Clyde Rogers clyde.rogers@sy Clyde Rogers clyde.rogers@sy mpatico.ca mpatico.ca 1 Continuous Continuous Monitoring Monitoring Continuous Continuous Auditing Auditing Organizational Readiness Organizational Readiness What Needs To Be Done What Needs To Be Done Making It Happen Making It Happen
Continuous Monitoring Continuous Auditing. Organizational Readiness What Needs To Be Done Making It Happen. Research & Information Sources. Professional Experience – Senior Director, Continuous Auditing at Major Bank Industry – Barclay’s, RBS, Wells Fargo, Citigroup, RBC, Fleet - PowerPoint PPT Presentation
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Continuous AuditingContinuous AuditingOrganizational Readiness Organizational Readiness What Needs To Be Done What Needs To Be Done
Making It Happen Making It Happen
22
Research & Information Research & Information Sources Sources
Professional Experience – Senior Professional Experience – Senior Director, Continuous Auditing at Major Director, Continuous Auditing at Major BankBank
Industry – Barclay’s, RBS, Wells Fargo, Industry – Barclay’s, RBS, Wells Fargo, Citigroup, RBC, FleetCitigroup, RBC, Fleet
Organizations – IIA & ADROrganizations – IIA & ADR External Firms – Deloitte, KPMG, E&YExternal Firms – Deloitte, KPMG, E&Y Academic – Centre for Continuous Academic – Centre for Continuous
Auditing – Rutgers, U of WaterlooAuditing – Rutgers, U of Waterloo
Guiding Principles – MindsetGuiding Principles – Mindset Client Monitors & Manages Risk and Client Monitors & Manages Risk and
ComplianceCompliance Audit Gets Assurance From Client & Audit Gets Assurance From Client &
Partner Processes as well as Partner Processes as well as Independent Testing Independent Testing
Information Technology is an Enabler – Information Technology is an Enabler – Larger Than ThatLarger Than That
Staged and Incremental Implementation Staged and Incremental Implementation – Business Line & Phases– Business Line & Phases
55
Success DriversSuccess Drivers Promoted/Championed by Senior Promoted/Championed by Senior
Executive – Chief Auditor & Business Executive – Chief Auditor & Business Line Executive Line Executive
Focus On a “Quick Win” – Business Line Focus On a “Quick Win” – Business Line Readiness – Operating ModelsReadiness – Operating Models
Business Line Buy-In also Influences Business Line Buy-In also Influences Governance and Support Groups Governance and Support Groups
Leverage/Benchmark to Industry & Non-Leverage/Benchmark to Industry & Non-Industry Leaders and Best Practices Industry Leaders and Best Practices
66
CM – CA Model/ProcessesCM – CA Model/Processes
Traditional Auditing
Risk and Frequency Model
Continuous Auditing Warehouse
Traditional Auditing
Risk and Frequency Model
Continuous Auditing Warehouse
Proceed with auditAs scheduled
Suggested
Action
External/Regulatory
Early Warning Systems
Staffing
Issues
Whistle
Blower
Operational Losses
Key Performance
RiskTeams
NIAP
Advisory Support
Lines
Prior Audit Results
Operational Risk
Inherent Risk
Strong or Satisfactory
Requires Improvement
Accelerate audit activity
Unsatisfactory
Quarterly Audit
Planning and
Reporting
No Action
77
Business Line ProfileBusiness Line Profile Standard Operating Environment – Standard Operating Environment –
1,000 locations – National – 4 1,000 locations – National – 4 Segmented Client OffersSegmented Client Offers
Confusion/Duplication Between Confusion/Duplication Between Functions in Roles & Responsibilities Functions in Roles & Responsibilities – 4 Major Risk Teams– 4 Major Risk Teams
Quick Win – Risk Teams – Duplication Quick Win – Risk Teams – Duplication & Costs& Costs
Conflicting Reporting to Clients & Conflicting Reporting to Clients & StakeholdersStakeholders
88
Benefits – Phase I – Risk Benefits – Phase I – Risk TeamsTeams
Align Risk Teams Coverage to Meet the Needs Align Risk Teams Coverage to Meet the Needs of all Groups – 1 Group – Audit Leverages (QA)of all Groups – 1 Group – Audit Leverages (QA)
Roles & Responsibilities Defined and Aligned Roles & Responsibilities Defined and Aligned to Changing and Emerging Regulatory to Changing and Emerging Regulatory Requirements – SOX, BaselRequirements – SOX, Basel
Improve Effectiveness & Efficiency – Less Improve Effectiveness & Efficiency – Less Branch Disruption – Also $2 million SavingsBranch Disruption – Also $2 million Savings
Move to Continuous Monitoring/Auditing Model Move to Continuous Monitoring/Auditing Model – Foundational to Phase II – Further Benefits– Foundational to Phase II – Further Benefits
99
Phase IPhase I
Q1 2005
Q1 2006Q2 2005
Reduced On-site Testing Through:• Inventorying current on-site testing activities
• Changing/adding/deleting tested activities
• Identifying duplication
• Migrating duplicated testing to FRS
• Eliminating migrated testing from groups
• Developing process to audit FRS
• Focusing on routine activities
• Processes review with product groups
Basel
Compliance
Internal Audit
Business Risk
SOX
On-
site
test
ing
SOX
Basel
Compliance
Business Risk
W/M
W/M
Internal AuditInternal Audit
1010
Benefits – Phase II - EWSBenefits – Phase II - EWS Leverage Information Technology - Consists of Leverage Information Technology - Consists of
Data Mining and AnalyticsData Mining and Analytics Whole Portfolios – Holistic View – Real TimeWhole Portfolios – Holistic View – Real Time Additional Efficiencies - $5 millionAdditional Efficiencies - $5 million Major Step Towards Continuous Major Step Towards Continuous
Monitoring/Auditing ModelMonitoring/Auditing Model Monitoring Capability Enhanced:Monitoring Capability Enhanced:
- Reduces Onsite Testing- Reduces Onsite Testing- Risk Indicators/Trends To Support On-site - Risk Indicators/Trends To Support On-site TestingTesting- Improves Earlier Identification – More Predictive- Improves Earlier Identification – More Predictive