International Finance Corporation

1,674 views
1,551 views

Published on

0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,674
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
33
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide
  • Importance of IA is recognized by: ● OECD ● Basel ● IIA ● IFAC ● FATF as key in the battle against money laundering Enron - Enron collapse to cost insurers over $3.5 billion ! Only the beginning: stock losses, Houston, Chicago. Enron – No independent audit function. Enron outsourced its internal audit function to Andersen, which also engaged in a lucrative consulting practice with the company. The legal department and outside counsel appear to have ignored the company's own ethical standards regarding dealings with the partnerships. The partnerships were apparently not closely supervised. Although Sherron Watkins described the culture in very negative terms, it does not appear that anyone was measuring this to help assess the compliance risks. There also does not appear to have been an anonymous 800 reporting line; instead employees were told to call the CEO or write a letter. There does not appear to have been a reporting system that would escalate serious issues to the audit committee, and managers apparently were not reluctant to attempt retaliation against those who resisted them. Enron’s audit committee apparently was not attuned to compliance program needs and apparently depended on information from the very managers, lawyers and accountants involved in the partnership process.
  • Assurance on internal control system. Assurance on main business/ risks. Primer on risk analysis: (Not risk management) Risk identification - sets out to identify an organization's exposure to uncertainty. Risk Description - display the identified risks in a structured format, for example, by using a table. c. Risk Estimation can be quantitative, semi-quantitative or qualitative in terms of the probability of occurrence and the possible consequence. d. Risk Profile - The result of the risk analysis process can be used to produce a risk profile which gives a significance rating to each risk and provides a tool for prioritizing risk. Most common risks for banks: * Credit Risk * Country and Transfer Risk * Market Risk * Interest Rate Risk * Liquidity Risk * Operational Risk * Legal Risk * Reputation Risk In discussing communication : Keeping senior management aware of critical issues Recommendations for improvement and monitoring of corrective actions
  • Give examples of a control that would do each of these things. Give the door locking example or car alarm Accounting Controls: periodic/monthly bank reconciliations, surprise cash counts, verify receiveables, pre-paid expenses, etc. Operations: Are there policies regarding the procedures to underwrite your leases? Are the leases underwritten in accordance with the policies? Compliance: Do you have a comliance office? Are tax filings timely, accurate (do they tie to complete accounting records, NOT just the “offical” records? Assets safegaurding: General physical controls, i.e., petty cash storage, locking up the office, security, insurance, etc. I.T. are there passwords for data files, firewall protection, back-ups and something to ensure the integrity of your back-ups? Where do you store the back-up? (on-site, in a safe, off site)?
  • The 1992 COSO document, Internal Control-Integrated Framework, changed the way we look at internal control. After several significant audit failures occurred during the 1980s, The Committee of Sponsoring Orgalll (COSO) formed to redefine internal control and the criteria for determining the effectiveness of an internal control system. More recently, there has been heightened concern and focus on risk management, and it became increasingly clear that a need exists for a robust framework to effectively identify, assess, and manage risk. Enterprise Risk Management – Integrated Framework addresses these needs.
  • In the U.S. Management must also attest to IC systems effectiveness in writing.
  • Management retains responsibility for IC Legal responsibility established in US in Sarbanes - Oxley 2002 Establish and maintain an adequate and effective system of internal controls Develop a system to monitor and control risks Internal Audit Function Assist management in the efficient and effective discharge of their responsibilities Advise and make recommendations on internal control and corporate governance
  • Role of Internal Audit related to Risk Management (NOT designing and implementing the system) The role of Internal Audit is likely to differ from one organization to another. In practice, Internal Audit’s role may include some or all of the following: • focusing the internal audit work on the significant risks, as identified by management, and auditing the risk management processes across an organization • providing assurance on the management of risk • providing active support and involvement in the risk management process • facilitating risk identification/assessment and educating line staff in risk management and internal control • coordinating risk reporting to the board, audit committee, etc In determining the most appropriate role for a particular organization, Internal Audit should ensure that the professional requirements for independence and objectivity are not breached. management should have their roles in coordinating risk management policy/strategy clearly defined. The same clear definition is also required for those involved in the audit A bottom-up process: To assess risk a set of interrelated objectives and associated operational duties have been clearly defined The objectives can be divided: (a) Activities; (b) Financial Reporting; and (c) Compliance w/ applicable law and regulations 2. Risk assessment is a bottom-up process designed to provide reasonable assessment of risks and their measures regarding the achievement of IC objectives in the following categories: (a) Effectiveness and efficiency of operations; (b) Reliability of Financial Reporting; and (c) Compliance w/ applicable law and regulations
  • DISCUSSION OF TRENDS IN STRUCTURING IA AND IN THE WAY IA IS DEPLOYED IN THE ORGANIZATION Traditional approach Inspection-based Focus on financial control and compliance New approach Risk-based Consultancy type Focus on adding value Controlling risks Managing controls Traditional approach was really a transaction based system. In fact, similarly, previously, external auditors only performed substantive procedures like trx testing. For example, cycle testing involved: involved testing controls in several of an entity’s transaction cycles while doing a transaction “walk-through” to confirm the absence of control changes in the remaining cycles. Since auditors now must report comprehensively on the effectiveness of management’s internal control over financial reporting on an annual basis, cycle rotation is no longer acceptable in public company audits. The cycle rotation is not now sufficient. Still must do substantive procedures including tests of details and analytical procedures even though auditors have not identified any material weaknesses in controls.
