how forward-thinking and contemporary audit executives are ... · asset risk –company inventory...
TRANSCRIPT
![Page 1: How Forward-Thinking and Contemporary Audit Executives are ... · Asset Risk –company inventory stored internally or at third-party locations may not be secure, counted, recorded,](https://reader033.vdocuments.mx/reader033/viewer/2022050205/5f580d0affefd551a17a8c68/html5/thumbnails/1.jpg)
11
Perspectives of 100 CAEs:
How Forward-Thinking and
Contemporary Audit Executives
are Enabling Positive Change
![Page 2: How Forward-Thinking and Contemporary Audit Executives are ... · Asset Risk –company inventory stored internally or at third-party locations may not be secure, counted, recorded,](https://reader033.vdocuments.mx/reader033/viewer/2022050205/5f580d0affefd551a17a8c68/html5/thumbnails/2.jpg)
2
PARTICIPATE IN SESSION POLLING and
Q&A • Download the IIA Conferences App to
participate in polling during select
sessions
• Select the session through the
schedule icon and click on the polling
icon
• Ask a member of the Conference Staff
if you need assistance
• You can also go to https://ic.cnf.io/ from
your mobile device web browser
• Submit your questions for the session
or to specific presenters by selecting
the ASK icon
![Page 3: How Forward-Thinking and Contemporary Audit Executives are ... · Asset Risk –company inventory stored internally or at third-party locations may not be secure, counted, recorded,](https://reader033.vdocuments.mx/reader033/viewer/2022050205/5f580d0affefd551a17a8c68/html5/thumbnails/3.jpg)
3
About Tom
Tom O’ReillyDirector & Internal Audit Practice Leader
![Page 4: How Forward-Thinking and Contemporary Audit Executives are ... · Asset Risk –company inventory stored internally or at third-party locations may not be secure, counted, recorded,](https://reader033.vdocuments.mx/reader033/viewer/2022050205/5f580d0affefd551a17a8c68/html5/thumbnails/4.jpg)
4
About Yulia
Yulia GurmanExecutive Director, Internal Audit and Corporate Security
Packaging Corporation of America
![Page 5: How Forward-Thinking and Contemporary Audit Executives are ... · Asset Risk –company inventory stored internally or at third-party locations may not be secure, counted, recorded,](https://reader033.vdocuments.mx/reader033/viewer/2022050205/5f580d0affefd551a17a8c68/html5/thumbnails/5.jpg)
5
Packaging Corporation of America (PCA)
• Domestic company headquartered in Lake
Forest, IL
• One of the largest manufacturers of
containerboard and corrugated packaging
• 2018 revenue $7 billion
• Decentralized environment with more than
100 facilities located primarily across the
United States
![Page 6: How Forward-Thinking and Contemporary Audit Executives are ... · Asset Risk –company inventory stored internally or at third-party locations may not be secure, counted, recorded,](https://reader033.vdocuments.mx/reader033/viewer/2022050205/5f580d0affefd551a17a8c68/html5/thumbnails/6.jpg)
6
Polling Question 1Please open the conference app to participate
![Page 7: How Forward-Thinking and Contemporary Audit Executives are ... · Asset Risk –company inventory stored internally or at third-party locations may not be secure, counted, recorded,](https://reader033.vdocuments.mx/reader033/viewer/2022050205/5f580d0affefd551a17a8c68/html5/thumbnails/7.jpg)
7
What emerging risks are you covering?
Or describe with one word how
business is changing?
![Page 8: How Forward-Thinking and Contemporary Audit Executives are ... · Asset Risk –company inventory stored internally or at third-party locations may not be secure, counted, recorded,](https://reader033.vdocuments.mx/reader033/viewer/2022050205/5f580d0affefd551a17a8c68/html5/thumbnails/8.jpg)
8
![Page 9: How Forward-Thinking and Contemporary Audit Executives are ... · Asset Risk –company inventory stored internally or at third-party locations may not be secure, counted, recorded,](https://reader033.vdocuments.mx/reader033/viewer/2022050205/5f580d0affefd551a17a8c68/html5/thumbnails/9.jpg)
9
Business is Changing...
![Page 10: How Forward-Thinking and Contemporary Audit Executives are ... · Asset Risk –company inventory stored internally or at third-party locations may not be secure, counted, recorded,](https://reader033.vdocuments.mx/reader033/viewer/2022050205/5f580d0affefd551a17a8c68/html5/thumbnails/10.jpg)
10
But Internal Audit Isn’t...
Source: MISTI 2018 and 2019 Internal Audit Topics on the audit plan survey charts.
