System Auditing and Reporting for the Federal Reserve System

Similar documents
Sarbanes-Oxley Compliance at the Federal Reserve Bank of New York

Effective Enterprise Risk Management with ErmsCo ERM Foundation

How To Understand The Role Of An Internal Audit

Enterprise Risk Management VCU Process

FedLine Web Certificate Retrieval Procedures. User Guide

Academic Year Administrative Assessment Report The Office of Human Resources

Internal Audit and Advisory Services DRAFT

State of Minnesota IT Governance Framework

BOARD AND CEO ROLES DIFFERENT JOBS DIFFERENT TASKS

Federal Reserve System Secure Payments Task Force

Business Systems Analyst Job Family

Internal Audit Charters

DRAFT Report on Office of the Superintendent of Financial Report on Institutions Office of the Superintendent of Financial

Audit of the Test of Design of Entity-Level Controls

Pima Community College Strategic Planning. Framework and Process, May 12, 2016

NONPROFIT BOARD BASICS CHECK-UP

Effective Internal Audit in the Financial Services Sector

From The Womb To The Tomb. Managing The Audit Universe

Practice guide. quality assurance and IMProVeMeNt PrograM

Introduction to Enterprise Risk Management at UVM DRAFT

Title 4 - Codification of Board Policy Statements. Chapter 9 NEVADA SYSTEM OF HIGHER EDUCATION INTERNAL AUDIT, FINANCE AND ADMINISTRATION POLICIES

Practice Guide COORDINATING RISK MANAGEMENT AND ASSURANCE

Risk Management and Internal Audit Specialized Training Course Audit Risk Assessment Methodology

Enterprise Risk Management & Information Technology

Enterprise Information Management and Business Intelligence Initiatives at the Federal Reserve. XXXIV Meeting on Central Bank Systematization

Key Components of Enterprise Risk Management (ERM) Framework

SAP Audit Management A Preview

Quality Assurance Checklist

GENERAL SERVICES ADMINISTRATION

HRS Strategic Plan

RISK ADVISORY SERVICES. HYDRO UTILITIES Overview of Internal Audit & Control Services: 2014 Credentials

the role of the head of internal audit in public service organisations 2010

Enterprise Risk Management Program

SABPP IT GOVERNANCE COMMITTEE TERMS OF REFERENCE

Business Operations Leadership Team (BOLT)

Strategy for : Fulfilling Our Public Interest Mandate in an Evolving World

ERM and GRC Fundamentals. Risk Management Definitions & Guiding Principles. Module 1

The Changing IT Risk Landscape Understanding and managing existing and emerging risks

The Integration of Strategic Planning and Portfolio Management

College of Architecture Strategic Plan

2015 NFL Annual Selection Meeting R P O CLUB PLAYER POS COLLEGE ROUND 2

20 % 10 % 70 % US$ 48 million

2015 Councils & Committees

The three lines of defence

Tying It All Together: Practical ERM Integration. Richard Scanlon Vice President Enterprise Risk Management CIGNA Corporation

A&CS Assurance Review. Accounting Policy Division Rule Making Participation in Standard Setting. Report

NSERC SSHRC AUDIT OF IT SECURITY Corporate Internal Audit Division

Agenda Item: 7.6 Prepared by: Mark Majek, Kathy Thomas, Deborah Bell, Tamara Cowen and Jaye Stepp Meeting Date: October 2014

How to Develop Successful Enterprise Risk and Vendor Management Programs

MEMORANDUM FOR CHIEF FINANCIAL OFFICERS. Update on the Financial Management Line of Business and the Financial Systems Integration Office

MINNESOTA MUTUAL COMPANIES, INC. Guidelines of the Audit Committee of the Board of Directors

Strategic Plan San Luis Obispo County Community College District

INTERNAL AUDIT FRAMEWORK

KPMG s National Broker-Dealer Practice Survey Results

Organizing Structure for AIAA Forums

SUMMARY PROFESSIONAL EXPERIENCE. IBM Canada, Senior Business Transformation Consultant