  • The Basel Committee purports and the IIA supports the statement that corporate governance for banking organizations is arguably of greater importance than for other companies. Continuity: Each bank should have a permanent IA function appropriate to its size and nature of operations Independence: Internal auditors should be independent of the activities they audit. Independence is achieved through: (1) IAD’s position in the organization; and (2) IAD’s objectivity Internal Auditors: (1) Must be able to exercise their assignment on their own initiative; (2) Must be free to report findings and disclose them internally; (3) Must have the authority to communicate directly to the Supervisory Board and audit committee; (4) Should not have a conflict of interest with the bank; and (5) Should be subject to an independent review The audit charter establishes at a minimum: (1) The objectives, scope and authority of internal audit; (2) Should establish the IAD position within the organization audit’s powers and responsibilities; (3) Should authorize that the IAD has access to all records, personnel and information; and (4) The accountability of the head of the IAD. Impartiality: IAD Assignments should be made so that conflicts of interest and bias are avoided, IAD Staff assignments should be periodically rotated and the IAD should not be involved in the operations of the bank, selecting and implementing IC measures Professional competence: Internal audits should be performed with proficiency and due professional care. This is achieved through (1) Proper staffing Requiring that IAD staff possess necessary skills, knowledgeable experience; (2) Adequate supervision of audit work; (3) Adequate communication with reporting recipients; and (4) Appropriate education, continuing education and training Scope of activity: None of the Bank’s activities may be excluded from the IAD’s scope of investigation! (Generally, the scope should include a risk analysis of the internal control system)
  • (1) Effective and efficient corporate governance emanates from the synergy and balanced relationships between those in charge of governance -- the board and management -- and their two primary support partners -- external and internal audit -- as shown in the Relationship Diagram (Exhibit above).
  • formally constituted committee of the SB and, as such, reports directly to the SB advisory rather than supervisory in nature Focuses principally on assisting SB in fulfilling its duties by providing an independent and objective review of the fin. reporting process, internal controls and audit functions Qualified, independent, objective
  • Management monitors internal controls to consider whether they are operating as intended and that they are appropriately modified when conditions change. Self-assessment, in the form of periodic evaluations of a department’s controls by a person responsible for that area, is one type of oversight mechanism.
