Internal Audit Landscape 2014



Similar documents
HKMA Seminar Tax Evasion in Hong Kong. 30 October 2013

Banking and Financial Services Internal Audit Group

Take your first steps. to become global professionals 加 入 德 勤 舞 出 成 就 第 一 步. Take your first steps. to becoming global professionals

Tax Analysis. China relaxes foreign exchange procedures on outbound payments. for trade in services. PRC Tax. Tax Issue P184/ July 2013

Tax Analysis. Proposal to Extend Hong Kong s Offshore Fund Exemption to Private Equity: A Step in the Right Direction.

Sample risk committee charter

Risk committee performance evaluation

The Changing IT Risk Landscape Understanding and managing existing and emerging risks

Business Regulation and Tax Analysis

Keeping sight of your business Hot topics facing Financial Services organisations in IT Internal Audit

Asia Pacific. Tax Management Consulting Why and What?

Cyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft

EMEA TMC client conference Using global tax management systems to improve visibility and enhance control. The Crystal, London 9-10 June 2015

Take the right steps 9 principles for building the Risk Intelligent Enterprise

BDO s. Setting up a business in China can. BDO China unlocked

MVNO Competition Strategy Analysis.

Addressing Cyber Risk Building robust cyber governance

A NEW APPROACH TO CYBER SECURITY

Corporate Resiliency Managing g the Growing Risk of Fraud and Corruption

Service Organization Control (SOC) Reports Focus on SOC 2 Reporting Standard

Our Vision Imparting knowledge to help the people of Singapore and the global society stay relevant in their work and what they do.

Cyber Security Evolved

Deloitte Discovery Caribbean & Bermuda Territory Guide

Cybersecurity The role of Internal Audit

The enemies ashore Vulnerabilities & hackers: A relationship that works

Cyber intelligence exchange in business environment : a battle for trust and data

IIF Training 2015 Course Descriptions

NamCode. The Corporate Governance Code for Namibia

Internal audit value optimization for insurance organizations

Technology and Cyber Resilience Benchmarking Report December 2013

THE DELOITTE CFO SURVEY 2015 Q1 RESULTS GETTING BACK TO NORMAL

Financial Services. Internal Audit: What s on the horizon? kpmg.co.uk

Compliance in motion A closer look at the Corporate Sector. Deloitte Risk Services March 2015

Where insights lead Cybersecurity and the role of internal audit: An urgent call to action

APPLICATION OF KING III CORPORATE GOVERNANCE PRINCIPLES 2014

Tax Risk Management in China kpmg.com/cn

APPLICATION OF THE KING III REPORT ON CORPORATE GOVERNANCE PRINCIPLES

Global Tax and Legal September OECD s BEPS initiative a global survey Multinational survey results

Brand Ambassadors From pre-foundation to advanced recruitment process through Social Media

FFIEC Cybersecurity Assessment Tool

On the horizon 2016 Hot topics for IT internal audit in financial services. An Internal Audit viewpoint

Credit management services Because a sale is a gift until it is paid

Total Cash and Working Capital

Total Cash and Working Capital

HR Business Partnering A Custom Approach

Internal audit FROM COMPLIANCE TO RISK MANAGEMENT: THE CHANGING ROLE OF INTERNAL AUDIT

Introduction. Taxes Supported. E tax Payment Service

How To Account For Insurance In Frs 103

Accounting & Auditing News IFRS 15 Revenue from Contracts with Customers: Part 2 Differences vs. IAS 11 Construction Contracts

Stakeholder Engagement

Cyber security Building confidence in your digital future

VWNMS Dr. Frank Galas 24 th September 2014 Volkswagen Leasing China 1

Data Analytics in Internal Audit. Elizabeth Dunkerley

ikang Healthcare Group, Inc.

Risk Considerations for Internal Audit

1. Understanding Big Data

ISAE 3402 and SSAE 16 (replacing SAS 70) Reinforcing confidence through demonstration of effective controls

CYBERSECURITY IN FINANCIAL SERVICES POINT OF VIEW CHALLENGE 1 REGULATORY COMPLIANCE ACROSS GEOGRAPHIES

Deloitte Risk Services B.V. Cyber & Privacy Advisory. Deloitte Cyber & Privacy Risk Services Data Breach Management

Thailand Tomorrow Tech Trends 2015 What is the catch?

IT AUDIT WHO WE ARE. Current Trends and Top Risks of /9/2015. Eric Vyverberg. Randy Armknecht. David Kupinski

Internal Loss Data A Regulator s Perspective

Part A OVERVIEW Introduction Applicability Legal Provision...2. Part B SOUND DATA MANAGEMENT AND MIS PRACTICES...

