Audit Committees 2012 - Amazon Web Servicesdoc.housing.org.uk.s3.amazonaws.com/Presentations... ·...

Audit Committees 2012

BREAKOUT 2:

Getting the most from your assurance

sources

Speaker: Bill Gill Director, BG Audit and Consultancy

Chair: Kelsey Walker Strategic Regulation Manager, Homes and Communities Agency The Social Housing Regulator

BG AUDIT & CONSULTANCY

Getting the most from your

assurance sources

Bill Gill

BG Audit & Consultancy


Session

Assurance – key message within HCA new

regulatory framework

Maximising effectiveness and efficiency

Practical solutions on how to maximise

outputs

Ensuring focus remains on key business

objectives and risks


What has been going on in

the outside world?


Government policy


New regulatory regime

Economic and consumer standards

New standard on value for money

Focus on financial governance

Risk based model

Limited resource to return to detailed

regulation of the past

HCA stretched due to complexity of issues


Regulation

Boards assumed to be in control

Assurance needed on:

Key risks

Systems of internal control

Governance arrangements

Achievement of organisational objectives

Customer service

Staff satisfaction


Key regulatory questions

Appropriate strategic business plan?

Understand external operating environment and markets?

Financial plan supports delivery of strategic objectives?

Understand risks to delivery of objectives and get sufficient assurance.

Demonstrate value for money?

Track record of delivery?

Transparent and accountable and uses challenge to drive up performance?

Organisation effectively led and controlled?


Co-regulation

HCA need to provide assurance to

external stakeholders and investors

Minimise regulatory interference by

understanding what regulator needs in

terms of assurance

Benefits accrue to the organisation

Board increase comfort levels

Customer scrutiny of consumer standards


HCA focus

Clearly on financial governance

Increasing complexity

Shotgun weddings not as straightforward

any more

Boards do not want to get into this

position

Quality, independent assurance provides

a solution


Assurance


What is assurance?

Statement intended to inspire confidence

Freedom from doubt

What external agencies are looking for

Only ‘reasonable’ assurance/confidence


Assurance activity

Defined as:

“An activity providing objective and

impartial information or an opinion

relating to the adequacy and

effectiveness of the processes and

procedures in furtherance of the

organisation’s objectives”


Assurance sources

in the past • External regulation

• Inspection regime

• External audit

• Internal audit

• Board oversight

• Service improvement

• Key performance

indicators


Assurance sources

in the future?

• Continuous auditing/control systems

• Information technology

• Smarter risk management (multi-variant

sensitivity)

• Customer scrutiny reports

• External accreditations

• Outcome focused performance monitoring


Shift in resources

• Assurance wanted at lowest cost

• Lack of regulatory reporting

• Increasing complexity for Boards

• Need for customer focus at front-line

• How much assurance needed?

• Importance of co-ordination of effort

• Where is value obtained from?


Assurance provides

• Early warning system

• Ability to triangulate evidence

• Reality check

• Comfort to the regulator

• No total guarantee though


What does your Audit

Committee do?


Standard practice

Reviewing out of date information

Look at documents in isolation

Fail to challenge consultants

Scopes of work, especially internal audit,

not clearly understood or reviewed

sufficiently

Focus on recommendations


Greater focus

Assurance co-ordination and reporting

Fraud investigation and reporting

Governance reviews

Value for Money remit

Closer involvement with information

technology and people management

Greater role for Audit Committee within

HCA regulatory framework


Performance and control

• Poor performance often sign of weak

control or management issues

• Top performing organisations are self-

aware about strengths and weaknesses

• Review performance of assurance

providers

• Where is your assurance focused?


Times are changing

Regulation not providing level of

assurance required

Need to provide assurance within business

External audit – more caveats less

assurance

Internal audit - resources being reviewed

Resident scrutiny – key to assurance on

consumer standards?


Continuous assurance


What are the issues

Real time assurance

Management information systems - are

they adequate?

Performance management software –

daily updates

Trigger points

Need to look at reporting detail/timescales

Focus on key risks/issues


Co-regulation

Boards responsible for meeting

standards

Being transparent and accountable

Providers support customers to shape

and scrutinise service delivery

Hold boards to account

Growth in influence of customers

Improving quality of scrutiny work

undertaken


Real co-regulation

Do you utilise any customer scrutiny work within

your annual assurance statement?

Are customer inspector/customer auditor reports

reviewed when planning internal audits/service

improvement reviews?

Are work plans shared and agreed at Audit

Committee?

Does internal audit/service improvement work

alongside scrutiny arrangements?

Are performance reports utilised by customers?

BG AUDIT & CONSULTANCY Risk Management


Strategic risks

BG AUDIT & CONSULTANCY Operational risks

BG AUDIT & CONSULTANCY Project risks

BG AUDIT & CONSULTANCY Managing dynamic risks?


What do you need?

Aware of environment

Well equipped

Experienced

Constantly monitoring situation

Scenario testing

Back up plan

Feel the fear and do it anyway!


