JPA for Governance

This information will be taken from her article, co-authored with John Morrow, Senior Manager at PWC, “The Eight Habits of Highly Effective Audit Committees”, which won the Excellence in Journalism Award in 2008 by the AICPA.

There will also be a chance to share best practices with each other within the session, so that we can all continue to influence our ACs to be even more effective as a powerful aid and ally to Internal Auditors.

Items covered include:

1. Buy-In as “inclusion” of the audit opinion vs. the “acceptance” of the audit opinion as correct: the critical difference;
2. Steps to take at the opening conference with management and executive management to set the tone for buy-in;
3. Detecting possible disconnects during the business mapping and risk assessment phases and what to do right at the moment;
4. Gaining buy-in based on “positional power”, meaning their position in your organization;
5. Other subtle and not-so-subtle influencing techniques that naturally increase the chances of buy-in from others

(Please contact us for a full course outline.)

This program covers the following topics:

1. Five main steps for managing the audit from beginning to end
2. The design phase
3. Planning
4. Building and maintaining a successful team
5. Implementation and monitoring of the audit
6. Other issues related to project management, discussed as needed

DAY ONE

1. What is risk?
2. How should risk best be assessed?
3. Enterprise risk management vs. risk assessment vs. control (and risk) self-assessment
4. Two fundamental approaches: the typical/traditional one and the one that works
5. Gaining people’s buy-in to do risk assessments
6. Action Plan Part One
7. Your risk assessment: Yet other considerations

DAY TWO

1. Your risk assessment: Other considerations (Cont’d)
2. Fitting control self assessment into the RA
3. Practice, practice, practice
4. Action Plan Part Two (Final)

Please contact us for a full outline.

In this session:

1. Learn ten typical ways professionals justify doing things that in their gut they know are wrong, and if people in your work area are vulnerable.
2. Brainstorm and discuss specific situations people like yourself face, and ways to handle them.
3. Learn what you need to do if you are pressured to commit wrongdoing, or to know of it but “look the other way.”
4. Learn critical elements of whistle blowing and how it applies to ethics and ethical behavior.

This presentation explains how ARA is a key building block for an Internal Audit Department in fulfilling their mission to the organization. This key activity can be a struggle for Internal Audit Departments in identifying the appropriate risk framework, determining their risk rankings, and balancing their available resources.

Risk assessments are a key activity for any Internal Audit Department, and take many different forms such as Enterprise Risk Management (ERM), annual risk assessment, individual audit engagement risk assessments, and fraud risk assessments. How these risk assessments work together, and support a high performing Internal Audit Department can be a challenge. Selecting the appropriate risk framework, and practical risk rankings is critical to the success of your ARA. We will explore Internal Audit’s role in risk assessments, and how Internal Audit can be effective in achieving the organization’s mission.

Areas Covered in the Session: (Should have more than 6 bullet points)

• What are the key elements in an effective ARA?
• How do ARA and Enterprise Risk Management (ERM) interrelate?
• How does fraud risk and ARA work together?
• What are the risk criteria to include in your ARA?
• How do you place weights on the risk criteria?
• Is Internal Audit deploying their assets effectively in the organization to fulfill their mission?

This presentation will provide valuable information to all organizations that perform risk assessments.

• Internal Audit
• Finance Professionals

In this session, you will learn:

1. The seven step process for contracting for special projects
2. The specific role(s) of the auditor on these projects
3. Potential traps to avoid
4. Scripts you can modify to assist you on how to communicate expectations and needs surrounding the project
5. Discussions on how to maintain objectivity
6. How to use these projects to build better customer relationships with internal audit without compromising independence
7. A chance to prepare for a meeting with a client using the scripts provided

The highlights of this program include:

1. What is Risk?
2. How should risk best be assessed?
3. Enterprise Risk Management vs. Risk Assessments: How to conduct them successfully every time
4. Two Fundamental Approaches: The typical/traditional one and the one that works
5. Gaining People’s Buy-In to do Risk Assessments
6. Your Risk Assessment: Yet other considerations
7. Fitting Control Self-Assessment Into the Risk Assessment
8. Practice, Practice, Practice

