Audit Compliance or Audit vs Compliance DAA and

  • Slides: 23
Download presentation
Audit & Compliance or Audit vs. Compliance DAA and GEP Orlando 2008 1

Audit & Compliance or Audit vs. Compliance DAA and GEP Orlando 2008 1

Debbie Austin – CTCP, CFSA, VP Fiduciary Compliance Manager PNC Bank, Philadelphia, PA Gary

Debbie Austin – CTCP, CFSA, VP Fiduciary Compliance Manager PNC Bank, Philadelphia, PA Gary Pelcak – CTA, CFSA, CFE Chief Audit Executive Central National Bank, Junction City, Ks DAA and GEP Orlando 2008 2

AGENDA • • Introduction Rules of Engagement Differences and Similarities Role of Audit and

AGENDA • • Introduction Rules of Engagement Differences and Similarities Role of Audit and Compliance in today’s Environment • The relationship of continuous Auditing, Monitoring, and Assurance DAA and GEP Orlando 2008 3

• • • AGENDA (cont) Key Steps to Implementation Benefits of an Audit

• • • AGENDA (cont) Key Steps to Implementation Benefits of an Audit / Compliance Partnership Summary Questions Closing DAA and GEP Orlando 2008 4

• Differences and Similarities – Both considered part of the Risk Management Process

• Differences and Similarities – Both considered part of the Risk Management Process – Audit Reports ultimately to the Board – Compliance reports to a joint risk committee – Compliance testing moved to IA DAA and GEP Orlando 2008 5

Some Definitions To Help Us Internal auditing is an independent, objective, assurance and consulting

Some Definitions To Help Us Internal auditing is an independent, objective, assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes. DAA and GEP Orlando 2008 6

Some Definitions to Help Us Compliance is a broad term routinely applied to a

Some Definitions to Help Us Compliance is a broad term routinely applied to a financial institution’s responsibility to adhere to state and federal laws and regulations, many of which are intended to protect consumers. DAA and GEP Orlando 2008 7

Audit and compliance together should: Add Value = Value is provided by improving opportunities

Audit and compliance together should: Add Value = Value is provided by improving opportunities to achieve organizational objectives, identifying operational improvement, and/or reducing risk exposure through both assurance and consulting services. DAA and GEP Orlando 2008 8

The audit function should provide Assurance Services = An objective examination of evidence for

The audit function should provide Assurance Services = An objective examination of evidence for the purpose of providing an independent assessment on risk management, control, or governance processes for the organization. Examples include financial, performance, compliance, system security, and due diligence engagements. DAA and GEP Orlando 2008 9

and should work with compliance on Consulting Services = Advisory and related client service

and should work with compliance on Consulting Services = Advisory and related client service activities, the nature and scope of which are agreed with the client and are intended to add value improve an organization’s governance, risk management, and control processes without the internal auditor assuming management responsibility. Examples: counsel, advice, facilitation, training. DAA and GEP Orlando 2008 10

• Role of Audit and Compliance in today’s Environment – Today’s audit and

• Role of Audit and Compliance in today’s Environment – Today’s audit and compliance challenges • Regulatory compliance & controls • 12 CFR 9. 9(b) Continuous Audit - Audit of Fiduciary Activities • Internal audit value and independence • Availability of skilled resources • Determining appropriate technology solutions – Need for timely, on-going assurance over risk management and control systems DAA and GEP Orlando 2008 11

• Role of Audit and Compliance in today’s environment (cont) – Provide more

• Role of Audit and Compliance in today’s environment (cont) – Provide more frequent, more timely, analyses to better manage control deficiencies and risk. DAA and GEP Orlando 2008 12

• The relationship of continuous Auditing, Monitoring, and Assessment – Continuous Auditing •

• The relationship of continuous Auditing, Monitoring, and Assessment – Continuous Auditing • Method used to perform audit related activities on a continuous basis. • Includes control and risk assessment • Performed by internal audit DAA and GEP Orlando 2008 13

– Compliance Monitoring • IA Schedule and Compliance Schedule • Specific Requests to IA

– Compliance Monitoring • IA Schedule and Compliance Schedule • Specific Requests to IA • Dashboard – conduct monthly “Where are we at? ” and “What are you seeing? ” meetings • On the same committees • Invited to all Entrance & Exit Meetings • Copied on all reports & memos DAA and GEP Orlando 2008 14

– Continuous Monitoring • Processes to ensure policies / processes are operating effectively and

– Continuous Monitoring • Processes to ensure policies / processes are operating effectively and to assess adequacy / effectiveness of controls • Performed by operational / financial management; audit independently evaluates adequacy of management activities DAA and GEP Orlando 2008 15

– Continuous Assurance • Combination of continuous auditing and audit oversight of continuous monitoring

– Continuous Assurance • Combination of continuous auditing and audit oversight of continuous monitoring DAA and GEP Orlando 2008 16

Relationship of Continuous Auditing/Monitoring/Assurance • Role of continuous auditing dependent on management’s role in

Relationship of Continuous Auditing/Monitoring/Assurance • Role of continuous auditing dependent on management’s role in continuous monitoring of controls – Inverse relationship: the greater the role of management, the less of a direct role of internal audit • True continuous assurance – Depends on effective monitoring by management of internal controls and Audit’s independent assessment of that function DAA and GEP Orlando 2008 17

