Randy Manscill, CIA, CFE, CFSA

1
Governance Life after Enron

• Randy Manscill, CIA, CFE, CFSA
• Vice President, Chief Audit Executive
• America First Credit Union

2
Lessons from Enron

• Greed and Lack of Integrity was the root cause
  for failure
• All Five Components of the Corporate Governance
  model failed
• Sarbane-Oxley does not apply to Credit Unions

3
Lessons from Enron

• Credit Unions are Different
• Non-profit / Cooperatives
• No public stock prices or quarterly earnings
• No huge bonus incentives
• Single industry vision
• No complex accounting entries
• Everyone can learn from the experiences of others
  - Best Practices

4
Governance Process

• The procedures used by the governing body (Credit
  Union Board of Directors) to provide oversight of
  risk and control processes administered by
  management.
• Synonyms for Governance
• Accountability Monitoring
• Integrity Going Concern
• Consciousness Trust

5
Business Risk

• The possibility that an event, activity, or
  action will impact the ability of an organization
  to execute its tactical and strategic business
  plans and achieve its business objectives

6
Control Process

• A process, or device designed to provide
  reasonable assurance regarding the achievement of
  
• Business Plans and Objectives
• Effectiveness and efficiency in operations
• Reliability of financial reporting
• Compliance with applicable laws and regulations

7
Governance Model
Board of Directors
Senior Management
Supervisory Committee
Internal Auditors
External Auditors
8
Governance Model

• Roles clearly defined communicated
• Everyone is accountable
• Resources available to all
• Model is only as strong as the weakest link
• Integrity is common to all

9
Governance Model

• Check and balances
• Governance is essential for survival
• Guidelines for each component
• Attributes (What you are)
• Performance (What you do)

10
Governance GuidelinesBoard of Directors

• Attributes (what you are)
• Independent Directors - no conflict of interest
• Most qualified Directors available
• Improve education and training of Directors
• Orientation for new board members
• Written Board policies, responsibilities of
  Directors and Committees

11
Governance GuidelinesBoard of Directors

• Attributes (what you are)
• Committees to Focus on Risk areas
• Supervisory or Audit Committee
• Nominations Committee
• Executive Committee
• Asset / Liability Committee (ALCO)
• Information Technology Committee
• Governmental Affairs Committee
• Pension Committee

12
Governance GuidelinesBoard of Directors

• Attribute (what you are)
• Nomination Committee
• Set and maintain qualification standards
• Identify qualified Volunteers
• Diverse and skilled directors
• Elections
• Volunteer appointments

13
Governance GuidelinesBoard of Directors

• Performance (what you do)
• Approve Business / Strategic Plan
• Approve Policies, Budgets, Waivers
• Succession Plans (Board and Management)
• Transformational Transactions
• Risk and Control Assessment Processes
• Measuring and Monitoring Performance

14
Governance GuidelinesBoard of Directors

• Performance (what you do)
• Tone at the Top (code of conduct)
• Hire, compensate, reward the CEO
• Telling the World How the CU is doing
• Annual Self Assessment of the Board
• Governance Audit

15
Governance GuidelinesBoard of Directors

• Performance (what you do)
• Nose In, Fingers Out

16
Governance GuidelinesSupervisory Committee

• Attributes (what you are)
• Independent Committee Members - No conflict of
  interest
• Assist the Board with Oversight Responsibilities
• Board Involvement Essential
• Big Picture and Full Scope
• Designate a Financial Expert

17
Governance GuidelinesSupervisory Committee

• Attributes (what you are)
• Designate other specialties / skills
• Provide training and resources
• Committee Charter or Policy
• Liaison with Board, management, auditors
• Training ground for Board members
• Succession Plan for Committee

18
Governance GuidelinesSupervisory Committee

• Performance (what you do)
• Assessment of Risk, Control Compliance
• Appoint and oversee the CPA firm
• Annual Financial Statement Opinion audit
• Verify member account balances
• Review all letters and disclosures with CPA
• Sign the engagement letter
• Scope, timing, coordination, workpapers, fees
• Evaluate performance of CPA firm
• Pre-approve all non-audit work

19
Governance GuidelinesSupervisory Committee

• Performance (what you do)
• Ensure proper reporting to Regulator
• NCUA Form 5300 Financial and Statistical Report
• Response to Examiners report
• Copy of Audited Financial Statements
• Report to the Board regularly and members
  annually
• Review Interim Financial Statements

20
Governance GuidelinesSupervisory Committee

• Performance (what you do)
• Review new accounting and reporting issues
• Meet regularly with Internal Audit (IA)
• Review IA Activities, Audit Plan, Charter,
  Budget, Staffing and Organization
• Attend Board meetings and other meetings
• Review Board minutes
• Maintain agendas and minutes of meetings
• Annual self assessment of the Committee

