Creating an International Audit Team at Enel
By Nancy Hala, KnowledgeLeader contributing writer
Enel is Italy’s largest power company and Europe’s second listed utility by installed capacity, producing and selling electricity and gas across Europe, and North and Latin America. Following its acquisition of the Spanish utility Endesa, together with partner Acciona, Enel serves more than 50 million power and gas customers. The company operates a wide range of hydroelectric, thermoelectric, nuclear, geothermal, wind-power and photovoltaic power stations.
The company is organized by operational divisions, with a separation of its distribution and production businesses. Enel has three operating divisions in Italy: Marketing, Distribution and Generation. Internationally, Enel’s Renewable Energy arm, which includes wind farms and other renewable energy sources and innovations, spans the globe. Enel was privatized in 1999, and the energy industry in Italy has also been transformed; therefore, structurally and industry wide there have been many changes. The most significant, from an organizational and an audit standpoint, is that Enel doubled its size and half of its net invested capital is now abroad.
According to Francesca Di Carlo, the director of audit for Enel since January 2008, the most important change has been the process of internationalization. The corporate audit department includes approximately 100 people in Italy and abroad. Enel has Rome-based Marketing, Distribution and Generation teams, as well as a team that covers corporate activities such as purchasing. The power company also has a unit that coordinates risk assessment methodologies used annually for its audit plan. The Renewable division is a newly created team, and one person has been appointed to oversee this area.
For Enel’s recent acquisition in Russia, Di Carlo hired a Russian auditor who is stationed in Rome and helps to mingle cultures, and another auditor who was sent to Russia to help export culture and ethical standards.
“Our challenge over the past 18 months has been to create an international department,” says Di Carlo. “We are working with different cultures to create or strengthen local teams.”
The corporate audit function
The corporate audit group at Enel consists of several units:
· Audit corporate service
· Ethical and fraud audit
· IT audit
· Audit generation and energy management
· Audit infrastructure and network
· Market audit
· International audit
· Audit renewables
“We have organized ourselves differently,” says Di Carlo. “We now focus on our international portfolio, which has been a large challenge. Also, getting people accustomed to working in a matrix was important. Now, for the first time, I have people who are specialized in a specific branch of the business, who have technical expertise, and who are becoming familiar with working internationally.”
Di Carlo seeks auditors with various skills because she says Enel’s team must represent a mix of experiences, cultures, expertise and talents. “We don’t recruit and hire auditors,” she explains. “An engineer can be trained to be an auditor because he or she is a highly ordered, clear thinker. I look for individuals who are flexible and have a well-rounded mentality. We do very little financial auditing; my key auditors are those who are more process-oriented and possess advanced interpersonal skills.”
Audits conducted in other countries differ from those conducted in Italy; for many reasons, laws and regulations, control rules and maturity of governance are varied. “We typically start with implementing procedures rather than verifying procedures in countries such as Romania, Bulgaria or Slovakia. It is similar to pioneering audit and control techniques rather than going in and verifying that things are right, which is how we do it in Italy,’’ Di Carlo says.
Even with the substantive changes that have occurred, audit objectives have not changed for Enel. “The goals are always the same,” says Di Carlo. “In the last five to six years, the daily objectives are to ensure that people work together as a team, beyond boundaries. This makes life very exciting and satisfying because everyone is contributing. One of our missions is to make sure that the ethical code is respected. We are the custodians of the code.”
Anti-fraud and compliance
The company’s commitment in the fight against corruption is spelled out in its implementation of a “Zero Tolerance towards Corruption Plan (ZTC Plan),” which outlines the general principles of the code of ethics regarding the rejection of corruption.
The ZTC Plan incorporates anti-corruption principles, and the document is distributed within and outside the company indicating the responsibilities and actions to be taken across different company divisions. The code of ethics covers bribes, contributions to political parties and charitable organizations, sponsorships, facilitations, gifts, hospitality and expenses.
The audit approach
“To put together our audit plan, we benchmark data from large international and domestic companies and use risk assessment, which is aimed at reviewing all the business units by interviewing process owners to determine risk rankings,” Di Carlo says. “Over time, we reassess each area to make sure that process owners implement the action plans that we have identified in our audits.” The team also conducts special audits at the request of Enel management.
Overall, Enel’s audit approach is based on an enterprise risk management (ERM) model, which focuses on processes and their risks. The model is shaped by the views and vision of the company’s board of directors or management. ERM at Enel is designed to identify and manage those risks, events or circumstances that can influence the company’s business, providing reasonable assurance that the company’s objectives will be achieved. At Enel, ERM focuses on the following:
· Identifying the key risks through the mapping of corporate processes
· Assessing and prioritizing the determined risks
· Identifying the tolerance limits defined by management or by the audit assessment
· Formulating corrective plans to limit the risks and/or improve the effectiveness of controls
· Sharing the results with management
Areas of audit interest include acquisitions, governance and controls, and key operating processes. The risk assessment process allows a thorough review of all processes and the identification of those areas and activities that are more relevant and carry more risk.
The audit plan also is derived from corporate audit’s participation in management meetings, input from the external auditor, results from past audits and an analysis of the budget’s objectives. “We create an audit universe where all processes are analyzed together with their related risks, and then are prioritized,” says Di Carlo. “The draft plan is then consolidated and taken for the approval of the audit committee, CEO and chairman to become the final version.”
The final report contains a description of the issues in the scope of the audit and the audit analysis, audit findings, and the action plan, which is designed to solve the deficiencies in the control system.
The report also contains an executive summary, which is addressed to senior management and outlines:
· Activities carried out
· Results obtained
· Overall assessment of the control system of the process or area audited
· Action plan
According to Di Carlo, challenges ahead for Enel include international consolidation, primarily in Russia. “That is our real risk right now, determining how to cover that region in the optimal way,” she says.
Article from Protiviti KnowledgeLeader – www.knowledgleader.com.
KnowledgeLeader is a subscription-based website that provides audit programs, checklists, tools, resources and best practices to help internal auditors and risk management professionals save time, manage risk, and add value. Free 30-day trials available.
|
Protiviti is a leading provider of truly independent internal audit and business and technology risk consulting services. We help clients identify, measure and manage operational and technology-related risks they face within their industries and throughout their systems and processes. And we offer a full spectrum of audit services, technologies and skills for business risk management and the continual transformation of internal audit functions.
Protiviti is not licensed or registered as a public accounting firm and does not issue opinions on financial statements or offer attestation services. |