1 Spotlight On: Internal Auditing Beta Alpha Psi and Accounting Association CSUEB April 12, 2007 Charlie Mociak / Kris Kumaran IIA - NCEB

11

Spotlight On:Spotlight On: Internal AuditingInternal Auditing

Beta Alpha Psi and Accounting AssociationBeta Alpha Psi and Accounting AssociationCSUEB CSUEB April 12, 2007April 12, 2007

Charlie Mociak / Kris KumaranCharlie Mociak / Kris KumaranIIA - NCEBIIA - NCEB

22

AgendaAgenda• What is Internal Auditing?What is Internal Auditing?

• Who are Internal Auditors and What Do they Do? Who are Internal Auditors and What Do they Do?

• Audit Scope, CSA, and Types of auditAudit Scope, CSA, and Types of audit

• Why a career in Auditing?Why a career in Auditing?

• Enterprise Risk Management and COSOEnterprise Risk Management and COSO

• Sarbanes OxleySarbanes Oxley

• Recent Salary Survey and IIA ResourcesRecent Salary Survey and IIA Resources

• Information on the Northern California East Bay IIA Information on the Northern California East Bay IIA ChapterChapter

33









44

The IIA’s Definition of Internal The IIA’s Definition of Internal AuditingAuditing

Internal Auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, controls, and governance processes.

55

Corporate GovernanceCorporate Governance

Healthy interdependence:

• Internal Controls are strong

• Reporting is accurate

• Ethics are maintained

• Oversight is effective

• Risk is mitigated

• Investments are protected

66

Internal Versus External AuditorsInternal Versus External Auditors

Internal Internal AuditingAuditing

External External AuditingAuditing

FocusFocus Financial, Operational, Financial, Operational, Assurance, consultative, Assurance, consultative, governance, computer, governance, computer, and fraud related servicesand fraud related services

Primarily attests to Primarily attests to financial statements and financial statements and internal control.internal control.

RiskRisk Identifies and qualifies key Identifies and qualifies key business risks to estimate business risks to estimate probability of occurrence probability of occurrence and impact on business.and impact on business.

Identifies key transactions Identifies key transactions and exposures for financial and exposures for financial statements.statements.

Follow-upFollow-up Follows through with Follows through with customers to ensure work customers to ensure work is sufficient to achieve is sufficient to achieve problem resolution.problem resolution.

Limits follow-up primarily Limits follow-up primarily to financial areas.to financial areas.

77


• Who are Internal Auditors and What Do they Do?Who are Internal Auditors and What Do they Do?







88

Who are Internal Who are Internal Auditors?Auditors?

• Come from diverse areasCome from diverse areas– AccountingAccounting– FinanceFinance– ITIT– EngineeringEngineering

• Stay abreast of business trends, Stay abreast of business trends, update knowledgeupdate knowledge

• Proactive, explorers, analysts, Proactive, explorers, analysts, reportersreporters

• Provide independent, objective Provide independent, objective professional advice to all levels of professional advice to all levels of managementmanagement

• Pave the path to continuous Pave the path to continuous improvementimprovement

99

Internal Audit FunctionsInternal Audit Functions

• Evaluating RisksEvaluating Risks

• Confirming InformationConfirming Information

• Assuring safeguardsAssuring safeguards

• Operational effectiveness and efficiency – Operational effectiveness and efficiency – Quality, Economy, EthicsQuality, Economy, Ethics

• Reviewing ComplianceReviewing Compliance

• Recommending ControlsRecommending Controls

• Communicating information and opinions Communicating information and opinions with clarity and accuracywith clarity and accuracy

1010

Internal Audit FunctionsInternal Audit Functions

Source: Auditing & Assurance Services, TJ Louwers et al, 2006.

