aashto subcommittee for internal external audit annual
play

AASHTO SUBCOMMITTEE FOR INTERNAL/EXTERNAL AUDIT ANNUAL MEETING - PowerPoint PPT Presentation

Mar 15, 2023 •97 likes •354 views

AASHTO SUBCOMMITTEE FOR INTERNAL/EXTERNAL AUDIT ANNUAL MEETING Doubletree Hotel Orange, California July 9, 2019 10:30am 11:45am Vicki McIntyre, CIA, CPA, CFSA, CRMA, CGAP AGENDA Introduction to Risk Enterprise Risk Management

  1. AASHTO SUBCOMMITTEE FOR INTERNAL/EXTERNAL AUDIT ANNUAL MEETING Doubletree Hotel Orange, California July 9, 2019 10:30am – 11:45am Vicki McIntyre, CIA, CPA, CFSA, CRMA, CGAP

  2. AGENDA  Introduction to Risk  Enterprise Risk Management  Opportunities for Internal Audit Teams  Opportunities for Internal Auditors  OMB Circular A-123  COCO Internal Control Framework – Risk Assessment Component

  3. INTRODUCTION TO RISK

  4. INTRODUCTION TO RISK Program, Mission, Strategic Business Unit Internal Vision, Risk Analysis Plans Goals and Controls Values Objectives

  5. ENTERPRISE RISK MANAGEMENT  NOT a program,  NOT a department,  NOT a process, either! Risk management is an integral component of decision making.

  6. ENTERPRISE RISK MANAGEMENT In 2017, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) published an update to its 2004 COSO Enterprise Risk Management framework. The name of it says it all: Enterprise Risk Management - Integrating With Strategy and Performance. Risk management is all about strategy and performance.

  7. ENTERPRISE RISK MANAGEMENT  The new COSO ERM lays out a framework for improving risk management so better decisions are made , helping an organization accomplish its objectives .  The framework is not another process to be sent to the ERM team or even to a committee or work group.  It needs to be incorporated into the fabric of the organization , providing guidance, tools, processes, and many other elements to improve risk management, regardless of the decision being made.

  8. ENTERPRISE RISK MANAGEMENT The updated framework’s five interrelated components:  Governance and Culture  Strategy and Objective Setting  Performance  Review and Revision  Information, Communication and Reporting

  9. ENTERPRISE RISK MANAGEMENT  Risk Is Not the Focus  Risk Is Not an Evil to Be Eliminated  There Are Many Ways to Respond to Risk  Risk Management is More a Skill and Mindset Than a Process  All of the Framework is Important  ERM Does Not Compete With Internal Controls

  10. OPPORTUNITIES FOR INTERNAL AUDIT TEAMS  Coordination and Reliance – IIA Standard 2050  IA responsibility for agency’s ERM approach – IIA Position Paper, “The Role of Internal Auditing In Enterprise Risk Management”  Facilitation and training  Assessments of Management’s design and execution of ERM

  11. OPPORTUNITIES FOR AUDIT TEAMS

  12. AGENCY’S ERM MATURITY Enablers  People  Processes  Technology

  13. OPPORTUNITIES FOR INTERNAL AUDITORS  Become conversant with the fundamentals of the ERM framework - internal auditing is all about risk.  While we focus on the adequacy/effectiveness of internal controls, internal controls should be viewed as a method to implement the "reduce“ response to risk. Risk is central and comes first.  Master the concepts of risk - how it is identified, assessed, analyzed, responded to, reviewed, and reported. Without this context, it is not possible to effectively address internal controls.

  14. OPPORTUNITIES FOR INTERNAL AUDITORS  Talk less about the adequacy/effectiveness of internal controls and talk more about risk…. managing risk, and reducing risk where advised.  Management thinks of the world through the perspective of setting out objectives and accomplishing them - all with the goal of delivering performance.  The more we talk about those objectives and events that can impact delivering performance, the more management will understand how internal audit delivers value.  We are not here to add bureaucracy with more controls. We are here to help management deliver on its objectives. This requires us to think and talk in terms of risk, potential impact, and response.

  15. OPPORTUNITIES FOR INTERNAL AUDITORS  Internal auditors should not only evaluate internal controls, but also management’s choice and implementation of risk responses.  Internal controls are but one potential risk response.  Internal auditors should be considering all five risk responses in assessing whether management has selected the optimal way to address a risk.

  16. OPPORTUNITIES FOR INTERNAL AUDITORS  Internal auditors should not focus blindly on always trying to reduce risk.  Risk responses should be designed to improve performance.  This involves not only ideas to reduce the impact from negative risk events, but also the cost of risk responses and the possibility of a risk that positively impacts performance.  When internal auditors' orientation is toward decision-making and how risks impact performance, they may conclude more risk is appropriate or the cost of current risk responses is not justified by the benefits.

