AI-X-IA11-G6-Laksamana Darmawan PDF

Preview

Summary

Name : Laksamana Darmawan NIM : 12030118190181 Class : XInternal Audit Weekly SummaryBOARD AUDIT COMMITTEE COMMUNICATIONSThe relationship of internal auditors with the board of audit committee becomes a challenge for the internal auditor team. The internal auditor is responsible for providing an int...

Description

Name : Laksamana Darmawan NIM : 12030118190181 Class : X Internal Audit Weekly Summary BOARD AUDIT COMMITTEE COMMUNICATIONS The relationship of internal auditors with the board of audit committee becomes a challenge for the internal auditor team. The internal auditor is responsible for providing an internal audit report to the audit committee which then the overall activity plan will be approved and reviewed by the audit committee. Internal auditors and audit committees do not make contact every day, but internal auditors should be aware that the audit committee is a party where the internal auditor can report problems and then the audit committee seeks a resolution. It is the internal audit cae that often makes contact with the audit committee and often educates and advises on internal audit issues. 25.1 Role of the Audit Committee In order to carry out the audit plan, the internal audit function must be authorized and approved by the audit committee through the audit charter. The audit committee is a different committee from other committees, which is outside director and must be independent of management, have understanding, be able to monitor, coordinate, interpret internal control and connect related financial activities to the entire board. For non-profit and private companies, internal audits are not regulated in the Sox and SEC and internal audits can be conducted by internal auditors and all management functions of the company. Internal audits have a greater role than external audits which are only responsible for the accuracy and fairness of financial statements. Internal audit is tasked with assessing internal control over the reliability of financial reporting, effectiveness and efficiency of operations, as well as the company's compliance with laws and regulations. In the case of enron's fall is an example of failure caused by audit committees and boards that have less independent corporate governance. With SOx, the audit committee and internal audit committee have a greater responsibility, where the audit intenal is responsible for providing services to the audit committee even though the more frequent contact with the audit committee is CAE. Previously, recommendations on improving the independence and effectiveness of the audit committee in 1999 from the Blue Ribbon Committee, external standards auditors from the AICPA, and independent standards audit committee directors from the stock exchange have not been sufficiently capable of being the solution to problems such as Enron. 25.2 Audit Committee Organization and Charters

The audit committee is an operating component of the BOD responsible for internal control and supervision of financial reporting. There is no limit to the size of the audit committee, but in 1216 boards it usually consists of 5-6 members of the audit committee. Management parties or outside parties invited to audit committee meetings cannot be members with full voting rights. Corporate committees including audit committees are established with a determination or resolution from the board. This award is documented in board records and generally not revised unless changes are required under certain circumstances. In the board's ruling, the BOD made the rules. Exhibit 23.1 provides an example of a verdict authorize audit committees as well as examples where corporate governance makes rules for the company. The company's internal audit function operates through the internal audit charter, a document approved by the audit committee to describe the internal audit roles and responsibilities concerning:  Identify, assess and manage financial risks and uncertainties  Continuous financial system improvement  Integrity of financial statements and financial disclosures  Compliance with legal requirements and regulations  Qualifications, independence and performance of independent outside auditors  Capabilities, resources and performance of the internal audit department  Full and open communication with and between independent accountants, management, Internal auditors, counsel, employees, audit committees, and boards The internal audit charter covers the activities of the internal audit function but does not cover the activities of the company's audit committee board. SOx has now required each audit committee board to develop a formal audit charter to be published as part of the annual proxy statement. The charter has no specific standards or formats but the NYSE has published a model for corporate use. The audit committee charter is a commitment to ensure the integrity of financial statements and to oversee the internal and external functions of auditors. Audit committee charters generally include:  Objectives and authority of the audit committee  Composition of the audit committee  Meeting schedule  Audit committee procedures  Audit committee's main activities  Discretionary activities (value-added activities)  Limitations of audit committees Exhibit 23.2 contains the 2007 Microsoft Corporate Audit Committee Charter published through the Microsoft website that describes the main activities of the audit committee. In this Microsoft audit committee charter explains:

Role: The audit committee assists BOD in fulfilling its responsibility to oversee the quality and integrity of the company's accounting, auditing and reporting practices.  Membership: Committee members of at least 3 directors, each must be independent.  Operation: The committee must meet at least 6 times a year.  Communication: The Committee is expected to be free and openly communicate with independent auditors, internal auditors and management.  Education: The Company is responsible for providing educational resources related to accounting principles and procedures and others related to what the committee needs.  Authority: The Committee has the authority to maintain or terminate relationships with outside counsel, experts or other consultants.  Responsibilities: The committee's primary responsibility in supervision is included in the Audit Committee's Calendar of Responsibilities which contains changes in regulatory requirements, authoritative guidance and supervisory practices. Smaller companies usually do not have the resources and need to release audit committee charters on the company's website. CAE in smaller companies should review the material published by the IIA, AICPA, or Information System and Control Association, and work with internal auditors from smaller companies as well to develop better ideas. 25.3 Audit Committee's Financial Expert and Internal Audit SOx requires that at least 1 of the directors of the independent audit committee must be financial experts. These financial experts will be the beginning for CAE to further bind internal audits with audit committees. In many situations, CAE and internal audits can be an influence for corporate governance sustainability, and internal audits can assist audit committees through these 3 approaches: 1. Internal auditors provide reports and presentations, provide detailed summaries of the internal audit process for risk assessment, planning, and auditing, and report results through audit reports. 2. Cooperate with others and other sources, present plans to the audit committee. 3. Develop a detailed plan to review and assess the company's internal control. In the first step of internal audit should explain the processes and procedures to the audit committee, the entire board, as well as management. Before presenting, the internal audit should be checked to assess the current internal audit practices. From here the internal auditor can make improvements. 25.4 Audit Committee Responsibilities for Internal Audit The audit committee has the primary responsibility for a company in the internal audit function. Prior to SOx, the concept of internal audit was reported to the audit committee then reported to the finance director (CFO) or other senior corporate officer. The current internal audit function must have an internal audit charter, and should be in contact with the company's audit committee.

The Charter has a special relationship with internal audits and usually requires audit committees to:  Internal review of audit resources, plans, activities, staff, and organizational structure.  Review cae appointments, performance, and replacements.  Review of all audit reports prepared by internal auditors together with management.  Review with management, CAE, and independent accountants in terms of financial reporting and internal control system. This review should cover the scope and outcomes of the internal audit program and the cooperation provided or limitations, if any, should be disclosed by management on the conduct of those in the Internal Audit Program. 25.5 Audit Committee Review and Action on Significant Audit Findings These points have been part of the relationship between internal audit and audit committees for some time, but the audit committee charter is published in terms of formalizing these arrangements. CAE should work closely with the audit committee to ensure that communications run effectively. Internal audits have developed habits, over time, and provided their audit committees with only a summary of internal audit findings or simply delivering reports on significant audit findings. SOx puts this in a new perspective or view. Internal auditors should not simply submit reports to the audit committee of what it deems necessary to look at. Instead, SOx mandates that internal auditors should provide an audit committee of all audit reports and management responses and their supporters. Even when internal audits produce a large number of audit reports, such as for retail companies with audits of many small store units that often have some significant findings, the audit committee should receive detailed information about all audits conducted. A summary of the report can be provided, but a full report for all audits should be provided as well.  Appointment of Audit Chief Executive  Approval of the Internal Audit Charter  Approval of Internal Audit Plan and Budget  Audit Committee Review and Significant Audit Findings 25.6 Audit Committee and Its External Auditors The audit committee has primary responsibility for hiring external audit companies, approving budgets and auditing proposed plans, and announcing audited financial statements. SOx has made some significant changes here. External auditors can no longer consent to their internal control assessments, and are not allowed to consult with public accounting firms to implement financial applications that will be reviewed by external auditors. Large public accounting firms no longer have consulting divisions, and public accounting firms are prohibited from providing internal audit services to the companies they audit. The Audit Committee should be aware and sensitive to these changes. SOx requires that the audit committee approve all external audit services, including convenience letters, as well as non-audit services provided by external auditors. External auditors are still allowed to provide tax services, but they are prohibited from

providing these non-auditing services simultaneously with auditing of clients' financial statements such as:  Bookkeeping and other services related to the accounting or financial records of the client's audit report.  Design and implementation of financial information technology  Appraisal or assessment of services, opinions of fairness,  Internal audit outsourcing services  Human resource management or support functions  Brokers or agents, investment advisers, or investment banking services  Legal services and other expert services are not related to auditing  Other services that are not permitted 25.7 Whistleblower Programs and Codes of Conduct SOx rules state that audit committees must establish procedures for the receipt, retention, and handling of complaints regarding accounting, internal accounting controls, or auditing issues, including confidentiality procedures. Internal audits should offer services to audit committees (experts) to establish financial documentation and communication procedures in: Documentation logging whistleblower calls. SOx mandates that the audit committee create a formal whistleblower program where employees can increase their focus on improper inspections and control things without fear of retribution. A larger company may already have an ethical function. When a small company does not have such resources, an internal audit should offer facilities to log those whistleblower communications, record the date, time, and name of the caller for investigation and disposition. In all cases, SOx gives the audit committee responsibility for creating and managing whistleblowers such as program. Disposition of whistleblower matters. Even more important than the loggin in the initial whistleblower call, documentation must be maintained to record the nature of any follow-up investigations and related dispositions. although the mandated SOx whistleblower program does not have a cash reward program, documentation covering the full action taken as well as net savings must be maintained. Again, with the tradition of dealing with things that are confidential, internal audits should offer to provide a secure, secret service here. This can be a very important activity. Employee reporting may take legal action against a corporation if the information they report is highly confidential. Code of Ethic SOx makes the audit committee responsible for implementing a code of conduct or conduct to the senior board of corporations (CEO and CFO). The audit committee should be able to encapsulate a set of rules for proper conduct and have this senior board acknowledge that they

