Internal Audit's Role in Ethics, Governance, & Culture
3 likes3,106 views
The document outlines the role of internal auditing in promoting ethics, governance, and culture, as well as the application of the IIA code of ethics. It emphasizes the importance of principles such as integrity, objectivity, confidentiality, and competence in auditing practices. Additionally, it provides guidelines for evaluating independence and objectivity within the internal audit process while discussing the significance of organizational culture in determining ethical behavior.
Internal Audit's Role in Ethics, Governance, & Culture
- 1. 9/8/2017 1 Internal Audit’s Role in Ethics, Governance, & Culture Michael Brozzetti, CIA, CISA, CGEIT Principal, Boundless LLC Learning Objectives Understand how the IIA Code of Ethics applies to you Gain insight to how culture affects ethical behavior Apply “IIA Standard 2110 – Governance” as a key resource Assess ethics in light of internal audit independence Evaluate independence and objectivity using a framework
- 2. 9/8/2017 2 About Jim Kaplan, CIA, CFE President and Founder of AuditNet®, the global resource for auditors (now available on iOS, Android and Windows devices) Auditor, Web Site Guru, Internet for Auditors Pioneer Recipient of the IIA’s 2007 Bradford Cadmus Memorial Award. Author of “The Auditor’s Guide to Internet Resources” 2nd Edition Page 3 About AuditNet® LLC • AuditNet®, the global resource for auditors, serves the global audit community as the primary resource for Web-based auditing content. As the first online audit portal, AuditNet® has been at the forefront of websites dedicated to promoting the use of audit technology. • Available on the Web, iPad, iPhone, Windows and Android devices and features: • Over 2,700 Reusable Templates, Audit Programs, Questionnaires, and Control Matrices • Webinars focusing on fraud, data analytics, IT audit, and internal audit with free CPE for subscribers and site license users. • Audit guides, manuals, and books on audit basics and using audit technology • LinkedIn Networking Groups • Monthly Newsletters with Expert Guest Columnists • Surveys on timely topics for internal auditors Introductions Page 4
- 3. 9/8/2017 3 HOUSEKEEPING This webinar and its material are the property of AuditNet® and its Webinar partners. Unauthorized usage or recording of this webinar or any of its material is strictly forbidden. • If you logged in with another individual’s confirmation email you will not receive CPE as the confirmation login is linked to a specific individual • This Webinar is not eligible for viewing in a group setting. You must be logged in with your unique join link. • We are recording the webinar and you will be provided access to that recording after the webinar. Downloading or otherwise duplicating the webinar recording is expressly prohibited. • If you have indicated you would like CPE you must answer the polling questions (all or minimum required) to receive CPE per NASBA. • If you meet the NASBA criteria for earning CPE you will receive a link via email to download your certificate. The official email for CPE will be issued via [email protected] and it is important to white list this address. It is from this email that your CPE credit will be sent. There is a processing fee to have your CPE credit regenerated post event. • Submit questions via the chat box on your screen and we will answer them either during or at the conclusion. • Please complete the evaluation questionnaire to help us continuously improve our Webinars. IMPORTANT INFORMATION REGARDING CPE! • SUBSCRIBERS/SITE LICENSE USERS - If you attend the Webinar and answer the polling questions (all or minimum required) you will receive an email with the link to download your CPE certificate. The official email for CPE will be issued via [email protected] and it is important to white list this address. It is from this email that your CPE credit will be sent. There is a processing fee to have your CPE credit regenerated post event. • NON-SUBSCRIBERS/NON-SITE LICENSE USERS - If you attend the Webinar and answer the polling questions (all or minimum required) and requested CPE you must pay a fee to receive your CPE. No exceptions! • We cannot manually generate a CPE certificate as these are handled by our 3rd party provider. We highly recommend that you work with your IT department to identify and correct any email delivery issues prior to attending the Webinar. Issues would include blocks or spam filters in your email system or a firewall that will redirect or not allow delivery of this email from Gensend.io • Anyone may register, attend and view the Webinar without fees if they opted out of receiving CPE. • We are not responsible for any connection, audio or other computer related issues. You must have pop-ups enabled on you computer otherwise you will not be able to answer the polling questions which occur approximately every 20 minutes. We suggest that if you have any pressing issues to see to that you do so immediately after a polling question.
