Numerous corporate governance players

Transcription

1 An Integrated Approach to the Internal System - New Methodology for Evaluating Design and Effectiveness - Carolyn Dittmeier President, IIA Italy Vice President, Head of Internal Auditing Poste Italiane 1 New laws and regulations D.Lgs 231 Anti corruption L. 262/05(Sarbanes) Bank Regulations Corporate Governance Code Italian Stock Exchange Corporate Governance and Internal New Corporate Governance players Corporate Governance Paper of IIA Italy 2

2 Numerous corporate governance players Officer Audit Committee Board of Directors Board of Statutory Auditors Other Bodies CFO Quality Internal Audit Security Function Inspectorate Human Resource & Organization Safety Privacy Operational Management 3 Corporate Governance Paper Associazione Italiana Internal Auditors Key points to an Integrated Corporate Governance Model: I. Global business risk assessment II. Unified Internal System Three Levels Optimizing Relationships Single Evaluation Criteria III. Mechanisms of Assurance 4

3 Business Case Its business General Strategy Business Plan Logistics, postal and courrier express business sectors; banking, financial services and insurance Leveraging upon a major national network for gaining efficiency in services and market potential Introducing innovative services to integrate core businesses, such as financial transaction services and direct marketing Employees Post offices 200 Logistic Centers ATM Vehicles Points of sale Total Sales (mil.) of which: Logistics/Postal Financial/ Banking 5 Business Case BOARD OF DIRECTORS RS CHIEF EXECUTIVE OFFICER E DIRETTORE GENERALE MASSIMO SARMI COMMUNICATION AND PUBLIC AFFAIRS HUMAN RESOURCES AND ORGANIZATION CHIEF INFORMATION OFFICE LEGAL AFFAIRS STRATEGIC PLANNING PURCHASING CORPORATE AFFAIRS ACCOUNTANCY & CONTROL REAL ESTATE INTERNAL AUDITING FINANCE SECURITY AND SAFETY CHIEF NETWORK AND SALES OFFICE BUSINESS UNIT MAIL BUSINESS UNIT EXPRESS AND PARCELS CHIEF OPERATING OFFICE BUSINESS UNIT PHILATELY BUSINESS UNIT BANCOPOSTA 6

4 Business Case Governance milestones Public Economic Entity Transformation to a stock company Poste Italiane - Società per Azioni Poste Italiane is subject to supervision of Financial Regulatory Bodies 2002 New Internal Audit Model Implementation of Organizational Model for Anti-corruption (L 231) Code of Ethics Implementation of Enterprise Management Model 7 Corporate Governance Paper Associazione Italiana Internal Auditors Key points to an Integrated Corporate Governance Model I. Global Business Assessment 8

5 Global Business Assessment? Operational risks risks Strategic risks Financial risks Reputational risks Accounting risks 9 Business Case Enterprise Management framework adopted in 2006 Obiettivi Goal Model Poste Poste Obiettivi di Business Efficienza di Processo Volume/Ricavie Obiettivi di Governo Rispetto della normativa Sicurezza Affidabilità delle informazioni OBIETTIVI RISCHI POTENZIALI Model Poste Rischi Esterni Rischi Interni Fattore Disegno Governo e controllo umano Processo/Sistemi direzionale Monitoraggio/ Processi IT Informativa Scenario Socio- Economico Concorrenza Mercato/ Cliente Contenimento Costi Customer Satisfaction Employee welfare CONTROLLI Risorse Umane Processi Ammin./ Contab. Pianificazione Partner/ Fornitori Quota di mercato Redditività Certezza operativa RISCHI RESIDUI Altri Processi Integrazione Contesto Legale Innovazione Tecnologica Integrazione Efficacia ed Efficienza IT Rischi Non Operativi Rischi Operativi Infrastruttura/ Risorse tecniche Attacchi/ Eventi esterni Tecnologia Model based on Goal Model

6 ERM Business Maturity Checkpoints 1. Framework 2. Self-Assessment workshop 3. Strong professional development programs 4. Budget and incentive system incorporating Key Indicators 5. Full risk management culture Corporate Governance Paper Associazione Italiana Internal Auditors Key points to an Integrated Corporate Governance Model II. A Unified Internal System Three Levels Optimizing Relationships Single Evaluation Criteria 12

