Balancing SOX with Risk Based Audit Planning - PowerPoint PPT Presentation

About This Presentation
Title:

Balancing SOX with Risk Based Audit Planning

Description:

Peg Weir, United States Postal Service. Break. Q & A. Balancing. SOX with ... United States Postal Service. 21. Independent government entity. Self-sustaining ... – PowerPoint PPT presentation

Number of Views:201
Avg rating:3.0/5.0
Slides: 32
Provided by: lorion
Category:

less

Transcript and Presenter's Notes

Title: Balancing SOX with Risk Based Audit Planning


1
Balancing SOX with Risk Based Audit Planning
  • The Institute of Internal AuditorsMarch 9, 2004

Dave Richards, CIA, CPADirector, Internal
AuditingFirstEnergy Corporation
2
Balancing SOX with Risk Based Audit Planning
  • Introduction Overview
  • Dave Richards, FirstEnergy
  • Finding the Balance
  • Brian Appleton, National Penn Bancshares
  • Year 2 Audit Planning
  • Carl Balderson, Pinnacle West Capital
  • Balancing Issues for Large Shops
  • Peg Weir, United States Postal Service
  • Break
  • Q A

3
Key Balancing Issues
  • 1. Involvement in SOX 404 Work
  • 2. Expectations of AC Sr. Mgt
  • 3. Risk Model Impacts
  • 4. Emphasis on Financial Audits
  • 5. Increased IT General Controls Topics
  • 6. Using 404 Results to Drive Audits
  • 7. Dealing with SOX Issues
  • 8. Impact on External Auditor Relationship
    Work Support

4
Key Balancing Issues
  • 9. Using 404 Model for Operational
    Compliance Topics
  • 10. Staff Productivity Enhancements
  • 11. IAD Tools for Control Assessments
  • 12. Rotation of Audit Topics???
  • 13. Building on SOX 404 Work
  • 14. IAD Customer Relationships
  • 15. Impact on Audit Contingency
  • 16. Internal Control Opinions in Audits

5
Finding the Balance
  • Brian T. Appleton, CIA, MBA,CDP
  • Executive Vice President
  • Director of Internal Audit
  • National Penn Bancshares

6
Overview of Company
  • Company Size
  • Audit Division
  • Client Focused Philosophy
  • Process Owner Class

7
Status of 404
  • Tone at the top
  • How 404 is implemented makes a difference
  • High level risk-assessment completed
  • Documentation phase in progress

8
Balance
  • Identify the coordinating scheme
  • Complement, not supplement
  • Be flexible and creative
  • Focus your scope
  • Standardize the documentation
  • Take a closer look at opportunities
  • Management
  • Audit

9
Impact on Internal Clients
  • Creates a more sophisticated clientele
  • Fosters uniformity in structure
  • Increases accountability for results
  • Promotes process ownership by management

10
Impact on Audit Approach
  • Enhance auditor knowledge
  • Career growth opportunity
  • Role of auditors as facilitators
  • Expansion of skill set to educator
  • Springboard effect
  • Operational and compliance audits
  • Control Self Assessment
  • Enterprise Risk Management

11
Benefit to Audit Committee
  • Stronger assurance of controls
  • Create new metrics
  • Published accountability through sign-offs

12
Summary
  • Identify the changes, find a balance
  • Allocate resources early
  • Sell the benefit to the company
  • Find and publish the positives
  • Think of SOX 404 as complementing audit coverage

13
Year 2 Audit Planning
  • Carl Balderson, CIA, CPA, CFEDirector of Audit
    Services
  • Pinnacle West Capital Corporation

14
Driving Change
  • Re-balancing is continued evolution
  • Changed audit committee expectations
  • Changed management expectations

15
Impacts of SOX
  • Increase management awareness of internal
    controls
  • Audit customer responsiveness
  • Greater emphasis on IT auditing
  • Verify quarterly review for IC changes

16
Planning Steps
  • Risk based planning with pre-SOX methodology
  • What we Think is needed for SOX
  • Follow-up open issues
  • Test changed process documentation
  • Test Key controls
  • Integrate to avoid duplication
  • Alternate depth of efforts with future years
  • Allocate available resources

17
Productivity Initiatives
  • Automated Work Papers
  • Productive Time Targets
  • Emphasize Project Budgets
  • In-house and Local Training

18
Contingency Planning
  • Small number of hours unallocated
  • Renewed emphasis on Stop Go auditing
  • Administrative assistant/secretary vs.
    para-professional auditor
  • Be more selective in what we address

19
Driving Long-Term Value
  • Integrate SOX compliance and risk management
    processes
  • Examine risk management processes for efficiency
  • Documentation of new systems
  • Integrate SOX documentation with business
    resumption plans
  • Utilize documentation for training

20
Balancing Issues for Large Shops
  • Margaret (Peg) Weir
  • Manager, Internal Control Group
  • United States Postal Service

21

United States Postal Service
  • Independent government entity
  • Self-sustaining
  • Annual operating revenue /- 70B
  • Second largest civilian employer
  • 38,000 Post Offices
  • Office of Inspector General

22
Internal Control Group
  • CFO vision
  • Established ICG organization
  • Complements OIG function
  • End-to-end process
  • Looks for efficiencies and risks of inefficiencies

23
Internal Audit-Internal ControlPolicy vs.
Process
  • Internal Audit - Financial Statements fairly
    represent operations
  • Monies
  • Expenses
  • Work hours
  • Assets
  • Internal Control - Reasonable Assurance
    achievement of fundamental business goals
  • Reliability
  • Exist, effective, efficient
  • Compliance with laws/regulations

24
Internal Control Group
  • Identify risk through data and process analysis
  • Partner with process owner to mitigate
    prioritized risk
  • Analyze trends and indicators
  • Conduct internal control reviews
  • Develop improved controls to meet goals and
    objectives

25
Sarbanes-Oxley Act
  • Voluntarily adopting parts of Section 404
  • Makes good business sense

26
Internal Control Group
  • Senior management provides direction and
    oversight
  • Focus based on
  • Guidance
  • Risk analysis
  • Risk prioritization
  • Resources support mandate

27
Internal Control Group
  • Enterprise-wide from corporate to local
  • Interdependencies vs. stovepipes
  • Partnership with process owners
  • Data driven
  • Targeted reviews
  • Standardized approach using COSO framework
  • Root causes
  • Meaningful recommendations to improve controls
  • Reasonable assurance goals objectives will be
    met

28
Internal Control Group Status
  • Implemented preliminary activities of COSO
    framework
  • Adjusted as lessons learned
  • Developing additional training
  • Enhancing the analytical reporting tool

29
Internal Control Group
  • Internal Control Group complements internal audit
    process
  • Internal Control Group supports performance-based
    culture
  • Internal Control Group establishes foundation for
    long-term enterprise-wide improvements and
    efficiencies
  • Internal Control Group is dynamic evolving

30
Conclusions
  • SOX 404 WILL IMPACT what we do
  • What impact it has must be managed
  • Upfront drivers for impact must be understood
  • Changes in approach, scope, results
    expectations must be communicated
  • AC, Sr. Mgt. IAD Customers must recognize the
    impact on identifying performing work
  • IAD must be more productive to meet this
    challenge
  • External Auditor relationship must be managed

31
Next Webcast
  • April 13, 2004
  • Strategies for Internal External
    Relationships
  • See you at our next webcast!
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Balancing SOX with Risk Based Audit Planning" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!