Use Internal Audit to Reduce Costs of Major Construction Projects

Organizations involved in major capital projects are missing out on significant opportunities to strengthen internal controls and reduce costs. This is not to say that construction managers are fiscally irresponsible, conversely they are very reluctant to spend money where it is not absolutely necessary. So much so that in an effort to contain costs, most organizations don’t budget funds for construction audits until the project is complete or nearing completion. However, this “Close-out” audit is only one component of a successful control and cost containment program. Vonya Global believes that investing in internal audit early in the construction process may save thousands or hundreds of thousands of dollars throughout the project. “Full-scope” construction auditing optimizes the effectiveness of internal controls, reduces total project costs, and maximizes cost recovery.

Close-out Audit - At the project’s conclusion, the owner requires assurance that the General Contractor/Construction Manager (CM) has completed the work in accordance with the contract. A close-out audit provides the owner confidence that the contracted obligations were fulfilled and the billing was accurate per the contract terms. While this is a critical step to verify compliance with the contract, it doesn’t solve other problems caused by a poorly written contract. In fact, contracts rarely protect all the interests of the owner.
Involving construction audit services at the beginning, rather than the end of a construction project is far more effective because it mitigates risk before it materializes. Audit’s first responsibility is to protect the owner’s interest by creating favorable contractual agreements and improving the project control environment. Keeping Vonya Global engaged throughout the construction project assures the effectiveness of the control environment and identifies inappropriate cost overcharges.

In creating the contract (the binding agreement between the owner and all parties involved in the construction process), many owners place their trust in the knowledge of the General Contractor/CM and Architect to include all the appropriate provisions in the contracts. Most owners will then seek legal counsel to review the contract focusing on the insurance and indemnification sections. Additionally, the General Contractor/CM and Architect are often relied upon to track and control project costs. The result is an agreement which may not contain the necessary terms and conditions to adequately protect the interests of the owner, may not establish an effective system of internal controls, and may not establish a systematic means of monitoring contract compliance.

The American Institute of Architects (AIA) provides standard construction contracts, such as the:

• AIA A101 for stipulated sum projects
• AIA A111 and A121 agreements for cost reimbursable projects
• A201 which contains the related General Conditions to the agreement

However, even these contract provisions require modification to fully protect the interest of the owner. For example, the Accounting Records or “Right-to-Audit” clause should be strengthened, and the Changes or “Change Order” clauses often require clarification. These modifications improve the owner’s control over project costs, and allow for recoveries.

An effective “Full-scope” audit program utilizing the construction audit services of Vonya Global establishes an effective control environment, defines expectations for all parties, reduces the potential for conflict, reduces total project costs, and reduces the owner’s risk. Performing a “Full-scope” construction project audit is a best practice, and the earlier a qualified Construction Auditor is involved in the project life-cycle, the greater the benefits to the project owner.

Internal Auditors – Playing a Strategic Role

"We believe Internal Auditors can play a more strategic role; whether they do in their specific organization is up to the Audit Committee, Executive Management, and the Internal Audit Department. We have released a report that will provide a starting point for a conversation between the three groups." - Vonya Global

Vonya Global announced today that the Final Report on the Strategic Role of Internal Audit has been released. In compiling information for the study, Vonya Global surveyed a cross-section of Executives and Internal Auditors from both public and private organizations in a variety of industries to evaluate their opinions regarding the strategic role of Internal Audit. The study set out to determine whether it is Internal Audit’s role to evaluate strategic risks and if Internal Audit is equipped to do so effectively. The primary goal was to provide a benchmark for Internal Auditors and Executives on the strategic role of Internal Audit.

The 2010 study is a follow up to a similar study conducted in 2008 and was designed to compare opinions in 4 areas:

1. Vision, Goals, and Objectives of Internal Audit
2. Mission and Value Relative to Strategic Risks
3. Process, Skills, Time, and Budget
4. Compliance Requirements

In 2008 it was revealed that a gap exists between Executive Management and Internal Auditors on the function of Internal Audit. The 2010 study set out to explore whether this gap still exists or if it has been closed. In addition, the new study provides a more detailed comparison between Executive Management and Internal Auditors.

While the 2010 Report on the Strategic Role of Internal Audit reveals that many gaps still exist between Executives and Internal Auditors, there are encouraging findings as well. One assumption going into the study was that Internal Audit plays a critical role in a company’s ability to meet its strategic objectives and there appears to be general agreement between Executives and Internal Auditors in many categories. The report provides details and quotes from the participants, such as:

"We make understanding the strategic direction and goals a priority in our risk assessment process so that we can link our audit plan to the strategies and goals of the company.”

"Internal Audit is at the table for senior management discussions, for input on operational challenges and control risks, for the implementation of new systems and replacement of outdated processes, and for risk management.”

“The only risks that management should fear are the ones that they do not know about - it is Audit's job to provide that information.”

The full report can be downloaded by following the link on the Vonya Global home page.

IFRS Best Practice - Early Conversion

A change in accounting standards, shifting from GAAP to IFRS, is virtually inevitable in the U.S. The shift globally is well underway with 100 countries having switched from country specific accounting standards to IFRS. Based on the experience of these countries, adoption impacts all aspects of operations and will affect a company’s people, processes, information systems and internal controls. IFRS conversion is a significant endeavor; Vonya Global contends that an early start will make a significant difference reducing both effort and cost.

There are parallels between IFRS Conversion and the initial Sarbanes-Oxley Compliance initiatives and applying the lessons learned from Sarbanes-Oxley will significantly reduce the cost of conversion. The most important lesson is to prepare early and start early.

