June 2008 Audit Committee’s Top 10 PrioritiesPage 1
Priority # 1. Communication
► Chief Executive Officer
► Chief Financial Officer
► Other Management board members
► Auditors
► Chief Risk Officer / Head of Internal Control
► Head of Corporate Development
► Inside and outside counsel
► Head of IT / Chief Information Officer
► Tax Officer
► Head of Purchasing
► Head of Sales http://kudrin.ru
Tel.: +7 (985) 970 5654
June 2008 Audit Committee’s Top 10 PrioritiesPage 2
Priority # 2. Effective Internal Audit
Purposeand
Mandate
Competency Development
ResourcingSustaining People
Excellence
Tools and Technology
Operations
MethodologyKnowledge
Management Quality
Infrastructureand Operations
People
Governance
June 2008 Audit Committee’s Top 10 PrioritiesPage 3
What Are Our Clients Telling Us About Their Current IA Challenges?
► Expectations of the IA function are increasing
► Risk assessment and audit planning - coverage of the “right risks”
► Audit coverage in areas requiring special knowledge -contracts, major capital programs, fraud, IT, acquisitions, tax
► “War for Talent”: staff recruitment, development, career-pathing and retention
► Adding value through process and control improvement recommendations, sharing of best practices, and assisting to implement major change initiatives
► Maintaining proper investments in internal audit methodology, technology, knowledge, and learning programs
► High quality audit coverage provided around the globe
http://kudrin.ru
Tel.: +7 (985) 970 5654
June 2008 Audit Committee’s Top 10 PrioritiesPage 4
Priority # 3. Organization’s Key Business Risks Are Recognized
Compliance
Operations
Financial
Strategic
Market StructureGovernance
Stakeholder
Information
management
Systems
Intellectual
property
Legal
Process
Physical
assetsPeople
& CultureMarket
Liquidity
& Credit
Reporting
Capital
structure
June 2008 Audit Committee’s Top 10 PrioritiesPage 5
Priority # 4. Ensuring Effective Risk Management
Earnings and Operating Margins
Asset and Capital Management
Revenue and Market Share
Reputation and Brand
Keep Us Out of Trouble
Make Our Business BetterBu
siness
Strat
egy
Business Driversand Initiatives
Execu
tive M
anage
ment
Risks OversightActivities
COORDINATED APPROACH TO RISK
ALIGNED TO BUSINESS DRIVERS
Finance
Tax
Legal
IT
Transactions
Compliance
InternalAudit
Other Risk Functions
Other Committees
AuditCommittee
Board
Assess
Improve
Monitor
Executive Management
Internal Control
New Product Development
Opera
tions
and B
usine
ss Un
its
Gain NewBusiness
Procurement
Production
Distribution
CustomerSupport
Supp
ort Fu
nctio
ns
Monit
oring
and C
ontro
l Fun
ction
s
HR
Achieve Business
Objectives
Strategic
Operations
Financial
Compliance
Overs
ight
Coverage
Coordination Across The “Lines Of Defense”
June 2008 Audit Committee’s Top 10 PrioritiesPage 6
An Ernst & Young survey of board members listed the five “best practices for risk management” as:
Risk Management Leading Practices
1. Clear ownership of risk within the company
2. Appropriate internal mechanisms to
discuss/communicate risk
3. Formal process to identify risks specifically relating
to corporate objectives
4. Active board-level involvement in managing risk
5. Specific policy governing communications on risk
with major investors and other external stakeholders
Source: Ernst & Young, Board Members on Risk Survey
June 2008 Audit Committee’s Top 10 PrioritiesPage 7
Priority # 5. Internal Control Framework Assessment
Strategy
& Mandate
Monitor
Governance
People
Methods & Practices
June 2008 Audit Committee’s Top 10 PrioritiesPage 8
Evaluating Internal Control Components
Tone At The Top
Strategies & Objectives
Policy & Procedures
Organizational Structure
Communication
Governance People Methods & Practices
Culture
Alignment & Coordination
Competence & Capabilities
Roles & Responsibilities
Performance Measurement
Risk Identification & Assessment
