Audit

1
Audit Compliance orAudit vs. Compliance
2

• Debbie Austin CTCP, CFSA,
• VP Fiduciary Compliance Manager
• PNC Bank, Philadelphia, PA
• Gary Pelcak CTA, CFSA, CFE
• Chief Audit Executive
• Central National Bank, Junction City, Ks

3

• AGENDA
• Introduction
• Rules of Engagement
• Differences and Similarities
• Role of Audit and Compliance in todays
  Environment
• The relationship of continuous Auditing,
  Monitoring, and Assurance

4

• AGENDA (cont)
• Key Steps to Implementation
• Benefits of an Audit / Compliance Partnership
• Summary
• Questions
• Closing

5

• Differences and Similarities
• Both considered part of the Risk Management
  Process
• Audit Reports ultimately to the Board
• Compliance reports to a joint risk committee
• Compliance testing moved to IA

6

• Some Definitions To Help Us
• Internal auditing is an independent, objective,
  assurance and consulting activity designed to add
  value and improve an organizations operations.
  It helps an organization accomplish its
  objectives by bringing a systematic disciplined
  approach to evaluate and improve the
  effectiveness of risk management, control, and
  governance processes.

7

• Some Definitions to Help Us
• Compliance is a broad term routinely applied to a
  financial institutions responsibility to adhere
  to state and federal laws and regulations, many
  of which are intended to protect consumers.

8

• Audit and compliance together should
• Add Value Value is provided by improving
  opportunities to achieve organizational
  objectives, identifying operational improvement,
  and/or reducing risk exposure through both
  assurance and consulting services.

9

• The audit function should provide
• Assurance Services An objective examination of
  evidence for the purpose of providing an
  independent assessment on risk management,
  control, or governance processes for the
  organization. Examples include financial,
  performance, compliance, system security, and due
  diligence engagements.

10

• and should work with compliance on
• Consulting Services Advisory and related client
  service activities, the nature and scope of which
  are agreed with the client and are intended to
  add value improve an organizations governance,
  risk management, and control processes without
  the internal auditor assuming management
  responsibility. Examples counsel, advice,
  facilitation, training.

11

• Role of Audit and Compliance in todays
  Environment
• Todays audit and compliance challenges
• Regulatory compliance controls
• 12CFR 9.9(b) Continuous Audit - Audit of
  Fiduciary Activities
• Internal audit value and independence
• Availability of skilled resources
• Determining appropriate technology solutions
• Need for timely, on-going assurance over risk
  management and control systems

12

• Role of Audit and Compliance in todays
  environment (cont)
• Provide more frequent, more timely, analyses to
  better manage control deficiencies and risk.

13

• The relationship of continuous Auditing,
  Monitoring, and Assessment
• Continuous Auditing
• Method used to perform audit related activities
  on a continuous basis.
• Includes control and risk assessment
• Performed by internal audit

14

• Compliance Monitoring
• IA Schedule and Compliance Schedule
• Specific Requests to IA
• Dashboard
• conduct monthly Where are we at? and What are
  you seeing? meetings
• On the same committees
• Invited to all Entrance Exit Meetings
• Copied on all reports memos

15

• Continuous Monitoring
• Processes to ensure policies / processes are
  operating effectively and to assess adequacy /
  effectiveness of controls
• Performed by operational / financial management
  audit independently evaluates adequacy of
  management activities

16

• Continuous Assurance
• Combination of continuous auditing and audit
  oversight of continuous monitoring

17
Relationship of Continuous Auditing/Monitoring/Ass
urance

• Role of continuous auditing dependent on
  managements role in continuous monitoring of
  controls
• Inverse relationship the greater the role of
  management, the less of a direct role of
  internal audit

• True continuous assurance
• Depends on effective monitoring by management of
  internal controls and Audits independent
  assessment of that function

18

• Application Areas
• Continuous control assessment
• Identification of control deficiencies
• Identification of fraud, waste, abuse
• Continuous risk assessment
• Examination of consistency of processes
• Development of enterprise audit / compliance plan
• Support to individual audits and compliance
  requests
• Support / Follow-up on compliance recommendations

19

• Key Steps to Implementation
• Establish the requirements for audit and
  compliance objectives
• Gain executive level support
• Ascertain degree to which management is
  performing monitoring role
• Select appropriate technology solutions
• Identify information sources and gain access

20

• Key Steps to Implementation (cont)
• Understand business processes and identify key
  controls and risks
• Build audit and compliance skill set
• Manage and report results

21

• Benefits of an Audit /Compliance Partnership
• Increased scope of audit activities
• Increased ability to mitigate risk
• Reduced cost of internal control assessment
• Increased confidence in financial results
• Improvements to financial operations

22

• Benefits (cont)
• Reduced financial errors and potential for fraud
• Reduced revenue leakage for improved bottom
  line results
• Sustainable and cost effective means to support
  compliance

23

• Summary
• Differences and Similarities
• Role of Audit and Compliance in todays
  Environment
• The relationship of continuous Auditing,
  Monitoring, and Assurance
• Key Steps to Implementation
• Benefits of an Audit / Compliance Partnership