21
Governance GuidelinesSenior Management

• Attributes (what you are)
• Vision and leadership for staff
• Common body of skills, education and knowledge to
  operate the Credit Union
• High integrity and ethics
• Continual training
• Mission statement
• Adequately compensated and rewarded
• Succession Plan for Management

22
Governance GuidelinesSenior Management

• Performance (what you do)
• Plan, organize, staff, direct, monitor
• Assess and manage risk
• Design and implement controls
• Develop code of business conduct and ethics
• Develop and monitor soft controls
• Tone at the Top

23
Governance GuidelinesSenior Management

• Performance (what you do)
• Develop strategic / business plans
• Develop budgets, financial statistical reports
• Develop and test business continuity plan
• Certify to CPA accuracy and completeness of
• Financial statements
• Risk and Control processes
• No knowledge of fraud
• Compliance with laws and regulations

24
Governance GuidelinesInternal Audit

• New Definition of Internal Audit (IIA)
• Internal Auditing is an independent, objective
  assurance and consulting activity designed to add
  value and improve an organization's operations.
  It helps an organization accomplish its
  objectives by bringing a systematic, disciplined
  approach to evaluate and improve the
  effectiveness of risk management, control, and
  governance processes.

25
Governance GuidelinesInternal Audit

• Attributes (what you are)
• Independence and Objectivity
• Internal Audit Charter or Policy
• Full scope reviews, any and all aspects
• Full access, no restrictions to access
• Qualified Director or Chief Audit Executive (CAE)

26
Governance GuidelinesInternal Audit

• Attributes (what you are)
• Develop qualified and sufficient staff
• Common body of knowledge
• Certifications (CISA, CIA, CPA,CFE)
• Education and experience
• Co-source where necessary
• Continuing education / new skills

27
Governance GuidelinesInternal Audit

• Performance (what you do)
• Assurance Services (traditional)
• Consulting Services (projects, services)
• Fraud Investigation Services
• Specialized Training (staff, volunteers)
• Develop and conduct a Governance audit
• Review and recommend improvements to risk and
  control processes

28
Governance GuidelinesInternal Audit

• Performance (what you do)
• Develop and implement Annual Audit Plan
• Allocate resources by risk methodology
• Engagement (project) planning
• Performing the engagement (project)
• Communicate results of audit to appropriate
  levels
• First line manager
• Senior and Executive Management
• Supervisory Committee

29
Governance GuidelinesInternal Audit

• Performance (what you do)
• Summary reports to Supervisory Committee and
  Board
• Risk, controls and governance activities
• Audit plan, budget, staffing, activities
• Adhere to Institute of Internal Auditors (IIA)
  standards
• Periodic Quality Assurance Review

30
Governance GuidelinesExternal Auditor

• Attributes (what you are)
• Independent and Objective
• Free from conflicts of interest
• Report any impairment to independence
• Mandatory Rotations
• Periodic bid process
• Qualifications and background to Audit CU
• Specialized skills (I.T., Compliance, )

31
Governance GuidelinesExternal Auditor

• Performance (what you do)
• Annual audit of financial statements
• Consolidated statements
• Generally Accepted Accounting Principles (GAAP)
• Reasonable assurance
• Limited scope
• Not a fraud audit
• Disclosures of GAAP
• Transparency

32
Governance GuidelinesExternal Auditor

• Performance (what you do)
• Other CPA Audits
• Student Loans
• Uniform Single Attestation Program (USAP)
• Freddie Mac
• Pension, 401K plans
• ACH annual audit (I.A. may perform)
• ATM and PIN audits (I.A. may perform)

33
Governance GuidelinesExternal Auditor

• Performance (what you do)
• Report any disagreements with management
• Report accounting adjustments (actual / proposed)
• Management representation letters - disclaimers
• Report any fraud discovered
• Management Letter
• No material weakness in controls
• Observations, Improvements

34
Governance Model
Big Picture Board Approve/Oversight
Big Picture Supervisory Committee
Review/Oversight
Details Senior Management
Implement / Monitor
Details Internal Auditors
Review/Recommend
Details External Auditors
Review/Recommend
35
Governance GuidelinesResources

• Sources
• IIA Website http//www.theiia.org/
• Governance http//www.theiia.org/iia/index.cfm?doc
  _id4061
• Tone at the Top http//www.theiia.org/iia/index.cf
  m?doc_id739
• Publications from the IIA
• Corporate Governance and the Board - What Works
  Best isbn 0-89413-438-8
• Audit Committee Effectiveness - What Works Best
  isbn 0-89413-446-9
• ACUIA Website http//www.acuia.org

36
With Governance, Life Goes On After
Enron