An Abundance of Frauds

1111









1212

Audit ScopeAudit Scope

• Financial: Accounts payable, account Financial: Accounts payable, account reconciliations, credit / sales / receivables, pricing reconciliations, credit / sales / receivables, pricing / discounts / rebates, production, work-in-/ discounts / rebates, production, work-in-progress / capital projects / fixed assets, progress / capital projects / fixed assets, inventory, cash and banking, human resources, inventory, cash and banking, human resources, payrollpayroll

• Operational – Key processes and procedures, Operational – Key processes and procedures, computer systems, human resources, computer systems, human resources, transportation transportation

• Procurement – Purchasing / ContractingProcurement – Purchasing / Contracting

1313

Control Self-Assessment (CSA)Control Self-Assessment (CSA)

What is CSA?What is CSA?

Employee teams getting together with their Employee teams getting together with their managers and a facilitator: managers and a facilitator:

• To analyze the strengths and obstacles which To analyze the strengths and obstacles which affect their ability to achieve their key business affect their ability to achieve their key business objectives, andobjectives, and

• To decide upon appropriate action.To decide upon appropriate action.

Types of CSATypes of CSA

• Stand-alone reviewStand-alone review

• In conjunction with an auditIn conjunction with an audit

1414

Types of AuditTypes of Audit

• FinancialFinancial• OperationalOperational• Sarbanes-Oxley (SOX)Sarbanes-Oxley (SOX)• Contractor, Non-Operated Joint VenturesContractor, Non-Operated Joint Ventures• Control Self-Assessment (CSA)Control Self-Assessment (CSA)• Business Process and Application Business Process and Application

Auditing Auditing • Information Technology (IT)Information Technology (IT)• ComplianceCompliance• ConsultingConsulting• InvestigativeInvestigative

1515









1616

Professional Licenses / Professional Licenses / Certifications and Advanced Certifications and Advanced DegreesDegreesWe encourage:We encourage:• CPA – Certified Public AccountantCPA – Certified Public Accountant• CIA – Certified Internal AuditorCIA – Certified Internal Auditor• CISA – Certified Information Systems CISA – Certified Information Systems

AuditorAuditor• CFE – Certified Fraud ExaminerCFE – Certified Fraud Examiner• CISSP – Certified Information Systems CISSP – Certified Information Systems

Security ProfessionalSecurity Professional• CCSA – Certification in Control Self-CCSA – Certification in Control Self-

AssessmentAssessment• MBAMBA

1717

Encompassing the World:Encompassing the World:The Profession of Internal AuditingThe Profession of Internal Auditing

• Allows for an expedient, high-level Allows for an expedient, high-level understanding of the organization and understanding of the organization and industryindustry

• Exposure to senior-level managementExposure to senior-level management• Transferable skills / disciplinesTransferable skills / disciplines• Networking opportunitiesNetworking opportunities• Expanding professionExpanding profession• Not just for accountantsNot just for accountants• Good starting salaryGood starting salary• Great opportunitiesGreat opportunities• Potential travelPotential travel

1818

Join Internal Auditing and See the Join Internal Auditing and See the Country and the WorldCountry and the World

• Travel – Domestic and InternationalTravel – Domestic and International

• Weekend Side Trip OpportunitiesWeekend Side Trip Opportunities

• Learning About Different CulturesLearning About Different Cultures

• Meeting People and Sample FoodsMeeting People and Sample Foods

1919









2020

COSO CommissionCOSO Commission

• The National Commission on Fraudulent Financial The National Commission on Fraudulent Financial Reporting conducted a study from 1985 through Reporting conducted a study from 1985 through 1987.1987.

• The study was undertaken as a result of the many The study was undertaken as a result of the many savings & loan and bank scandals of the 1980s. savings & loan and bank scandals of the 1980s.

• The purpose was to identify causal factors that can The purpose was to identify causal factors that can lead to fraudulent financial reporting and steps to lead to fraudulent financial reporting and steps to reduce its incidence.reduce its incidence.

• The Integrated Control Framework, introduced in The Integrated Control Framework, introduced in 1992, was a result of this study.1992, was a result of this study.

2121

COSO - Fraudulent Financial COSO - Fraudulent Financial Reporting AnalysisReporting Analysis

• Control Environment: Top senior Control Environment: Top senior executives were frequently involved in the executives were frequently involved in the fraud.fraud.– 72% of cases involved the CEO72% of cases involved the CEO– 43% of cases involved the CFO43% of cases involved the CFO

• Most audit committees only met once a Most audit committees only met once a year or had no audit committee.year or had no audit committee.