  • International Finance Corporation

    1. 1. Keeping the Supervisory Board informed and involved: Audit Committee and Internal Audit Function May 2006 Yerevan
    2. 2. ROAD MAP OF PRESENTATION <ul><li>Brief discussion of survey results relating to Audit Committee and Internal Audit </li></ul><ul><li>Review of the key responsibilities of the Board and its Audit Committee </li></ul><ul><ul><li>The direct links to the IA function </li></ul></ul><ul><li>Defining the IA function </li></ul><ul><ul><li>Internal Audit vs. Internal Control </li></ul></ul><ul><ul><li>The major tasks of the IA function and how they relate to the Board’s responsibilities </li></ul></ul><ul><ul><li>Controls, Compliance and Risk Management </li></ul></ul><ul><li>Structure and Standards of IA function </li></ul><ul><ul><li>In-house vs. Outsourced </li></ul></ul><ul><ul><li>Professional and Industry Standards </li></ul></ul><ul><li>Summary of AC and IA’s role in Corporate Governance </li></ul>
    3. 3. Key Functions of a Board OECD Corporate Governance Principles Section VI <ul><li>Reviewing and guiding corporate strategy and risk policy. </li></ul><ul><li>Monitoring effectiveness of the company’s governance. </li></ul><ul><li>Selecting and monitoring executives. </li></ul><ul><li>Aligning executive and board remuneration. </li></ul><ul><li>Ensuring transparent board election process. </li></ul><ul><li>Monitoring and managing potential conflicts of interest. </li></ul><ul><li>Ensuring the integrity of the firm’s accounting and financial reporting systems, including the independent audit and that appropriate controls are in place, in particular, systems for risk management, financial and operational control, and compliance with the law and relevant standards. </li></ul><ul><li>Oversee disclosure and communications. </li></ul>
    4. 4. OECD 7. Ensuring the integrity of the corporation’s reporting systems… <ul><li>… requires that the Board: </li></ul><ul><li>Set and enforce clear lines of responsibility and accountability </li></ul><ul><li>Ensure appropriate oversight by senior management </li></ul><ul><ul><li>A key way to do this is by implementing an internal audit function which directly reports to the Board of Directors/Audit Committee </li></ul></ul><ul><li>Set up internal programs to monitor compliance </li></ul><ul><ul><li>Internal audit also assists in monitoring compliance </li></ul></ul>
    5. 5. Defining the Internal Audit Function “ an independent , objective assurance and consulting activity designed to add value and improve an organization's operations.  It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.”
    6. 6. Internal Audit – Objectives and Tasks <ul><li>To advise management if the organization has sound systems of internal controls to protect the organization against loss. </li></ul><ul><li>Evaluate system of controls. </li></ul><ul><li>Assess risks / Component of risk management. </li></ul><ul><li>Test operations of systems (including IT). </li></ul><ul><li>Communication, recommendations for improvement and follow up. </li></ul>
    7. 7. IA Task 1: Internal Audit vs. Internal Control <ul><li>Internal Controls – system / processes; </li></ul><ul><li>Internal Audit – a function to assess the IC; </li></ul><ul><li>IC processes encompass the means by which senior management seeks reasonable assurance that: </li></ul><ul><ul><li>The entity’s accounting and operating reporting is complete and reliable </li></ul></ul><ul><ul><li>Operations are being conducted in accordance with the entity’s prescribed policies and procedures </li></ul></ul><ul><ul><li>The entity is in compliance with applicable laws and regulations </li></ul></ul><ul><ul><li>The entity’s assets and information are protected from improper use. </li></ul></ul>
    8. 8. Internal Control Framework <ul><li>Under a number of jurisdictions (e.g. US, EU), top management has to make certain disclosures about the controls and procedures in place, and whether they are in compliance with a recognizable framework. </li></ul><ul><li>COSO provides an internationally recognizable framework for internal control system. </li></ul>
    9. 9. COSO on internal controls <ul><li>COSO ERM provides the following definition of Internal Control : </li></ul><ul><li>A process effected by an entity’s Board of Directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories: </li></ul><ul><ul><li>Reliability of financial reporting </li></ul></ul><ul><ul><li>Effectiveness and efficiency of operations </li></ul></ul><ul><ul><li>Compliance with applicable laws and regulations </li></ul></ul><ul><li>IC System – a synonym for internal control applied in an entity. </li></ul><ul><li>The effectiveness of an internal control system is measured by its capacity to provide reasonable assurance to the board of directors and management that these three objectives have been met. </li></ul>
