Escolar Documentos
Profissional Documentos
Cultura Documentos
Internrevisionsförordning (2006:1228)
Prof. F Ruud, PhD
Internal Audit
Statistics Sweden
November 16, 2007
Slide 2
Internrevisionsförordning (2006:1228)
Prof. F Ruud, PhD
Internal Audit
Statistics Sweden
November 16, 2007
Slide 4
• Legal foundation
• What is internal auditing?
• Rational for – and what internal auditing can do for you?
• What is control, risk management and governance?
• What do internal auditors do?
• Deliverables
• Knowledge and proficiency in internal audit
• Certified Internal Auditor Examination
• Summary
Information deceptions
Prof. F Ruud, PhD
Internal Audit
Statistics Sweden
November 16, 2007
Slide 6
• Xerox, 2002
– In 1997-2001 sales amounting up to $6 billion were recorded incorrectly
(revenues were frequently booked too early)
– Share prices dropped over 30%
– Xerox paid $10 million fine as a penalty for its balance of 1997 (SEC )
– 2003: six former managers accept to pay penalties of $22 million
• WorldCom, 2002
– Expenditures amounting to $3,85 billion were recorded as investments
instead of expenses in 2001 and in the first quarter of 2002 – losses were
transformed into fictive profits - deceptions; balance sheet manipulation
over $11 billion (E.g. roaming expenses were booked as investments)
– About 830,000 persons and institutions who had shares or bonds at
Worldcom at the time of the breakdown, got $6.1 billion back
(shareholders $1 billion, bondholders the rest)
– Citigroup ($2.56 billion) and J. P. Morgan Chase & Co. ($2 billion) paid
– former CEO was sentenced to 25 years; former CFO to 5 years of prison
– Two more employees were sentenced to 5 months of imprisonment plus
5 months of house arrest and 3 years of probation respectively
www.heise.de
• Could this happen again? In the public sector?
Asymmetric information
• There is an asymmetric information, when one party cannot look at an aspect
of an interaction
• Typical situations are
– Either important criteria of an interaction before closing a contract are invisible
(uncertainty in quality/adverse selection)
Æ Dilution by signaling
– Or important criteria after closing a contract are invisible (moral hazard)
Æ Dilution by profit sharing
Shareholders
Legislation Financial investors
Other stakeholders Government
Nomination
Remuneration
BoD Audit
Committee
CEO
Accountability
Direction
Vision IN
TE External
Objectives RN Auditors
Control & AL Risk Management
Compliance Strategies AU
Controlling D
IT
Suppliers Value adding process
IN Customers
G
Implementation
Internal
Indicators Signals
Employees Control
Direction Accountability
• Vision • External Audit „Classic“
• Strategy • Internal Audit assurers
• Long- and short-term • Corporate Risk
plans Management Potential
• Code of ethics • Corporate Compliance assurers
• Regulation • Corporate Controlling
• Policies and • Other financial and
procedures non-financial perfor-
• Guidelines mance measurement
Internal control
Prof. F Ruud, PhD
Internal Audit
Statistics Sweden
November 16, 2007
Slide 12
Adecco N
Control
Prof. F Ruud, PhD
Internal Audit
Statistics Sweden
November 16, 2007
Slide 16
Attention!
RADAR!
vit
n&
tio
Infomr munck
un
ent
address the risks are carried out.
mm
essm
Risk- Ass • Within this environment, management
Co
Co
cannot do ...
November 16, 2007
Slide 20
Internal Control
Prof. F Ruud, PhD
Internal Audit
Statistics Sweden
November 16, 2007
Slide 22
Compliance
Officers Risk
Sustainability Management
Officer
Internal IT-
Security
Controlling Auditing
Management
Quality
Management ...
management – Definitions
November 16, 2007
Slide 24
(ERM) Framework
November 16, 2007
Slide 25
w
ne
w
w
ne
½
Internal environment
ne
½
Effected by people
w
Objective setting
ne
w
ne
Event identifiaction
Applied in strategy setting
w
ne
Risk assessment
w
Applied across the enterprise
ne
w
Risk response
ne
Control activities
Within ones risk appetite
w
ne
w
ne
Information & communication
w
ne
w
ne
Reasonable assurance Monitoring
Achievement of objectives
„Eisenhower Matrix“
Prof. F Ruud, PhD
Internal Audit
Statistics Sweden
November 16, 2007
Slide 26
Risk: The uncertainty of an event occurring that could have an impact on the
achievement of objectives. Risk is measured in terms of consequences and likelihood.
(The IIA, 2002)
Identification
Identification and prioritizing
of relevant risks
Disclosure
Risk management strategy, Strategy Implementation
its effectiveness, going concern Implementation of the relevant
statement options
(Source: Solomon,
Evaluation
Assessment of the effectiveness of Norton (2000), S. 452)
the risk management strategy
Risk Management
Prof. F Ruud, PhD
Internal Audit
Statistics Sweden
November 16, 2007
Slide 28
Important Assurance-Engagements
Prof. F Ruud, PhD
Internal Audit
Statistics Sweden
November 16, 2007
Slide 30
• Compliance Engagements
• System Security Engagements Operational
(Performance) Compliance
Internrevisionsförordning (2006:1228)
Prof. F Ruud, PhD
Internal Audit
Statistics Sweden
November 16, 2007
Slide 32
(IIA-Standard 2000)
E n g a g e m e n t D
E Vorbereitende
n g a g e m e n t C
Durchführung
EVorbereitende
n g a g Arbeiten
e m e n t B des Audits Finalizing
Durchführung
EVorbereitende
n g a gArbeiten
e m e n t Ades Audits Finalizing
Durchführung
Arbeiten Finalizing
des Audits
Planning Performing Finalizing
According to X% of respondents
the demand for audit-type Y will …
Review of 14.5
financial 41.9
processes 43.5
Operational 14.7
auditing 39.1
46.2
decrease
Regulatory 11.7
41.4 stay the same
compliance 46.9
increase
4
Governance 32.8
63.2
Risk 2.3
18.2
management 79.5
Corporate 52.2
31.1
governance 11.3
Regulatory 64
23
compliance 9.2 nowadays
in future (likely)
Risk 66.6
not in future
25.5
management 5.6
Fraud 69
22.9
prevention 5.7
0 25 50 75 100
Auditor Exam
November 16, 2007
Slide 38
(Source: http://www.theiia.org/certification
Shareholders
Legislature / Regulator Financial Institutes
Publicity State
Nomination
Remuneration
BoD Audit
Committee
CEO
Accountability
Direction
Vision External
Audit
Objectives
Compliance Int Risk management
er
Strategies na
l Au
Controlling
dit
Suppliers Added value process Customers
Employees
Indicators Signals
Internal
Interne Control
Steuerung
System
und Kontrolle