The internal audit function’s position within a company is unique. It provides its principal stakeholders (audit committee members and management) valuable and objective assurance on governance, risk management and control processes, as well as consulting services to improve operations. With this critical responsibility to fulfill, implicit in executing those duties is internal audit’s continuous improvement to its own practices.
Country risk comprises the various risks of investing in a foreign country that can lead to either investment impairments or reductions in returns on investment (ROI). Investment impairments may arise from confiscatory actions by a sovereign (e.g., nationalization of the business or expropriation of assets). ROI reductions may arise from discriminatory actions by a sovereign directed to the company, a targeted industry (say, energy or banking) or companies from certain countries (e.g., additional taxation, price or production controls, exchange controls, currency manipulation, expansion controls, performance requirements and other regulations). Both may arise from destructive or disruptive acts by others (e.g., violence, terrorism, war, strikes, infrastructure deficiencies, kidnappings or physical phenomena). The primary objective of managing country risk is to protect company investments in foreign markets and sustain acceptable investment returns.
Chief audit executives and audit teams may be comfortable with the fact that their approach to audit committee reporting has followed the same unwavering path for the past decade. But are they shortchanging themselves by not communicating results as clearly and engagingly as possible?
Three Protiviti executives – David Brand, managing director, Chicago; Jason Maslan, director, Chicago internal audit practice; and Ari Sagett, director, Chicago internal audit practice – addressed the all-too-frequent issue of stale audit committee reporting by offering some eye-opening leading practice examples in a recent webcast.
“I think it’s always good for companies to push themselves and try to do different things that might be of interest to the board – all within the charter of the audit committee and the internal audit charter,” Brand said during the webcast.
Because companies differ, examples cited in this article won’t necessarily fit every organization, though they represent a treasure trove of good ideas that internal audit departments might tailor to their own situations.
TYPICAL QUARTERLY CONTENT
A dashboard report on current activities needs to tell the committee what internal audit (IA) is doing and why, changes to the annual plan (if any), current status of the audit plan, and critical findings or emerging trends.
In January 2013, the updated version of the Committee of Sponsoring Organizations of the Treadway Commission (COSO) Integrated Internal Control Framework (Framework) went into effect (http://www.ic.coso.org). If you’re wondering what this model is, you probably work for a privately held corporation or a non-profit, or are very new to internal audit.
This week on KnowledgeLeader, we published an article from Compliance Week that delves into a hot topic for the audit industry: the evolving role of internal audit in the face of new requirements from NASDAQ and the Federal Reserve.
With each new year come new risk considerations. Changing markets and circumstances spawn new risks, alter risk profiles and reduce the effectiveness of established risk management capabilities. The risk oversight agenda should take such changes into account.
Is your board risk oversight agenda appropriately focused?
Add a Comment: