Compliance & Internal Audit Collaboration



Similar documents
PwC The Path Forward for Data Analysis and Continuous Auditing May 2011

Auditing Standard 5- Effective and Efficient SOX Compliance

Getting to strong Leading Practices for value-enhancing internal audit By Richard Reynolds and Abhinav Aggarwal - PricewaterhouseCoopers LLP

19/10/2012. How do you monitor. (...And why should you?) CAS Annual Meeting - Henry Jupe

New supervisory guidance on model Overview, analysis, and next steps

How To Manage Social Media Risk

ERM006 ERM and Business Continuity Management: Together at Last RIMS Annual Conference April 13, 2016

Access Governance. Delivering value. What you gain. Putting a project back on track for success

fs viewpoint

Metrics by design A practical approach to measuring internal audit performance

4th Annual ISACA Kettle Moraine Spring Symposium

20+ At risk and unready in an interconnected world

Internal Audit Testing and Sampling Techniques. Chartered Institute of Internal Auditors May 2014

Ethics and Compliance Training

Beyond risk identification Evolving provider ERM programs

The promise and pitfalls of cyber insurance January 2016

Strategic Supply Chain Management. Medical Device Supply Chain Council 1 October 2013

Strategic Supply Chain Management The five disciplines for top performance. Food & Consumer Products of Canada Webinar Toronto, February 24, 2014

Shared Service Center Mehr als eine Standortbestimmung Tag der Beratung 7. Juni 2011

Escalating concern over cyber threats has CEOs warming to government collaboration

Third Party Risk Management 12 April 2012

Safety Risk Predictive Analytics to improve safety performance

Do you know your privacy risks? How new technologies, changing business models, and emerging regulations are changing the data-protection landscape

The Changing IT Risk Landscape Understanding and managing existing and emerging risks

Cyber security Building confidence in your digital future

95% of asset management CEOs say they re very or somewhat confident about growth over the coming three years

Adding up or adding value?

IIA Position Paper: THE THREE LINES OF DEFENSE IN EFFECTIVE RISK MANAGEMENT AND CONTROL

Are you prepared to make the decisions that matter most? Decision making in retail

Consulting in Procurement April 2015

Funding sources throughout business lifecycle

Simplifying the audit through innovation

Inspiration for what is possible Inspiring new possibilities for your business with PwC and Oracle

Transforming Internal Audit Through Critical Thinking. kpmg.com

Moving Forward with IT Governance and COBIT

Finance Effectiveness Efficiency

Managing risk in construction projects how to achieve a successful outcome*

Unleashing the power of innovation

Healthcare Internal Audit: In a Time of Transition

UK Corporate Governance Code: Raising the bar on risk management Why this is not business as usual and what you need to do to comply

Regulatory Compliance Management (RCM) (formerly Legislative Compliance Management (LCM))

Application of SFC License in Hong Kong

ADVISORY SERVICES. Risk management in an evolving world. Making the case for social media governance. kpmg.com

The data breach lifecycle: From prevention to response IAPP global privacy summit March 6, 2014 (4:30-5:30) Draft v

Are you prepared to make the decisions that matter most? Decision making in healthcare

Efficiency and transparency Jaguar Land Rover

Corporate Governance Developments (GIFA/GSCCA Presentation) Nov 2013 John Roche

Big Data Analytics: 14 November 2013

Commercial insurance: cyclicality and opportunity on the road to 2020 January 2016

Moving your enterprise systems to the cloud? What do you need to know to manage the risks? Jamie Levitt, Director

ORACLE ENTERPRISE GOVERNANCE, RISK, AND COMPLIANCE MANAGER FUSION EDITION

RSA ARCHER AUDIT MANAGEMENT

SDLC- Key Areas to Audit in IT Projects ISACA Geek Week /21/2013. PwC

Automating the Audit July 2010

companies in Lebanon March 2012 PwC in Lebanon helps clients in finding tax efficient business solutions and managing task risks

The Internal Audit Analytics Conundrum Finding your path through data

Circular CSSF 12/552 on Central Administration, Internal Governance and Risk Management December 2012

The Collaboration Conundrum Keys to Accessing, Sharing and Protecting to Your Most Critical Content

Compliance. Group Standard

Implementation of Big Data and Analytics Projects with Big Data Discovery and BICS March 2015

Are you prepared to make the decisions that matter most? Decision making in manufacturing

Mapping COBIT 5 with IT Governance, Risk and Compliance at Ecopetrol S.A. By Alberto León Lozano, CISA, CGEIT, CIA, CRMA

SAP Overview Brochure. Confidence Powers Success. SAP Solutions for Governance, Risk, and Compliance.

