On Target | JAMAR 

In this Oct 2003 issue of On Target :

• The Wider Strategic Management Audit Issues (Part 3)

• 2003-2004 Executive Committee Members

• What's On

• Bookshelf

In the last two issues of ON TARGET we reviewed the various components of a Strategic Audit, and the issued raised for management accountants. In this issue we continue the discussion on the issues, specifically pertaining to the managerial aspects.

Effectively Using Audit Resources :

Due to the compliance deadlines of the Sarbanes- Oxley Act of 2002 an organization’s internal and IT audit resources need to be prepared, educated and trained to confirm that the organization’s financial disclosures reflect all material correcting adjustments and all material off-balance sheet transactions. Many organisations will need to leverage the immediate internal audit resources to address the Sarbanes-Oxley compliance requirements as well as simultaneously completing the annual schedule of internal audits and ad hoc special projects. Such firms will need to examine how to manage, identify and select third-party vendors and outsourcers to meet organizational goals and objectives, and to explore how to reduce scope and project creep caused by resources and customers. There are proven methodologies and known tools to assist in the effective measurement of these processes. Further issues in this area include:

• Identifying resource requirements to meet current planned, assigned and unscheduled initiatives

• Utilizing internal customers or external vendors to assist in the completion of annual internal audit schedule

• Assuring appropriate and qualified resources have been selected to complete internal audits

• Effectively managing and evaluating not only internal audit resources, but third-party or outsourced vendors

• Evaluating the effectiveness and success of the internal audit department
  

Managing Expectations of the Audit Committee :

The impact of recent legislative initiatives, as they relate to the audit committee’s agenda, and some of the challenges audit directors’ encounter in managing their expectations needs to be explored. This includes an evaluation of current trends and issues that have radically reshaped the level of interest in audit committees, the best practices, internal and external auditors’ objectives, as well as the role of technology within corporate environments. Communication techniques and approaches that can enhance overall approach to managing internal controls need also to be considered. Managing the audit committee’s expectations will require developing and presenting effective IT governance as well as corporate governance models that audit committee members can appreciate fully. Related issues include:

• The regulatory environment and the impact of legislative initiatives on the audit committee’s agenda

• How to effectively apply existing internal control frameworks (COSO, COBIT) to the overall audit strategy and effectively communicate these concepts to the audit committee

• The impact technology has on the control environment

• Key points to communicate to senior executives about internal and external auditors’ considerations

• Examining the characteristics of audit committee members when developing a communication strategy
  

Enabling Communication between the Internal and External Audit :

In order to effectively and efficiently assess the risks and controls associated with all of the auditable units in the technology environment, organisations must have communication between the external and internal audit functions. Communication between internal audit and external audit should begin at the start of planning for both the internal and external upcoming annual audit cycles and should continue throughout the execution of the audit and the reporting of audit findings. Stakeholders need to define and compare the internal vs. external auditor roles and how these roles may be communicated effectively to management, and examine the professional literature with respect to the relevance on internal audit work by the external auditor. Specifically the Sarbanes-Oxley Act as it relates to internal control and reporting issues should be explored, and its impact on regulating matters in the accounting profession. Consideration must be given of the steps to take to enable communication between external and internal audit functions at each phase of determining and implementing the audit plan. Further issues to consider are:

• The boundaries, if any, between internal and external audit

• The roles and responsibilities of the internal auditor vs. the external auditor

• The appropriate communication channels between internal and external audit

• Knowledge sharing opportunities and points of integration between internal and external audit

• When and what to communicate between internal and external audit
  

Enterprise Security Return on Investment Methodology :

Information assets must be protected, but at what cost? Moving beyond protection, do value-added metrics exist to justify your organization’s investment in information security? There are numerous models available for evaluating and demonstrating information security’s value proposition including: performance measurement, costs-benefit analysis and return on investment (ROI). Enterprise investment in information security has also traditionally been difficult to cost justify. There are three well known models for evaluating enterprise security ROI: risk mitigation and control effectiveness; cost containment and performance efficiency; and strategic support and revenue enhancement. Using such strategic and analytical tools, organisations need to develop a methodology to evaluate and demonstrate information security’s value proposition including performance measurement, cost-benefit analysis and ROI. Thus, organisations need to specifically consider:

• Evaluating ROI methodologies using techniques for performing cost benefit analyses

• Linking business objectives to security objectives to achieve ROI

• Balancing qualitative and quantitative performance metrics

• Presenting ROI and performance to executive management
  

Bringing Value to Due Diligence : 

The due diligence process is essential to generating information about the target to make strategic business decisions. Conducting due diligence should be done not only on a specific one-to-one basis (such as in connection with acquiring a business), but also on a dynamic basis as an overall part of running a business effectively. Therefore, analysis should be performed within the target’s business operations and IT architecture. The benefits of conducting good due diligence will lead to increased awareness of the new entity, transaction deal structure and operational business plan with lower risk and better profits projections. Once the deal structure has been developed and approved, the hard work begins with the new entity as it tries to obtain defined synergies within the deal structure. Thus Strategic Auditors need to consider:

• Key components of the deal

• The importance of financial, operational and IT to the deal

• The role of internal audit during the deal process

• Post-deal synergies and integration plan

• The role of integration specialists and managers during the post-deal phase.

• ICMA welcomes members to correspond with regards to the issues raised.

2003-2004 Executive Committee Members

What's On

November 8 and 9, 2003 :
CMA Exams in Sri Lanka, conducted at the Institute of Chartered Accountants of Sri Lanka

November 13, 2003 :
ICMA Executive Meeting, CMA HOUSE, Unit 5, 20 Duerdin Street, Clayton North, Victoria 3168, Australia

December 5-7 and 12-14, 2003 :
Advanced Management Accounting, Monash University

December 17, 2003 :
ICMA Executive Seasonal Dinner

January 3-16, 2004 :
Advanced Strategic Management Accounting and Advanced Management Accounting Seminars in Lebanon, conducted by the University of Balamand and ICMA

Book Shelf

always find something interesting and thought provoking in AFR Boss Magazine. Published with the Australian Financial Review on the second Friday of each month, it is also available on its website: http://www.afrboss.com.au.

For those interested in marketing, the October issue has an article on “The truth about buying and selling” by Catherine Fox. Interviewed for the article, UK academic Alan Aldridge says that, while there is a tension between freedom and manipulation, he believes critics of the consumer society have gone too far. However, Aldridge suggests that the business world so far failed to come to grips with much of the research and analysis of consumption. Marketing needs to understand more about consumers and obtain “consumer insights”.

In this issue, “This is your life” by John Micklethwait has an analysis of the history and possible future evolution of the company form. While some companies have evolved into huge globalised conglomerates which concentrate much economic activity, in many industries companies are little more than a collection of entrepreneurs with an idea and a few contracts – a “virtual company”. Other models have companies as the basic building block of the economy being replaced by a “network” of interlocking businesses.

Also in this issue, “Not fade away” by James Hall suggests that rather than letting your organisation atrophy in front of your eyes, a more creative approach can help you reinvent the company. As the world changes, new business models are needed. Hall quotes Charles Handy who warned that “By the time you know where you ought to be, it’s too late to go there; or more dramatically, if you keep on going the way you are, you will miss the road to the future”.

Please feel free to share anything that you have found interesting. You can send your ideas to: Bill Richardson, Dept of Accounting & Finance, Monash University, PO Box 197, Caulfield East VIC 3145.

Back