Evaluation of a BSC System and its Implementation

Department of Finance. Strategic Plan California s Fiscal Policy Experts

B o a r d of Governors of the Federal Reserve System. Supplemental Policy Statement on the. Internal Audit Function and Its Outsourcing

Getting to strong Leading Practices for value-enhancing internal audit By Richard Reynolds and Abhinav Aggarwal - PricewaterhouseCoopers LLP

INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING (STANDARDS)

CobiT Strategy and Long Term Vision

Human Resources REORGANIZATION 1

A CFO s Guide to Corporate Governance

ITS Project Management

The Treasury 3.0 Framework: Deploying a Model of Best Practices Treasury Strategies, Inc. All rights reserved.

Project Manager Job Descriptions

The role of IT in business-led Data Governance. by First San Francisco Partners

Conclusion and Request for Continued Accreditation

COSO 2013 Internal Control Framework

IIA POSITION PAPER: THE ROLE OF INTERNAL AUDITING IN ENTERPRISE-WIDE RISK MANAGEMENT

The PNC Financial Services Group, Inc. Business Continuity Program

A Blueprint for: Microsoft Dynamics CRM Success

Application of King III Corporate Governance Principles

York Catholic District School Board

A Blueprint for Business Software Implementation Success

Center for Strategic Research and Communication

2 Annual data reflecting National Income and Product

Application of King III Corporate Governance Principles

Transcription:

System Auditing and Reporting for the Federal Reserve System Audrey A. Foster, Officer Audit May 21, 2015 Internal FR

System Auditing and Reporting for the FRS - Agenda FRS Audit Structure Summary Conference of General Auditors Committee on Audit Standards and Effectiveness Committee on System Auditing Types of Audits System Auditing General Auditors Responsibilities Alignment of Businesses System Audit Competencies Centers System Audit Plan Endorsement and Execution System Reporting 2

FRS Audit Structure Summary 12 Districts, 12 Reserve Banks, 12 Entities Board of Directors and Audit Committees General Auditors Conference of General Auditors (COGA) 3

Conference of General Auditors (COGA) Mission Provide independent, objective internal audit services designed to add value and improve the Federal Reserve System s risk management, control, and governance processes, and support the achievement of its objectives. Vision Serve as valued advisors who provide innovative internal audit services and deliver forward-looking, risk-focused perspectives to influence positive outcomes. 4

Conference of General Auditors (COGA) Bring a comprehensive approach to assessing the effectiveness of the Federal Reserve Banks risk management, control and governance processes using an independent vantage point, audit skills and broad knowledge of System activities Discuss matters of mutual concern and, as may be appropriate, adopt policies and/or solutions to shared problems Confer with and suggest specific courses of action to the Conference of Chairmen and the Board of Governors of the Federal Reserve System ( BOG ) or other appropriate entity on matters of mutual concern or risk/control that affect the Federal Reserve Banks Annually review and endorse the scope of internal audit coverage included in the System Audit Plan for consolidated and centralized services, as well as other business and support functions 5

COGA Organization Steering Committee Brian Bowling, Chair Josias Aleman, Vice Chair Ted Smith, Past Chair Mike Renfro, Emeritus Mark Meder, Member Paul Bettge, BOG Liaison Committee on System Auditing (CoSA) Jeff Marcus, Chair Linda Gilligan Mike Stough Clive Blackwood Bill Pullen, BOG Liaison Committee on Audit Standards and Effectiveness (CASE) Glenda Balfantz, Chair Buddy Marx Azher Abassi Michelle Scipione Jeff Thomas, SCAD Liaison Heather Robinson, BOG Liaison 6

Committee on Audit Standards and Effectiveness (CASE) Chaired by Glenda Balfantz, VP and General Auditor FRB Dallas Role Promote effective and efficient internal audit practices in Federal Reserve Banks that are consistent with professional auditing standards. Responsibilities Monitor developments in professional auditing standards Maintain risk assessment methodology Promote talent development Provide efficient and effective audit automation environment 7