Enterprise Risk Services. Aware vs. committed where do you stand? Business continuity management

5 th ISACA Athens Chapter Conference

Capital Requirements Directive Pillar 3 Disclosure. December 2015

CYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility

Engaging title in Green Descriptive element in Blue 2 lines if needed

Cybersecurity: The changing role of audit committee and internal audit

CIIA South West Analytics in Internal Audit - Tackling Fraud

Seamus Reilly Director EY Information Security Cyber Security

Cyber Threat Intelligence Move to an intelligencedriven cybersecurity model

REPORT. Next steps in cyber security

Smart Security. Smart Compliance.

HUDSON SALARY GUIDES 2015

Confident in our Future, Risk Management Policy Statement and Strategy

Websalad Connect. A fresh approach to digital marketing... PAGE 1

Clear, transparent reporting The new auditor s report

Mitigating and managing cyber risk: ten issues to consider

Committees Date: Subject: Public Report of: For Information Summary

Italy. EY s Global Information Security Survey 2013

Board Risk & Compliance Committee Charter

Qualification details

Effective Internal Audit in the Financial Services Sector

Principles for An. Effective Risk Appetite Framework

Deloitte Forensic. Deloitte Forensic. Capability Statement

FSB: Reinsurance Regulatory Review Summary of Discussion Paper

Transcription:

Internal Audit Landscape 2014

Agenda Examining the evolution of risk in today s digital world and the impact on traditional audit, security, risk, and compliance functions Emerging internal audit methodologies Updated COSO framework Understanding what s new and considerations for internal auditors Mark C. Rittmayer Managing Director, CSC Asia Pacific Limited 2

Veracity -Big Data Rapid changes in information technology infrastructure are increasing the difficulty of maintaining high levels of preparedness simultaneously against all threats. In response, organizations are adopting enhanced strategies for fighting fraud: from 100% success at prevention, to greater visibility, faster detection and incident response; from 'figure out what already happened' using post-incident forensics, to proactively 'figuring out what s happening' using Big Data and predictive analytics. 3

Emerging Internal Audit Methodologies - 2014 Industry Topics (1/4) Consideration for Internal audit Topics Assessingthe structures, processes and controls to manage a business How Processes,actions and tome at the top align with the values and behaviors of the business Assessing how a risk or group of risks are managed across a Group or business How risk management is linked to strategy Aggregation of risk data and MI How data management measures up against the BCBS principles for effective Risk Data Aggregation and Risk Reporting Governance Culture Risk Management Capital & Liquidity Readiness/ compliance with new requirements (internationally agreed standards on capital and liquidity Basel III) effective 1 January 2014 Completeness, accuracy and integrity of source data inputs and calculated RWA outputs Board and senior management oversight Policies, procedures and limits (e.g. stress-testing) Risk measurementand monitoring Design and development of model governance and model validation 4

Emerging Internal Audit Methodologies - 2014 Industry Topics (2/4) Consideration for Internal audit Topics Trading Accounting & Tax Loan loss provisioning IT Resilience The spotlight is starting to shine on other indices (aside from LIBOR), benchmarks and wider price setting processes that banks contribute to A focus on reviewing submission processes against definitions and best practice. Assurance over controls to capture and report unauthorised trading The firm s culture and attitude towards unauthorised trading Assurance over trade execution controls given recent glitches and failures in high frequency trading Tax strategy and tax governance arrangements Alignment of tax strategy to wider business strategy Identifying and recognition of loan loss provisioning Controls over the functioning of the model Reporting and disclosure requirements Third party/ out-sourced partners relations Data security risk Business continuity and disaster recovery processes Resilience controls and processes 5

Emerging Internal Audit Methodologies - 2014 Industry Topics (3/4) Consideration for Internal audit Topics Payments Cyber crime Data governance and quality Regulatory Payment services regulation compliance Account switching requirements (going live in September 2013) Mobile payments (Spring 2014) Resolution and recovery plans, ring-fencing, intraday liquidity management, FATCA compliance, sanctions compliance and fraud prevention Exposure to cyber threats increases as companies embrace the digital world. Regulatory demands increase over security and public confidence is challenged Controls over time to recover from a cyber attach and ability to reduce the net impact as well as preventative controls Controls over the governance and quality of data Increasing regulatory attention Compliance with the Conduct of Business rules (including COBS, ICOBS, MCOB and BCOBS sourcebooks) Identifying the likely end customer and how controls in place ensure focus on products and services meeting the long term interests of both retail and wholesale customers Regulatory data quality Capital, liquidity and other prudential returns is increasingly being challenged as a result of peer group review. Challenge and oversight over regulatory reporting 6