Enterprise Risk Management and Risk Assessments: How To Conduct Them Successfully Every Time

1. What exactly are each of these, how they work, and why ALL are of critical importance in Risk Assessment processes and Risk Management
2. How to integrate all three arenas above so that they work together and complement each other
3. Risk Assessment within your department, with your clients
4. Different approaches to doing risk assessments
5. The step-by-step process for doing a risk assessment
6. Pre-work involved before working with clients on assessments
7. Pre-meetings with management to set up the risk assessment process
8. Conducting risk assessments
9. What questions to ask clients and how to ask them
10. Facilitated approaches, skills and tools to use if using a group approach
11. Setting up pilots
12. Conservative vs. creative approaches to doing the assessments
13. Action plans, follow-up, and monitoring change

NOTE: Most of our programs incorporate risk and control analysis and extensive information about risk and control standards.

The seven steps you will learn to do are:

1. Gain (or increase) senior management and workforce “Buy-In” and sponsorship to identify significant risk exposures.
2. Educate yourself on the evolution of risk management (ERM/Risk Assessment/ Risk Self-Assessment), how they all fit together in the audit profession, and compare it to what you currently have in place.
3. Get a comprehensive overview on what is involved in implementing ERM and get a chance to compare tools and techniques you are using with others.
4. How to facilitate a structured and proven workshop with any level or group of clients and employees with your organization to identify significant risks related to their function and/or the larger organization.
5. Assess the existence and strength of controls against the risk exposure.
6. How to introduce risks that you may see exist but your clients don’t and gain their “buy-in” to addressing these areas.
7. How to use results to update your audit universe and audit plan.

The focus of the 2nd and 3rd days especially is on learning some key facilitation tools for making it safe for people to open up and share deep information (information that you will be able to use to enhance many of your audits), for probing details to get to root causes, to get people to speak up about risks (and even potential frauds) you may or may not know occur, and to have a lot of fun in the process! A special focus will be on learning how to use business process mapping and documentation (BPM) to assess risks and controls.

Many areas of risks –and control vulnerabilities- can be determined through organization-wide assessments and then mapping business processes at the larger organizational level, as well as the business unit levels, whether financial, operational, IT or more. The techniques taught can also be applied to one-on-one interviews, but you will learn why it is far superior to gather information regarding risks and controls from groups of people instead of single person interviews. You will learn what type of flowcharts to use (traditional flowcharting has its strengths and limitations with groups), and what to do when the process is not well-developed and easy to chart.

This model was originally developed by Joan Pastor, PhD with Pacific Bell and Verizon specifically for the audit profession, and has gone through many refinements by Joan and her team to its current level of high effectiveness. Joan also contributed extensively to the development of the CCSA certification, and has been involved throughout the years in the development of goal-directed, risk-based practices in auditing. You will find many applications of this model to your risk, compliance and audit methodologies in general.

Program outline includes:

1. The Collaborative Approach to Interviewing
2. Where Interviewing and Interviewing Skills Fit Into the Overall Audit Process
3. Six Steps of the Collaborative Interviewing Process
4. Planning
5. The Initial Meeting (Opening the Interview)
6. Information Gathering
7. Information Clarification
8. How to Read Your Interviewee (discussed throughout the day)
9. Handling Resistant Individuals During Interviews
10. How to Prevent Conflict and Deliberately Build Collaboration
11. Ending the Interview
12. Documenting and Evaluating the Interview
13. Close and Action Plans

The order of events and content may be changed dependent upon the needs of the group. Role-plays are an important part of the training, and other exercises occur throughout the day.

This presentation will explore how ethical behavior is part of every organization, and developing a strong ethical culture is important to the success of any company. Corporate Social Responsibility is an important commitment by a company to be ethical and contribute to the economic and quality of life of the workforce and their families, the environment, and society.