    10. 10. COSO on internal controls - continued <ul><li>In addition to these goals, coso identified five interrelated components of internal control : </li></ul><ul><ul><li>The control environment, which includes the integrity, ethical values, and competence of an organization's people. </li></ul></ul><ul><ul><li>Risk assessment. </li></ul></ul><ul><ul><li>Control activities. </li></ul></ul><ul><ul><li>Information and communication, which encompasses the methods for identifying, capturing, and communicating pertinent information in a time frame that enables people to carry out their responsibilities. </li></ul></ul><ul><ul><li>Monitoring. </li></ul></ul><ul><li>These components combine to form an integrated system of controls. To conclude that internal control is effective in any category of objectives-operations, financial reporting, or compliance-all five components must be present and functioning. </li></ul>
    11. 11. COSO on internal controls - continued <ul><li>Objectives Categories: </li></ul><ul><li>Strategic. </li></ul><ul><li>Effectiveness and efficiency of operations (including performance and profitability goals & safeguarding resources against loss). </li></ul><ul><li>Reliability of reporting. </li></ul><ul><li>Compliance with applicable laws and regulations. </li></ul>
    12. 12. Division of Responsibilities <ul><li>Management </li></ul><ul><li>Establish and maintain an adequate and effective system of internal controls </li></ul><ul><li>Develop a system to monitor and control risks </li></ul><ul><li>Internal Audit </li></ul><ul><li>Assist management in the efficient and effective discharge of their responsibilities </li></ul><ul><li>Advise and make recommendations on internal control and corporate governance </li></ul>
    13. 13. Internal Audit helps to monitor the Internal Controls <ul><li>BOARD, </li></ul><ul><li>IN PARTICULAR, </li></ul><ul><li>THE AUDIT </li></ul><ul><li>COMMITTEE </li></ul><ul><li>OVERSEES </li></ul>MANAGERS HAVE PRIMARY TASK TO DESIGN AND MAINTAIN CONTROLS INTERNAL AUDIT FUNCTION EVALUATES Monitoring the Internal Control Process EXTERNAL AUDITORS ASSESS AND OPINE ON BOARD, IN PARTICULAR, THE AUDIT COMMITTEE OVERSEES
    14. 14. IA Task 2: Evaluate System of Internal Controls <ul><li>The Board has oversight responsibilities over the internal control system. </li></ul><ul><li>The Internal Audit Functions: </li></ul><ul><ul><li>Evaluates efficiency and effectiveness of controls. </li></ul></ul><ul><ul><li>Recommends new controls where needed – or discontinuing unnecessary controls. </li></ul></ul><ul><ul><li>Use control frameworks COSO, Basle, etc. in its work. </li></ul></ul><ul><ul><li>Lead control self-assessment. </li></ul></ul><ul><ul><li>Provide education on risks and controls. </li></ul></ul>
    15. 15. IA Task 3: Assess Risk / Risk Management <ul><li>The Board has overall responsibility that risks are managed. </li></ul><ul><li>The internal audit function provides objective assurance to the board on the effectiveness of risk management processes. </li></ul><ul><li>Core internal auditing roles in regard to enterprise risk management: </li></ul><ul><ul><li>Giving assurance on risk management process </li></ul></ul><ul><ul><li>Giving assurance that risks are correctly evaluated </li></ul></ul><ul><ul><li>Evaluating risk management processes </li></ul></ul><ul><ul><li>Evaluating and reporting on the key risks </li></ul></ul><ul><ul><li>Reviewing the management of key risks </li></ul></ul>
    16. 16. IA Task 4: Testing Operations / Reviewing Compliance <ul><li>The Board also has oversight for compliance with laws and relevant standards </li></ul><ul><li>The Internal Audit function is valuable support in its compliance and operations role: </li></ul><ul><ul><li>Ensure the management’s policies and procedures are followed </li></ul></ul><ul><ul><li>Evaluate procedures to safeguard assets </li></ul></ul><ul><ul><li>Analyze impact of changes in procedures </li></ul></ul><ul><ul><li>Assure compliance with laws and regulations </li></ul></ul><ul><ul><li>Review objectives for adherence to organization’s mission, culture and climate </li></ul></ul><ul><ul><li>Provide insight to the impact of noncompliance </li></ul></ul>
    17. 17. An Effective IA Function may be established with Various Organizational Structures