  17. OPPORTUNITIES FOR INTERNAL AUDITORS  Internal auditors are some of the best in understanding the theory regarding risk.  The revised COSO ERM framework provides us the opportunity to become even more expert in the material so we can help our organizations navigate how best to implement it.  Not everyone will see the framework as something worth their attention, this provides a great opportunity for internal auditors!!

  18. OMB’s REVISED CIRCULAR A-123  Revised Circular A-123, Management’s Responsibility for Enterprise Risk Management and Internal Control , establishes various ERM processes in the federal government.  Requires federal executive agency leadership to implement ERM concepts to ensure each agency's risks are being identified and managed effectively.  Revised policy engages all agency managers, beyond the CFO community, and "encourages open and candid conversations about risks facing an organization at all levels.“  Envisions significantly more interaction among each agency’s CFO, chief risk officer, risk management council, and performance improvement officer, and advocates the use of professional-society approaches such as "maturity models.“  The OMB guidelines for ERM implementation embrace a modern risk assessment framework, the "risk maturity model.“

  19. OMB’s REVISED CIRCULAR A-123 Advice for implementation to employ ERM concepts to improve organizations:  Identify the most significant risks that could prevent your agency from achieving its mission, objectives and goals. Consider risks to strategic, operational, reporting and compliance objectives.  Consider remote or improbable events that could be significant and impactful. Black swan events can occur – it we’ve failed to consider the risks, results can be catastrophic.  Consider fraud risks - financial and nonfinancial aspects, i.e. loss of public’s trust and confidence.

  20. COSO INTERNAL CONTROL FRAMEWORK RISK ASSESSMENT COMPONENT Principle 7 – “Identifies and Analyzes Risk” – Points of Focus:  Includes Entity, Subsidiary, Division, Operating Unit, and Functional Levels  Analyzes Internal and External Factors  Involves Appropriate Levels of Management  Estimates Significance of Risks Identified  Determines How to Respond to Risks

  21. RISK ASSESSMENT - SAMPLE QUESTIONS  Is there a systematic risk assessment process?  Are there appropriate personnel involved to adequately identify risks?  Are risks identified by level of significance, likelihood of occurrence, velocity and persistence?  Is the risk assessment sufficiently comprehensive?  Is there a plan to respond to risks identified?  Avoid, Share, Accept, Reduce, Transfer

  22. OTHER RISK ASSESSMENT CONSIDERATIONS Identification and analysis of risk, including risks due to change, fraud risk, legal and regulatory risks, social, technological, natural disasters, etc.  Risks due to regulatory changes (i.e. SLAA requirements, accounting requirements and statutory changes)  Risks related to contract compliance (i.e. grants and debt covenants)  Risks related to personnel changes, off-site communications or structural changes  Risks related to recording of routine transactions (i.e. receipts & disbursements) and non-routine transactions (i.e. journal entries)  Changing risks associated with IT and cybersecurity  Changing taxpayer needs or expectations

  23. OTHER RISK ASSESSMENT CONSIDERATIONS Other common areas of identified risks  Basic controls over information technology  Bonded debt covenant compliance  Accounting and compliance considerations for new regulatory requirements  Unusual estimates  Related party transactions, conflicts of interest  Inadequate segregation of duties  Areas particularly prone to public scrutiny

  24. BIBLIOGRAPHY Sawyer's Internal Auditing: The Practice of Modern Internal Auditing, 5 th Edition, Lawrence B. Sawyer COSO 2013 Internal Control - Integrated Framework, The Committee of Sponsoring Organizations of the Treadway Commission Journal of Accountancy, June, 2018, “How formal ERM implementation can help federal agencies,” Donald Holzinger, CPA, and Christopher Parker, CPA Internal Auditor, October, 2017, “COSO ERM – “Getting risk management right,” Doug Anderson

Recommend

AASHTO Subcommittee on Maintenance 2017 ANNUAL MEETING PROVIDENCE, RI Introductions

AASHTO Subcommittee on Maintenance 2017 ANNUAL MEETING PROVIDENCE, RI Introductions

AASHTO Subcommittee on Maintenance 2017 ANNUAL MEETING PROVIDENCE, RI Introductions Acknowledgements New AASHTO Committee Structure Strategic Objectives/Outcomes Organizational Structure Provide an organizational structure that

742 views • 47 slides
Internal Audit Professionals & Internal Audit Students Pizza Mingle! Managing the Internal

Internal Audit Professionals & Internal Audit Students Pizza Mingle! Managing the Internal

Internal Audit Professionals & Internal Audit Students Pizza Mingle! Managing the Internal Audit Function Sponsored by: The Austin Chapter of the Institute of Internal Auditors, Academic Relations Committee Slide 1 Managing The Internal

722 views • 12 slides
Internal Audit Annual Board Update Audit Advisory Committee January 28, 2020 Debi Roth, Chair

Internal Audit Annual Board Update Audit Advisory Committee January 28, 2020 Debi Roth, Chair

Internal Audit Annual Board Update Audit Advisory Committee January 28, 2020 Debi Roth, Chair Mission of Internal Audit To enhance and protect organizational value by providing risk-based and objective assurance, advice, and insight.