have read and understood and agreed to comply. Internal audits should play a major role in assisting the audit committee to implement these programs, not just for a limited set of boards but for the entire company. 25.8 Other Audit Committee Roles Audit committees may often receive questions about accounting and auditing. Internal audits can offer to act as assistants to the audit committee in documenting and addressing this issue. CEOs or CFOs administrative support staff typically handle many administrative tasks for board members, sox rules require the Audit Committee to act independently. Internal audits can provide the necessary assistance. Under SOx, the audit committee takes an important role, to help facilitate. SOx has changed a lot, and modern internal auditors should be aware of the expanded audit committee level. Internal Auditors must both understand the problem of service needs and actively serve and work with the audit committee as part of the overall goal of providing maximum service to the company. INTERNAL AUDIT GRC APPROACHES & OTHER COMPLIANCE REQUIREMENTS 28.1 ROAD TO EFFECTIVE GRC PRINCIPLEA number of GRC are:  G (Governance) : Means taking care of business, ensuring that the company's performance is in accordance with the company's regulations and BOD decisions. Governance also means what the company must do (in accordance with the expectations of stakeholders) so that every employee knows the direction of operation of the company.  R (Risk) : The company's way to protect the value of existing assets and create value by strategically expanding the company oradding new products/services.  C (Compliance) : Compliance with laws and regulations related to business and society. It is often interpreted as compliance's control, which means controlling activity to ensure that the company complies with applicable laws and regulations. GRC is a paradigm to help companies grow in a better direction. Many companies do not consider GRC as a unity of principle. Companies often regulate governance, risk, and compliance as separate areas Aspects of GRC concepts are strongly interconnected with each other. In the picture above it is directed that: Internal policies: key factors governancesupporters. o External regulations: main factors compliancesupport. o Enterprise's risk appetite is the main factors supporting risk management.  Internal policies: the main factor supporting governance.  External regulations: the main factor support compliance.



Enterprise's risk appetite is a major risk management supporting factor.

IMPORTANCE OF GRC GOVERNANCE The three GRC principles have an ongoing and interconnected relationship, all three of which together have equally important standing. In terms of the company's operations, enterprise governance is defined as accountability and implementation carried out by the board, executive management, and all management functions with the aim of providing strategic direction, ensuring that the company's objectives are achieved, ensuring that risks are managed properly, and verifying that resources are used responsibly. Governance refers to the process of developing rules and procedures at all levels within the company, communicating the rules to stakeholders concerned with overseeing the implementation of those rules, and awarding and sanctioning based on performance related to or compliance with the rules. Here is the concept of corporate governance with the executive group as the center and axis of the other and related responsibilities to carry out control, strategic framework, performance, and accountability. 28.2 RISK MANAGEMENT COMPONENT OF GRC Risk management must create value and be a complete part of the organizational process. Risk management must also be part of the decision-making process and must be adjusted to each company in a systematic and structured manner in order to show the uncertainty faced by the company explicitly. The risk management process must be dynamic, repetitive, responsive to changes, and can be continuous improvements and enhancements. 28.3 GRC AND ENTERPRISE COMPLIANCE Compliance is the process of complying with guidelines and regulations that have been drawn up by government agencies, standards-making groups, or internal policies of companies. It's a challenge. Compliance encourages the entire system created by the company to run well and be responsible in meeting a wide range of specific demands from its vertical market. There are five scopes of compliance that affect various aspects of the company, namely: strategy, organization, processes, applications and data, as well as facilities. In each scope of compliance has an issue that must be considered by the company as an effort to be able to build scope and approach to compliance. This is also called the Scope of Compliance Architectures Consideration. When the company can take a consistent approach to the achievement of compliance systems accompanied by supporting technology, then the company will benefit such as: A. Reduce the total cost of ownership B. Flexibility C. Competitive Advantage 28.4 IMPORTANCE OF EFFECTIVE GRC PRACTICES AND PRINCIPLES The effective GRC compliance process helps the company transform its business operations and has the insight and ability to predict its business processes when the company can meet the demands of applicable laws and regulations. To be able to realize effective risk management and

COSO ERM processes, the company needs to have a strong governance and compliance process also with the aim to build an effective GRC program.

Corporate Governance Corporate governance is heavily influenced by an organization’s stakeholders, who communicate their expectations for proper conduct, especially as it relates to the pursuit of profitability,

ecological responsibility, and fair and respectful treatment of those people impacted by its activities. This concept is often associated with the Three Ps: Profits, Planet, and People, also referred to as the Triple Bottom Line. Corporate governance is about the relationships between the organization’s stakeholders and the accountabilities that lie among them, especially as it relates to owners, the board, and management. The goal of corporate governance, and the purpose of the structures and expectations established, is to ensure that management is accountable to the board, which is in turn accountable to the owners. A common approach is to combine governance with risk management and compliance ...