Southern Illinois University

1
Southern Illinois University Carbondale September
15, 2004
2
Agenda

• Introduction to Deloitte
• Overview of AERS
• Service Lines
• Training, Mentoring and Career
• Candidate profile and next steps

3
Global Firm

• One of the Big 4 professional service firms
• Over 100,000 people
• Over 700 offices in 140 countries
• FY03 Revenues of 15.0 billion
• 22 Fortune 100 Global Market Share

4
Firm Overview

• Our Mission
• To help our clients and our people excel
• Our Vision
• To be recognized as the best professional
  services firm in the world

5
Our Shared Values

• Dedication to Client Service
• Recognition of the Importance of People
• Commitment to Quality
• Sense of Partnership and Teamwork
• Financial Success

6
Functions

• AERS Audit Enterprise Risk Services
• Consulting
• FAS Financial Advisory Services
• Tax

7
Audit and Enterprise Risk Services

• Internal Audit Services
• Business Process IT Risk and Control
• External Audit Services
• Corporate Governance Services
• Mergers Acquisition Services
• Regulatory Consulting
• Capital Markets Services
• Global Offerings Services
• Venture Capital Services

8
Internal Audit Services

• Internal auditing is an independent, objective
  assurance and consulting activity that adds value
  to and improves an organizations operations. It
  helps an organization accomplish its objectives
  by bringing a systematic, disciplined approach to
  evaluate and improve the effectiveness of risk
  management, control, and governance processes.

9
The Role of Internal Audit

• Risk management, control, governance processes
• Financial analysis
• Risk evaluation
• Operational improvement
• Internal consulting

10
Risk Management

• Internal auditors identify auditable activities
  and relevant risk factors, and assess their
  significance.
• Investigating
• Evaluating
• Identifying potential trouble spots
• Communicating
• Anticipating emerging issues
• Identifying opportunities

11
Internal Controls

• Evaluate efficiency effectiveness of controls
• Recommend new controls where needed or
  discontinuing unnecessary controls
• Use of control frameworks (COSO, CoCo, Cadbury)
• Control self-assessment
• Provide education on risks and controls

12
Governance

• Internal auditing provides assurance to
  management and the audit committee that risks are
  understood and managed properly.

13
Communications

• Keeping senior management aware of critical
  issues
• Ensuring factual communications of financial and
  other data
• Suggestions based on knowledge of operations
  throughout the organization

14
Analyzing Operations

• Internal auditors
• Review operations, policies, and procedures
• Help ensure goals and objectives are met
• Understanding of big picture and diverse
  operations
• Make recommendations to improve economy and
  efficiency

15
Reviewing Compliance

• Ensure managements policies and procedures are
  followed
• Analyze impact of changes in procedures
• Assure compliance with laws regulations
• Review objectives for adherence to organizations
  mission, culture, climate
• Provide insight to the impact of noncompliance

16
Assuring Safeguards

• Evaluate procedures to safeguard assets
• Technological safeguards
• Emerging issues

17
A Broad Perspective

• Examining global issues
• Assessing quality, economy, efficiency
• Providing accurate and timely communication
• Evaluating emerging technologies
• Analyzing opportunities

18
Essential Services

• Internal auditing reviews the reliability and
  integrity of information, compliance with
  policies and regulations, the safeguarding of
  assets, the economical and efficient use of
  resources, and established operational goals and
  objectives.
• Internal audits encompass financial activities
  and operations including systems, production,
  engineering, marketing, and human resources. 

19
Internal Audit Services Protecting and Enhancing
Value
Using a risk-based approach, Deloitte helps
clients manage risk and improve performance and
operating efficiency. We provide a full range of
services including helping to develop internal
audit strategic plans, re-engineering existing
internal audit operations, providing specialized
resources or completely outsourcing the internal
audit function.Our highly skilled and
professional Internal Auditors have deep
technical knowledge of both the risks and control
requirements. Internal Audit Services 
Outsourcing Co-sourcing, including IT
Assessment Reviews Loaned Staff Royalty
Inspections Data Quality and Analysis
20
Business Process IT Risk and Control

• Business process IT risk and control is an
  independent, objective assurance and consulting
  activity that serves to help an organization in
  assessing and mitigating its technology-related
  risks. This assurance function is playing an
  increasingly critical role in the external audit
  function.