    18. 18. Regardless of Structure High Standards Must Be Met <ul><li>Professional (e.g., IIA Standards) and industry standards (e.g., BASLE principles) apply </li></ul><ul><li>The Internal Audit Standard Board (UK) has developed Standards for the Professional Practice of Internal Auditing. </li></ul><ul><li>IIA Standards for reporting include: </li></ul><ul><ul><li>1000 Purpose, Authority and Responsibility </li></ul></ul><ul><ul><li>1110 Organizational Independence </li></ul></ul><ul><ul><li>2020 Communication and Approval </li></ul></ul><ul><ul><li>2060 Reporting to the Board and Senior Management </li></ul></ul>
    19. 19. Standards – Independence and Communication <ul><li>The chief audit executive should report to a level within the organization that allows the internal audit activity to fulfill its responsibilities. (1110) </li></ul><ul><li>The internal audit activity should be free from interference in determining the scope of internal auditing, performing work, and communicating results. (1110) </li></ul><ul><li>The chief audit executive should communicate the internal audit activity’s plans and resource requirements, including significant interim changes, to senior management and to the board for review and approval. The chief audit executive should also communicate the impact of resource limitations (2020) </li></ul>
    20. 20. Other Relevant IA Guidance <ul><li>There may be other regional or industry specific standards </li></ul><ul><li>BASEL Internal Audit Principles in Banks and the Supervisor's Relationship with Auditors (2001) </li></ul><ul><ul><li>Continuity </li></ul></ul><ul><ul><li>Independence </li></ul></ul><ul><ul><li>Audit charter </li></ul></ul><ul><ul><li>Impartiality </li></ul></ul><ul><ul><li>Professional competence </li></ul></ul><ul><ul><li>Scope of activity </li></ul></ul>Basel Committee on Banking Supervision INTERNAL AUDIT Principles
    21. 21. CG Relationship Diagram (1) STAKEHOLDERS
    22. 22. CG Relationships (2) <ul><li>AGM </li></ul>Management Board Supervisory Board External Auditor c o n t r o l e n v i r o n m e n t Company Audit Committee Internal Auditor/ Department
    23. 23. The Audit Committee and the IA Function <ul><li>The responsibilities of the audit committee include: </li></ul><ul><ul><li>Corporate Governance </li></ul></ul><ul><ul><li>Internal Control and Risk Mgmt. </li></ul></ul><ul><ul><li>Compliance and Ethics </li></ul></ul><ul><ul><li>Financial Reporting and Disclosure </li></ul></ul><ul><li>The internal audit function should report to the BoD/Audit Committee. (No independence if it reports solely to management) </li></ul><ul><ul><li>More effective if reports to the Audit Committee </li></ul></ul><ul><ul><li>Objectivity is a personal quality of the auditor </li></ul></ul>
    24. 24. Audit Committee: Composition <ul><li>Minimum 3 members </li></ul><ul><li>Members should be independent directors </li></ul><ul><ul><li>Tighter standards on independence than for other independent directors </li></ul></ul><ul><ul><li>No compensation from company other than director fees </li></ul></ul><ul><li>All members must be “financially literate” </li></ul><ul><li>At least 1 member (typically the chair) must be an “audit committee financial expert” </li></ul>
    25. 25. Audit Committee: Role in Governance <ul><li>The Institute of Internal Auditors provide the following logo describing AC role: </li></ul><ul><li>Noses In - Fingers Out. </li></ul><ul><li>In a nutshell, the AC should provide oversight of: </li></ul><ul><li>Financial reporting </li></ul><ul><li>Risk management </li></ul><ul><li>Internal Control </li></ul><ul><li>Compliance </li></ul><ul><li>Internal Auditors </li></ul><ul><li>External Auditors </li></ul>
    26. 26. Audit Committee: Responsibilities <ul><li>Some detailed Audit Committee responsibilities include : </li></ul><ul><ul><li>Ensuring that financial statements are understandable, transparent, and reliable </li></ul></ul><ul><ul><li>Ensuring the risk management process is comprehensive and ongoing, rather than partial and periodic </li></ul></ul><ul><ul><li>Helping achieve an organization-wide commitment to strong and effective internal controls, emanating from the tone at the top </li></ul></ul>
    27. 27. Audit Committee: Responsibilities (continued) <ul><li>Reviewing corporate policies relating to compliance with laws and regulations, ethics, conflicts of interest, and the investigation of miscondsuct and fraud </li></ul><ul><li>Reviewing current and pending corporate-governance related litigation or regulatory proceedings to which the organization is a party </li></ul><ul><li>Continually communicating with senior management regarding status, progress, and new developments, as well as problematic areas </li></ul>