Risk

No

Categor

y

Risk Brief Description Inheren

t

Impact

Inherent

Likeliho

od

Inheren

t Score

(I x L)

Existing Controls Control

Owner

Residual

Impact

Residu

al

Likelih

ood

Residu

al

Score

(I x L)

Key Actions

Required

Responsi

bility

Deadli

ne

1

Governa

nce

Lack of

strategic

direction

This may arise

from a weak

Executive or a

weak Board and

will lead to poor

governance. This

also can result

from divisions

within the Board. 5 4 20

Board training

programme.

Guidance on new

regulatory

framework.

Communi

cations &

Governan

ce

Manager 4 3 12

Board appraisal

process.

Communi

cations &

Governan

ce

Manager

01-

Aug-10

2

Governa

nce

Fail to

change

the

culture

Insufficient culture

change will

prevent NCH

achieving its

objectives and

making the

necessary step

changes in

performance and

value for money 5 4 20

Corporate training.

Appraisal and

performance

management

system.

Director of

Corporate

Services 4 3 12

Complete cultural

change

programme.

Implement a

performance driven

management

system.

Director of

Corporate

Services

01-

Mar-11

3

Governa

nce

Lower

political

priority

Changes in

national and local

politics may

reduce the

importance given

to housing. This

may also have

implications for

the dowry. 4 3 12

Lobbying of local

politicians.

Community Cymru

raising profile of

social housing.

Chief

Executive 4 3 12

Raised profile for

social housing in

South Wales

Chief

Executive

01/06/2

011

4

Governa

nce

Reputati

on

suffers

Poor decisions by

the Board or the

Executive result in

the reputation of

the organisation

being affected.

Also a breakdown

in the relationship

with the Council

could affect

reputation. 4 4 16

Regular meetings

with the Council to

keep them

informed of

progress.

Chief

Executive 3 3 9

Better liaison with

local Councillors

Chief

Executive

01/09/2

011

Risk Register


Problem with registers

Often managed by a single person

Appear static

Input often only from senior staff

Regular (irregular) review

Escalations often outside the process

Limited linkage to ‘golden thread’

Can lead to ‘point in time’ risk

management


Risk reporting

Often not formalised

Usually quarterly reviews of register by

executives and Audit Committee

No formal reporting of progress in

implementing controls

Not tied into other operational reporting

Often does not do anything to help embed

risk into the business


Improved risk management

Multi-variant analysis – use software to assist

More discussion of ‘emerging risks’

Boards members using time to scenario plan

Need to ask ‘what if and why’ rather than

‘when, how and what’

Horizon scanning vital

Board members can offer more value by

looking at risks not already in the risk register


Solution Continual risk management

Involvement from all levels within an

organisation

Linkages to objectives at each level of the

business

Regular reporting

Escalations built into the process

Embedded into the culture

A ‘living’ process


Performance management

systems

Proliferation in recent years

Many incorporate risk management

modules

Enables organisations to maintain their

‘golden thread’ through a host of strategies

and plans

Visual link to the objectives established by

the Board


Advantages

Allows all parts of the business to collaborate

Enables visualisation of risks, improves

transparency and visibility

Enables pro-active management of risks and

controls on an on-going basis

Assists with bringing a consistent approach to

assessment

Raises risk awareness throughout an

organisation


Risk management –

a way of life


Management

reports

External

accreditations

HCA

Customer

scrutiny

Benchmarking

External audit

Assurance

Board review

Other

regulators

Where do you get your

assurance from?

Performance

management


Assurance maps

‘Three lines of defence’ mapping for key

strategic risks

Assurance co-ordination mapping across

business

Extrapolation of risk register with

objectives, risks and controls


Three lines of defence

First line : business operations - risk and

control in the business (Risk control)

Second line : risk management and

compliance functions (Risk management)

Third line : internal audit and other

independent assurance providers (Risk

assurance)

Ensure appropriate mix of coverage


Assurance co-ordination

Areas of the business, linked to strategic

objectives

Mapped against sources of assurance

Consider quantity and quality of assurance

Cost of each form of assurance can also

be considered

Provides picture of assurance gaps and

also time and cost of gaining assurance


Putting a value on assurance

Have you evaluated how else the

association could obtain the assurance

provided by internal audit?

Have you identified the level of assurance

that the Board are satisfied with and hence

the level that internal audit needs to

provide?

Is the organisation maximising the

assurance from other sources?


Internal audit

• Audit scopes

ambiguous

• Fail to cover what they

say they do

• Too many control

failures occur in areas

that internal audit have

reviewed

• Quality rarely really

assessed


Future of assurance

• Audit Committees in control

• Objective rather than subjective decision

making

• Intelligent controls required rather than

layers of management

• Close influence on where assurance time

should be spent

• Report back on where actually spent




Quotes

“Yes, risk taking is inherently failure-prone.

Otherwise, it would be called sure-thing taking.”

Jim McMahon

“Take calculated risks. That is quite different from

being rash.”

General George S Patton


Conclusion

Audit Committees define the level of

assurance they want

Internal audit main source but customer

scrutiny useful addition

Important to get value from assurance

Match skills and cost to level of risk and

complexity

Self awareness is the new scrutiny – look

before you leap!


Any

comments/questions?

Date post:	07-Jul-2020
Category:	Documents
Upload:	others
View:	0 times
Download:	0 times

Audit Committees 2012 - Amazon Web Servicesdoc.housing.org.uk.s3.amazonaws.com/Presentations... ·...

Documents