A strategic player: hiring and inspiring a chief audit executive.EXECUTIVE SUMMARY * Many companies are raising the expectations for their chief audit executives (CAEs) to include operating at more strategic levels of risk management and corporate governance Corporate Governance The relationship between all the stakeholders in a company. This includes the shareholders, directors, and management of a company, as defined by the corporate charter, bylaws, formal policy, and rule of law. . Successful CAEs must partner effectively with the audit committee and other members of the senior management team to achieve their objectives. * To be effective, CAEs need to demonstrate a solid understanding of the company's business, core strategies, risk appetite and risk tolerance Risk Tolerance The degree of uncertainty that an investor can handle in regards to a negative change in the value of their portfolio. Notes: An investor's risk tolerance varies according to age, income requirements, financial goals, etc. . CAEs must be willing to raise difficult issues with senior management and the audit committee-even if such actions prove unpopular. * The CAE (1) (Computer-Aided Engineering) Software that analyzes designs which have been created in the computer or that have been created elsewhere and entered into the computer. should maintain an ongoing dialogue with the audit committee. This will build a relationship and help the committee stay on top of significant risk and control issues. * One of the chief attributes of an effective CAE is the ability to attract and develop talent and build a high-quality staff, In many organizations internal audit is a source of management talent for other departments. ********** Internal audit traditionally has been a behind-the-scenes player, helping audit committees perform their duties and serving as a management watchdog. But today it plays a vital role in efforts to improve corporate governance and internal controls. To fulfill ful·fill also ful·fil tr.v. ful·filled, ful·fill·ing, ful·fills also ful·fils 1. To bring into actuality; effect: fulfilled their promises. 2. this role, the chief audit executive (CAE) needs to provide assertive as·ser·tive adj. Inclined to bold or confident assertion; aggressively self-assured. as·ser  tive·ly adv. leadership that strengthens the organization's commitment to tough
internal controls. CAEs must partner with senior management and the
audit committee to help them fulfill their broad responsibilities for
effective governance Governance makes decisions that define expectations, grant power, or verify performance. It consists either of a separate process or of a specific part of management or leadership processes. Sometimes people set up a government to administer these processes and systems. , risk management and control. This article offers a
broad view of the skills and qualifications CAEs need and information
that management and audit committees will find useful when filling this
critical position.Audit committees, whose governance responsibilities have expanded significantly since the Sarbanes-Oxley Act See SOX. , are turning to internal audit for strategic and tactical support. The same is true for senior management. PCAOB PCAOB Public Company Accounting Oversight Board Auditing Standard no. 2, An Audit of Internal Control Over Financial Reporting Performed in Conjunction with An Audit of Financial Statements, has sharpened sharp·en tr. & intr.v. sharp·ened, sharp·en·ing, sharp·ens To make or become sharp or sharper. sharp the focus on the internal audit function and its ability to help senior management, audit committees and external auditors The examples and perspective in this article or section may not represent a worldwide view of the subject. Please [ improve this article] or discuss the issue on the talk page. achieve their reporting objectives. At the same time, internal audit cannot sacrifice its long-standing long-stand·ing adj. Of long duration or existence: a long-standing friendship. long-standing Adjective existing for a long time role in promoting risk management and using operational audits to improve organizational efficiency. THE IDEAL CANDIDATE When hiring a CAE, companies should look for someone who combines strong management and leadership skills with solid technical expertise. This ideal candidate is more than just a technical auditor auditor n. an accountant who conducts an audit to verify the accuracy of the financial records and accounting practices of a business or government. A proper audit will point out deficiencies in accounting and other financial operations. . When looking for Looking for In the context of general equities, this describing a buy interest in which a dealer is asked to offer stock, often involving a capital commitment. Antithesis of in touch with. a new audit chief--or evaluating the performance of an existing one--the audit committee and senior management should focus on three critical qualifications: The candidate's ability to earn the respect of the audit committee and senior management. Because internal auditors Internal auditor An employee of a company who analyzes the company's accounting records to that the company is following and complying with all regulations. must be comfortable operating at a strategic level, a CAE must be perceived as a trusted adviser to both the audit committee and senior management. However, because internal control goes beyond financial reporting, operational managers need to accept internal audit as leaders in addressing risk and governance in a way that goes beyond mere policing and testing of internal controls. Sample questions to ask a candidate: In what kind of situations have you advised management or the audit committee on a strategic issue? How would you reconcile the sometimes divergent di·ver·gent adj. 1. Drawing apart from a common point; diverging. 