7 Three levels of control activities within the Enterprise Management Model Company Bodies Audit Committee Definition of Objectives Management Internal environment Information and communication COSO: activities 3 rd Level Assurance Activity (Internal Audit) 2 nd Level Monitoring Activity ( Management,, ler) 1 st Level Activity (Line ) 13 A Unified Internal System 2. Optimizing Relationships between bodies and functions Informational Reporting Communication by meetings and presentations Providing Directives In relation to their assurance, consulting or other roles 14

8 Business Case State Auditors' Department Board of Directors Reporting & Interchange between Governance & Bodies Monthly Statutory Auditors Ethics/ Officer (Law 231) Semiannual Bimonthly Bimonthly Accountancy & Quarterly Segreteria Tecnica: Financial Reporting control Internal Audit, Human Resources, Legal Affairs; Accountancy & ; Security & Safety Internal Audit Overall Internal Periodic : Management Security & Safety Function Bancoposta Company Business Units and Depts and issues 15 A Unified Internal System 3. Integrated methodology for business control identification and evaluation Focusing separately on: Design Operating Effectiveness ( functioning functioning ) 16

9 How to evaluate the Integrated Internal System Tolerance Objectives Acceptance Design Adequacy Effectiveness, Efficiency and cost Operating Relevance Strength Resources availability Red-flag analysis Coverage Reactivity verification 17 Definition of a control? A set of activities whose purpose is to identify and correct errors and anomalies in order to reach defined control objectives, risk based Input Standard Comparison input / standard Correction Output 18

10 Objectives, risk based (examples) Quality and timeliness of operations reliability and integrity of Company information (financial and operational) Proper and effective contractual relations with customers and suppliers to Regulations Prevention of fraud Business continuity 19 How to evaluate the Integrated Internal System Tolerance Objectives Acceptance Design Adequacy Effectiveness, Efficiency and cost Operating Relevance Strength Resources availability Red-flag analysis Coverage Reactivity verification 20

11 Business Case: Ensuring quality manufacturing of mozzarella in Italy Supplying Production Time Quqlity By lot, the Production Dept requests 5 days ahead milk supplies fro, Purchasing on the basis of approved monthly sales forecasts. Upon supply of milk (<3 days) the Production Dept proceeds: Pasteurisation (2 hours) Coagulation (2 hours) Drainage (1 hour) Pressing and salting (1 hour) (time frame automatically recorded in 3 of 4 phases) The Quality Dept: if production time standards not compliant, block of packaging process, requesting the lot to be destroyed and re-produced. Packaging Upon authorization (Quality Dept) Production must package within 24 hours for delivery by the Distribution Dept by the next day. Quality Dept: Ensuring quality standards for freshness Actual time Reports Time Standards Comparison Correction : blockage Destroy/ Reproduce lot 22

12 evaluation of the single control based on scale of 1-5 (1-2 positive, negative). Tolerance Objectives Acceptance Design Adequacy Effectiveness, Efficiency and cost Operating Relevance 1 Coverage 2 Strength 3 Reactivity 2 Resources availability test Red-flag analysis design evaluation: positive (2) 23 Case study: quality cheese production Discretion Integration Independence Segregation Automation Adaptability Traceability Strength 3

13 Case study: quality cheese production Coverage scenario 1^ 1^ scenario 2^ 2^ scenario 3^ 3^ Tolerance Design Relevance Strength Scenario Known and positive design Known; design non positive Unknown design Objectives Adequacy Effectiveness, Efficiency and cost Reactivity design evaluation: positive (2) Resources availability Acceptance Operating test Red-flag analysis operating evaluation: good (3) Test 1 Audit Program Verify Information system utilized for standard check Test 2 Examine Sample of production lots checked by Quality Dept Audit Exception Level Test 1: 20% - Test 2: 5% 25 Corporate Governance Paper Associazione Italiana Internal Auditors Key points to an Integrated Corporate Governance Model: I. Global business risk assessment II. Unified Internal System Three Levels Optimizing Relationships Single Evaluation Criteria III. Mechanisms of Assurance 26

14 III. Need for Mechanisms of Assurance Reporting issues and evaluations on the accomplishment of company governance objectives by an independent function or body Internal Auditing Internal Officer for Listed Companies 27