Application Areas • Continuous control assessment – Identification of control deficiencies – Identification of

Application Areas • Continuous control assessment – Identification of control deficiencies – Identification of fraud, waste, abuse • Continuous risk assessment – Examination of consistency of processes – Development of enterprise audit / compliance plan – Support to individual audits and compliance requests – Support / Follow-up on compliance recommendations DAA and GEP Orlando 2008 18

• Key Steps to Implementation – Establish the requirements for audit and compliance

• Key Steps to Implementation – Establish the requirements for audit and compliance objectives – Gain executive – level support – Ascertain degree to which management is performing monitoring role – Select appropriate technology solutions – Identify information sources and gain access DAA and GEP Orlando 2008 19

• Key Steps to Implementation (cont) – Understand business processes and identify key

• Key Steps to Implementation (cont) – Understand business processes and identify key controls and risks – Build audit and compliance skill set – Manage and report results DAA and GEP Orlando 2008 20

• Benefits of an Audit /Compliance Partnership – Increased scope of audit activities

• Benefits of an Audit /Compliance Partnership – Increased scope of audit activities – Increased ability to mitigate risk – Reduced cost of internal control assessment – Increased confidence in financial results – Improvements to financial operations DAA and GEP Orlando 2008 21

• Benefits (cont) – Reduced financial errors and potential for fraud – Reduced

• Benefits (cont) – Reduced financial errors and potential for fraud – Reduced revenue leakage for improved bottom – line results – Sustainable and cost effective means to support compliance DAA and GEP Orlando 2008 22

• Summary – Differences and Similarities – Role of Audit and Compliance in

• Summary – Differences and Similarities – Role of Audit and Compliance in today’s Environment – The relationship of continuous Auditing, Monitoring, and Assurance – Key Steps to Implementation – Benefits of an Audit / Compliance Partnership DAA and GEP Orlando 2008 23

Daa 3 k Results daa 3 k gncDaa 3 k Results daa 3 k gnc
Designated Approval Agency DAA Annual Meeting DAA AnnualDesignated Approval Agency DAA Annual Meeting DAA Annual
NANOTECHNOLGIA BARBORA BELASOV DAA FEKOV DAA KRAFKOV 1NANOTECHNOLGIA BARBORA BELASOV DAA FEKOV DAA KRAFKOV 1
NANOTECHNOLGIA BARBORA BELASOV DAA FEKOV DAA KRAFKOV 1NANOTECHNOLGIA BARBORA BELASOV DAA FEKOV DAA KRAFKOV 1
AUDIT PLAN AUDIT PROGRAM PROSEDUR AUDIT PERENCANAAN AUDITAUDIT PLAN AUDIT PROGRAM PROSEDUR AUDIT PERENCANAAN AUDIT
AUDIT PLAN AUDIT PROGRAM PROSEDUR AUDIT PERENCANAAN AUDITAUDIT PLAN AUDIT PROGRAM PROSEDUR AUDIT PERENCANAAN AUDIT
Compliance and Ethics Training Office of Audit ComplianceCompliance and Ethics Training Office of Audit Compliance
Overall Audit Plan and Audit Program Strategi AuditOverall Audit Plan and Audit Program Strategi Audit
Compliance Management Platform Compliance Management Platform Compliance isCompliance Management Platform Compliance Management Platform Compliance is
Customs Compliance Investigations OUTLINE Compliance Framework Principles ComplianceCustoms Compliance Investigations OUTLINE Compliance Framework Principles Compliance
Chapter 7 Compliance Testing Compliance Testing Compliance testingChapter 7 Compliance Testing Compliance Testing Compliance testing
Notice of Compliance Audit Phil ODonnell Manager ComplianceNotice of Compliance Audit Phil ODonnell Manager Compliance
Compliance Audit ISOIEC 27001 ISMS Precertification Audit PerformedCompliance Audit ISOIEC 27001 ISMS Precertification Audit Performed
Compliance Audit related to the Audit of FinancialCompliance Audit related to the Audit of Financial
Audit Core Team 20092010 CSP Contract Compliance AuditAudit Core Team 20092010 CSP Contract Compliance Audit
RESEARCH COMPLIANCE AUDIT REQUIREMENTS FINDINGS BASICS AUDIT REQUIREMENTSRESEARCH COMPLIANCE AUDIT REQUIREMENTS FINDINGS BASICS AUDIT REQUIREMENTS
Compliance Audit Working Group Audit Workshop February 2Compliance Audit Working Group Audit Workshop February 2
Audit Planning Memorandum Audit Planning Memorandum n AuditAudit Planning Memorandum Audit Planning Memorandum n Audit
AUDIT TESTS Audit evidence through Audit Procedures AuditorAUDIT TESTS Audit evidence through Audit Procedures Auditor
Topik 7 Audit Plan Audit Program Audit ProceduresTopik 7 Audit Plan Audit Program Audit Procedures
AUDIT LINGKUNGAN Ardaniah Abbas DEFINISI AUDIT LINGKUNGAN AuditAUDIT LINGKUNGAN Ardaniah Abbas DEFINISI AUDIT LINGKUNGAN Audit
Audit Operasional Pengertian Audit Operasional Audit Operasional adalahAudit Operasional Pengertian Audit Operasional Audit Operasional adalah