• Boards of directors were dominated by Boards of directors were dominated by insiders and those with little experience.insiders and those with little experience.

• Family relationships among directors Family relationships among directors and/or officers were fairly common.and/or officers were fairly common.

2222

Enterprise Risk Management Enterprise Risk Management COSO Control ModelCOSO Control Model

Acti

vit

y 1

Acti

vit

y 1

Acti

vit

y 2

Acti

vit

y 2

Un

it B

Un

it B

Un

it A

Un

it A

Internal Environment/ Objective Setting


Event Identification/ Risk Assessment

Event Identification/ Risk AssessmentRisk Response/

Control ActivitiesRisk Response/

Control Activities

Information & CommunicationInformation &

Communication

MonitoringMonitoring

Acti

vit

y 1

Acti

vit

y 1

Acti

vit

y 2

Acti

vit

y 2

Un

it B

Un

it B

Un

it A

Un

it A






Control Activities


Communication


2323

The Five Components Under The The Five Components Under The COSO FrameworkCOSO Framework

Risk Response - Control Activities

• Risk avoidance, reduction, sharing, and acceptance

• Policies/procedures put in place to ensure risk responses are carried out

• Range of activities including approvals, authorizations, verifications, recommendations, performance reviews, asset security and segregation of duties

Monitoring control system’s performance

• Assessment of risk management components over time

• Combination of ongoing and separate evaluation

• Management and supervisory activities

• Internal audit activities

Internal Environment /Objective Setting

• Sets tone of organization-influencing control consciousness of its people

• Factors include integrity, ethical values, competence, authority, responsibility

• Foundation for all other components of control

• Objective setting is a precondition to determining the success of a company

Information and Communication

• Pertinent information identified, captured and communicated in a timely manner

• Access to internal and externally generated information

• Flow of information that allows for successful control actions from instructions on responsibilities to summary of findings for management actionEvent Identification/Risk

Assessment

• An event is an incident from internal or external sources that could affect achievement of objectives.

• Risk assessment is analysis of relevant risks to achieving the entity’s objectives-forming the basis for determining control activities

Acti

vit

y 1

Acti

vit

y 1

Acti

vit

y 2

Acti

vit

y 2

Un

it B

Un

it B

Un

it A

Un

it A






Control Activities


Communication


Acti

vit

y 1

Acti

vit

y 1

Acti

vit

y 2

Acti

vit

y 2

Un

it B

Un

it B

Un

it A

Un

it A






Control Activities


Communication


2424

Key Leanings From COSOKey Leanings From COSO

• Importance of the organization’s control Importance of the organization’s control environment cannot be overstated.environment cannot be overstated.

• The multi-period aspect of financial The multi-period aspect of financial statement fraud, suggests the importance statement fraud, suggests the importance of interim financial statement preparation, of interim financial statement preparation, as well as the benefits of continuous as well as the benefits of continuous auditing strategies.auditing strategies.

• The nature of misstatements affecting The nature of misstatements affecting revenues and assets recorded close to revenues and assets recorded close to fiscal period end highlights the importance fiscal period end highlights the importance of cutoff and assetof cutoff and asset valuation testing.valuation testing.

2525









2626

Overview of Sarbanes-Oxley Act of Overview of Sarbanes-Oxley Act of 20022002

A Fundamental and A Fundamental and Permanent Change to Permanent Change to Business and the Business and the Accounting Profession.Accounting Profession.

2727

Signed Into Law by Congress in Signed Into Law by Congress in 20022002

• Legislation will fundamentally change the Legislation will fundamentally change the way that public companies do business and way that public companies do business and how the accounting profession performs its how the accounting profession performs its statutorily required audit function.statutorily required audit function.

• Establishes a comprehensive framework to Establishes a comprehensive framework to modernize and reform the oversight of modernize and reform the oversight of public company auditing, improve quality of public company auditing, improve quality of reporting, and strengthen the independence reporting, and strengthen the independence of auditors. of auditors.

