Numerous corporate governance players



Similar documents
An Integrated Approach to the Internal Control System

QUALITY MANAGEMENT SYSTEM REQUIREMENTS General Requirements. Documentation Requirements. General. Quality Manual. Control of Documents

Relevant COSO Principles. Policies and procedures are maintained. Policies and Procedures. Roles and responsibilities are identified

Mapping COBIT 5 with IT Governance, Risk and Compliance at Ecopetrol S.A. By Alberto León Lozano, CISA, CGEIT, CIA, CRMA

Linking Risk Management to Business Strategy, Processes, Operations and Reporting

A Framework for Managing Crime and Fraud

HSBC FINANCE CORPORATION CHARTER OF THE RISK COMMITTEE

Applying Integrated Risk Management Scenarios for Improving Enterprise Governance

Sample Financial institution Risk Management Policy 2011

Contents of the ISO 9001:2008 Quality System Checklist

IIA Position Paper: THE THREE LINES OF DEFENSE IN EFFECTIVE RISK MANAGEMENT AND CONTROL

CHARTER FOR THE THE REGULATORY, COMPLIANCE & GOVERNMENT AFFAIRS COMMITTEE CHARTER THE BOARD OF DIRECTORS

SECTION B DEFINITION, PURPOSE, INDEPENDENCE AND NATURE OF WORK OF INTERNAL AUDIT

AGA Kansas City Chapter Data Analytics & Continuous Monitoring

An Oracle White Paper November Financial Crime and Compliance Management: Convergence of Compliance Risk and Financial Crime

How To Write A Pca Dss Compliance Solution For Gameplan Group Ltd

Establishing a Quality Assurance and Improvement Program

Standards for the Professional Practice of Internal Auditing

RISK BASED AUDITING: A VALUE ADD PROPOSITION. Participant Guide

Framework for Enterprise Risk Management

Risk Management Solution for NPO

The Role of the Board in Enterprise Risk Management

Poste Italiane ICT Measurement

The Institute of Internal Auditors 247 Maitland Avenue Altamonte Springs, FL USA

Smarter Data Center di IBM

Measuring Capital for Operational Risk: A Scenario based AMA

TECK RESOURCES LIMITED AUDIT COMMITTEE CHARTER

Quality Assurance Checklist

Guide to Internal Control Over Financial Reporting

Internal/External Audits

Feature. A Higher Level of Governance Monitoring IT Internal Controls. Controls tend to degrade over time and between audits.

APPLICATION OF THE KING III REPORT ON CORPORATE GOVERNANCE PRINCIPLES

TREASURY INSPECTOR GENERAL FOR TAX ADMINISTRATION

APPLICATION OF KING III CORPORATE GOVERNANCE PRINCIPLES 2014

and Risk Tolerance in an Effective ERM Program

INTERNAL CONTROL AND ENTERPRISE RISK MANAGEMENT NO. П4-01 П-01 REVISION1.00

How To Understand The Role Of An Internal Audit

International Workshop Agreement 2 Quality Management Systems Guidelines for the application of ISO 9001:2000 on education.

SCOPE OF WORK FOR PERFORMING INTERNAL CONTROL AND STATUTORY/REGULATORY COMPLIANCE AUDITS FOR RECIPIENTS OF SPECIAL MUNICIPAL AID

SAI GLOBAL LIMITED Risk Management Policy

ISO 9001:2008 Audit Checklist

Internal Audit and Advisory Services DRAFT

The role of Internal Audit under Solvency II

Annual Governance Statement 2013/14

1. Corporate Governance Corporate governance is discussed in the French-language document de référence in section 1.2. Gouvernement d entreprise.

Internal Controls and Financial Accountability for Not-for-Profit Boards NEW YORK STATE OFFICE. of the ATTORNEY GENERAL.

EUROPEAN CONFEDERATION OF INSTITUTES OF INTERNAL AUDITING (IVZW)

Sector Development Ageing, Disability and Home Care Department of Family and Community Services (02)

IT Governance Charter

Quality Management System Manual

Internal Auditing Guidelines

Tying It All Together: Practical ERM Integration. Richard Scanlon Vice President Enterprise Risk Management CIGNA Corporation

Data Analysis: The Cornerstone of Effective Internal Auditing. A CaseWare Analytics Research Report

Information Governance Workshop. David Zanotta, Ph.D. Vice President, Global Data Management & Governance - PMO

Corporate policy statement on ethical business practices of BCD Travel

A Sarbanes-Oxley Roadmap to Business Continuity

ENTERPRISE RISK MANAGEMENT SURVEY RIMS Enterprise Risk Management (ERM) Survey SPONSORED BY:

The College of New Jersey Enterprise Risk Management and Higher Education For Discussion Purposes Only January 2012

Auditing Outsourcing Arrangements

M-Aud. Comptroller of the Currency Administrator of National Banks. Internal and External Audits. Comptroller s Handbook. April 2003.