- 4. 9/8/2017 4 The views expressed by the presenters do not necessarily represent the views, positions, or opinions of AuditNet® LLC. These materials, and the oral presentation accompanying them, are for educational purposes only and do not constitute accounting or legal advice or create an accountant-client relationship. While AuditNet® makes every effort to ensure information is accurate and complete, AuditNet® makes no representations, guarantees, or warranties as to the accuracy or completeness of the information provided via this presentation. AuditNet® specifically disclaims all liability for any claims or damages that may result from the information contained in this presentation, including any websites maintained by third parties and linked to the AuditNet® website. Any mention of commercial products is for information only; it does not imply recommendation or endorsement by AuditNet® LLC Understand how the IIA Code of Ethics applies to you
- 5. 9/8/2017 5 IIA Professional Responsibility & Ethics Committee Mission To promote an understanding of, and to identify ways to promote the importance of, the professional responsibilities of internal auditors, certificate holders, and certificate candidates to including adherence to the Code of Ethics and conformance with the International Standards for the Professional Practice of Internal Auditing (Standards). POLLINGQUESTION
- 6. 9/8/2017 6 The 4 Principles of the Code of Ethics Objectivity Confidentiality CompetenceIntegrity Integrity Establishes trust Provides the basis for reliance on our judgment The Principle of Integrity
- 7. 9/8/2017 7 Objectivity Make a balanced assessment of all the relevant circumstances Not be unduly influenced by our own interests or by others in forming judgments The Principle of Objectivity The Principle of Confidentiality Respect the value and ownership of information Not disclose information, without appropriate authority, unless there is a legal or professional obligation to do so Confidentiality
- 8. 9/8/2017 8 The Principle of Competence Internal auditors apply the following in the performance of services: Knowledge, Skills, and; Experience Competence POLLINGQUESTION
- 9. 9/8/2017 9 Other key considerations when making decisions and taking actions: Is my action legal? If legal, is it also ethical? Are my actions honest in every respect? Can I defend this action with a clear conscience before my peers and the general public? Would I be embarrassed to read about my action in the newspaper? How would members of my family view my actions? Presenter’s thoughts on organizational ethics, governance, and culture
- 10. 9/8/2017 10 Gain insight to how culture affects ethical behavior Insightful Quotes “Culture, more than rule books, determines how an organization behaves.” WARREN E. BUFFETT Chairman and CEO Berkshire Hathaway
- 11. 9/8/2017 11 Insightful Quotes “You can’t substitute good conscience with rules and regulations” MARK S. SCHWEIKER Former Governor Commonwealth of Pennsylvania Insightful Quotes “A strong corporate culture is one of the best tools a company has for combating fraud.” BARBARA HACKMAN FRANKLIN National Association of Corporate Directors (NACD) Chair
- 12. 9/8/2017 12 The Internal Control System People Ethics & Values Internal Adjudication Process Internal External Technology Systems / Devices Information / Data What is the most important element to achieve an organization’s objectives? The Internal Control System People Ethics & Values Internal Adjudication Process Internal External Technology Systems / Devices Information / Data Where does IA spend most of it’s time auditing?
- 13. 9/8/2017 13 Insightful Quotes “Organizational integrity will never rise above the integrity of the people who create, administer, and monitor the internal control system.” Brozzetti, Michael (2016.) Guardians of Integrity. Internal Auditor Magazine Apply “IIA Standard 2110 – Governance” as a key resource
- 14. 9/8/2017 14 Governance Defined The combination of processes and structures implemented by the board to inform, direct, manage, and monitor the activities of the organization toward the achievement of its objectives. Standard 2110 The internal audit activity must assess and make appropriate recommendations for improving the governance process in its accomplishment of the following objectives: • Promoting appropriate ethics and values within the organization; • Ensuring effective organizational performance management and accountability; • Communicating risk and control information to appropriate areas of the organization; and • Coordinating the activities of and communicating information among the board, external and internal auditors, and management.
- 15. 9/8/2017 15 Implementation Standards 2110.A1 - The internal audit activity must evaluate the design, implementation, and effectiveness of the organization's ethics-related objectives, programs, and activities. 2110.A2 - The internal audit activity must assess whether the information technology governance of the organization supports the organization's strategies and objectives. POLLINGQUESTION
- 16. 9/8/2017 16 Presenter’s thoughts on organizational ethics, governance, and culture Ethics Governance Risk Management Internal Control Organizational Culture Do you have insight into cultural risks? Note: Chart is for illustrative purposes only. PY = Prior Year and CY = Current Year trending.
