Internal Auditing - Governance

Card Set Information

Internal Auditing - Governance
2014-09-24 01:30:26
Internal Auditing Governance

Internal Auditing - Governance
Show Answers:

  1. Flow of information
    • Governance (outer layer)
    • Risk Management (next layer)
    • Internal Control (inner layer)

    info can flow both ways
  2. Definition of Governance
    nInvolves a set of relationships between company’s management, its board, its shareholders and other stakeholders

    nGovernance begins with the board of directors and its committees (the umbrella of governance oversight)

    nProvides direction to management

    nEmpowers management with authority to take necessary action

    nBoard must understand and focus on needs of key stakeholders (fiduciary duty)

    nDay-to-day, governance is executed by management

    • nInternal and external activities provide management and the board assurance regarding the effectiveness of governance activities (including internal and independent
    • auditors)
  3. Key Components of Governance Oversight

    Goverance "Umbrealla"

    Risk Mgmt (Senior/Risk Owner) and Assurance (Internal/External Activities)
  4. Board of Directors
    • nStrategic direction –
    • board is responsible for strategic direction and guidelines relative to the establishment of key business objectives, consistent with the organization’s business model and aligned with stakeholder priorities

    • Governance oversight
    • – board’s role in managing and monitoring the organization’s operations
  5. Key Stakeholders
    • nSome stakeholders are directly involved in operations
    • nEmployees, customers, vendors

    • nOther stakeholders are not directly involved, but are interested in the business (affected by the success) 
    • nShareholders/investors, regulatory agencies (SEC, DOL, etc.), financial institutions

    • nSome stakeholders are neither directly involved or interested, but they may influence aspects of the business
    • nRegulatory agencies, financial institutions
  6. Senior Management
    nManagement executes day-to-day activities

    nBoard delegates authority to management to perform activities

    nManagement has responsibility to execute the board’s direction in a manner that achieves corporate objectives, but within the tolerance limits outlined by the board
  7. Senior management can best execute its governance responsibilities by
    • nEstablishing a risk committee
    • nTypically led by CRO

    • nResponsible for determining that all key risks are identified, linked to risk management
    • activities and assigned to risk owners

    nEvaluates the organization’s ongoing risk appetite

    nArticulating reporting requirements

    nRisk owners must understand nature, format and timing of communications regarding effectiveness of risk management activities

    nReevaluating governance expectations periodically (typically annually)
  8. Risk Owners
    nIndividuals who have day-to-day responsibility to ensure risk management activities effectively manage risks with the organization’s tolerance levels

    nResponsible for identifying, measuring, monitoring, and reporting on risks to members of senior management
  9. Risk owners can best execute by:
    nPresenting governance recommendations to the risk committee

    nReevaluate risk management activities periodically (at least annually)
  10. Assurance Activities
    nProvide the board and senior management with an objective assessment regarding the effectiveness of the governance and risk management activities
  11. 3 Line of Defense Model
    • 1st Line: (Senior Mgmt)
    • Mgmt Control
    • Internal Control Measures

    • 2nd Line: (Senior Mgmt)
    • Financial Controller
    • Risk Mgmt
    • Compliance
    • Health and Safety
    • Environmental
    • Quality Assurance

    • 3rd Line (Senior Mgmt/Gov Body/Audit Com)
    • Internal Audit