    28. 28. Audit Committee: Responsibilities (continued) <ul><li>Ensuring the internal auditors’ access to the audit committee, encouraging communication beyond scheduled committee meetings </li></ul><ul><li>Reviewing internal audit plans, reports, and significant findings </li></ul><ul><li>Establishing a direct reporting relationship with the external auditors </li></ul>
    29. 29. Internal Audit Reporting <ul><li>In various governance and organizational structures the IA reports to SB (Audit Committee in particular) and senior management: </li></ul><ul><ul><li>internal audit activity’s purpose </li></ul></ul><ul><ul><li>authority </li></ul></ul><ul><ul><li>responsibility </li></ul></ul><ul><ul><li>performance relative to its plan </li></ul></ul><ul><li>Also report separately on: </li></ul><ul><ul><li>significant risk exposures and control issues </li></ul></ul><ul><ul><li>corporate governance issues </li></ul></ul><ul><ul><li>other matters needed or requested by SB and MB </li></ul></ul>
    30. 30. Breakout Sesson: Audit Committee and Internal Audit <ul><li>3 groups will have approx 10-15 minutes for the following tasks: </li></ul><ul><li>Group 1 : Develop annual plan for the AC. </li></ul><ul><li>Group 2 : IA has submitted its annual plan for the AC consideration. It includes: annual audit of headoffice functions as well as of all branches. Plus semi-annual reporting to the AC (BoD). Provide comments and/or suggestions. </li></ul><ul><li>Group 3 : Develop criteria for self-assessment of AC effectiveness (after 1 year of its functioning). </li></ul><ul><li>Group presentations (approx 5 minutes each) </li></ul><ul><li>Discussion of group presentations (approx 5 minutes each) . </li></ul><ul><li>The base material for discussion – sample ToR for the AC (distributed in advance) </li></ul>
    31. 31. COSO on internal audit <ul><li>COSO ERM provides the following definition of Internal Audit : </li></ul><ul><li>Internal audit functions typically provide an assessment of risk and control activities of a business unit, process or department. In some cases particular attention is given to risk identification analysis of likelihood and impact, risk response, control activities, as well as information and communication. </li></ul>
    32. 32. Self-Assessment and Monitoring <ul><li>Self-assessment or monitoring can provide oversight of an enterprise’s control system performance. Self-assessment should be performed at all levels of IC system: </li></ul><ul><ul><li>BoD </li></ul></ul><ul><ul><li>AC </li></ul></ul><ul><ul><li>IA </li></ul></ul><ul><ul><li>Top Management </li></ul></ul><ul><ul><li>Departments </li></ul></ul>
    33. 33. Board Self-Assessment or Monitoring <ul><li>Yes or No Questions: </li></ul><ul><li>􀀀 􀀀 Does the board review the actions management takes to deal with material control weaknesses and verify that those actions are objective and adequate? </li></ul><ul><li>􀀀 􀀀 Do audit reports contain sufficient detail? </li></ul><ul><li>􀀀 􀀀 Are audit reports timely enough to allow for resolution and appropriate action? </li></ul><ul><li>􀀀 􀀀 Does the board or audit committee approve the selection of key internal </li></ul><ul><li>audit personnel? </li></ul><ul><li>􀀀 􀀀 Does the board or audit committee approve the overall scope of review activities (such as audit or financing coverage)? </li></ul><ul><li>􀀀 􀀀 Does the board or audit committee review results of audits? </li></ul><ul><li>􀀀 􀀀 Does the board or audit committee approve the system of internal controls? </li></ul><ul><li>􀀀 􀀀 Does the board or audit committee periodically review audit or other key control systems? </li></ul><ul><li>􀀀 􀀀 Is line management held accountable if they do not follow up satisfactorily or effectively on control weaknesses? </li></ul>
    34. 34. Benefits of a Strong Internal Audit Function <ul><li>When the internal audit function is properly established with adequate authority, scope, and resources, it can professionally and proficiently aid in the following areas and contribute to good corporate governance: </li></ul><ul><ul><li>Governance law and regulations </li></ul></ul><ul><ul><li>Internal controls </li></ul></ul><ul><ul><li>Disclosure and transparency </li></ul></ul><ul><ul><li>Risk management </li></ul></ul><ul><ul><li>Compliance </li></ul></ul><ul><ul><li>Ethics and Communication </li></ul></ul>
    35. 35. Applicable Literature/Guidance <ul><li>Institute of Internal Auditors <www.theiia.org> </li></ul><ul><li>Basle Committee on Banking Supervision <www.bis.org> </li></ul><ul><li>Committee of Sponsoring Organizations of the Treadway Commission (COSO) <www.coso.org> </li></ul><ul><li>International Federation of Accountants <www.ifac.org> </li></ul>
    36. 36. Contact details: IFC Yerevan 9 V. Sargssyan str. Yerevan 375010, Armenia Tel: (37410) 545241, 545242 Fax: (37410) 545245

    ×