Quality Management System Manual

University Audit and Compliance. Internal Controls Enterprise-Wide Risk Assessment

DATA ANALYSIS: THE CORNERSTONE OF EFFECTIVE INTERNAL AUDITING. A CaseWare IDEA Research Report

GAO. Standards for Internal Control in the Federal Government. Internal Control. United States General Accounting Office.

Quality Manual ALABAMA RESEARCH & DEVELOPMENT. This Quality Manual complies with the Requirements of ISO 9001:2008.

Internal Control Systems and Maintenance of Accounting and Other Records for Interactive Gaming & Interactive Wagering Corporations (IGIWC)

Principles for the audit committee s role in performance management

Microsoft s Compliance Framework for Online Services

Contents of the ISO 9001:2000 Quality System Checklist

Quanto costa NON dotarsi di un sistema di governo delle informazioni

MEMORANDUM. Comments on the Updating of the LSC Risk Management Program

SEKO Logistics Anti-Corruption and Foreign Corrupt Practices Act Policy

How to Develop Successful Enterprise Risk and Vendor Management Programs

Specialties Manufacturing. Talladega Castings & Machine Co., Inc. ISO 9001:2008. Quality Manual

Compliance. Group Standard

Five-Year Strategic Plan

Echo Entertainment Group Limited (ABN ) Risk and Compliance Committee Terms of Reference

BAPTIST HEALTH CORPORATE COMPLIANCE PLAN

IIA POSITION PAPER: THE ROLE OF INTERNAL AUDITING IN ENTERPRISE-WIDE RISK MANAGEMENT

Matthew E. Breecher Breecher & Company PC November 12, 2008

Dall Information Security alla Cyber Security, e ritorno

Transcription:

An Integrated Approach to the Internal System - New Methodology for Evaluating Design and Effectiveness - Carolyn Dittmeier President, IIA Italy Vice President, Head of Internal Auditing Poste Italiane 1 New laws and regulations D.Lgs 231 Anti corruption L. 262/05(Sarbanes) Bank Regulations Corporate Governance Code Italian Stock Exchange Corporate Governance and Internal New Corporate Governance players Corporate Governance Paper of IIA Italy 2

Numerous corporate governance players Officer Audit Committee Board of Directors Board of Statutory Auditors Other Bodies CFO Quality Internal Audit Security Function Inspectorate Human Resource & Organization Safety Privacy Operational Management 3 Corporate Governance Paper Associazione Italiana Internal Auditors Key points to an Integrated Corporate Governance Model: I. Global business risk assessment II. Unified Internal System Three Levels Optimizing Relationships Single Evaluation Criteria III. Mechanisms of Assurance 4

Business Case Its business General Strategy Business Plan Logistics, postal and courrier express business sectors; banking, financial services and insurance Leveraging upon a major national network for gaining efficiency in services and market potential Introducing innovative services to integrate core businesses, such as financial transaction services and direct marketing 150.000 Employees 14.000 Post offices 200 Logistic Centers 2.700 ATM 40.000 Vehicles 38.000 Points of sale 15.900 Total Sales (mil.) of which: 5.300 Logistics/Postal 4.400 Financial/ Banking 5 Business Case BOARD OF DIRECTORS RS CHIEF EXECUTIVE OFFICER E DIRETTORE GENERALE MASSIMO SARMI COMMUNICATION AND PUBLIC AFFAIRS HUMAN RESOURCES AND ORGANIZATION CHIEF INFORMATION OFFICE LEGAL AFFAIRS STRATEGIC PLANNING PURCHASING CORPORATE AFFAIRS ACCOUNTANCY & CONTROL REAL ESTATE INTERNAL AUDITING FINANCE SECURITY AND SAFETY CHIEF NETWORK AND SALES OFFICE BUSINESS UNIT MAIL BUSINESS UNIT EXPRESS AND PARCELS CHIEF OPERATING OFFICE BUSINESS UNIT PHILATELY BUSINESS UNIT BANCOPOSTA 6

Business Case Governance milestones 1994 - Public Economic Entity 1998 - Transformation to a stock company Poste Italiane - Società per Azioni 2001 - Poste Italiane is subject to supervision of Financial Regulatory Bodies 2002 New Internal Audit Model 2003 - Implementation of Organizational Model for Anti-corruption (L 231) 2005 - Code of Ethics 2006 - Implementation of Enterprise Management Model 7 Corporate Governance Paper Associazione Italiana Internal Auditors Key points to an Integrated Corporate Governance Model I. Global Business Assessment 8

Global Business Assessment? Operational risks risks Strategic risks Financial risks Reputational risks Accounting risks 9 Business Case Enterprise Management framework adopted in 2006 Obiettivi Goal Model Poste Poste Obiettivi di Business Efficienza di Processo Volume/Ricavie Obiettivi di Governo Rispetto della normativa Sicurezza Affidabilità delle informazioni OBIETTIVI RISCHI POTENZIALI Model Poste Rischi Esterni Rischi Interni Fattore Disegno Governo e controllo umano Processo/Sistemi direzionale Monitoraggio/ Processi IT Informativa Scenario Socio- Economico Concorrenza Mercato/ Cliente Contenimento Costi Customer Satisfaction Employee welfare CONTROLLI Risorse Umane Processi Ammin./ Contab. Pianificazione Partner/ Fornitori Quota di mercato Redditività Certezza operativa RISCHI RESIDUI Altri Processi Integrazione Contesto Legale Innovazione Tecnologica Integrazione Efficacia ed Efficienza IT Rischi Non Operativi Rischi Operativi Infrastruttura/ Risorse tecniche Attacchi/ Eventi esterni Tecnologia Model based on Goal Model