2. Departing from convention. 3. Differing from another: a divergent opinion. 4. roles of auditor and adviser? What activities would you initiate to position yourself as an adviser to the audit committee? The range of skills, including personal independence and objectivity. An effective CAE needs to demonstrate a solid understanding of the company's business, core strategies, risk appetite and risk tolerances. He or she must be able to exercise sound business judgment and partner effectively with senior management while at the same time remaining both independent and objective. The need for in dependence and objectivity is fundamental. CAEs must be willing to raise difficult issues with both senior management and the audit committee, even if that proves unpopular. To gain management respect, CAEs must make tough calls and stand by them. However, CAEs who describe all issues as significant will quickly lose support. While auditing often is correctly viewed as a technical function, the softer audit skills are equally critical. Interpersonal skills "Interpersonal skills" refers to mental and communicative algorithms applied during social communications and interactions in order to reach certain effects or results. The term "interpersonal skills" is used often in business contexts to refer to the measure of a person's ability are particularly important in building effective working relationships with management and the audit committee. CAEs must be able to think strategically about the internal audit function, its mission and its strategic resources, including attracting highly qualified staff. CAEs must have a vision for the internal audit function that accepts change as part of an ongoing process throughout the organization. Staffing must mirror the critical issues the organization faces and often requires sophisticated and knowledgeable audit staffs to address the company's risks effectively. One of the chief attributes of effective CAEs is the ability to attract and develop talent and to build a high-quality staff whose members can work effectively in teams. In many organizations internal audit also serves as a source of management talent for other departments. To help the CAE perform this sourcing role, it's it's 1. Contraction of it is. 2. Contraction of it has. See Usage Note at its. it's it is or it has it's be ~have important to make it clear he or she functions as a member of top management. Sample questions to ask a candidate: What is internal audit's role in an organization? Can you describe a situation where you raised a critical issue to management and how you handled it? How would you partner with management while maintaining your independence and objectivity? What approach would you take to attract and develop high-quality staff?. The right focus. The strategic CAE also must take the lead in advising the audit committee on emerging risk and control issues. In recent years two key factors--the passage of Sarbanes-Oxley and the implementation of reform legislation have focused audit committee attention on financial risks. However companies face many additional risks and audit committees are becoming more sensitive to enterprise-wide risk. As a result, internal audit must look more broadly at risk to help the audit committee understand the risk-monitoring and mitigation MITIGATION. To make less rigorous or penal. 2. Crimes are frequently committed under circumstances which are not justifiable nor excusable, yet they show that the offender has been greatly tempted; as, for example, when a starving man steals bread to satisfy activities the company already has in place and the effectiveness of its overall risk management processes. Sample questions to ask a candidate: How would you assess the risks the organization faces? Are you familiar with the COSO COSO Committee of Sponsoring Organizations of the Treadway Commission COSO Church of Spiral Oak COSO Corporate South COSO Class of Service Override COSO Combat Oriented Supply Operations (USAF) enterprise risk management framework and how would you apply it? How would you use technology to enhance your ability to monitor risks? How will you help the audit committee be aware of emerging risks? In part, the CAE'S role is a balancing act: He or she must simultaneously serve as the eyes and ears of the audit committee as well as be a member of and partner to executive management. To serve both parties effectively, CAEs must be seen as business partners rather than "corporate cops." To be an effective extension of the audit committee, CAEs need to maintain an open and objective view of management, be seen by it as fair and respect the opinions expressed. On the corporate side, CAEs need to gain the respect and confidence of executive and operational management as a prerequisite pre·req·ui·site adj. Required or necessary as a prior condition: Competence is prerequisite to promotion. n. to being viewed internally as a member of senior management and being included in meetings that address risk and strategy across the organization. ADDITIONAL THINGS TO CONSIDER Here are some key questions to which management and audit committees need to get satisfactory answers when considering CAE candidates who can help the internal audit group adopt a more proactive role in risk management and governance. In candidate interviews and in discussions with their references, companies should use probing questions to develop an understanding of whether the candidates have * The presence and experience to fit into the management ranks at the appropriate level. * The knowledge and business sense required to serve as a trusted adviser to both senior management and the audit committee. * A track record of sound judgment and decision making. * A sufficient understanding of the business and its risks to ensure the audit process is properly focused and responsive to risk. * The personal strength and confidence to stand up to and earn the respect of senior management. ONCE ON BOARD After an organization has hired a high-caliber CAE, the audit committee and top management can do much to enhance his or her stature stature /sta·ture/ (stach´ur) the height or tallness of a person standing.stat´ural stat·ure n. The height of a person. stature the height of an animal in the standing position. and effectiveness. Supportive steps for the audit committee chair, in particular, to consider are * Maintaining ongoing access and dialogue with the CAE outside audit committee meetings. Such communication strengthens the bond between the audit chair and the CAE and helps the committee stay on top of significant risk and control issues. * Asking senior management to attend an audit committee meeting to address issues the CAE raises. Such a request reinforces the significance of the issues and emphasizes that responsibility for resolving the issues lies with management, not the CAE. * Including the CAE in appropriate committee activities, such as training. In some organizations, audit committee members and the CAE attend joint training and conferences to identify new practices or approaches and to strengthen working relationships. * Periodically meeting with the CAE's direct reports or the entire audit department. Such meetings give internal audit staffers first-hand exposure to audit-committee concerns and give audit committee members a better appreciation of staff quality * Holding executive sessions with the CAE. Such interchange An interchange is a location where two things meet, usually perform some kind of exchange, and possibly go on their ways again. It is most commonly used in four contexts:
ADOPTING A STRATEGIC MIND-SET Once a company has a CAE in place, it's time It's Time was a successful political campaign run by the Australian Labor Party (ALP) under Gough Whitlam at the 1972 election in Australia. Campaigning on the perceived need for change after 23 years of conservative (Liberal Party of Australia) government, Labor put forward a for the CAE and the audit committee to make sure internal audit has adopted a strategic, high-level mind-set as opposed to a tactical orientation that focuses on basic transactional or compliance issues. To assure this is happening, there are some key questions the audit committee should ask, including * Does internal audit's risk assessment include the significant risks the company faces and is the audit plan directly linked to those risks? * Does management view the issues internal audit is raising as significant and give them proper attention? * Is the CAE conversant CONVERSANT. One who is in the habit of being in a particular place, is said to be conversant there. Barnes, 162. and involved with the company's developing business issues and initiatives? * Does the CAE understand our business, its strategies, our expectations and those of senior management, so internal audit can respond effectively? * Is the audit plan sufficiently responsive to emerging risks and changes in the organization's risk profile? * Are the company's internal audit activities being conducted in accordance Accordance is Bible Study Software for Macintosh developed by OakTree Software, Inc.[] As well as a standalone program, it is the base software packaged by Zondervan in their Bible Study suites for Macintosh. with the Institute of Internal Auditor's International Standards for the Professional Practice of Internal Audit? If the answer to any of these questions is "no," the CAE, the audit committee chair and top management should meet to make sure all parties understand what the company expects and come to an agreement on a strategy for meeting these expectations. THE RIGHT PERSON FOR THE JOB Audit committees and senior management can optimize optimize - optimisation the value a company gets from internal audit by putting a well-qualified CAE at the helm. Recent regulatory changes have focused some internal audit functions on narrower compliance-oriented activities, endangering their ability to contribute to effective governance and risk management. Organizations must make sure they have a clear, strategic vision of internal audit and a CAE with the right skills and stature to implement that vision. They need to consider a CAE's qualifications carefully, paying particular attention to skills beyond just technical ones. The organization also must evaluate the effectiveness of the CAE and the audit function in a manner consistent with its strategic expectations. The exhibit below provides an example of a framework companies can use as a starting point Noun 1. starting point - earliest limiting point terminus a quo commencement, get-go, offset, outset, showtime, starting time, beginning, start, kickoff, first - the time at which something is supposed to begin; "they got an early start"; "she knew from the to develop their own expectations. Exhibit Key Performance Criteria for CAEs The audit committee and executive management should make certain they have a common view of the criteria for evaluating the CAE's performance. While each company's list will be customized, here are some key areas to consider in developing a framework. Stature and presence The CAE must have the professional presence and stature to function as a trusted adviser. The CAE should develop and maintain strong relationships internally with executive and senior management, and externally with the audit committee, board, regulators and external auditors. The CAE must maintain continuous and proactive communication with all key constituents while keeping an appropriate level of objectivity and independence. The CAE also must have the personal strength to make tough calls and stick by them. Strategic audit focus The CAE should develop a vision for a strategic internal audit process, addressing the key business strategies and risks to the organization. Strategies should align the audit coverage with risks, including identifying and re acting to emerging risks and issues. The CAE should have a strong knowledge of industry/peer audit practices. The CAE must be capable of operating and viewing issues at a strategic level. Ability to exercise sound judgment and communicate clearly on audit issues The CAE should exercise sound business judgment, prioritize issues and make sure they are handled at the appropriate level. The CAE should raise and communicate in a timely and clear manner significant issues to the audit committee and management with recommendations as to which deserve their immediate attention. The CAE should maintain an appropriate process to ensure the company takes corrective actions in a timely manner. Development of human resources The CAE should attract and develop talent for the internal audit function and the organization as a whole, and create an environment in which internal audit is viewed as a desirable assignment for the long term. Internal audit's activities should be aligned with the organization's overall human resources strategies to optimize the employees' experiences. The environment also should foster a culture that enables the internal audit function to fulfill its role and add value to the organization. Management of technical auditing activities The CAE should ensure the company's audit plan and other critical audit initiatives are being conducted in accordance with applicable professional standards and reflect current business risks and audit requirements as well as emerging industry trends. For critical transactions and initiatives, the CAE should ensure the financials properly reflect the economic substance of the activity. The CAE should ensure the internal audit function has access to appropriate resources and technical skills to execute its mandate. Understanding of the organization's strategy The CAE should make sure the organization understands and addresses its risks. Sometimes the biggest risk is the failure to innovate. A CAE must understand the organization's strategy, how it will measure performance in following those strategies and how to overcome any roadblocks. Practical Tips * Make sure the CAE candidate you hire fits into the management ranks at necessary high-level knowledge to be a trusted adviser to both senior management and the audit committee. * Maintain ongoing communications with the CAE, including activities outside normal meeting such as joint training sessions with audit committee members. * Have the audit committee meet regularly with the CAE's direct reports and hold executive sessions with the CAE to ensure an open assessment of issues and risks. AICPA AICPA See American Institute of Certified Public Accountants (AICPA). RESOURCE AICPA Audit Committee Toolkit Guidelines guidelines, n.pl a set of standards, criteria, or specifications to be used or followed in the performance of certain tasks. for Hiring the Chief Audit Executive (CAE) www.aicpa.org/audcommctr/ toolkitsnpo/Hiring_CAE.htm. RELATED ARTICLE: CAE technical qualifications. In addition to executive-level interpersonal skills and solid business judgment, most companies are looking for these qualifications in a CAE candidate: * At least 10 years of relevant management experience with an accounting firm and/or a similarly sized company. * CPA (Computer Press Association, Landing, NJ) An earlier membership organization founded in 1983 that promoted excellence in computer journalism. Its annual awards honored outstanding examples in print, broadcast and electronic media. The CPA disbanded in 2000. and/or CIA CIA: see Central Intelligence Agency. (1) (Confidentiality Integrity Authentication) The three important concerns with regards to information security. Encryption is used to provide confidentiality (privacy, secrecy). designation. * Strong technical accounting and auditing skills. * Internal audit expertise. * Knowledge of Sarbanes-Oxley and PCAOB, FASB FASB See: Financial Accounting Standards Board FASB See Financial Accounting Standards Board (FASB). and SEC pronouncements. * Deep understanding of the industry and related business risks. * Track record of leadership and ability to stand behind tough decisions. Larry E. Rittenberg, CPA, PhD, CIA, is chairman of the Committee of Sponsoring Organizations of the Treadway Commission
Committee of Sponsoring Organizations of the Treadway Commission (COSO), is a U.S. private-sector initiative, formed in 1985. (COSO) and Ernst & Young Professor of Accounting & Information Systems at the University of Wisconsin Wisconsin, state, United States Wisconsin (wĭskŏn`sən, –sĭn), upper midwestern state of the United States. It is bounded by Lake Superior and the Upper Peninsula of Michigan, from which it is divided by the Menominee at Madison. His e-mail address See Internet address. e-mail address - electronic mail address is lrittenberg@bus.wisc.edu. Richard J. Anderson Anderson, river, Canada Anderson, river, c.465 mi (750 km) long, rising in several lakes in N central Northwest Territories, Canada. It meanders north and west before receiving the Carnwath River and flowing north to Liverpool Bay, an arm of the Arctic , CPA, is a partner, internal audit advisory services advisory services advisory services provided to the public, in their capacity as owners and managers of animals, are an important part of veterinary science. They may be provided by government bureaux, by commercial companies who deal in pharmaceuticals or animals or animal , PricewaterhouseCoopers LLP LLP - Lower Layer Protocol in Chicago. His e-mail address is dick.anderson@us.pwc.com. |
|
||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion