• No results found

Compliance & Internal Audit Collaboration

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Compliance & Internal Audit Collaboration"

Copied!
11
0
0

Loading.... (view fulltext now)

Download now ( 11 Page )

Full text

(1)

Compliance & Internal Audit Collaboration Developing a compliance third line of defense

www.pwc.com

October 2015

The Society of Corporate Compliance & Ethics 14thAnnual Compliance & Ethics Institute Conference

Introductions – Walmart & PwC speakers

2 Patrick Burns – Walmart, Senior Director, Global Audit Services

• 10 years experience in Internal Audit with Walmart

• Auditing experience with various functions of global retail, including Merchandising, Operations and Compliance

• Key focus areas include providing advisory and assurance services to the Compliance & Ethics organization

• Leads forensics and analytics teams focused on advancing auditing techniques and providing tools and capabilities to the broader business

Phyllis Nordstrom – PwC, Director, Risk Assurance

• Over 15 years of experience in risk management within both the retail &

consumer products and financial services industries

• Both industry and public accounting experience in building and leading internal audit, enterprise risk, and compliance functions

• Key focus areas include developing risk programs to enable enterprise governance and management of organizational risks

Session goals

3

Provide an overview of the three lines of defense

Introduce Walmart’s compliance program

Review Walmart Global Audit Service’s approach to compliance auditing

Discuss leading practices to strengthen collaboration across lines of defense

(2)

Three lines of defense overview

4

Why a continued focus on three lines of defense?

5

“At a time when stakeholders except ever- more exacting standards of integrity and competence, compliance is now as much about safeguarding reputations and assuring strategic execution as ensuring formal regulation(1)

“In today’s dynamic business environment, with rapidly emerging trends driving new compliance risks and impacting legal regulation, it’s more challenging than ever for companies to understand and meet baseline obligations(2)

Sam Walton, regarded personal and moral integrity as critical to the company’s success. As he said, “it starts with each one of us(3)

“78% of CEOs around the world view increasing regulations as the top threat to business growth(2)

“The framework aims to provide comfort for the business and the board, while reducing potential strain on resources(1)

(1) Three Lines of Defence: How to take the burden out of compliance – PwC (2) State of Compliance Survey 2015- PwC (3) Walmart’s Global Compliance Program Report on Fiscal Year 2014

Three lines of defense overview

6

“Three Lines of Defense” Model

Senior Management

Board/Audit Committee

1stline of defense 2ndline of defense 3rdline of defense

Management Controls Internal Control Measures

Compliance Risk management

Fraud/Security Quality

Financial controls

Inspection Internal audit Regulators

External auditors

Adapted from ECIIA/FERMA Guidance on the 8thEU Company Law Directive, article 41

(3)

Key roles & responsibilities Operational management

Responsibilities

•Areas that own & manage risk

Key Activities

•Implement procedures and oversee execution of processes

•Design, implement, and maintain internal controls

•Implement corrective actions to address deficiencies

7

Leading Practices

• Utilizing a long-term risk outlook

• Integrating controls into ways of working 1stline of

defense

2ndline of defense

3rdline of defense

Key roles & responsibilities Compliance and risk management

Responsibilities

• Ongoing monitoring of risk and controls in support of management

Key Activities

•Assist management in the design and development of processes and controls

•Perform evaluations to assess if controls are performing as intended

•Inform management of emerging issues and changing risks

8

Leading Practices

• Enhancing analytics capabilities for ongoing monitoring

• Coordinating risk evaluation with Internal Audit 1stline of

defense

2ndline of defense

3rdline of defense

Key roles & responsibilities Internal audit

9

Leading Practices

• Increasing knowledge of the business

• Enhancing analytics and forensics capabilities

• Increasing visibility to escalate unmitigated risks 1stline of

defense

2ndline of defense

3rdline of defense

Responsibilities

•Provide independent and objective assurance to management and the board

Key Activities

•Perform evaluations to assess effectiveness of internal controls

•Report on effectiveness of first and second lines of defense

•Provide assurance on the effectiveness of governance and risk management

(4)

Leveraging the three lines of defense as an asset

10 Controls

Process People

Defining roles and responsibilities such that each line understands their individual responsibilities within the risk framework

Coordinating risk identification to reduce duplication of efforts and coverage gaps

Documenting control activities and data to support consistency in control evaluation

Walmart’s compliance program

11

Overview of Walmart

28 countries

$482.2b

fiscal year 2015 net sales

11k stores

245m customer

and member visits each week

2.2m associates

12

(5)

Elements of an effective compliance program

People

Policies & Processes

Systems & Analytics

13

Examples of key subject matters

14

6 building blocks

15

(6)

Level 3 Risk-Based Independent Assurance

Who?

Global Audit Services w/External Support (as needed)

What?

Assessing effectiveness of

overall compliance

programs

Level 2 Risk-Based Continuous Improvement

Who?

Global Compliance w/External Support (as needed)

What?

Monitoring implementation of

controls/policies

Level 1 Execution-Based Inspecting

Who?

Business Management &

Operations

What?

Executing daily operational routines, controls and

procedures

Audit can be an effective partner

16

Assess Risk

Develop the Audit Plan

Determine the Audit Approach Conduct the

Audit Communicate

the Results

Example of an Audit Approach

17

Market Knowled ge &

Global Trends/I nsights Audit Results

Risk Assessment

Data Program &

Market Maturity

Compliance Priorities

Assess Risk

Assess Risk

Develop the Audit Plan

Determine the Audit Approach Conduct the

Audit Communicate

the Results

18

(7)

Assess Risk

Develop the Audit Plan

Determine the Audit Approach Conduct the

Audit Communicate

the Results

Compliance Priorities Compliance Audit Plan focused on the right local market compliance risks, with a mix of walkthroughs,

program reviews and process-level audits.

Subject Matter Priority Market 1 Market 2 Market 3 Market 4 Market 5

A High X X X X X

B High X X X X X

C High X X X

D Moderate X X X X

E Moderate X X X

Develop the Audit Plan

19

Process-Level Audits

Ad Hoc Developing Practicing Optimizing Leading

Program-Level Audits Compliance Program Maturity Level

Audit Approach may include:

Determine the Audit Approach

Assess Risk

Develop the Audit Plan

Determine the Audit Approach Conduct the

Audit Communicate

the Results

20

Assess Risk

Develop the Audit Plan

Determine the Audit Approach Conduct the

Audit Communicate

the Results

Conduct the Audit & Communicate Results

21

(8)

Leading practices to strengthen the second and third lines of defense

22

Increasing coordination and effectiveness Compliance & Internal Audit collaboration

23

3

Tailored Approach

4

Cross Line Coordination

6

Tools &

Technology

2

Talent Model

5

Knowledge Sharing

1

Risk Culture

Increasing coordination and effectiveness Risk Culture

24

1

Risk Culture

• Involvement: board and senior management ownership in risk management

• Clarity: defining roles and leadership responsibilities to identify accountable owners

• Authority: elevating the authority and visibility of risk teams across the lines of defense

(9)

Increasing coordination and effectiveness Talent Model

25

2

Talent Model

• Business Knowledge: gain a clear understanding of strategic priorities and business operations

• Skills: evolving talent capabilities outside of risk management, including analytics, change management, technology, and operations

• Talent Pipeline: expanding the talent pipeline to include a mix of risk management, business, and functional resources

Increasing coordination and effectiveness Tailored Approach

26

3

Tailored Approach

• Maturity: evaluate the level of maturity of the compliance program or processes

• Approach: utilize a mix of consulting and objective audit activities based on program maturity

• Risk Framework: establish a risk framework that is utilized across lines of defense

Increasing coordination and effectiveness Cross Line Coordination

27

4

Cross Line Coordination

• Risk Evaluation: collaborate to perform risk assessments and identify emerging risks

