Transcription
Value-Added AuditsSteve Goepfert, CIA, CPAStaff Vice President - Internal Audit, Continental AirlinesIIA Dallas ChapterDallas, TexasNovember 1, 2007
Session HighlightsAdding Value.More Than An Expression On the Forefront of Current Issues Orienting & Educating the Audit Committee Focus on Risk Recruiting and Retention Raising the Bar Other Best Practices
Adding Value:Real Audits .Real Benefits!zOfficer Compensation and ExpenseszEmployee Benefit Programs (Pensions, 401K,Medical, Dependent Health Care Eligibility, etc.)zThird party vendorszContract Compliance (Structured Bid Analysis,Routine Competitive Cost Analysis, etc.)
Adding Value:Real Audits .Real Benefits!Example #1: Construction AuditszzzzLabor rates excessiveTravel & entertainment expenses extremeand not business relatedHourly laborer claims absurdEquipment rental vs. purchases
Adding Value:Highlight Accomplishments!Recoveries000's 3,900Construction AuditsOther IdentifiedOpportunities000's 640-Field Audits:Administrative OfficesAirport Ticket Offices5405206254252801202708010680Corporate Audits:Sales & MarketingAccounting & FinanceOtherTotal 5,630 2,460Example Schedule-For Illustrative Purposes Only
Adding Value:Internal Audit AlumniOver 50 Former Internal Auditors Continue To Add ValueThroughout The Continental Organization VP-CMI Sales & MarketingExJet Chief AuditorCorporate Accounting ManagersFinance Directors & ManagersCorporate Real Estate ManagersInternational Accounting ManagersDining Services ManagerSales & Marketing DirectorsDivision ControllersTechnology Managers
Forefront of Current IssuesSarbanes-Oxley & Corporate GovernanceSarbanes-Oxley Act Section 302 AS5 replaced AS2 Reduced testing with agreement of External AuditorsQuarterly review by Internal AuditAssess disclosure controls CEO and CFO regular management meetingsController MeetingsDisclosure ChecklistLegal SurveysCertification Letters (and backup certifications)Disclosure CommitteesDue Diligence meeting with CEO and CFODisclosure controls rolled into Key Control testing for SarbanesOxley Act Section 404
Forefront of Current IssuesSarbanes-Oxley & Corporate GovernanceSarbanes-Oxley Act Section 404 Assess internal control structure Division Controller updates documentationIA performs validation testing of controls & systems3rd party resources and tools availableOverall assessment of controls, and certification toCEO and CFO by Internal AuditManagement Acceptance Established routine with continuous, directcommunicationTesting coordinated with planned corporate audits(creates efficiencies and synergies)
Forefront of Current IssuesEthical Environment
Audit Committee Orientation –Internal Audit duledCommentsOutstandingXXXATO1/02/07Excellent measures identifiedover cash and accountabledocuments at this ATO.GoodYieldMgmtSystem1/31/07Effective measures observed inthe Revenue (Yield)Management System activities.NeedsImprovementXXXATO9/16/06Within 1 year Enhanced controls over cashhandling and accountabledocuments needed at this locale.For example: Monthly physicalinventory of accountabledocuments is not performed.UnsatisfactoryXXXATO5/6/064th QuarterSee detailed report attached.
Quality Assessment Review (QAR)QAR – Adds Value Senior management and Audit Committeefocus on Internal Audit functionBest PracticesFeedback from customersEveryone gets audited (including the auditors)
Corporate Risk AssessmentEVALUATING THE RISKS(illustration only)HIGHCash MgtXRev MgtXAircraft RentalsXAdvertisingX ImpactPACXEmployee UniformsXLOWCompany StoreXHIGH
Field Risk AssessmentQUANTIFYING THE FACTORS Criteria was established to determine ameasure for the significance of the riskPoint value of risk assigned to each factorHigher point value for each factor translatesto HIGHER RISK
Field Risk AssessmentPOINT SYSTEM DEFINEDSizeHub/Level 1 5Level 2 3Level 3 2Last Audit DateLevel 4 1 5 years 4 4 years 3Mgmt Change 3 years 2 1 year 4 2 years 1 2 years 3 3 years 2 4 years 1UnreportedSales 2,500/qtr 5 1,500/qtr 3 1,500/qtr 1
Field Risk AssessmentPOINT SYSTEM DEFINEDSales Reporting 2 days late 4 2 days late 1DisbursementAccuracy 50% errors 4 25% errors 2 25% errors 1Deposit/TransferFrequencyHigh/High 4High/Med 3Med/High 2Low/Low 1
1st Rule of Thumb in Best Practices Recruit the Best! Big 4 Public Accounting ExperienceAdvance Degrees/Certifications (CIA, CPA, CISA,MBA)Strong Interpersonal SkillsProven Technical ProficiencyPreferred Industry ExperienceCulturally DiverseBilingual Experts
2nd Rule of Thumb in Best Practices Retain the Best -“Focus on Flexibility” Staggered Work Schedules9/80 Work WeeksCompensatory Time OffStaff Input of Preferred Audit Project“Lunch & Learn” Training SessionsTeam Building EventsPeer MentoringPerfect Attendance Program-Ford Explorer RaffleIdentify “other” soft-dollar incentives
Retain the Best -“Training Techniques” Formalized Training Plan (40 hours for Certified;20 hours Non-Certified)Auditing Techniques Project Management Communication at All Levels Professional Affiliation Membership &InvolvementLeadership Development TrainingSurvey learning styles Solicit input for new ideas Study pitfalls and mistakes
Even More Best Practices WeStarted Audit Rating SystemAudit Honor Roll“Outstanding” Plaques“Other” CompanyPersonnel participateon auditStaff to AuditCommittee Meetings Executive of the MonthRecruitment ReferralBonusesCasual Work EnvironmentProfessional AffiliationEnrollmentMonthly staff meetingsAudit Process SatisfactionSurvey“Try Something New!”
Questions and Answers
Sarbanes-Oxley & Corporate Governance Sarbanes-Oxley Act Section 404 Assess internal control structure Division Controller updates documentation IA performs validation testing of controls & systems 3 rd party resources and tools available Overall assessment of controls, and certification to CEO and CFO by Internal Audit Management Acceptance