Control Design & Effectiveness
Process Improvement & Efficiency
Monitoring & Escalation
Reporting
June 2008 Audit Committee’s Top 10 PrioritiesPage 9
Priority # 6. Organizational Ethics / Fraud Prevention
Assess
• Determine whether each
program element has been
implemented
• Determine whether each
program element meets its
objective
Improve
• Aid in implementing program
elements
• Assist in executing program
elements
Monitor
• Periodically test the
effectiveness of program
elements
Communicate
Assess
Impro
veMonitor
ReactiveProactive Setting the Proper Tone
Code ofEthics
FraudPreventionPolicies
FraudRisk
Assessment
FraudControls
Monitoring
FraudAwarenessTraining
FraudResponse
Plan
http://kudrin.ru
Tel.: +7 (985) 970 5654
June 2008 Audit Committee’s Top 10 PrioritiesPage 10
Priority # 7. Financial Reporting Accuracy
Concerns about financial accuracy may include:
►completeness of financial disclosures
►significant business and accounting policy changes
►correct and truthful reporting
►interim reviews of financial statements
►monitoring auditors’ independence
http://kudrin.ru
Tel.: +7 (985) 970 5654
June 2008 Audit Committee’s Top 10 PrioritiesPage 11
Priority # 8. Ensuring Tax Risks Are Measured
Keep Us Out of Trouble
Make Our Business Better
• Tax provision process • Tax internal controls • Tax accounting and reporting• Forecasting
• Tax compliance process• Filing requirements• Controversy management
• Transfer pricing• Indirect taxes• Customs and duties• Human resources taxes• Tax department operations• Tax embedded in business processes
• Planning and transactions• Due diligence and structuring• Tax management and governance
Exe
cuti
ve M
anag
emen
t
Foreign and DomesticDirect and Indirect Taxes
Identify and
Prioritize Tax
Risks
Assess
Improve
Monitor
Mitigate Tax Risks and Improve Performance
People,
Processes,
Controls,
Technology
Achieve
Business
Objectives
Strategic
Compliance
Financial
Operations
Strategic
Operations
Financial
Compliance
June 2008 Audit Committee’s Top 10 PrioritiesPage 12
Why is Tax Such a High Risk Area?
► Every transaction has tax consequences that vary by jurisdiction and constantly change
► Complex rules under tax laws and accounting
► Significant use of estimates and judgment
► Financial reporting systems often based on management reporting, not legal-entity basis
► Lack of control over data inputs
► Lack of communication among tax, financial accounting, and budgeting
► Lack of accountants trained in tax-related standards
► True-up in following year may cause restatement issues
► Increasing focus as move to risk-based approach
► Conflicting objectives of regulatorshttp://kudrin.ru
Tel.: +7 (985) 970 5654
June 2008 Audit Committee’s Top 10 PrioritiesPage 13
Priority # 9. Ensuring Compliance with Laws & Corporate Governance Rules
► Review the system for monitoring compliance with laws and regulations
► Establish procedures for submission, receipt, retention and treatment of complaint regarding accounting, internal accounting controls, or auditing matters
► Review the findings of examinations and audits
► Review the process for communicating the code of conduct to company personnel
► Obtain regular updates from management and company legal counsel
http://kudrin.ru
Tel.: +7 (985) 970 5654
June 2008 Audit Committee’s Top 10 PrioritiesPage 14
Priority # 10. Conflict of Interest and Inside Information
Audit committee’s means of getting ensured:
► Ongoing independent monitoring over conflict of interest is
essential
► Internal and external auditors are to be involved
► Policy requiring written notice of insider sales should be
adopted
http://kudrin.ru
Tel.: +7 (985) 970 5654
June 2008 Audit Committee’s Top 10 PrioritiesPage 15
Speakers
Martin Wiedemann
Partner, Head of Business Risk
Services, Russia & the CIS
Vasily Kudrin
Senior Manager, Business Risk
Services, Russia & the CIS
http://kudrin.ru
Tel.: +7 (985) 970 5654