• Coverage: coordinate risk evaluation to reduce duplication of efforts and business impact; a “one-to-many” approach

• Approach: apply consistent risk methodology across lines of defense (e.g., risk definitions, severity ratings, data classification)

(10)

Increasing coordination and effectiveness Knowledge Sharing

28

5

Knowledge Sharing

• Leadership Communication: ongoing meeting cadence across risk leadership to discuss emerging risks and issues

• Risk Reviews: regular compliance and internal audit meetings to discuss risks for changing business operations

• Reporting: consolidated risk reporting to provide management and the board with an holistic risk perspective

Increasing coordination and effectiveness Tools & Technology

29

6

Tools &

Technology

• GRC tools: utilize a common risk framework and tools to perform risk assessment, monitoring, and evaluation

• Analytics: combine risk factors, business knowledge, and technology to enhance analytics to identify emerging risks

• Information Management: integrate risk methodology into data governance and management initiatives

Elevating the maturity for lines of defense

30 Review unique responsibilities of each line of defense

Evaluate resources needed to keep pace with changing risks

Align resources to strategy & risk

Strive for aligned risk management

(11)

PwC

PwC Contact Information

Phyllis Nordstrom, PricewaterhouseCoopers LLP Director - Risk Assurance

214-754-5445; [email protected]

31

Thank you

This publication has been prepared for general guidance on matters of interest only, and does not constitute professional advice. You should not act upon the information contained in this publication without obtaining specific professional advice. No representation or warranty (express or implied) is given as to the accuracy or completeness of the information contained in this publication, and, to the extent permitted by law PwC US, its members, employees and agents do not accept or assume any liability, responsibility or duty of care for any consequences of you or anyone else acting, or refraining to act, in reliance on the information contained in this publication or for any decision based on it.

© 2015 PwC. All rights reserved. PwC refers to the US member firm or one of its subsidiaries or affiliates, and may sometimes refer to the PwC network. Each member firm is a separate legal entity. Please see www.pwc.com/structure for further details.

References

Download now ( PDF - 11 Page - 330.83 KB )

Related documents

Habitus and Utopia in Science: Bourdieu, Mannheim, and the Role of Specialties in the Scientific Field

It is impossible to understand the history of genetic toxicology and the “genetic hazards” frame without understanding the relationship of genetic toxicology to other groups,

Airport slot allocation

Optimal airport fees can, in theory, internalise the congestion externality, optimally allocate airport capacity, and stimulate competition in the downstream market of airline

Perbandingan Kadar Kolesterol High Density Lipoprotein Darah Pada Wanita Obes Dan Non Obes

Faktor lain yang mempengaruhi ada- nya peningkatan kadar kolesterol HDL darah pada obesitas yaitu seperti apa yang telah dikatakan oleh Jorgensen dkk, dimana dia melakukan

Solar Photovoltaic Financing: Deployment on Public Property by State and Local Governments

For state and local governments, several methods of financing the production of these goods are available, including systems benefit charge (SBC) funds, issuance of energy

Cost-benefit analysis of vaccination: a comparative analysis of eight approaches for valuing changes to mortality and morbidity risks.

Methods: To understand the implications of different CBA approaches for capturing and monetising benefits and their potential impact on public health decision-making, we conducted a

Bosch Recording Station. Release Notes

 Server feature Desktop Experience must be activated, and  Server feature .NET Framework 3.5.1 Features must be activated. before installing

Positioning and spinal bracing for pain relief in metastatic spinal cord compression in adults.

This is an updated version of the original Cochrane review published in Issue 3 ( Lee 2012 ) on patient positioning (mobilisation) and bracing for pain relief and spinal stability

Wind offshore energy in the Northern Aegean Sea islanding region

This interconnection plan needs improvements such as: (a) the enhancement of the Philippi substation with additional transformers (b) the overhead transmission lines