Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
Adapting Internal Audit and Adding Value in a Changing Regulatory Environment
IIA Conference, October 22, 2018
October 22, 2018
Confidential 2
Internal – USAA Information
OUR MISSION
The mission of the association is to
facilitate the financial security of its
members, associates and their families
through provision of a full range of highly
competitive financial products and services;
in so doing, USAA seeks to be the provider
of choice for the military community.
THE USAA STANDARD
• Keep our membership and mission first
• Live our core values: Service, Loyalty,
Honesty, Integrity
• Be authentic and build trust
• Create conditions for people to succeed
• Purposefully include diverse perspectives
for superior results
• Innovate and build for the future
Confidential 3
Internal – USAA Information
PRESENTERS
Vishnu Sharmu, CIA, CRCM, CAMS
▪ Vishnu is a Vice President at USAA leading Governance, Risk and Compliance (GRC),
BSA/AML/OFAC, and the Chief Legal Office.
Laura Rau, CAMS, MBA
▪ Laura Rau is the AML Audit Officer at USAA focusing on the overall AML Compliance
Program and Anti-Bribery and Corruption practices.
Shailie Mody, CRCM, MBA, Six Sigma Green Belt
▪ Shailie Mody is the Director of Compliance Audit at USAA focusing on regulatory
compliance related audits and regulatory findings.
Confidential 4
Internal – USAA Information
EVENTS SHAPING THE ENVIRONMENT
Cyber Breaches and Data PrivacyRegulatory Impacts Emergence of Fintech
Technological Advancements and New Technologies
Reputational EventsMergers & Acquisitions
Confidential 5
Internal – USAA Information
HOW DO WE ADAPT TO CHANGE?
Handling ChallengesBeing Part of the Solution
Operating in an Unstructured Environment
Confidential 6
Internal – USAA Information
RISK MANAGEMENT IN A CHANGING ENVIRONMENT
“Risk: Defined as the possibility that an event will occur, which will impact an organization’s achievement of objectives. Risk is measured in terms of impact and likelihood.”
A risk assessment is the identification, measurement and prioritization of likely relevant events or risks that may have a material impact on an organization’s ability to achieve its objectives.
Source: “The IIA” (https://na.theiia.org/standards-guidance/mandatory-guidance/Pages/Standards-Glossary.aspx)
Confidential 7
Internal – USAA Information
STRUCTURED APPROACH TO RISK MANAGEMENT
A.1112 – Chief Audit Executive
Roles Beyond Internal
Auditing
B.2060 – Reporting to Senior
Management and the Board
C.2000 – Managing the Internal
Audit Activity
D.2110 – Governance
E.COBIT 5
UTILIZING THE
THREE LINES OF
DEFENSE IN
EFFECTIVE RISK
MANAGEMENT
AND CONTROL
Source: “The IIA” (https://na.theiia.org/standards-guidance/Public%20Documents/IPPF-Standards-2017.pdf)
Source: (http://www.isaca.org/Knowledge-Center/Research/Documents/COBIT-Focus-Using-COBIT-5-to-Deliver-Information-and-Data-Governance_nlt_Eng_0115.pdf)
Confidential 8
Internal – USAA Information
MAINTAINING INDEPENDENCE AND OBJECTIVITY
Organizational Independence and Objective
Access to the right people
and information
Report what needs to be
said
Responsible to Senior
Management
“Internal auditing is an independent, objective
assurance and consulting activity designed to
add value and improve an organization’s
operations. It helps an organization accomplish
its objectives by bringing a systematic, disciplined
approach to evaluate and improve the
effectiveness of risk management, control, and
governance processes.”
Source: “The IIA” (https://na.theiia.org/standards-guidance/mandatory-
guidance/Pages/Definition-of-Internal-Auditing.aspx)
Confidential 9
Internal – USAA Information
RESOURCE STRATEGY
Co-Sourced with Third Party(ies)1. Provides access to specialized skills as
needed2. Flexibility in addressing increasing audit
demands3. Board of Directors/Audit Committees may
value external view as an added independent perspective
In-House1. Comprehensive understanding of key risks
and challenges facing the organization
2. Knowledge of organization, culture and
established partnerships
3. High-level of ownership of the internal audit
function
Confidential 10
Internal – USAA Information
SO WHAT… HOW DOES INTERNAL AUDIT ADD VALUE?
A. Organizations face
complex challenges
and risks
B. Audit’s Value
Proposition
C. How do we get there?