2828

SOX - A Fundamental andSOX - A Fundamental and Permanent Change to Business Permanent Change to Business and the Accounting Profession.and the Accounting Profession.

• Creation of Independent Accounting Creation of Independent Accounting Oversight BoardOversight Board

• Auditor IndependenceAuditor Independence• Audit CommitteeAudit Committee• Management Responsibility Management Responsibility • New Disclosures RequiredNew Disclosures Required• Analysts Conflicts of InterestAnalysts Conflicts of Interest• Fraud & Criminal PenaltiesFraud & Criminal Penalties• SummarySummary

2929

Creation of Independent Creation of Independent Accounting Oversight BoardAccounting Oversight Board

• Empowered to set Empowered to set auditing, quality auditing, quality control, and ethics control, and ethics standards.standards.

• Will inspect Will inspect registered accounting registered accounting firms, conduct firms, conduct investigations, and investigations, and take disciplinary take disciplinary actions.actions.

3030

Auditor IndependenceAuditor Independence

• Limits the scope of Limits the scope of consulting services consulting services that auditors can that auditors can offer their public offer their public company audit company audit clients. clients.

• Act only applies to Act only applies to public companies. public companies.

3131

Audit CommitteeAudit Committee

• The act provides for a strong public The act provides for a strong public company audit committee that will be company audit committee that will be directly responsible for the directly responsible for the appointment, compensation, and appointment, compensation, and oversight of the public company oversight of the public company auditors.auditors.

• Audit committee members must be Audit committee members must be independent from company independent from company management.management.

3232

Management ResponsibilitiesManagement Responsibilities

• CEOs and CFO will CEOs and CFO will have to certify that have to certify that company financial company financial statements fairly statements fairly represent the represent the company’s company’s financial condition. financial condition.

• Prohibits a Prohibits a company officer company officer from attempting to from attempting to mislead an auditor.mislead an auditor.

3333

New Disclosures RequiredNew Disclosures Required

• Companies must report all off-balance Companies must report all off-balance sheet transactions and conflicts.sheet transactions and conflicts.

• Accelerates the required reporting of all Accelerates the required reporting of all insider transactions.insider transactions.

• Annual reports field with SEC must include Annual reports field with SEC must include a statement by management asserting it is a statement by management asserting it is responsible for internal controls and has responsible for internal controls and has assessed their effectiveness. This must be assessed their effectiveness. This must be “attested to” by the external auditors.“attested to” by the external auditors.

3434

SummarySummary

• The act will fundamentally change The act will fundamentally change business and their relationships with the business and their relationships with the accounting profession.accounting profession.

• The independent Accounting Oversight The independent Accounting Oversight Board will have strong control and broad Board will have strong control and broad authority over auditing standards and authority over auditing standards and public accounting firms. public accounting firms.

• CEO’s and CFO’s will be responsible to CEO’s and CFO’s will be responsible to sign-off on all documents filed with the SEC sign-off on all documents filed with the SEC and provide an annual report on the and provide an annual report on the adequacy of internal controls.adequacy of internal controls.

• Penalties and jail sentences have been Penalties and jail sentences have been greatly increased for corporate wrong-greatly increased for corporate wrong-doing.doing.

3535









3636

Salary Survey -2006Salary Survey -2006

• CAE or Partner - $177,515CAE or Partner - $177,515

• Director – $126,798Director – $126,798

• Manager – $97,041Manager – $97,041

• Supervising Senior - $79,907Supervising Senior - $79,907

• Senior – $72, 323Senior – $72, 323

• Staff - $54,196Staff - $54,196

• Entry Level Apprentice - $47,647Entry Level Apprentice - $47,647

3737

Institute of Internal Auditors (IIA) Institute of Internal Auditors (IIA) Academic ResourcesAcademic Resources

• Internal Auditing Educational Partnership (IAEP):Internal Auditing Educational Partnership (IAEP):http://www.theiia.org/guidance/academic-relations/http://www.theiia.org/guidance/academic-relations/

– Essence: Partner Academic Institutions with the Institute of Internal Essence: Partner Academic Institutions with the Institute of Internal Auditors and their Chapter Affiliates.Auditors and their Chapter Affiliates.

