THIRD-PARTY RISK: HOW TO BETTER UTILIZE ENERGY VENDOR AUDITS 8/25/2015. August 27, 2015

Transcription

1 8/25/2015 THIRD-PARTY RISK: HOW TO BETTER UTILIZE ENERGY VENDOR AUDITS August 27, 2015 Shane Torkelson, CPE, CISA, CIA Director Enterprise Risk Solutions 1

2 TO RECEIVE CPE CREDIT Participate in entire webinar Answer polls when they are provided If you are viewing this webinar in a group Complete group attendance form with Title & date of live webinar Your company name Your printed name, signature & address All group attendance sheets must be submitted to within 24 hours of live webinar Answer polls when they are provided If all eligibility requirements are met, each participant will be ed their CPE certificates within 15 business days of live webinar WEBINAR OBJECTIVES Upon completion of this program, participants will be able to Describe what s included in an effective vendor management program Discuss the benefits of utilizing vendor audits in their business Identify the main steps in executing an efficient vendor audit Recognize the process for establishing a vendor audit program 2

3 OUTSOURCING OVERVIEW Organizations across many industries, including energy, have outsourced business processes to cut costs, create efficiencies or remove non-core functions Managing these relationships with third-party service providers & vendors can be challenging & present risk to an organization A structured vendor management program can address challenges & risks THIRD-PARTY RISKS Outsourcing business processes comes with certain risks. Thirdparty considerations that warrant monitoring may include potential risk of Overcharges/erroneous invoicing (e.g., duplicate payments, incorrect billing rates, discounts not applied, billing for goods/services not received, etc.) Reputational damage Non-compliance with contractual terms & conditions (e.g., insurance requirements, due diligence, regulatory compliance (FCPA), etc.) Inability to meet critical performance expectations (e.g., JIT delivery, completion milestones, volume/quantity, product quality, etc.) Financial stability of vendor (i.e., going concern issues) 3

4 VENDOR MANAGEMENT LIFECYCLE COMPLETE Project or deliverables is completed per contract & vendor evaluated BID Receive prices estimates on goods/services needed EXECUTE Agreement on terms & conditions with proper approval by necessary parties CHANGE CONTROL Approval procedures for changes to contract (scope & price) PAYMENT Invoice approval & payment process MONITOR Process of evaluating performance & verifying compliance with contract MONITORING ACTIVITIES Monitoring activities include processes for evaluating vendor performance & their compliance with the contract. Example activities include Consistent monitoring of key performance indicators (KPIs) throughout term of contract(s) Periodic validation of operational requirements (e.g., insurance, compliance, background checks, etc.) Annual/bi-annual vendor appraisal program Periodic vendor audits 4

5 BENEFITS OF VENDOR AUDITS Contract Compliance Audit: The review & assessment of a third party s compliance with financial & operational provisions of an executed contract In addition, to be an effective control in commercial relationships, vendor audits may also help companies Avoid financial, legal or reputational risks Identify potential cost recoveries Eliminate waste or excess spending Identify & mitigate process &/or control gaps Detect unapplied credits Identify & eliminate contract ambiguities before they become an issue VENDOR AUDIT OVERVIEW Individual Audits 5

6 CONTRACT UNIVERSE In order to define the scope of a vendor audit program or narrow down those contracts deemed critical to review, an organization needs to understand their contract universe How many contracts does the company have? How many different types of contracts does the company use? What will be the period used for inclusion in the vendor audit program? RISK ASSESSMENT OF CONTRACTS Both quantitative & qualitative considerations should be included in risk assessment What is the dollar amount of spend associated with contract? Has vendor had significant budget overruns in the past? Does contract have multiple amendments or change orders? Is contract with third party experiencing financial difficulties? Is contract considered risky or complex given nature of goods or services to be performed? What is age & expiration of contract? 6

7 PROGRAM PLANNING From contract risk assessment, vendors & contracts are selected for inclusion in current audit plan Validate contract contains appropriate right to audit clause Preliminary planning includes budgeting & scheduling of various audits to be completed Notification of intent to audit given to vendors/suppliers Current audit plan is communicated to internal stakeholders INDIVIDUAL VENDOR AUDIT PLANNING Contact vendor/supplier to discuss audit, timing & logistics Obtain & review contract(s) & applicable amendments, change orders, etc. Provide vendor with prepared by client (PBC) request list Modify standard vendor audit program to address risks & characteristics of contract being audited Finalize testing plan 7

8 VENDOR AUDIT EXECUTION Perform approved audit testing plan Document findings, observations, recoveries, internal control breakdowns, etc. Consider audit results & supporting documentation VENDOR AUDIT REPORTING Discuss audit observations with vendor/supplier to include recoveries & process/control gaps Obtain agreement on validity of findings & secure documentation to that effect Draft report of findings Distribute final report 8

9 RESULTS TRACKING & ANALYSIS Track open findings & action items through to closure Monthly report aging of open items Monitor changes to internal processes for proper implementation & resolution of findings Analyze trends in monetary findings Analyze trends in process/control gaps Establish periodic reporting of results SUMMATION Managing third-party risk can be a critical activity for many organizations An effective vendor management program includes, among other things, a robust monitoring protocol Establishing a vendor audit program begins with contract universe & understanding quantitative & qualitative factors Performing periodic vendor audits is a sound business practice & provides insights into trends & issues 9

10 QUESTIONS? CONTINUING PROFESSIONAL EDUCATION (CPE) CREDITS BKD, LLP is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: The information in BKD webinars is presented by BKD professionals, but applying specific information to your situation requires careful consideration of facts & circumstances. Consult your BKD advisor before acting on any matters covered in these webinars 10

11 CPE CREDIT CPE credit may be awarded upon verification of participant attendance For questions, concerns or comments regarding CPE credit, please the BKD Learning & Development Department at THANK YOU! FOR MORE INFORMATION Shane Torkelson CPA, CISA, CIA Director Enterprise Risk Solutions BKD, LLP 2800 Post Oak Blvd., Suite 3200 Houston, Texas

12 12