Application of Insurer Authorisation in Hong Kong

Understanding ERP Architectures, Security and Risk Brandon Sprankle PwC Partner March 2015

IT Audit Perspective on Continuous Auditing/ Continuous Monitoring KPMG LLP

IAIS Insurance Core Principle 16

SAP Training Are your people adequately trained to maximize your

Administrative Guidelines on the Internal Control Framework and Internal Audit Standards

Aberdeen City Council IT Governance

Leveraging data analytics and continuous auditing processes for improved audit planning, effectiveness, and efficiency. kpmg.com

Solutions Master Data Governance Model and Mechanism

Making payroll pay Managing risk and compliance in an unprecedented era of change

Enterprise Risk Management & Information Technology

Transform Audit Practices and Move Beyond Assurance

Audit of the Policy on Internal Control Implementation

PwC Approach to Benefits Management

Navigating the Regulatory Maze. AIFMD Impact on Service Providers

Navigating the next generation of cloud ERP Insurance

Impact of New Internal Control Frameworks

From Information Management to Information Governance: The New Paradigm

AUDIT OF READINESS FOR THE IMPLEMENTATION OF THE POLICY ON INTERNAL CONTROL

Compliance Risk Management Survey A Point of View

Considering Meaningful Use Participation when Acquiring a Hospital or Professional Practice

Which market? An overview of London, New York, Hong Kong and Singapore stock exchanges

Commodity Price Risk Management (CPRM) - Trends and Challenges for Corporates

Technology Risk Management Are you ready?

Exposing the hidden cost of Payroll and HR Administration A total cost of ownership study

Personal Financial Services

Five-Year Strategic Plan

Transcription:

www.pwc.com Compliance & Internal Collaboration Developing a compliance third line of October 2015 The Society of Corporate Compliance & Ethics 14 th Annual Compliance & Ethics Institute Conference Introductions Walmart & PwC speakers Patrick Burns Walmart, Senior Director, Global Services 10 years experience in Internal with Walmart ing experience with various functions of global retail, including Merchandising, Operations and Compliance Key focus areas include providing advisory and assurance services to the Compliance & Ethics organization Leads forensics and analytics teams focused on advancing auditing techniques and providing tools and capabilities to the broader business Phyllis Nordstrom PwC, Director, Risk Assurance Over 15 years of experience in risk management within both the retail & consumer products and financial services industries Both industry and public accounting experience in building and leading internal audit, enterprise risk, and compliance functions Key focus areas include developing risk programs to enable enterprise governance and management of organizational risks 2 Session goals Provide an overview of the three lines of Introduce Walmart s compliance program Review Walmart Global Service s approach to compliance auditing Discuss leading practices to strengthen collaboration across lines of 3 1

Three lines of overview 4 Why a continued focus on three lines of? At a time when stakeholders except evermore exacting standards of integrity and competence, compliance is now as much about safeguarding reputations and assuring strategic execution as ensuring formal regulation (1) In today s dynamic business environment, with rapidly emerging trends driving new compliance risks and impacting legal regulation, it s more challenging than ever for companies to understand and meet baseline obligations (2) 78% of CEOs around the world view increasing regulations as the top threat to business growth (2) Sam Walton, regarded personal and moral integrity as critical to the company s success. As he said, it starts with each one of us (3) The framework aims to provide comfort for the business and the board, while reducing potential strain on resources (1) (1) Three Lines of Defence: How to take the burden out of compliance PwC (2) State of Compliance Survey 2015- PwC (3) Walmart s Global Compliance Program Report on Fiscal Year 2014 5 Three lines of overview Three Lines of Defense Model Board/ Committee Senior Management 1 st line of 2 nd line of 3 rd line of Management Controls Internal Control Measures Compliance Risk management Fraud/Security Quality Inspection Financial controls Internal audit External auditors Regulators Adapted from ECIIA/FERMA Guidance on the 8 th EU Company Law Directive, article 41 6 2

Key roles & responsibilities Operational management 1 st line of Responsibilities Areas that own & manage risk 2 nd line of 3 rd line of Key Activities Implement procedures and oversee execution of processes Design, implement, and maintain internal controls Implement corrective actions to address deficiencies Leading Practices Utilizing a long-term risk outlook Integrating controls into ways of working 7 Key roles & responsibilities Compliance and risk management 1 st line of 2 nd line of 3 rd line of Responsibilities Ongoing monitoring of risk and controls in support of management Key Activities Assist management in the design and development of processes and controls Perform evaluations to assess if controls are performing as intended Inform management of emerging issues and changing risks Leading Practices Enhancing analytics capabilities for ongoing monitoring Coordinating risk evaluation with Internal 8 Key roles & responsibilities Internal audit 1 st line of 2 nd line of 3 rd line of Responsibilities Provide independent and objective assurance to management and the board Key Activities Perform evaluations to assess effectiveness of internal controls Report on effectiveness of first and second lines of Provide assurance on the effectiveness of governance and risk management Leading Practices Increasing knowledge of the business Enhancing analytics and forensics capabilities Increasing visibility to escalate unmitigated risks 9 3