![Page 11: How Forward-Thinking and Contemporary Audit Executives are ... · Asset Risk –company inventory stored internally or at third-party locations may not be secure, counted, recorded,](https://reader033.vdocuments.mx/reader033/viewer/2022050205/5f580d0affefd551a17a8c68/html5/thumbnails/11.jpg)
11
… and Our Stakeholders are Noticing
of CAEs are extremely or moderately
confident in their organization’s ability to
identify and assess
emerging and atypical risks
HOWEVER
of CAEs say the board will turn to
management
for identification and assessment of
emerging and atypical risks
87%
78%
![Page 12: How Forward-Thinking and Contemporary Audit Executives are ... · Asset Risk –company inventory stored internally or at third-party locations may not be secure, counted, recorded,](https://reader033.vdocuments.mx/reader033/viewer/2022050205/5f580d0affefd551a17a8c68/html5/thumbnails/12.jpg)
12
How to be a better Internal Audit Leader through:
• Expanding Audit Coverage
• Increasing Audit’s Subject Matter Expertise
• Positioning Audit to “Lead from the Front”
How can you use internal audit to
ENABLE POSITIVE CHANGE
in your organization?
Learning Objectives
![Page 13: How Forward-Thinking and Contemporary Audit Executives are ... · Asset Risk –company inventory stored internally or at third-party locations may not be secure, counted, recorded,](https://reader033.vdocuments.mx/reader033/viewer/2022050205/5f580d0affefd551a17a8c68/html5/thumbnails/13.jpg)
13
Expand The Coverage
Of Your Audit Plan
![Page 14: How Forward-Thinking and Contemporary Audit Executives are ... · Asset Risk –company inventory stored internally or at third-party locations may not be secure, counted, recorded,](https://reader033.vdocuments.mx/reader033/viewer/2022050205/5f580d0affefd551a17a8c68/html5/thumbnails/14.jpg)
14
Internal Auditing Definition
Internal auditing is an independent,
objective assurance and consulting
activity designed to add value and
improve an organization's
operations.
It helps an organization
accomplish its objectives by
bringing a systematic, disciplined
approach to evaluate and improve
the effectiveness of risk
management, control, and
governance processes.
CAE Considerations:
Do you have a risk assessment?
- does it reflect the strategic objectives and
emerging risks of your organization?
Do you include the right
stakeholders in your discussions?- review organizational changes
Re-evaluate Your Risk Assessment Approach
![Page 15: How Forward-Thinking and Contemporary Audit Executives are ... · Asset Risk –company inventory stored internally or at third-party locations may not be secure, counted, recorded,](https://reader033.vdocuments.mx/reader033/viewer/2022050205/5f580d0affefd551a17a8c68/html5/thumbnails/15.jpg)
15
Four main objectives for every organization:
Organizational Objectives
Increase Revenue
Continually Innovate
Manage Human Resources
Decrease Costs
![Page 16: How Forward-Thinking and Contemporary Audit Executives are ... · Asset Risk –company inventory stored internally or at third-party locations may not be secure, counted, recorded,](https://reader033.vdocuments.mx/reader033/viewer/2022050205/5f580d0affefd551a17a8c68/html5/thumbnails/16.jpg)
16
Polling Question 2Please open the conference app to participate
![Page 17: How Forward-Thinking and Contemporary Audit Executives are ... · Asset Risk –company inventory stored internally or at third-party locations may not be secure, counted, recorded,](https://reader033.vdocuments.mx/reader033/viewer/2022050205/5f580d0affefd551a17a8c68/html5/thumbnails/17.jpg)
17
Our Audit Plan addresses strategic initiatives
а. No
b. Yes, but we could do better
c. Yes, we feel good about our risk coverage
d. We don’t have any strategic initiatives
![Page 18: How Forward-Thinking and Contemporary Audit Executives are ... · Asset Risk –company inventory stored internally or at third-party locations may not be secure, counted, recorded,](https://reader033.vdocuments.mx/reader033/viewer/2022050205/5f580d0affefd551a17a8c68/html5/thumbnails/18.jpg)
18
![Page 19: How Forward-Thinking and Contemporary Audit Executives are ... · Asset Risk –company inventory stored internally or at third-party locations may not be secure, counted, recorded,](https://reader033.vdocuments.mx/reader033/viewer/2022050205/5f580d0affefd551a17a8c68/html5/thumbnails/19.jpg)
19
![Page 20: How Forward-Thinking and Contemporary Audit Executives are ... · Asset Risk –company inventory stored internally or at third-party locations may not be secure, counted, recorded,](https://reader033.vdocuments.mx/reader033/viewer/2022050205/5f580d0affefd551a17a8c68/html5/thumbnails/20.jpg)
20
Risk Assessment Questions
1. Business area risks and objectives
2. Changes in people, process, and
technology
• Succession Plan
• Emerging and Disruptive
Technology
• Automation
3. Major process/department initiatives
Risk Assessment Resources
1. Risk/Audit Universe
2. Internal Audit’s interface with
Enterprise Risk Management
(ERM)
3. External benchmarks
4. Peer network
How Can you Enhance Your Risk Assessment?