Emerging Internal Audit Methodologies - 2014 Industry Topics (4/4) Consideration for Internal audit Topics Control framework surrounding the new COREP and FINREP data requirements Systems and controls to combat financial crime are robust and in line with regulations Focus on AML Arrangements over client assets in areas such as management processes, adequate trust letters, treatment of collateral, completeness and accuracy of the client money calculations, oversight of outsourced providers and sufficient management information and reporting Compliance with the CASS rules Second and third line of defence monitoring programmes Regulatory Financial Crime Client assets 7

Emerging Internal Audit Methodologies - 2014 Methodology Topics 8 Consideration for Internal audit IA processes Opinion on internal control environment Internal auditors are expected to increase both the value and impact of internal audit Internal audit is required to have the necessary skills and experience that is commensurate with the risks of the organisation The Guidance provides that the Chief Auditor should provide the Audit Committee with a regular assessment of the skills required to conduct the work needed and whether the internal audit budget is sufficient The Audit Committee should be responsible for approving the internal audit budget and, as part of the Board s overall governance responsibility, should disclose in the annual report whether it is satisfied that Internal Audit has the appropriate resources The Guidance suggests that an assessment of the overall effectiveness of the governance, risk and control framework of the organisation, including themes and trends emerging from internal audit work, should be provided at least annually Internal Audit will need to create methodologies to assess the control environments, and support their conclusions. These methodologies include: Review of internal audit data; and Review of data from first and second lines of defence There is now an increased awareness of the power of using data analytics to support assurance activities, which has led to increased demand for enhanced analytics capability While it is relatively simple to implement analytics tools, developing the skillsets to use the tools effectively, embedding their use into the audit plan and managing the target data is more challenging Data Analysis

COSO Recommendations Updated COSO COSO executive summary 9

Information Governance Professional In 2012, ARMA International began development of a new credential the Certified Information Governance Professional (IGP). The IGP recognizes the efforts of those professionals who are most accomplished with respect to the implementation of the Generally Accepted Recordkeeping Principles. An Information Governance Professional (IGP) is a person who has earned the only certification that demonstrates he or she has the strategic perspective and the requisite knowledge to help an organization leverage information for maximum value while reducing the costs and mitigating the risks associated with using and governing this important asset The skills and experience needed to be successful in the field of Records and Information management have been changing rapidly as we mature and grow into Information Governance. The IGP represents this maturation and next phase for our field by identifying the skills and information professionals need. By earning this credential, I can demonstrate that I have the foundational base necessary to be successful." -Jason Stearns, IGP 10

About Deloitte Global Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee, and its network of member firms, each of which is a legally separate and independent entity. Please see www.deloitte.com/cn/en/about for a detailed description of the legal structure of Deloitte Touche Tohmatsu Limited and its member firms. Deloitte provides audit, tax, consulting, and financial advisory services to public and private clients spanning multiple industries. With a globally connected network of member firms in more than 150 countries, Deloitte brings world-class capabilities and high-quality service to clients, delivering the insights they need to address their most complex business challenges. Deloitte has in the region of 200,000 professionals, all committed to becoming the standard of excellence. About Deloitte in Greater China We are one of the leading professional services providers with 22 offices in Beijing, Hong Kong, Shanghai, Taipei, Chengdu, Chongqing, Dalian, Guangzhou, Hangzhou, Harbin, Hsinchu, Jinan, Kaohsiung, Macau, Nanjing, Shenzhen, Suzhou, Taichung, Tainan, Tianjin, Wuhan and Xiamen in Greater China. We have nearly 13,500 people working on a collaborative basis to serve clients, subject to local applicable laws. About Deloitte China The Deloitte brand first came to China in 1917 when a Deloitte office was opened in Shanghai. Now the Deloitte China network of firms, backed by the global Deloitte network, deliver a full range of audit, tax, consulting and financial advisory services to local, multinational and growth enterprise clients in China. We have considerable experience in China and have been a significant contributor to the development of China's accounting standards, taxation system and local professional accountants. This publication contains general information only, and none of Deloitte Touche Tohmatsu Limited, its member firms, or their related entities (collectively the Deloitte Network ) is, by means of this publication, rendering professional advice or services. Before making any decision or taking any action that may affect your finances or your business, you should consult a qualified professional adviser. No entity in the Deloitte Network shall be responsible for any loss whatsoever sustained by any person who relies on this publication.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information