– Internal Audit Academic Achievement Fund – scholarship fund setup to Internal Audit Academic Achievement Fund – scholarship fund setup to help fund the efforts.help fund the efforts.

• IA Research Foundation:IA Research Foundation:http://www.theiia.org/research/http://www.theiia.org/research/

– Purpose: The mission of The IIA Research Foundation (IIARF) is to Purpose: The mission of The IIA Research Foundation (IIARF) is to expand knowledge and understanding of internal auditing by providing expand knowledge and understanding of internal auditing by providing relevant research and educational products to advance the profession relevant research and educational products to advance the profession globally.globally.

– Celebrating 30 year anniversary.Celebrating 30 year anniversary.

http://www.theiia.org/guidance/academic-relations/

http://www.theiia.org/research/

3838









3939

NORTHERN CALIFORNIA EAST BAY NORTHERN CALIFORNIA EAST BAY (NCEB) CHAPTER(NCEB) CHAPTER

• GOAL:GOAL: is to partner with the area Academic Institutions to promote is to partner with the area Academic Institutions to promote Internal Auditing.Internal Auditing.

• HOW:HOW: (Answers the “What’s in it for Me” - Question)(Answers the “What’s in it for Me” - Question)

– Encourage Student Attendance at Chapter Meeting.Encourage Student Attendance at Chapter Meeting. • Meetings are the second Tues of each Month (Sept-May) from 1:45 to 4:00.Meetings are the second Tues of each Month (Sept-May) from 1:45 to 4:00.

• Sign Up: Sign Up: http://www.theiia.org/chapters/NCEBhttp://www.theiia.org/chapters/NCEB or or

Email: Jennifer Otto Email: Jennifer Otto [email protected]@att.com or [email protected] or [email protected]

• Fee: Free! ($25 value)Fee: Free! ($25 value)

– Encourage Membership in IIA – NCEB Scholarship ProgramEncourage Membership in IIA – NCEB Scholarship Program• Attend two meeting in our Chapter year and receive a membership in the IIA.Attend two meeting in our Chapter year and receive a membership in the IIA.

($30 value) ($30 value)

• Limited to the first 30 students.Limited to the first 30 students.

http://www.theiia.org/chapters/NCEB

mailto:[email protected]

4040

NORTHERN CALIFORNIA EAST BAY NORTHERN CALIFORNIA EAST BAY (NCEB) CHAPTER(NCEB) CHAPTER

• FUTURE: ?FUTURE: ?– Establish a Student ChapterEstablish a Student Chapter

• Examples:Examples:University of Texas at Dallas: University of Texas at Dallas: http://www.utdallas.edu/orgs/iia/http://www.utdallas.edu/orgs/iia/

Pittsburg State University: Pittsburg State University: http://www.pittstate.edu/acctg/EIAP/http://www.pittstate.edu/acctg/EIAP/

Saint Mary’s College of California ?Saint Mary’s College of California ?

– Activities:Activities:• Vendor Forum: Atlanta ChapterVendor Forum: Atlanta Chapter• Enhancement of the NCEB Scholarship ProgramEnhancement of the NCEB Scholarship Program

- Best paper on relevant IA topic- Best paper on relevant IA topic• Other: Other:

- Site Visits, Day at the Ball Park, etc. - Site Visits, Day at the Ball Park, etc.

– Contacts:Contacts:• Any of the Panel Members.Any of the Panel Members.• NCEB Academic Relationship Program Coordinator:NCEB Academic Relationship Program Coordinator:

Mr. Kris KumaranMr. Kris Kumaran [email protected]@safeway.com

http://www.utdallas.edu/orgs/iia/

http://www.pittstate.edu/acctg/EIAP/

4141

Talked about…..Talked about…..• What is Internal Auditing?What is Internal Auditing?








Documents

1 Spotlight On: Internal Auditing Beta Alpha Psi and Accounting Association CSUEB April 12, 2007 Charlie Mociak / Kris Kumaran IIA - NCEB