iia top10 sox impacts[1]
TRANSCRIPT
8/9/2019 IIA Top10 SOX Impacts[1]
http://slidepdf.com/reader/full/iia-top10-sox-impacts1 1/16
Top 10 Global Impacts of SOX on Internal AuditingTop 10 Global Impacts of SOX on Internal Auditing
8/9/2019 IIA Top10 SOX Impacts[1]
http://slidepdf.com/reader/full/iia-top10-sox-impacts1 2/16
Back to Basics:Back to Basics:Risk, Controls, GovernanceRisk, Controls, Governance
Internal auditing is an
independent, objective
assurance and consulting
activity designed to add valueand improve an organization's
operations. It helps an
organization accomplish its
objectives by bringing a
systematic, disciplinedapproach to evaluate and
improve the effectiveness of risk
management, control, and
governance processes.
Re-engaging
Internal Controls
Fostering
Enterprise Risk
Management
Facilitating
more effective
corporate
governance
8/9/2019 IIA Top10 SOX Impacts[1]
http://slidepdf.com/reader/full/iia-top10-sox-impacts1 3/16
Should internal auditing andmore specifically, the chief auditexecutive (CAE), participate inincentive compensation awardsystems, based on performance
of the organization¶s bottom line?
#10: Incentive Compensation#10: Incentive Compensation
8/9/2019 IIA Top10 SOX Impacts[1]
http://slidepdf.com/reader/full/iia-top10-sox-impacts1 4/16
#9: Access to Information#9: Access to Information
Is the CAE positioned within theIs the CAE positioned within theorganizational structure to haveorganizational structure to haveaccess to and involvement inaccess to and involvement inemerging decisions by senioremerging decisions by seniorexecutives; and to have a ³seat atexecutives; and to have a ³seat atthe table´ when key businessthe table´ when key business
strategies are being developed?strategies are being developed?
8/9/2019 IIA Top10 SOX Impacts[1]
http://slidepdf.com/reader/full/iia-top10-sox-impacts1 5/16
#8: Reporting Relationships#8: Reporting Relationships
Does the internal audit activityDoes the internal audit activityproperly report within theproperly report within theorganization directly to the auditorganization directly to the auditcommittee for oversight and to thecommittee for oversight and to theCEO for organizational interface?CEO for organizational interface?
8/9/2019 IIA Top10 SOX Impacts[1]
http://slidepdf.com/reader/full/iia-top10-sox-impacts1 6/16
#7: Are MD&A Disclosures Accurate?#7: Are MD&A Disclosures Accurate?
Does the internal audit departmentDoes the internal audit departmentperform tests to ensure the accuracy,perform tests to ensure the accuracy,completeness, and appropriateness of completeness, and appropriateness of the information contained in thethe information contained in themanagement discussions and analysismanagement discussions and analysis(MD&A) portion of the annual report?(MD&A) portion of the annual report?
8/9/2019 IIA Top10 SOX Impacts[1]
http://slidepdf.com/reader/full/iia-top10-sox-impacts1 7/16
#6: Quality Assessment#6: Quality Assessment
International Standards for theInternational Standards for theProfessional PracticeProfessional Practice
of Internal Auditingof Internal Auditingrequire an external quality assessmentrequire an external quality assessmentevery five years, plus an ongoing qualityevery five years, plus an ongoing quality
program to ensure the outputs of t
heprogram to ensure t
he outputs of t
heinternal audit department are ininternal audit department are in
accordance with expectations.accordance with expectations.
8/9/2019 IIA Top10 SOX Impacts[1]
http://slidepdf.com/reader/full/iia-top10-sox-impacts1 8/16
#5: Control Assessment#5: Control Assessment
EntityEntity--wide assessment of keywide assessment of keycontrols in business processes thatcontrols in business processes thatfeed the general ledger and hencefeed the general ledger and hence
the overall financial statementsthe overall financial statements
Process ownershipProcess ownership
Certification of internal controlCertification of internal control
over financial reportingover financial reporting
Linkage to COSO¶sLinkage to COSO¶s Internal Control Internal Control Framework,Framework, including entityincluding entity--widewide
control component assessmentcontrol component assessment
8/9/2019 IIA Top10 SOX Impacts[1]
http://slidepdf.com/reader/full/iia-top10-sox-impacts1 9/16
#4: Fraud#4: Fraud
Awareness of potential fraud risks andAwareness of potential fraud risks andappropriate responsesappropriate responses
Fraud prevention and detection programFraud prevention and detection program
Forensic auditing during financial auditsForensic auditing during financial audits
Increased fraud consideration in theIncreased fraud consideration in theinternal audit department¶s auditsinternal audit department¶s audits
8/9/2019 IIA Top10 SOX Impacts[1]
http://slidepdf.com/reader/full/iia-top10-sox-impacts1 10/16
#3: Governance#3: Governance
Audit committee changes to charterAudit committee changes to charterand scope of workand scope of work
Audit committee financial expertAudit committee financial expert
Audit committee member independenceAudit committee member independenceand financial competencyand financial competency
Oversight of fraud, risk, internalOversight of fraud, risk, internalauditing, and external auditingauditing, and external auditing
Self Self--assessmentassessment
8/9/2019 IIA Top10 SOX Impacts[1]
http://slidepdf.com/reader/full/iia-top10-sox-impacts1 11/16
EffectiveEffective
GovernanceGovernance
8/9/2019 IIA Top10 SOX Impacts[1]
http://slidepdf.com/reader/full/iia-top10-sox-impacts1 12/16
#2: Ethics#2: Ethics
Hotline operationsHotline operations
Compliance programsCompliance programs
TrainingTraining
CultureCulture ±± encourage disclosuresencourage disclosures
Investigative process coordinationInvestigative process coordination Handling complaints and documentationHandling complaints and documentation
Whistleblower protectionWhistleblower protection
8/9/2019 IIA Top10 SOX Impacts[1]
http://slidepdf.com/reader/full/iia-top10-sox-impacts1 13/16
#1: Risk#1: Risk
ERMERM
Risk modelRisk model
Risk event identificationRisk event identification Risk assessment techniquesRisk assessment techniques
±±ProbabilityProbability
±±ImpactImpact Risk responseRisk response
RiskRisk--based audit approachesbased audit approaches
8/9/2019 IIA Top10 SOX Impacts[1]
http://slidepdf.com/reader/full/iia-top10-sox-impacts1 14/16
COSO¶s ERMCOSO¶s ERM--Integrated FrameworkIntegrated Framework
Entity objectives: four categories
Strategic
Operations
ReportingCompliance
ERM considers activities at
all levels of the organizationEnterprise-level
Division or subsidiary
Business unit processes
Source: COSO Enterprise Risk Management Framework
8/9/2019 IIA Top10 SOX Impacts[1]
http://slidepdf.com/reader/full/iia-top10-sox-impacts1 15/16
Today¶s Top 10Today¶s Top 10
RiskRisk
EthicsEthics
GovernanceGovernance
FraudFraud Control AssessmentControl Assessment
QualityQuality
Management Discussion & AnalysisManagement Discussion & Analysis
Reporting RelationshipsReporting Relationships
Access to InformationAccess to Information
Incentive CompensationIncentive Compensation
8/9/2019 IIA Top10 SOX Impacts[1]
http://slidepdf.com/reader/full/iia-top10-sox-impacts1 16/16
For more informationFor more information
VisitVisit www.theiia.orgwww.theiia.org
Call +1Call +1--407407--937937--11111111 EE--mail [email protected] [email protected]