U N I Q U E   T O P I C S

CS 1-12
Building a Risk-based Audit Inventory in a Global Financial Services Institution
Gaurav Kapoor, MetricStream
John Nolan, UBS Investment Bank Audit

UBS, one of the world's leading financial services institution, was faced with replacing the IT infrastructure for its Internal Audit function globally. A key challenge was the definition and implementation of a new generation audit inventory and risk assessment platform. This session provides information on how UBS approached the task and implemented an audit inventory which is fully aligned with and indeed drives the risk based audit approach. The session also provides an overview of how UBS used the software upgrade to leverage the possibilities offered by an integrated audit system platform that supports each step in the audit process.

In this session, participants will learn:

  • What does risk based audit approach actually mean?
  • How can an audit inventory help drive a risk based audit approach?
  • What are the key challenges when implementing a new IT platform for Internal Audit?

FIELD OF STUDY: AUDITING

CS 2-12
Effective Sizing of Internal Audit Activities: A Conceptual Model Beyond Benchmarking
Margaret Christ, University of Georgia
Larry Rittenberg, University of Wisconsin

Organizations often struggle to determine an optimal size of an internal audit activity. They want to know: How large should our internal audit function be? How do different organizational objectives affect the size of an internal audit function? In this session, we report the results of our study to develop, and subsequently test, a conceptual model to predict the effective size of an internal audit function given the unique characteristics, mission, personnel, and quality profile desired for the function.

In this session participants will:

  • Describe the key factors of internal audit that are important to determining the effective-size of internal audit.
  • Describe the development and testing of the conceptual model for the effective sizing of internal audit.
  • Report the results of the tests of the conceptual model.
  • Demonstrate the effective-sizing tool.

FIELD OF STUDY: BUSINESS MANAGEMENT AND ORGANIZATION

CS 3-12
ERM in the Post-credit Crisis Environment: Lessons Learned for Long-term Sustainability
Mark Beasley, North Carolina State University
Jennifer Burke, Crowe Horwath

A number of poor risk management practices have come to light through the credit and economic crisis. Many organizations instituted quick fixes and short-term reactionary actions like dividend and job cuts to bolster balance sheets and performance; however, these decisions may hurt long-term sustainability. This presentation will discuss Enterprise Risk Management (ERM) as a long-term solution for financial institutions.

In this session, participants will learn:

  • The evolution of risk management in financial institutions through the credit crisis.
  • Impacts of regulatory changes, challenges in implementing a robust ERM process.
  • The importance of implementing ERM concepts for long-term sustainability in today's uncertain, unprecedented environment.

FIELD OF STUDY: MANAGEMENT ADVISORY SERVICES

CS 4-12
Best Practices in Managing eDiscovery and Data Retention Risks
Johhny Lee, Grant Thornton

Electronic Discovery (“eDiscovery”) can be a time-consuming, burdensome, and costly undertaking for your company. Studies reveal that nearly 90% of U.S. corporations are engaged in lawsuits and that the average U.S. company faces 305 such suits at any given time. Corporate law departments are struggling to keep pace with the recent changes to the Federal Rules of Civil Procedure (“FRCP”) governing eDiscovery, increased regulatory compliance issues, and the sheer volume of data created in today’s digital environments. Despite these obstacles and the significant costs that result, studies indicate that almost 60% of organizations have no formal program in place to manage their legal discovery risks.

In this session, participants will learn how to:

  • Understand the eDiscovery Landscape.
  • Describe the Business, Litigation, and Compliance drivers for Data Retention.
  • Apply traditional maturity models and best practices to Data Retention concepts.
  • Understand state of the art for Data Management / Discovery technologies.
  • Articulate the crucial role of Internal Audit in Data Retention compliance.

FIELD OF STUDY: COMPUTER SCIENCE

CS 5-12
Risk Transformation: The Need for Integration
Todd Tueller, Ernst & Young

The number of risk functions has increased to keep pace with the many compliance requirements and in response to key events. Seventy-three percent of companies have seven or more separate risk functions. Sixty-seven percent of companies reported that they have overlapping risk coverage with two or more risk functions. Most companies agree that coordination of risk functions will drive improved agility and risk response to complex and increasing business challenges.

In this session participants will learn how to:

  • Gain knowledge on leading practices on what other companies are doing to transform their risk functions.
  • Learn from several practical examples on how companies are implementing lasting change toward integrating.
  • Achieve a sustainable and responsive risk management organization.

FIELD OF STUDY: BUSINESS MANAGEMENT AND ORGANIZATION

CS 6-12
Conflict Management and Negotiation Skills
Joan Pastor, JPA International, Inc.

An excellent auditor is going to have excellent conflict management and negotiation skills, because there are so many areas in your work where they are needed! It’s as simple as that (plus the American Management Association isolates conflict management and “people problem-solving skills” as a core competency critical for career success).

In this session participants will learn:

  • The good and bad news about conflict.
  • The single biggest cause of conflict between people.
  • Your own conflict management style, with its strengths and challenge areas.
  • Other conflict management and negotiation styles, along with dozens of strategies and secrets for resolving conflicts and developing more collaborative relationships with clients.
  • How to know the difference between “difficult” and truly “manipulative” people.
  • Two specific techniques for handling upset people and their emotions.

FIELD OF STUDY: PERSONAL DEVELOPMENT

CS 7-12
Assurance Fatigue
Rob Newsome, PricewaterhouseCoopers

Organizations are experiencing assurance fatigue with many auditors, consultants, compliance officials and regulators all reviewing aspects of the business and operations. This results in significant disruptions to the normal work processes and confusion as to which findings to take action on. In addition, the findings of the different assurance providers are not always reaching the appropriate management or governance forum. How are the assurance efforts coordinated? How should internal audit take on the role as the champion of combined assurance - or as the "supreme assurance provider"?

After this presentation, participants will:

  • Understand the fatigue.
  • Identify who are the assurance providers.
  • Identify to whom they report.
  • Understand combined assurance and assurance provider cooperation.
  • Understand a practical 5 step approach for implementing an effective combined assurance approach.

FIELD OF STUDY: MANAGEMENT ADVISORY SERVICES

© 2009 The Institute of Internal Auditors | Atlanta photos © AtlantaPhotos.com