Leveraging the three lines of as an asset People Defining roles and responsibilities such that each line understands their individual responsibilities within the risk framework Process Coordinating risk identification to reduce duplication of efforts and coverage gaps Controls Documenting control activities and data to support consistency in control evaluation 10 Walmart s compliance program 11 Overview of Walmart 28 countries 11k stores 2.2m associates 245m customer and member visits each week $482.2b fiscal year 2015 net sales 12 4

Elements of an effective compliance program People Policies & Processes Systems & Analytics 13 Examples of key subject matters 14 6 building blocks 15 5

can be an effective partner Level 3 Risk-Based Independent Assurance Level 2 Risk-Based Continuous Improvement Who? Business Management & Operations Level 1 Execution-Based Inspecting What? Executing daily operational routines, controls and procedures Who? Global Compliance w/external Support (as needed) What? Monitoring implementation of controls/policies Who? Global Services w/external Support (as needed) What? Assessing effectiveness of overall compliance programs 16 Example of an Communicate the Results Develop the Plan Conduct the Determine the 17 Communicate Develop the the Results Plan Determine the Conduct the Results Risk Assessment Data Market Knowled ge & Global Trends/I nsights Program & Market Maturity Compliance Priorities 18 6

Develop the Plan Communicate the Results Develop the Plan Compliance Priorities Compliance Plan focused on the right local market compliance risks, with a mix of walkthroughs, program reviews and process-level audits. Conduct the Determine the Subject Matter Priority Market 1 Market 2 Market 3 Market 4 Market 5 A High X X X X X B High X X X X X C High X X X D Moderate X X X X E Moderate X X X 19 Determine the Compliance Program Maturity Level Communicate the Results Develop the Plan Ad Hoc Developing Practicing Optimizing Leading Conduct the Determine the may include: Process-Level s Program-Level s 20 Conduct the & Communicate Results Communicate the Results Develop the Plan Conduct the Determine the 21 7

Leading practices to strengthen the second and third lines of 22 Increasing coordination and effectiveness Compliance & Internal collaboration 1 2 3 4 5 6 Risk Culture Talent Model Tailored Cross Line Coordination Knowledge Sharing Tools & Technology 23 Increasing coordination and effectiveness Risk Culture 1 Involvement: board and senior management ownership in risk management Clarity: defining roles and leadership responsibilities to identify accountable owners Risk Culture Authority: elevating the authority and visibility of risk teams across the lines of 24 8

Increasing coordination and effectiveness Talent Model 2 Business Knowledge: gain a clear understanding of strategic priorities and business operations Talent Model Skills: evolving talent capabilities outside of risk management, including analytics, change management, technology, and operations Talent Pipeline: expanding the talent pipeline to include a mix of risk management, business, and functional resources 25 Increasing coordination and effectiveness Tailored 3 Maturity: evaluate the level of maturity of the compliance program or processes : utilize a mix of consulting and objective audit activities based on program maturity Tailored Risk Framework: establish a risk framework that is utilized across lines of 26 Increasing coordination and effectiveness Cross Line Coordination 4 Risk Evaluation: collaborate to perform risk assessments and identify emerging risks Coverage: coordinate risk evaluation to reduce duplication of efforts and business impact; a one-to-many approach Cross Line Coordination : apply consistent risk methodology across lines of (e.g., risk definitions, severity ratings, data classification) 27 9

Increasing coordination and effectiveness Knowledge Sharing 5 Leadership Communication: ongoing meeting cadence across risk leadership to discuss emerging risks and issues Risk Reviews: regular compliance and internal audit meetings to discuss risks for changing business operations Knowledge Sharing Reporting: consolidated risk reporting to provide management and the board with an holistic risk perspective 28 Increasing coordination and effectiveness Tools & Technology 6 GRC tools: utilize a common risk framework and tools to perform risk assessment, monitoring, and evaluation Analytics: combine risk factors, business knowledge, and technology to enhance analytics to identify emerging risks Tools & Technology Information Management: integrate risk methodology into data governance and management initiatives 29 Elevating the maturity for lines of Review unique responsibilities of each line of Evaluate resources needed to keep pace with changing risks Align resources to strategy & risk Strive for aligned risk management 30 10

PwC Contact Information Phyllis Nordstrom, PricewaterhouseCoopers LLP Director - Risk Assurance 214-754-5445; phyllis.r.nordstrom@pwc.com PwC 31 Thank you This publication has been prepared for general guidance on matters of interest only, and does not constitute professional advice. You should not act upon the information contained in this publication without obtaining specific professional advice. No representation or warranty (express or implied) is given as to the accuracy or completeness of the information contained in this publication, and, to the extent permitted by law PwC US, its members, employees and agents do not accept or assume any liability, responsibility or duty of care for any consequences of you or anyone else acting, or refraining to act, in reliance on the information contained in this publication or for any decision based on it. 2015 PwC. All rights reserved. PwC refers to the US member firm or one of its subsidiaries or affiliates, and may sometimes refer to the PwC network. Each member firm is a separate legal entity. Please see www.pwc.com/structure for further details. 11

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information