Why should you attend – Fear, uncertainty and doubt (FUD) liner for the marketing purpose (Between 250 – 500 words):

The negative consequences of unethical behavior can be detrimental to a company, and can cause significant damage to the brand. Creating an ethical culture is more than “Doing the right thing”, and requires a lot of different touch points. We will explore areas such as conflict of interest, gifts and entertainment, and financial integrity. Recent headlines such as the “Bangladesh Factory Inferno Witness: Managers Ignored Fire” and “Your iPhone was Built, In Part, by 13 Year-Olds Working 16 Hours A Day For 70 Cents An Hour” are two examples of many stories that show the importance of a comprehensive Corporate Social Responsibility program. Such an effective program includes strong support from Executive Management, definitive policies within the Company and for the Suppliers, audits and inspections, and a corrective action process.

Areas Covered in the Session:

• How do you develop an ethics culture?
• How does a person make an ethical decision?
• What are the elements of an effective ethics program?
• What are the communication touch points for a successful ethics program?
• Why Corporate Social Responsibility is an important ethical issue?
• How do you audit/inspect the suppliers to ensure compliance with your policies?
• What is a zero tolerance violation, and how do you handle the violation?
• What is a effective corrective action program?

1. Lays out the whole pattern of what creates and perpetuates white collar crime, step-by-step.
2. Is for those who want to understand workplace crime.
3. Gets inside the heads of the Bernie Madoffs of the world and the folks from Enron, AIG, Tyco and many more.
4. Uses the secrets of clinical psychologists to detect (and hopefully prevent from hiring) truly bad employees, and what to do once a problem is uncovered.

Please note: ALL organizations, even the most ethical, are vulnerable to bad people. Be proactive and learn how to not only minimize white collar crime where you work but build a better organization and motivated workforce at the same time, all while laughing and learning!

The following outlines a full-day version of this program, but it can be modified to fit any slot from 30 minutes to 3 days.

PSYCHOLOGY BEHIND FRAUD, FULL DAY

This course is completely different from, yet guaranteed to enhance, any other course you take on fraud.

1. Introduction
   1. The Psychology of Fraud: A critical tool for auditors, compliance professionals, managers and business executives
   2. How psychologists look at and work with fraud and why this is important to you
   3. Why you haven’t heard about this before (and what you will never hear outside this room)
2. How and why normal people commit fraud
   1. Most people are already ethical
   2. Eight critical defense mechanisms we all use to make it easier to commit wrongdoing
3. The research on deception and lying
   1. Current strengths and limitations of the research
   2. The psychology of attribution and the self-serving bias, and how it contributes to creating white collar crime in organizations
4. The hardcore 7-10%: A whole different world of people and criminal wrongdoing
   1. The “Syntonic Syndrome”: a general definition
   2. Ego-Syntonic people and the lack of accountability
   3. True stories
5. The Syntonic Syndrome: 5 Key Characteristics and Behaviors
   1. Accountability
   2. Personality Disorders
      1. i.e.; anti-social or psychopaths, narcissistic, dependent
   3. IQ
   4. Differential treatment and manipulation of people
   5. Control and decision-making process
   6. An optional sixth: addiction
6. Personality Disorders: Eleven types and three “clusters”
   1. Which ones especially connected to fraud and white-collar crime
   2. True stories
   3. Exercise
7. IQ
   1. Makes all the difference in white collar crime
   2. Tied to success rate of white collar crimes
8. Differential treatment of people
   1. Signs to look for- there are a lot of signs auditors can learn to catch!
   2. The creation of collusion, groupthink, cliques and its connection to fraud
9. Control and decision-making processes when syntonic people are in power
   1. The syntonic person’s special ability to deceive
10. What a normal person does when they break the law vs. one with the Syndrome
11. Some of the many organizational traits and situations that encourage the Syntonic Syndrome
    1. Tone at the top and org. culture
       1. Cowboy organizational culture vs. other types of organizational cultures
    2. Laissez-faire management style
       1. Including a laissez-faire attitude towards risk
       2. Highly entrepreneurial person holds the power
    3. Performance reward systems
    4. Inefficient business, financial and organizational systems
       1. Lack a proper understanding and use of risk and controls, and where the organization should be focusing their risk management efforts
    5. False sense of security- too many controls, etc.
       1. How to use SOX, audit committees, external and internal auditors to create real security
12. The Syntonic Syndrome and Whistle blowing practices
    1. The bad news about whistle blowing procedures and reporting syntonic people
    2. What really makes a person blow the whistle
13. What can be done? What can be done? What can be done?
    1. Ten activities the auditor and/or risk professional can do to begin identifying the 7-10%
    2. By HR, security, finance professionals, all levels of management
    3. Ten specific activities that management can do at the organizational level
14. If time:
    1. Malingering
    2. Other disorders that affect workplace performance and/or the ability to say no to committing fraud
    3. Specific fraud interviewing techniques that really work
    4. Specific conflict management techniques geared towards working with people suspected of wrongdoing.
15. Bringing it home: What can I do?
    1. Consultation and action plans

