserve Board is comprised of 7 Governors appointed by the President and confirmed by the Senate; each serve fourteen year terms.

The 12 Reserve Banks serve public

interest within their regions and each is overseen by a separate Reserve Bank President and Board of Directors.

Federal Reserve Governance

7

Federal Reserve System Board of Directors

8

FRBNY Board of Directors

9

FRBNY Governance

10

The International Standards for the Professional Practice of Internal Auditing

Performance Standard

2060: Reporting to Senior Management and the Board

and the Board 2060: Reporting to Senior Management and the Board

The Chief Audit Executive (CAE) must report periodically to senior management and the board on the internal audit activity's purpose, authority, responsibility, and performance relative to its plan. Reporting must also include significant risk exposures and control issues, including fraud risks, governance issues, and other matters needed or requested by senior management and the board.

11




and the Board 2100: Nature of Work

The internal audit activity must evaluate and contribute to the improvement of governance, risk management, and control processes using a systematic and disciplined approached.

12




and the Board 2110: Governance

The internal audit activity must assess and make appropriate recommendations for improving the governance process. 2110.A1: The internal audit activity must evaluate the design, implementation, and effectiveness of the organization's ethics-related objectives, programs, and activities. 2110.A2: The internal audit activity must assess whether the information technology governance of the organization supports the organization's strategies and objectives.

13




and the Board 2120: Risk Management

The internal audit activity must evaluate the effectiveness and contribute to the improvement of risk management processes. 2120.A1 - The internal audit activity must evaluate risk exposures relating to the organization's governance, operations, and information systems. 2120.A2 - The internal audit activity must evaluate the potential for the occurrence of fraud and how the organization manages fraud risk.

14




and the Board 2130: Control

The internal audit activity must assist the organization in maintaining effective controls by evaluating their effectiveness and efficiency and by promoting continuous improvement. 2130.A1 - The internal audit activity must evaluate the adequacy and effectiveness of controls in responding to risks within the organization's governance, operations, and information systems regarding the:

Achievement of the organization’s objectives;

Reliability and integrity of financial and operational information;

Effectiveness and efficiency of operations; Safeguarding of assets; and Compliance with laws, regulations, and

contracts.

15




and the Board 2600: Communicating the Acceptance of Risks

When the chief audit executive concludes that management has accepted a level of risk that may be unacceptable to the organization, the chief audit executive must discuss the matter with senior management. If the chief audit executive determines that the matter has not been resolved, the chief audit executive must communicate the matters to the board.

16

Implementing a Corporate Governance Program

Preparing for a Governance Audit Step 1: Identify and research primary governance processes.

Step 2: Establish a realistic budget.

Step 3: Obtain buy-in from Chief Audit Executive.

Step 4: Select staff with requisite skills.

Strategic Planning

Risk Management

Ethical Framework

Measuring & Monitoring

Performance Communicating &

Reporting

17


Conducting a Governance Audit

President/Chief Executive Officer Chief Operating Officer General Counsel Principal Financial Officer Chief Human Resources Officer Ethics Officer Compliance Officer Corporate Secretary Other Executive Committee members

Schedule individual planning meetings with key contacts:

18


Conducting a Governance Audit Educate Senior Management

and the Board:

Introduce the IIA Standards and engagement objectives.

Share research of industry practices.

Brainstorm on planned/potential areas of focus.

Discuss the engagement timeline, contacts and logistics.

Explain potential outcomes and reporting process.

19

Questions?

auditing corporate governance€¦ · auditing corporate governance . ... definition “the...

Documents