Building Relationships = Better Information
![Page 21: How Forward-Thinking and Contemporary Audit Executives are ... · Asset Risk –company inventory stored internally or at third-party locations may not be secure, counted, recorded,](https://reader033.vdocuments.mx/reader033/viewer/2022050205/5f580d0affefd551a17a8c68/html5/thumbnails/21.jpg)
21
Real Life Examples
![Page 22: How Forward-Thinking and Contemporary Audit Executives are ... · Asset Risk –company inventory stored internally or at third-party locations may not be secure, counted, recorded,](https://reader033.vdocuments.mx/reader033/viewer/2022050205/5f580d0affefd551a17a8c68/html5/thumbnails/22.jpg)
22
Strategic
Market
• Interest Rate
• Foreign Currency
• Commodity
• Derivatives
Liquidity and Credit
• Cash Management
• Debt Management
• Credit and Collections
• Funding
• Hedging
• Insurance
Accounting and Reporting
• General Ledger Close
• Consolidation Process
• Accounting, Reporting and
Disclosure
• Internal Control/SOX 404/302
• Information and Reporting
Integrity
Tax
• Tax Strategy and Planning
• Tax Optimization
• Transfer Pricing
• Property Taxes
Capital Structure
• Debt
• Equity
• Pension Funds
FinancialCompliance
Code of Conduct
• Ethics
• Fraud
Legal
• Contract
• Liability
• Intellectual Property
• Anti-Corruption / FCPA
• Technology Compliance
Support
Regulatory
• Trade
• Export Compliance
• Labor
• Securities
• Environmental
• Data Protection and Piracy
• International Purchases and
Sales
• Product Quality/Safety
• Health & Safety
• Competitive Practices/Anti-
Trade
• Sales and Marketing
• Technology Compliance
Support
• Customs
Governance
• Board Performance
• Tone at the Top
• Corporate Environment
• Corporate Social
Responsibility
Planning and Resource Allocation
• Organizational Structure
• Strategic Planning
• Budgeting & Forecasting
• JV’s/Alliances Partnerships
• Special Purpose Entities
• IT Strategy
Major Initiatives
• Vision and Direction
• Planning and Execution
• Measurement and
Monitoring
• Technology Implementation
• Business Acceptance
Mergers, Acquisition & Divesture
• Valuation and Pricing
• Due Diligence
• Execution and Integration
Market Dynamics
• Competition
• Economic Factors
• Customer Profile Trends
• Socio-Political
• Pricing Pressures
Legend
Addressed by company Internal Audit in 2018 and in 2017
Addressed by company Internal Audit in 2016
Communication & Investor
Relations
• Media Relations
• Investor Relations
• Employee
Communications
• Technology-
Enabled
Communications
(e.g. social media)
Operations
Sales and Marketing
• Marketing and
Advertising
• Sales and Pricing
• Customer Insight and
Analysis
• New Product
Development
• Technology-Enabled
Sales Channels
• Sales Order Processing
• Customer Support and
Management
• Warranty
Supply Chain
• Engineering
• Material Planning
• Sourcing and
Procurement
• Production and Inventory
Control
• Distribution
• Third party /
subcontractors
People
• Recruitment and
Retention
• Development
and Performance
• Succession
Planning
• Compensation
and Benefits
• Labor Relations
• Payroll/Timekeep
ing
Information Technology
• Information
Management /
Infrastructure
• Security/Access
• Availability/Conti
nuity
• Integrity
Hazards
• Natural Events
and Terrorism
Physical Assets
• Real Estate
• Property, Plant,
and Facilities
Risk Universe Coverage: 2018 and 2019
![Page 23: How Forward-Thinking and Contemporary Audit Executives are ... · Asset Risk –company inventory stored internally or at third-party locations may not be secure, counted, recorded,](https://reader033.vdocuments.mx/reader033/viewer/2022050205/5f580d0affefd551a17a8c68/html5/thumbnails/23.jpg)
23
Succession Planning – Inappropriate planning for attrition of key executives could result in
business disruption, loss of key customer relationships, or loss of IP.