- 17. 9/8/2017 17 Do you havea process map of ethics-related incident handling? Code of Conduct Code of Ethics (Per Professional Practice Standards) Company Policy Regulation Law Business Issues Legal Issues Ethics Compliance Ethics Compliance Management (Independent of Incident) Audit, Risk, & Compliance General Counsel External Legal Counsel General Counsel Independent Committee Independent Committee Independent Committee Do you have insight into the effectiveness of ethics-related incident handling ? # 1 # 2 # 3 # 4 # 5 Report Filings 16 12 28 25 21 Code of Conduct 5 4 15 5 8 Professional Conduct 4 5 6 5 6 Policy 4 2 3 12 4 Regulation 1 0 4 3 1 Law 2 1 0 0 2 Report Status Open – In Queue 9 6 11 8 15 In Due Diligence 2 2 7 3 5 Resolved 5 4 10 14 1 Report Resolution (YTD) 1 2 9 2 4 Authority Change 0 1 3 0 2 Disciplinary Action Taken 1 0 4 1 2 Restitution 0 1 0 0 0 Prosecution 0 0 2 1 0 Average Cycle Time (Days) 102 82 55 77 89
- 18. 9/8/2017 18 Assess ethics in light of internal audit independence Independence Defined (IPPF Glossary) The freedom from conditions that threaten the ability of the internal audit activity to carry out internal audit responsibilities in an unbiased manner.
- 19. 9/8/2017 19 Objectivity Defined (IPPF Glossary) An unbiased mental attitude that allows internal auditors to perform engagements in such a manner that they believe in their work product and that no quality compromises have been made. Objectivity requires that internal auditors do not subordinate their judgment on audit matters to others. Independence vs. Objectivity Factual Matters Organizational placement Reporting relationship Authority and access State of Mind Internal auditor judgment Biases Relationships Behaviors
- 20. 9/8/2017 20 POLLINGQUESTION The Independence Effect on Ethics High-Level Reporting Low-Level Reporting Risk of engagement scope limitationLow High Confidence in IA assurance workHigh Low
- 21. 9/8/2017 21 Factors threatening objectivity Social Pressures Economic Interest Personal Relationships Familiarity Cultural, Racial, and Gender Biases Factors threatening objectivity Cognitive Biases Self-Review Intimidation Threat Advocacy Threat
- 22. 9/8/2017 22 Managing threats to Objectivity Incentives (Rewards, Discipline) Use of Teams Rotation/Reassignment Training Managing threats to Objectivity Supervision/Review Quality Assessments Hiring Practices Outsourcing
- 23. 9/8/2017 23 Evaluate independence and objectivity using a framework Framework for evaluating Independence and Objectivity Source: IPPF – Practice Guide: Independence & Objectivity
- 24. 9/8/2017 24 Framework for evaluating Independence and Objectivity Source: IPPF – Practice Guide: Independence & Objectivity Framework for evaluating Independence and Objectivity Source: IPPF – Practice Guide: Independence & Objectivity
- 25. 9/8/2017 25 Framework for evaluating Independence and Objectivity Source: IPPF – Practice Guide: Independence & Objectivity Framework for evaluating Independence and Objectivity Source: IPPF – Practice Guide: Independence & Objectivity
- 26. 9/8/2017 26 Framework for evaluating Independence and Objectivity Source: IPPF – Practice Guide: Independence & Objectivity Framework for evaluating Independence and Objectivity Source: IPPF – Practice Guide: Independence & Objectivity
- 27. 9/8/2017 27 Framework for evaluating Independence and Objectivity Source: IPPF – Practice Guide: Independence & Objectivity AuditNet® and cRisk Academy • If you would like forever access to this webinar recording • If you are watching the recording, and would like to obtain CPE credit for this webinar • Previous AuditNet® webinars are also available on-demand for CPE credit http://criskacademy.com http://ondemand.criskacademy.com Use coupon code: 50OFF for a discount on this webinar for one week
- 28. 9/8/2017 28 Questions? Michael Brozzetti, CIA, CISA, CGEIT Principal, Boundless LLC [email protected]