Committee on System Auditing (CoSA) Chaired by Jeff Marcus, VP and General Auditor FRB Chicago Role Assure COGA awareness of and involvement in System level issues and initiatives of significant audit interest, including System coverage of System business activities commensurate with risk. Responsibilities Assess current and emerging System risks and trends and recommend action Coordinate annual process to develop and maintain a System Audit Plan Recommend audit coverage, which may encompass both common audit strategies and programs for implementation in individual Reserve Banks Prepare COGA Annual Report for distribution to key stakeholders 8

Types of Audits Local Audit An audit activity performed at the direction of the local GA on operations that generally only impact the respective Reserve Bank. Reliance Audit An audit of a shared risk activity / centralized business line that is concentrated in one or a few Reserve Banks. Work done for the benefit of all Reserve Banks Driven by the Risk Assessment Methodology System Overarching and Key Business Risks 9

Types of Audits System Audit Risks and controls that span across the FRS, and generally requires the participation of all Reserve Bank audit functions. Strongly tie to a System Risks and/or focus on interdependencies that have a System impact. The individual or group with accountability for taking action on audit recommendations should be defined, including the relationship to applicable governance bodies. This determines the report recipient(s). The lead GA provides oversight of the System audit to ensure adherence to IIA Standards and take steps to promote consistency in the work performed across districts to support rendering an audit opinion. 10

System Auditing On an annual basis, COGA develops and endorses a System Audit Plan to ensure there is a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes in the Federal Reserve System The plan allows the System audit community to coordinate resources and provide risk-based audit coverage to consolidated or centralized business activities and other district specific activities warranted by risk. 11

System Audit Plan Development The System Audit Plan development process begins with an identification of broad overarching risk themes present in the Federal Reserve System. The themes are based on: Enterprise Risk Management (ERM) Community Perspective Board of Governors Perspectives on System Risks Interviews with System Leaders COGA s Perspective In addition to the overarching risks, business line-specific risks are also identified. 12

System Auditing Process Inputs Risk Discussions with Senior Management Enterprise Risk Management Consolidated Assessment of Risk (CAR) report Prior Audits Performed Business Liaison Activities Risk Events New Products Laws and Regulations 13

Evolution of General Auditor Point of Contact/Risk Champions Coordinating General Auditor General Auditor Point of Contact Risk Champion 14

Coordinating General Auditors Roles and Responsibilities Develop and follow an approach to provide comprehensive audit attention for a business function. The CGA may provide this provide audit attention independently or may rely on other GAs. Assess risks for central services & assist COGA in understanding risks Plan and execute comprehensive coverage for central service Recommend audit strategies that may span Districts Summarize results of audit work for the COGA Annual Report 15

Coordinating General Auditor Responsibilities Coordinating General Auditor (CGA) Business Line District Cash Product Office Customer Relations and Support Office Financial Support Office Information Technology Retail Product Office Treasury Relations and Support Office Wholesale Product Office San Francisco Chicago Boston Richmond Atlanta St. Louis New York 16

General Point of Contact (GPC) Roles and Responsibilities Develop audit objectives and steps and keeping common audit programs based on common risks across Reserve Banks Assess risk in business function and assist COGA in understanding the potential risks in District operations Recommend audit objectives for District business functions Maintain common audit programs and related information Summarize results of work for the COGA Annual Report 17

Coordinating General Auditor Responsibilities General Auditor Point of Contact (GPC) Business Function Administrative Services Banking Supervision Business Continuity & Resiliency Credit and Risk Management Enterprise Risk Management Human Resources Office of Employee Benefits OMWI Open Market and CBIAS Public Information, Research and Statistics & Reserves District Philadelphia Minneapolis Cleveland New York Cleveland Kansas City New York Kansas City New York Dallas 18

Risk Champion Roles and Responsibilities Developing and follow an approach to promote awareness and understanding of a System wide risk by encouraging adequate coverage in System and District level audits Identify factors contributing to the risk theme Provide direction on specific steps to be performed to gather information needed to assess risk theme Gather the results of related internal audit work and facilitate forums Maintain awareness of and evaluate management s actions to address risk 19