Top Risk Identified by Management Sample Audit Plan
Procurement (Location #1, Location #2)
Distributor Pricing
Intellectual Property
Anti-Corruption Program
Subcontractor & Consignment Inventory Program
New Product Research and Development – Ineffective use of R&D investments will hinder
ability to develop new products or meet customer needs.
Asset Risk – company inventory stored internally or at third-party locations may not be secure,
counted, recorded, transferred, or disposed of according to procedures.
Intellectual Property – Inability to enforce patents or protect intellectual property (from theft)
could result in a loss of product market share and future sales.
Procurement – Ineffective supplier and sourcing strategies, negotiating, engaging and vendor
monitoring could cause business interruptions and result in higher material costs.
Product Pricing – Gross margins could erode if pricing processes, procedures, and systems are
not working optimally and average selling prices continue to decrease.
Talent Management – Inefficient employee development and recruiting operations may hinder
our ability to promote and hire qualified internal and external candidates.
Corporate Vision and Strategy – If the corporate strategy is not vetted, communicated, and
accepted within the company, current and long-term initiatives may fail.
Anti-Corruption – Potential bribes paid to government and commercial third parties may result
in regulatory fines and damage company’s reputation.
Voice of Management: Risk Identification Interview Results
![Page 24: How Forward-Thinking and Contemporary Audit Executives are ... · Asset Risk –company inventory stored internally or at third-party locations may not be secure, counted, recorded,](https://reader033.vdocuments.mx/reader033/viewer/2022050205/5f580d0affefd551a17a8c68/html5/thumbnails/24.jpg)
24
Regulation and Compliance Risks
Cost Cutting
Managing Talent
Pricing Pressure
Emerging Technologies
Market Risks
Expansion of Government’s Role
Slow-recovery and Double-Dip Recession
Social Acceptance Risks / Corporate Social Responsibility
Ethics, Anti-Corruption Program
20xx Top Business Risks 20xx Audit Plan
Critical Control Reviews, Travel and Expense by Location
Distributor Pricing
Procurement (Location #1, Location #2), Distributor Reviews
Risk Research Benchmarking
![Page 25: How Forward-Thinking and Contemporary Audit Executives are ... · Asset Risk –company inventory stored internally or at third-party locations may not be secure, counted, recorded,](https://reader033.vdocuments.mx/reader033/viewer/2022050205/5f580d0affefd551a17a8c68/html5/thumbnails/25.jpg)
25
Summary of 20XX Key Themes By Business Area
Key Themes
• Include Initiatives
• System Changes
• Control Changes
• Industry Risks
• Other?
Business
Area/Segment A
• Include Initiatives
• System Changes
• Control Changes
• Other?
Business
Area/Segment B
• Include Initiatives
• System Changes
• Control Changes
• Other?
Business
Area/Segment C
Through the course of the Risk Assessment process, Internal Audit identified themes that would be considered the high-priority risk
areas for 20XX to address. Additional themes that support Medium priority risk areas are included in the full 2019 Audit Plan as well.
• Continuous growth of a Company’s business; systems and other technology changes; growing risk areas
like cybersecurity; and changes in regulatory environment require a robust plan that will remain flexible
and continue to adapt to changes in the business.
• Changes to the proposed plan will be communicated timely to management and the Audit Committee.
![Page 26: How Forward-Thinking and Contemporary Audit Executives are ... · Asset Risk –company inventory stored internally or at third-party locations may not be secure, counted, recorded,](https://reader033.vdocuments.mx/reader033/viewer/2022050205/5f580d0affefd551a17a8c68/html5/thumbnails/26.jpg)
26
Increase the Use of Subject
Matter Expertise
![Page 27: How Forward-Thinking and Contemporary Audit Executives are ... · Asset Risk –company inventory stored internally or at third-party locations may not be secure, counted, recorded,](https://reader033.vdocuments.mx/reader033/viewer/2022050205/5f580d0affefd551a17a8c68/html5/thumbnails/27.jpg)
27 Source: Internal Auditing’s Value to Stakeholders - Internal Audit Foundation
Expertise Improves
Insight
Use Subject Matter Experts (SMEs)
Improves Internal
Audit Value
![Page 28: How Forward-Thinking and Contemporary Audit Executives are ... · Asset Risk –company inventory stored internally or at third-party locations may not be secure, counted, recorded,](https://reader033.vdocuments.mx/reader033/viewer/2022050205/5f580d0affefd551a17a8c68/html5/thumbnails/28.jpg)
28
Polling Question 3Please open the conference app to participate
![Page 29: How Forward-Thinking and Contemporary Audit Executives are ... · Asset Risk –company inventory stored internally or at third-party locations may not be secure, counted, recorded,](https://reader033.vdocuments.mx/reader033/viewer/2022050205/5f580d0affefd551a17a8c68/html5/thumbnails/29.jpg)
29
Did you ever have to “avoid” risky
area coverage due to lack of
subject matter expertise?