Exercises

• How to think like a criminal
• Case studies
• Conflict management
• Fraud interviewing

The enforcement of FCPA has increased significantly by the U.S. Securities & Exchange Commission (SEC), U.S. Department of Justice (DOJ), and the U.S. Federal Bureau of Investigations (FBI) has established a specialized unit for FCPA. The top 10 FCPA settlements have occurred since 2008 with the first conviction through criminal trial under FCPA in May 2011.

The U.S. Government has added emphasis on the enforcement of FCPA, and a record number of companies have been assessed fines and penalties. This is a challenging area for multinational companies to enforce compliance in each country they operate regardless of the size of the operation. In addition to the U.S. corruption law many other countries have similar laws such as the United Kingdom, China, Columbia, India, and Canada. The FCPA has two key parts which are the Anti-Bribery provisions and the Accounting provisions. We will explore each of these key provisions, and how you can implement a practical program to mitigate your risk in this area.

Areas Covered in the Session:

• Understand the elements of the Foreign Corrupt Practices Act (FCPA)
• United Kingdom Bribery Act
• Key anti-corruption and bribery laws that regulate business conduct
• Recognize and avoid potential FCPA, UK Bribery Act, or local law violations
• Identify when and where to seek assistance
• Establishing a proactive program to mitigate risk in this area

Enterprise Risk Management (ERM) is a process, effected by an organization’s board of directors, management and other personnel, a key part of strategy and applied across the enterprise, designed to identify potential events that may affect the organization, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of organization objectives. ERM is a complex area that challenges organizations and Board of Directors in deciding how to effectively implement this critical process. We will discuss how to obtain a Return On Investment (ROI) for your ERM process, and how sustainability is an important part of ERM.

Learning Objectives:

• Learn How to Determine The Risks For Your Organization – How To Get Started On The ERM Journey
• Learn How to Weight Risk To Determine The Key Risks – Not All Risks Are Created Equal
• Learn How to Develop a Common Risk Language – ERM Has A Language That Needs To Be Customized For Your Organization
• Learn To Determine Risk Appetite – Learn The Steps to For Establishing Your Organization’s Risk Appetite
• Learn Which Is The Appropriate Risk Framework For Your Organization – Evaluate The Different Risk Frameworks
• Learn How To Develop and Prioritize a Risk Portfolio – Develop An ERM Heat Map
• Learn How To Develop Your Management’s Risk Tolerance – A Tactical Consideration For Your ERM Journey
• Learn Who Is Responsible For The Risk – What Are The Roles Of The Board Of Directors, Executive Management, Chief Risk Officer, and Internal Audit
• Learn How To Decide To Avoid, Accept, Reduce, or Control A Risk – How Do You Respond To The Risks Identified
• Learn The Appropriate Risk Monitoring and Reporting Processes – How Do You Prepare a Presentation To The Board Of Directors And Executive Management
• Learn How To Perform Risk Assessments Effectively – Risk Assessments Are A Critical Part Of ERM, And Are Part Art, And Part Science
• Learn How To Calculate The ROI On Your ERM Process
• Learn how sustainability is an important part of the ERM process

Who will Benefit:

This course is designed for people that are beginning their ERM journey, or people looking to advance their ERM process. Following personnel will benefit from the course:

• Chief Risk Officers
• Risk Management Professionals
• Internal Audit Professionals
• Compliance Professionals
• Finance Professionals
• Chief Actuaries
• Anyone interested in learning more about ERM

In this session you will learn a 6 step process for facilitating a fraud risk assessment with any group from our company, JPA International, Inc., considered one of the pioneers for developing risk assessment procedures and fraud profiling with the IIA and AICPA.