Risk Champions 2015 System Overarching Risk Risk Champion Cyber Security Program & Technology Management Outsourced Service Providers Resiliency Richmond Dallas & Richmond Kansas City Cleveland 20

12 Districts Alignment of Businesses 9 Minneapolis Banking Supervision 7 Chicago Customer Relations 4 Cleveland Business Continuity Enterprise Risk Mgmt 1 Boston Financial Management 12 San Francisco Cash 10 Kansas City Human Resources 8 St. Louis Treasury 2 New York SOMA, Wholesale, OEB 3 Philadelphia Administrative Services 11 Dallas Public Affairs, Research and Statistics 6 Atlanta Retail 5 Richmond Information Technology, Credit and Risk Management District CGA Responsibility Example Wholesale footprint in shaded Districts 21

Audit Competency Centers Financial Management Human Resources IT Audit Group (ITAG) QA Knowledge Forum System Audit Tools Repository RBOPS Internal Audit Information Exchange Administrative Services Treasury Services Program Management Knowledge Forum Business Continuity Cash Supervision and Regulation Statistics and Reserves 22

System Audit Competency Centers Information Technology Audit Group (ITAG) Leverages the collective talents of the IT audit community to facilitate consistent, comprehensive, and effective coverage of the Federal Reserve System s IT environment. Audit Competency Center for Treasury Services Facilitate a collaborative system-wide information exchange for guidance, awareness, training, and communication to strengthen technical knowledge and system-wide audit expertise. Statistics and Reserves Audit Competency Center (StRACC) Serving as a knowledge resource of System Audit Community. Research Audit Competency Center (RACC) Focuses on expertise and support to district auditors as they monitor and audit local research operations. Human Resources Audit Coordination Team (HRACT) Facilitate the sharing of Human Resources (HR) information across the System and supports the development of audit competency centers. 23

System Audit Plan Timeline 24

System Audit Plan Endorsement and Execution Present to COGA for endorsement Request Audit and Risk Committee approval for the Audit Plan which includes System and FRBNY specific activities. Begin execution of the Audit Plan. Report the progress and results of Audit and Program Management Reviews on an ongoing basis. Deliver a summary of the effectiveness of risk management, control, and governance processes in the Federal Reserve System to Audit Committees and Senior Management in the COGA Annual Report. 25

System Reporting 2014 COGA Annual Report Timeline January 16, 2015 FINAL: October 28, 2014 1. COGA approval of timeline & milestones 2. COGA approval of Report approach 1. Summaries from Risk Champions 2. Summaries of Audit Work Related to Centralized & Consolidated Activities 3. CGAs and GPCs Communicate Thematic Concerns (GPCs if needed) End of year - AACC to provide data on results of the 2014 SAP (Coordinate with SAP Liaison). January 28, 2015 Solicit comments from ERM and Board February 9-16, 2015 COGA discussion of report December 13, 2014 DRAFT (as available): 1. Summaries from Risk Champions 2. Summaries of Audit Work Related to Centralized & Consolidated Activities 3. CGAs and GPCs Communicate Thematic Concerns (GPCs if needed) January 19-23, 2015 CoSA discussion February 2, 2015 Draft Report provided to COGA February 27, 2015 Issue Final 2014 COGA Annual Report End of year - AACC to provide data on results of the 2014 SAP (Coordinate with SAP Liaison). 26

System Reporting Stakeholders Audit Committees of the 12 Banks and key business leaders across the FRS Report results of System audit coverage and System Risks Forward looking perspective Trends and emerging issues 27

2014 COGA Annual Report Contents Executive Summary 2014 System Overarching Risks 2015 System Risks 2014 System Audit Plan and Results 2014 Summaries of Audit Work Related to Centralized and Consolidated Activities Local Unconsolidated Activities with Work Coordinated by COGA 2015 System Audit Plan 28

Effective System Auditing and Reporting for the FRS Communication Coordination Collaboration 29

Questions Email Address: Audrey A. Foster audrey.foster@ny.frb.org Internal FR

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information