а. Yes b. No
![Page 30: How Forward-Thinking and Contemporary Audit Executives are ... · Asset Risk –company inventory stored internally or at third-party locations may not be secure, counted, recorded,](https://reader033.vdocuments.mx/reader033/viewer/2022050205/5f580d0affefd551a17a8c68/html5/thumbnails/30.jpg)
30
![Page 31: How Forward-Thinking and Contemporary Audit Executives are ... · Asset Risk –company inventory stored internally or at third-party locations may not be secure, counted, recorded,](https://reader033.vdocuments.mx/reader033/viewer/2022050205/5f580d0affefd551a17a8c68/html5/thumbnails/31.jpg)
31
• Assess your own team’s skillset and experience and determine gaps
• Become one!
• Attend targeted training
• Learn from others
• Look for SMEs in your Company:
• Employees
• Guest Auditor Program
• Use consulting firms
• Tip: Engage your staff to work on the project so they can learn from the experts
How Do You Find The Right SMEs?
![Page 32: How Forward-Thinking and Contemporary Audit Executives are ... · Asset Risk –company inventory stored internally or at third-party locations may not be secure, counted, recorded,](https://reader033.vdocuments.mx/reader033/viewer/2022050205/5f580d0affefd551a17a8c68/html5/thumbnails/32.jpg)
32
• Your team members learn new skills
• Develop in-house expertise
• Cover new risk areas
• Strategic risks
• “Non-traditional” audit areas
• Obtain benchmarking information
• If consultants are engaged, ask for benchmarking data for similar companies and share with management
Additional Value Of Using SMEs
![Page 33: How Forward-Thinking and Contemporary Audit Executives are ... · Asset Risk –company inventory stored internally or at third-party locations may not be secure, counted, recorded,](https://reader033.vdocuments.mx/reader033/viewer/2022050205/5f580d0affefd551a17a8c68/html5/thumbnails/33.jpg)
33
Lead from the Front
3
![Page 34: How Forward-Thinking and Contemporary Audit Executives are ... · Asset Risk –company inventory stored internally or at third-party locations may not be secure, counted, recorded,](https://reader033.vdocuments.mx/reader033/viewer/2022050205/5f580d0affefd551a17a8c68/html5/thumbnails/34.jpg)
34
1 2 3Education:
● Show trends and emerging risks
● Share innovative practices on
how to mitigate certain risks
What Can CAEs Do?
Help the Audit Committees and
Management understand:
● Which risks are more predominant
for your industry and organization
● Specific implications of each
identified risk
Propose Solutions:
● Risk coverage game plan
● New technology use (if applicable)
● Resource needs
● Special advisory projects
CAEs can help Management and the Board (Audit Committee) by offering the
following:
![Page 35: How Forward-Thinking and Contemporary Audit Executives are ... · Asset Risk –company inventory stored internally or at third-party locations may not be secure, counted, recorded,](https://reader033.vdocuments.mx/reader033/viewer/2022050205/5f580d0affefd551a17a8c68/html5/thumbnails/35.jpg)
35
Learn and Innovate Every Day!
Publications News Network Research
![Page 36: How Forward-Thinking and Contemporary Audit Executives are ... · Asset Risk –company inventory stored internally or at third-party locations may not be secure, counted, recorded,](https://reader033.vdocuments.mx/reader033/viewer/2022050205/5f580d0affefd551a17a8c68/html5/thumbnails/36.jpg)
36
Resources
Available at the IIA Bookstore
![Page 37: How Forward-Thinking and Contemporary Audit Executives are ... · Asset Risk –company inventory stored internally or at third-party locations may not be secure, counted, recorded,](https://reader033.vdocuments.mx/reader033/viewer/2022050205/5f580d0affefd551a17a8c68/html5/thumbnails/37.jpg)
37
Are You Ready?
![Page 38: How Forward-Thinking and Contemporary Audit Executives are ... · Asset Risk –company inventory stored internally or at third-party locations may not be secure, counted, recorded,](https://reader033.vdocuments.mx/reader033/viewer/2022050205/5f580d0affefd551a17a8c68/html5/thumbnails/38.jpg)
38
TELL US WHAT YOU THINK!
Evaluate this session right in the
IIA Conference App!
Not using the conference app?
Visit: ic.cnf.io to complete
your session evaluations.