410 views • 17 slides
Audit and Compliance Committee Internal Audit Proposed Internal Audit Charter March 15, 2019

Audit and Compliance Committee Internal Audit Proposed Internal Audit Charter March 15, 2019

Audit and Compliance Committee Internal Audit Proposed Internal Audit Charter March 15, 2019 Internal Audit Open Meeting Internal Audit Charter Internal Audit Charter (The following 3 slides are excerpts from the Institute of Internal

205 views • 6 slides
Internal Audit Division Update & Review of Internal Audit Plan Finance and Audit Committee

Internal Audit Division Update & Review of Internal Audit Plan Finance and Audit Committee

Internal Audit Division Update & Review of Internal Audit Plan Finance and Audit Committee 12/19/19 Why we are here Today we are here to Provide information on 2019 Internal Audit activities Request a review of 2020 Internal

391 views • 16 slides
Internal versus External Borrowing in Jordan (2007-2018) (Analytical Approach) Dr. Bilal J.

Internal versus External Borrowing in Jordan (2007-2018) (Analytical Approach) Dr. Bilal J.

Internal versus External Borrowing in Jordan (2007-2018) (Analytical Approach) Dr. Bilal J. Okasheh Director of Companies-Audit and Financial Analysis Directorate Audit Bureau - Jordan Internal versus External Borrowing in Jordan 2007-2018

1k views • 20 slides
Internal Audit Division Update Finance and Audit Committee | 10/24/19 Why we are here Today

Internal Audit Division Update Finance and Audit Committee | 10/24/19 Why we are here Today

Internal Audit Division Update Finance and Audit Committee | 10/24/19 Why we are here Today we are here to provide information on Internal Audit activities. Internal Audit Activity Update Internal Audits Completed Internal

257 views • 12 slides
Counter Fraud Plan 2018/19 The Internal Audit Strategy Key governance document Produced

Counter Fraud Plan 2018/19 The Internal Audit Strategy Key governance document Produced

Annual Audit Planning Process Proposed Internal Audit Plan & Counter Fraud Plan 2018/19 The Internal Audit Strategy Key governance document Produced annually and approved by the Audit & Standards Committee Sets out:- The

367 views • 23 slides
Internal Audit Division Update Finance and Audit Committee 6/20/19 Why we are here Internal

Internal Audit Division Update Finance and Audit Committee 6/20/19 Why we are here Internal

Internal Audit Division Update Finance and Audit Committee 6/20/19 Why we are here Internal Audit Activity Update Internal Audits Completed Internal Audits In Progress 2019 Performance Audit Update Today we are here to

388 views • 12 slides
Internal Controls A short presentation from Your Internal Audit Department The Old Internal

Internal Controls A short presentation from Your Internal Audit Department The Old Internal

Internal Controls A short presentation from Your Internal Audit Department The Old Internal Audit Department The New Internal Audit Department Were here to help! Teach + Train = Change Our goal: Promote effective, efficient and

205 views • 19 slides
Internal Audit and Compliance Reporting Summary November 13, 2019 1 Annual Audit Services

Internal Audit and Compliance Reporting Summary November 13, 2019 1 Annual Audit Services

Internal Audit and Compliance Reporting Summary November 13, 2019 1 Annual Audit Services Soliciting Bids For 3 Year Contract to Cover: AHS Financial Statements AHS Single Audit AHP Financial Statements AHSF Financial

364 views • 9 slides
LIFE INSURANCE COMPANIES - INTERNAL AUDIT Prepared by: Muhammad Abbas INTERNAL AUDIT

LIFE INSURANCE COMPANIES - INTERNAL AUDIT Prepared by: Muhammad Abbas INTERNAL AUDIT

LIFE INSURANCE COMPANIES - INTERNAL AUDIT Prepared by: Muhammad Abbas INTERNAL AUDIT Definition: Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It

1.69k views • 134 slides
December 21, 2013 Agenda Internal Audit - Definition Role of Internal Audit as a function

December 21, 2013 Agenda Internal Audit - Definition Role of Internal Audit as a function

December 21, 2013 Agenda Internal Audit - Definition Role of Internal Audit as a function Reporting lines of Internal audit Internal audit processes SOX Collaboration Agenda Internal Audit - Definition Role of

658 views • 41 slides
Exposure Routes Internal and External Exposure External exposure Internal exposure Body surface