21
Systems, Business Processes, and Risk

• Business Information Systems
• Automate routine transaction processing
• Automate key controls including general computer
  controls, functional access, and enforcement of
  duty segregation of duties
• Introduce complexity, especially in integrated
  (ERP) environments
• IT system risk is business risk

22
Sarbanes-Oxley

• SOX describes an integrated audit of the
  financial statements and internal control over
  financial reporting (ICFR)
• Requires the external auditor to express three
  opinions
• SOX - Whether managements assessment of internal
  control over financial reporting is fairly stated
• SOX - Whether ICFR are operating effectively
• Financial Statement Audit - Whether the account
  balances on a Companys financial statements are
  free of material misstatements

23
The Linkage between Systems and Controls

• Consider
• Accountants do not develop accounting systems,
  and they often are not the administrators of
  those systems.
• If a system is not properly designed and
  configured to record transactions in a controlled
  manner, significant financial reporting errors
  could occur.
• Control deficiencies do occur and have
  significant implications

24
SoD Client Example Expenditures
FRAUD
25
Reflecting on the Examples

• The examples clearly indicate that systems risk
  IS business risk.
• We cannot audit account balances and attest to
  their accuracy without considering the systems
  environment.
• To be successful as an accountant or as an
  auditor, you must have at least a moderate
  understanding of systems.
• We incorporate a review of business / system risk
  and controls into our financial statement audits.

26
Business Process and IT Risk and Control
We assist clients in assuring controls and
assessing risk management systems by
incorporating control assurance into the audit
process. We offer a broad continuum of services
that identify, develop and test internal controls
and policies. We help ensure reliable, verifiable
and consistently retrievable data across the
organization. Our control reviews are created and
implemented to address management objectives
ranging from business process to application and
technology infrastructure controls.  Business
Process and IT Risk and Control  Content/Data
Quality Management Identity Management
Security Infrastructure Security Security
Management Application Security and Controls
Assessments Information Technology Controls
Systems Project Control Assurance Business
Continuity Management Customer Privacy
27
AERS US Growth

• AERS has had double digit growth for the last 10
  years and is projected to continue.

28
AERS National Client List
29
Our objective is to support your career goals
and prepare you for success within the AERS
practice. How will we accomplish our
objective? Great Performance System
30
Training and Development

• Each consultant that joins the AERS practice
  receives at least 80 hours of training in their
  first year
• You will continue your training and development
  throughout your first two years within AERS with
  access to these additional courses
• Risk and Controls Basics
• Business Process Introduction
• Assurance Basics
• IT Systems Development and Risk Fundamentals
• Business Process Workshop
• Introduction to Auditsystem/2
• Presentation/Communication skills
• Business Writing skills

31
Mentoring and Counseling

• Staff Buddy
• Manager Counselor
• Mentors

32
Career Progression
Members of the AERS practice experience unlimited
growth potential. Although career progression is
traditionally aligned with the service lines,
this is a typical progression.
1 3 years as a Consultant
2 3 years as a Senior Consultant
2 3 years as a Manager
3 - 5 years as a Senior Manager
Director/Partner.
33
What do we look for in candidates?

• BS/BA, Business Administration, Computer Science,
  Math, Accounting, Engineering Masters in
  Accounting or Information Systems, or MBA
• Strong academic credentials (Minimum GPA of 3.0)
• Relevant work experience (e.g. internships,
  summer positions, school jobs)
• Demonstrated leadership, problem solving, and
  strong verbal and written communication skills
• Ability to prioritize tasks, work on multiple
  assignments, and manage ambiguity
• Ability to work both independently and as part of
  a team with professionals at all levels
• Willingness to travel for out-of-town engagements

34
SIUC Alumni at Deloitte

• Rodney Kinzinger ERS Partner
• Harvey Michaels Consulting Regional Managing
  Director
• Eric Bottom ERS Senior Manager
• Marsha Reppy ERS Senior Consultant
• Seth Hettinger ERS Consultant
• Larry Wiggins ERS Consultant
• Dan Parkins Audit Assistant
• Marcelo Coelho Audit Assistant
• Gaetana Trapani ERS Intern
• Corey Tadlock ERS Intern

35
A member firm of Deloitte Touche Tohmatsu