[toggle title=”Conduct Fraud Risk Assessments (detail) “]

The six steps you will learn to do are:

1. Gain senior management “Buy-In” and sponsorship to identify significant risk exposure to fraud
2. Educate yourself and others you choose in your organization on white collar crime and exactly how white collar criminals thinks and works, with lots of practical application
3. Assess current control structure related specifically to fraud exposure
4. Identify significant risks related to fraud exposure
5. Assess the existence and strength of controls against the fraud risk exposure
6. Using results to update your audit universe and audit plan

You will learn the tools for making it safe for people to open up and share deep information (information that you will be able to use top enhance many of your audits), for probing details to get to root causes, to get people to speak up about fraud they KNOW is going on (and you don’t), and to have a lot of fun in the process! This model was originally developed by Joan Pastor, PhD and Pacific Bell, and has gone through many refinements by Joan to its current level of high effectiveness. Please know that you will also find many applications of this model to risk, compliance and audit methodologies in general.

Note: This seminar can be taught as a breakout session up to the full three days of complete learning. For sessions 1 day or more, practice practice and practice are an integral part of the learning.

Organizations are complex, just like people, and the more you understand how your organization works and where the implementation of risk fits in, the better off you will be.Learn the secrets from someone who really knows- an organizational psychologist! In this session, you will learn:

1. What the research shows that makes change work in companies
2. What causes change efforts to fail in organizations- and a lot of them fail
3. The specific type of organization and organizational culture you are a part of and the change approach to use with each
4. A step-by-step process for implementing a change management program in a company, regardless of the size of the company
5. Examples and case studies given

In this breakout session or seminar, you will learn how to listen!

You will also learn that listening is actually a very active mental and physical process, and you will practice the single most important behavior that will guarantee your ability to listen will increase exponentially.

You will also learn how to break any and all bad habits related to poor listening: interrupting, daydreaming, poor rapport- building and many many more.

The session or seminar will be tailored to the specific roles and responsibilities of the participants. Again, when you leave, you will know how to listen!

You will learn:

1. The 3 most important ways people both communicate and influence others.
2. Dozens of strategies and examples to demonstrate how these components operate in different areas of your work.
3. Similar and different communication approaches of leaders and what this means to you.
4. Practice exercises on subtle influencing skills.

call for a complete program outline

1. Lays out the whole pattern of what creates and perpetuates white collar crime, step-by-step
2. Is for those who want to understand workplace crime
3. Get inside the heads of the Bernie Madoffs of the world and the folks from Enron, AIG, Tyco and many more
4. Use the secrets of clinical psychologists to detect (and hopefully prevent from hiring) truly bad employees, and what to do once a problem is uncovered

Please note: ALL organizations, even the most ethical, are vulnerable to bad people. Be proactive and learn how to not only minimize white collar crime where you work but build a better organization and motivated workforce at the same time, all while laughing and learning!

In addition to lessons learned, this presentation is given to help individuals and corporations from being taken for large sums of money.

1. When extending open arms
2. Flamboyance and over-the-top behavior
3. Overnight success
4. Google search
5. Philanthropy previously unseen
6. Gaining trust
7. Asking questions
8. Red Flags
9. Gullibility
10. Avoiding the inevitable

1. Create and adhere to a written charter that identifies audit committee functions, authority and responsibilities and the skills and experience its members must possess for the committee to discharge its duties and function effectively.

2. Specify critical success factors as competencies audit committee members must possess for the committee to discharge its duties and function effectively .

3. Identify committee core values that reflect those of the organization and establish written procedures that foster open communication, equitable dispute resolution and active participation by all committee members.

4. Reserve the right to invite any group or individual to an audit committee meeting .

5. Ensure all members actively participate in setting the committee agenda, and whenever possible avoid conducting committee business between meetings.

6. Formulate decision-making processes and procedures for resolving stalemates.

7. At the beginning of each meeting, review the previous meeting’s highlights.

8. Proper summation of your meeting.