1 / 20

Performing Governance Assessments

Performing Governance Assessments. Myrk Harkins CIA, CBM. Agenda. Who Is Myrk Harkins? A little about the Southern Company Risk Based Auditing Governance Model. Myrk Harkins. Director of Internal Auditing West Bachelor of Science Civil Engineering

otis
Télécharger la présentation

Performing Governance Assessments

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Performing Governance Assessments Myrk Harkins CIA, CBM

  2. Agenda • Who Is Myrk Harkins? • A little about the Southern Company • Risk Based Auditing • Governance Model

  3. Myrk Harkins • Director of Internal Auditing West • Bachelor of Science Civil Engineering • Certified Internal Auditor & Certified Business Manager • 33 Years Experience with Southern Company • Power Plant Construction • Plant Operations and Maintenance • 10 Years Internal Auditing

  4. The Southern Company • 4.3 Million Customers • Alabama Power, Georgia Power, Mississippi Power, Gulf Power, Southern Power & Southern Link • 42,000 MW of Generation (1 MW = 600 Homes) • Revenue of $14.3 Billion • Net Income of $1.6 Billion

  5. Southern Company Internal Auditing We are a Risked Based Audit Organization

  6. Likelihood Scope of Control Sample CompanyEnterprise Risk Management Risk Placement Guidelines: Place risk here if…: $$$ RED…focused management attention is required Current Level of Residual Risk YELLOW…on-going active monitoring by management is required Materiality of Impact Qualitative estimate of the potential risk’s impact on the specific function/entity GREEN…current management action is sufficient $

  7. 2007 Sample Company Risk profile $$$ Environmental legislation or regulation Loss of constructive state regulatory environment 10 4 Nuclear 1 Governance failure 3 2 11 6 Exposure to fuel price/availability Strategy selection and implementation Change in federal regulatory or legislative policy Execution of the financial plan 7 5 Materiality of impact 8 Workforce issues Catastrophic business interruption 9 Deterioration of corporate image $ Likelihood

  8. 2007 Sample Company Fraud risk profile Inappropriate Capitalization of Expenses 4 False Compliance Reporting (EPA, OSHA, FERC, etc. 1 Political (Bribery of Public Officials, Illegal Contributions) 2 3 Improper Use of Estimates and Judgments Strategy selection and implementation 6 Competitive Practices (Unfair Competition – Antitrust, Violation of Territorial Service Agreements, Wholesale Competition) 7 Inappropriate Executive Compensation Materiality of impact 8 Intentional Mistreatment of Affiliate Transactions 5 Vendor Fraud (Bid Rigging, Kickbacks, etc. 9 Employee Fraud/Misappropriation of Assets $ Likelihood

  9. Audit Planning Process SOCO Risk Profile Annual Residual Risk Assessment Engagement Risk Assessment Audit Fraud Risks Engagement Risk Assessment Annual Audit Plan Audit Executive Input IA Staff Input Audit Engagement Risk Assessment

  10. COSO Southern Company’s Control Framework

  11. Understanding Governance What is Governance Governance is composed of the key business processes utilized by representatives of an organizations stakeholders (e.g. Shareholders (BOD), management, etc.) to optimize value by providing reasonable assurance that an entity achieves it business objectives. SOCO ERM Program broadly defines governance as those business processes, internal controls, decision tools, oversight structures and corporate culture elements (Southern Style) that reasonably ensure achievement of the Company’s goals and objectives. (ERM at SOCO = Our Methodology for Managing the Business)

  12. A Simplified Approach to Governance(Company, Functional Activity, Business Unit, etc.) • Everything Starts with Business Objectives • Identify and Evaluate Significant Risks (Anything that could prevent achievement of business objectives) • Business Processes (Internal Controls & Governance Processes) to Reasonably Ensure Achievement of Business Objectives • Assurance (Monitoring Level of Achievement and Reporting)

  13. Business Objectives Risk Assesment Assurance Business Processes A Simplified Approach to Governance Tone at the Top Information Communication Information Communication Information Communication Information Communication

  14. Objective Setting “What are you trying to accomplish” • Strategic • Operational • Reporting • Compliance • Mission, • Purpose • Strategic Direction & Business Plan • Goals

  15. Internal Environment “Tone at the Top” • Risk Appetite • Management Commitment • Ethics • Competence • Responsibilities and Accountability

  16. Risk Assessment Process “What is going to keep you from your goals” • Identification • Assessment • Response

  17. Business Processes • Control Activities • Company Policies • Procedures / Guidelines • Internal Controls • Information and Communication • Appropriate • Availability • Accurate / Complete • Timely

  18. Assurance“Monitoring” • Ongoing Activities • Supervision • Performance Measurement & Reporting • Assessment Processes • Self • Corp. Oversight (Internal Auditing) • Independent • Reporting Deficiencies • Follow Up & Corrective Actions

  19. Practical Application • Any Audit or Consulting Project

  20. Questions & Comments Myrk Harkins (rmharkin@southernco.com) Phone – (205-257-2135)

More Related