Exposure Routes Internal and External Exposure External exposure Internal exposure Body surface

Exposure Routes Internal and External Exposure External exposure Internal exposure Body surface From outer space contamination and the sun Inhalation Suspended Food and drink matters consumption Lungs From a radiation generator

180 views • 5 slides
Internal Audit Supermarket Chain Internal Audit Supermarket Chain Objective: To conduct

Internal Audit Supermarket Chain Internal Audit Supermarket Chain Objective: To conduct

Case Study Internal Audit Supermarket Chain Internal Audit Supermarket Chain Objective: To conduct internal audit to assess the effectiveness of the processes laid down and to establish controls. The supermarket chain is one of the

483 views • 4 slides
Audit Committee Internal Audit Work Plan Recommendation October 6, 2016 John Mickevice

Audit Committee Internal Audit Work Plan Recommendation October 6, 2016 John Mickevice

APS Internal Audit Department Audit Committee Internal Audit Work Plan Recommendation October 6, 2016 John Mickevice Presentation Overview Overview of Internal Audit at APS Risk Assessment Analysis Factors for APS Projects

334 views • 17 slides
2015 AASHTO Right-of-Way and Utilities Subcommittee Utility Project Scoping and Coordination

2015 AASHTO Right-of-Way and Utilities Subcommittee Utility Project Scoping and Coordination

4/29/2015 2015 AASHTO Right-of-Way and Utilities Subcommittee Utility Project Scoping and Coordination Presentation - Notes Slide 1 (2015 AASHTO Right-of-Way and Utilities Subcommittee) Utility Project Scoping and Coordination o Jennifer

160 views • 5 slides
Internal Audit Performance Tabled 9 August 2017 This presentation provides an overview of the

Internal Audit Performance Tabled 9 August 2017 This presentation provides an overview of the

Internal Audit Performance Tabled 9 August 2017 This presentation provides an overview of the Victorian Auditor-Generals report Internal Audit Performance . What is internal audit? An independent, An important part of the A systematic,

409 views • 11 slides
Agenda Internal Controls Audits and Auditors Audit Process Overview How to Prepare

Agenda Internal Controls Audits and Auditors Audit Process Overview How to Prepare

12/11/2017 WA S H I N G T O N S T AT E U N I V E R S I T Y Award Administration ard Administration Part Three: Part Three: Audits and Audits and Audit Issues Audit Issues Presented by: Heather Lopez Chief Audit Executive, Internal Audit

461 views • 25 slides
CFRP Applications in Michigan & AASHTO Innovations Initiative Program 2015 AASHTO

CFRP Applications in Michigan & AASHTO Innovations Initiative Program 2015 AASHTO

CFRP Applications in Michigan & AASHTO Innovations Initiative Program 2015 AASHTO Subcommittee on Construction Mark Chaput - Bureau of Field Services August 11, 2015 CFRP Applications in Michigan In ternal Reinforcement and

394 views • 37 slides
The F word: FRAUD Agenda About Internal Audit Audit team Internal Audit office overview

The F word: FRAUD Agenda About Internal Audit Audit team Internal Audit office overview

The F word: FRAUD Agenda About Internal Audit Audit team Internal Audit office overview Fraud and Fraud Schemes Define fraud Learn about different types of fraud and fraud schemes Fraud reporting methods Audit Team Corby

509 views • 32 slides
Orange County Public Schools Internal Audit Annual Update December 13, 2016 Orange County Public

Orange County Public Schools Internal Audit Annual Update December 13, 2016 Orange County Public

Orange County Public Schools Internal Audit Annual Update December 13, 2016 Orange County Public Schools Internal Auditing Definition Internal auditing is an independent, objective assurance and consulting activity designed to add

269 views • 16 slides
Audit Committee Internal Audit Work Plan Recommendation October 4, 2018 John Mickevice

Audit Committee Internal Audit Work Plan Recommendation October 4, 2018 John Mickevice

APS Internal Audit Department Audit Committee Internal Audit Work Plan Recommendation October 4, 2018 John Mickevice Presentation Overview Overview of Internal Audit at APS Criteria Used to Select Possible Projects Projects

525 views • 21 slides
FROM HINDSIGHT TO FORESIGHT REPOSITIONING INTERNAL AUDIT TO DELIVER HIGHER VALUE

FROM HINDSIGHT TO FORESIGHT REPOSITIONING INTERNAL AUDIT TO DELIVER HIGHER VALUE

FROM HINDSIGHT TO FORESIGHT REPOSITIONING INTERNAL AUDIT TO DELIVER HIGHER VALUE Repositioning Internal Audit FY 2016-FY2017 Audit Resource Deployment Plan Resources and Staffing Supplemental Materials Repositioning

442 views • 12 slides

More recommend