The changing requirements of Sarbanes-Oxley compliance in the first years after the legislation was initially passed gave most companies a false sense of security in pushing off the start date. Each company in this situation found significant resource shortages, an inefficient compliance process, and increased fees from professional services firms. Starting early could have made the compliance process far easier and would have spread the cost over multiple financial periods.

Similarly, early IFRS conversion will streamline the process and spread the cost out over multiple financial periods. IFRS implementation has enterprise wide application – with implications beyond finance and financial reporting – reaching and affecting all parts of the business. It requires modification of processes and systems to support the new accounting and reporting requirements. Companies should begin embarking on their initiatives to achieve timely convergence with IFRS, taking a slower and methodical approach. Some of the advantages to early conversion to IFRS include:

- Simplified reporting
- Reduced operating costs
- Greater transparency
- Comparability for investors
- Improved access to capital

Eventually, GAAP will go away, and IFRS will be the lone standard. This is a historic event. It is accelerating. And it is inevitable. Those who embrace this early will be rewarded.

Study Launched on the Strategic Role of Internal Audit

Vonya Global is surveying a cross-section of Executives and Internal Auditors from both public and private organizations in a variety of industries to evaluate their opinions regarding the strategic role of internal audit. This is a follow up study to one conducted in 2008. The results of the 2008 study revealed a expectation gap in the strategic role internal auditors play in their organizations. This follow up study will compare how expectations may have changed in light of continued risks of fraud, financial statement errors, environmental risks, security breaches, and privacy concerns.

One executive from the previous study stated the following: "Internal Audit could improve its capabilities in evaluating the effects of strategic and business risk on the overall risk profile of the Company. This would also enhance the primary mission of internal audit to look for potential financial issues.” This statement, along with many others, reveal the importance of internal audit becoming more than a financial compliance function. The results of this new study will highlight whether or not internal audit has taken steps in this direction.

To participate in the study, please visit the Vonya Global website: http://www.vonyaglobal.com

Social Media - is it Friend or Foe?

Social media is rapidly becoming a critical tool for communication not only bringing benefits, but also risks. For many organizations, social media is a vital channel for communication to customers, partners and stakeholders. However, some organizations see it as a distraction to their employees and a potential security threat and reputation risks. The key, of course, is to maximize the opportunities it presents and minimize the risks.

As an alternative to simply banning or limiting employees from using social media, organizations should understand the role that these innovative services have in today’s world. With the appropriate amount of governance, organizations can leverage social media to help reach their objectives.

In order to develop, implement, monitor and improve social media activities within an organization, an effective governance framework is imperative. A social media strategy and policy should be established followed by a risk assessment. Based on the outcome of the risk assessment, embed key controls, including an acceptable use agreement, corporate image rules and branding guidelines. Implementation of operational best practice guidelines should cover blogging and usage of popular sites such as LinkedIn, Twitter, Facebook, and YouTube.

Finally, ensure that roles and responsibilities are defined, metrics and monitoring procedures are established, and training and communication organization-wide takes place to help provide awareness and conformity.

Whether your objectives are to generate exposure for your business, increase traffic to your site, build new business partnerships or bring in new, qualified leads, benefits from social media can be realized as long as there is an effective governance structure in place to mitigate the associated risks.

Vonya Global is Lowering the Cost of a SAS 70 Assessment

Statement on Auditing Standards Number 70 (SAS 70) issued by the AICPA requires service organizations to obtain an external opinion assessing internal controls. Issued in 1993, the SAS 70 is not a new requirement but it has increased in relative importance since the enactment of the Sarbanes-Oxley Act of 2002 (SOX, Sarbox), Gramm-Leach-Bliley Act (GLBA), and other new regulatory requirements. Any service organization holding third party data must provide assurance that the data is protected. The certification process can be quite costly for all service organizations, and disproportionally so for smaller companies.

Vonya Global has a history of working with companies on SAS 70 readiness. The work completed by Vonya Global helps companies streamline their internal processes and controls making it easier for the certifying agent to complete the assessment. The easier it is to certify, the lower the cost of certification. As the SAS 70 is an annual requirement, the cost savings are realized each year.

For a limited time, Vonya Global is offering its SAS 70 readiness services at a discounted price. For more information please contact a representative of the firm.

The New SEC Proxy Disclosure Rules and the Relationship Between the Board and Management

The way to effectively hold a company accountable for their actions is through transparency. On December 16, 2009, the U.S. Securities and Exchange Commission (SEC) approved new rules requiring public companies to increase their transparency around proxy disclosure, specifically:
• Board risk oversight practice and philosophy
• Executive compensation practices and policies
• Board leadership structure
• Board diversity
• Director qualifications and their “value add”

SEC Commentary on the rule states “Disclosure of the board’s oversight of the risk management process should provide important information to investors about how a company perceives the role of its board and the relationship between the board and senior management in managing the material risks facing the company.”

The relationship between the board and management has become of greater importance and will need to continue to strengthen.

Management is responsible for identifying, monitoring, managing, and communicating the risks to the board. As management it is important to use the time with the board and the committees to help them understand the real objective and risk exposure is in relation to the risk culture of the company. The board continually needs to access management’s understanding of risks, attitude towards risk, and their performance. Furthermore, the board must ensure that only well informed decisions are made.

Management manages risk and the board oversees management, therefore the continuous communication between the two, including the committees, is vital for success. The new proxy disclosure rules itself and any additional changes in corporate governance are going to push for continued improvement in this relationship.