Adapting Internal Audit and Adding Value in a Changing ...€¦ · Vishnu Sharmu, CIA, CRCM, CAMS Vishnu is a Vice President at USAA leading Governance, Risk and Compliance (GRC),

Adapting Internal Audit and Adding Value in a Changing Regulatory Environment

IIA Conference, October 22, 2018

October 22, 2018

Confidential 2

Internal – USAA Information

OUR MISSION

The mission of the association is to

facilitate the financial security of its

members, associates and their families

through provision of a full range of highly

competitive financial products and services;

in so doing, USAA seeks to be the provider

of choice for the military community.

THE USAA STANDARD

• Keep our membership and mission first

• Live our core values: Service, Loyalty,

Honesty, Integrity

• Be authentic and build trust

• Create conditions for people to succeed

• Purposefully include diverse perspectives

for superior results

• Innovate and build for the future

Confidential 3


PRESENTERS

Vishnu Sharmu, CIA, CRCM, CAMS

▪ Vishnu is a Vice President at USAA leading Governance, Risk and Compliance (GRC),

BSA/AML/OFAC, and the Chief Legal Office.

Laura Rau, CAMS, MBA

▪ Laura Rau is the AML Audit Officer at USAA focusing on the overall AML Compliance

Program and Anti-Bribery and Corruption practices.

Shailie Mody, CRCM, MBA, Six Sigma Green Belt

▪ Shailie Mody is the Director of Compliance Audit at USAA focusing on regulatory

compliance related audits and regulatory findings.

Confidential 4


EVENTS SHAPING THE ENVIRONMENT

Cyber Breaches and Data PrivacyRegulatory Impacts Emergence of Fintech

Technological Advancements and New Technologies

Reputational EventsMergers & Acquisitions

Confidential 5


HOW DO WE ADAPT TO CHANGE?

Handling ChallengesBeing Part of the Solution

Operating in an Unstructured Environment

Confidential 6


RISK MANAGEMENT IN A CHANGING ENVIRONMENT

“Risk: Defined as the possibility that an event will occur, which will impact an organization’s achievement of objectives. Risk is measured in terms of impact and likelihood.”

A risk assessment is the identification, measurement and prioritization of likely relevant events or risks that may have a material impact on an organization’s ability to achieve its objectives.

Source: “The IIA” (https://na.theiia.org/standards-guidance/mandatory-guidance/Pages/Standards-Glossary.aspx)

https://na.theiia.org/standards-guidance/mandatory-guidance/Pages/Standards-Glossary.aspx

Confidential 7


STRUCTURED APPROACH TO RISK MANAGEMENT

A.1112 – Chief Audit Executive

Roles Beyond Internal

Auditing

B.2060 – Reporting to Senior

Management and the Board

C.2000 – Managing the Internal

Audit Activity

D.2110 – Governance

E.COBIT 5

UTILIZING THE

THREE LINES OF

DEFENSE IN

EFFECTIVE RISK

MANAGEMENT

AND CONTROL

Source: “The IIA” (https://na.theiia.org/standards-guidance/Public%20Documents/IPPF-Standards-2017.pdf)

Source: (http://www.isaca.org/Knowledge-Center/Research/Documents/COBIT-Focus-Using-COBIT-5-to-Deliver-Information-and-Data-Governance_nlt_Eng_0115.pdf)

https://na.theiia.org/standards-guidance/Public Documents/IPPF-Standards-2017.pdf

http://www.isaca.org/Knowledge-Center/Research/Documents/COBIT-Focus-Using-COBIT-5-to-Deliver-Information-and-Data-Governance_nlt_Eng_0115.pdf

Confidential 8


MAINTAINING INDEPENDENCE AND OBJECTIVITY

Organizational Independence and Objective

Access to the right people

and information

Report what needs to be

said

Responsible to Senior

Management

“Internal auditing is an independent, objective

assurance and consulting activity designed to

add value and improve an organization’s

operations. It helps an organization accomplish

its objectives by bringing a systematic, disciplined

approach to evaluate and improve the

effectiveness of risk management, control, and

governance processes.”

Source: “The IIA” (https://na.theiia.org/standards-guidance/mandatory-

guidance/Pages/Definition-of-Internal-Auditing.aspx)

https://na.theiia.org/standards-guidance/mandatory-guidance/Pages/Definition-of-Internal-Auditing.aspx

Confidential 9


RESOURCE STRATEGY

Co-Sourced with Third Party(ies)1. Provides access to specialized skills as

needed2. Flexibility in addressing increasing audit

demands3. Board of Directors/Audit Committees may

value external view as an added independent perspective

In-House1. Comprehensive understanding of key risks

and challenges facing the organization

2. Knowledge of organization, culture and

established partnerships

3. High-level of ownership of the internal audit

function

Confidential 10


SO WHAT… HOW DOES INTERNAL AUDIT ADD VALUE?

A. Organizations face

complex challenges

and risks

B. Audit’s Value

Proposition

C. How do we get there?