ERM Business Maturity Checkpoints 1. Framework 2. Self-Assessment workshop 3. Strong professional development programs 4. Budget and incentive system incorporating Key Indicators 5. Full risk management culture Corporate Governance Paper Associazione Italiana Internal Auditors Key points to an Integrated Corporate Governance Model II. A Unified Internal System Three Levels Optimizing Relationships Single Evaluation Criteria 12

Three levels of control activities within the Enterprise Management Model Company Bodies Audit Committee Definition of Objectives Management Internal environment Information and communication COSO: activities 3 rd Level Assurance Activity (Internal Audit) 2 nd Level Monitoring Activity ( Management,, ler) 1 st Level Activity (Line ) 13 A Unified Internal System 2. Optimizing Relationships between bodies and functions Informational Reporting Communication by meetings and presentations Providing Directives In relation to their assurance, consulting or other roles 14

Business Case State Auditors' Department Board of Directors Reporting & Interchange between Governance & Bodies Monthly Statutory Auditors Ethics/ Officer (Law 231) Semiannual Bimonthly Bimonthly Accountancy & Quarterly Segreteria Tecnica: Financial Reporting control Internal Audit, Human Resources, Legal Affairs; Accountancy & ; Security & Safety Internal Audit Overall Internal Periodic : Management Security & Safety Function Bancoposta Company Business Units and Depts and issues 15 A Unified Internal System 3. Integrated methodology for business control identification and evaluation Focusing separately on: Design Operating Effectiveness ( functioning functioning ) 16

How to evaluate the Integrated Internal System Tolerance Objectives Acceptance Design Adequacy Effectiveness, Efficiency and cost Operating Relevance Strength Resources availability Red-flag analysis Coverage Reactivity verification 17 Definition of a control? A set of activities whose purpose is to identify and correct errors and anomalies in order to reach defined control objectives, risk based Input Standard Comparison input / standard Correction Output 18

Objectives, risk based (examples) Quality and timeliness of operations reliability and integrity of Company information (financial and operational) Proper and effective contractual relations with customers and suppliers to Regulations Prevention of fraud Business continuity 19 How to evaluate the Integrated Internal System Tolerance Objectives Acceptance Design Adequacy Effectiveness, Efficiency and cost Operating Relevance Strength Resources availability Red-flag analysis Coverage Reactivity verification 20

Business Case: Ensuring quality manufacturing of mozzarella in Italy Supplying Production Time Quqlity By lot, the Production Dept requests 5 days ahead milk supplies fro, Purchasing on the basis of approved monthly sales forecasts. Upon supply of milk (<3 days) the Production Dept proceeds: Pasteurisation (2 hours) Coagulation (2 hours) Drainage (1 hour) Pressing and salting (1 hour) (time frame automatically recorded in 3 of 4 phases) The Quality Dept: if production time standards not compliant, block of packaging process, requesting the lot to be destroyed and re-produced. Packaging Upon authorization (Quality Dept) Production must package within 24 hours for delivery by the Distribution Dept by the next day. Quality Dept: Ensuring quality standards for freshness Actual time Reports Time Standards Comparison Correction : blockage Destroy/ Reproduce lot 22

evaluation of the single control based on scale of 1-5 (1-2 positive, 3-4-5 negative). Tolerance Objectives Acceptance Design Adequacy Effectiveness, Efficiency and cost Operating Relevance 1 Coverage 2 Strength 3 Reactivity 2 Resources availability test Red-flag analysis design evaluation: positive (2) 23 Case study: quality cheese production 2-4 2 3-3 Discretion Integration Independence Segregation Automation Adaptability Traceability Strength 3

Case study: quality cheese production Coverage scenario 1^ 1^ scenario 2^ 2^ scenario 3^ 3^ Tolerance Design Relevance Strength Scenario Known and positive design Known; design non positive Unknown design Objectives Adequacy Effectiveness, Efficiency and cost Reactivity design evaluation: positive (2) Resources availability Acceptance Operating test Red-flag analysis operating evaluation: good (3) Test 1 Audit Program Verify Information system utilized for standard check Test 2 Examine Sample of production lots checked by Quality Dept Audit Exception Level Test 1: 20% - Test 2: 5% 25 Corporate Governance Paper Associazione Italiana Internal Auditors Key points to an Integrated Corporate Governance Model: I. Global business risk assessment II. Unified Internal System Three Levels Optimizing Relationships Single Evaluation Criteria III. Mechanisms of Assurance 26

III. Need for Mechanisms of Assurance Reporting issues and evaluations on the accomplishment of company governance objectives by an independent function or body Internal Auditing Internal Officer for Listed Companies 27

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information