IIA Magazine Dec 2016

One potential failure of ERM is that of green-washing, this is when crucial risks are pushed down into the larger collection of more trivial risks. Cybercrime is a current buzz risk. The first line of defence needs to take on better accountability for sound risk management and control.

Investors are pushing for more accountability and transparency behind decision-making. Shareholder activism is playing a big role nowadays.

The EU has released new general data protection regulation (GDPR) which intends to strengthen and unify data protection for individuals within the EU. However, most organizations say that they are not well prepared. Organizations should start preparing for this as it will kick off in May 2018.

Client Feedback. Audit performance can be fine-tuned with the right input from stakeholders. Feedback should aid audit performance. Feedback should be to the point and be specific and timely in order to be effective. Useful feedback can increase audit effectiveness. Feedback can be provided during the opening meeting, during the audit or during the closing meeting. The client should take the opportunity to clarify any concerns that they may have. During the closing meeting, IA needs to present the supporting documents and records. A post-audit questionnaire can be sent to the client after the audit.

Must-have Controls for Small Medium Enterprises. 5 controls can help SMEs protect themselves against cyber breaches. Sometimes, they do not have sufficient resources to deal with threats. Firstly, scan the network quarterly and identify vulnerabilities. Train employees on IT security. Protect sensitive information by inventorizing sensitive business processes and reviewing access to information. Learn to segment the network. Deploy extra protection for endpoints and encrypt the data. Learn to monitor the network, manage service providers, protect smart devices and monitor activity related to sensitive information.

A Holistic Approach to IT Risk. The COBIT framework can help auditors understand and address their organization’s technology risks. IT can be very complex but IA needs to evaluate the full range of IT risks. COBIT is valuable for the whole process, from end to end. The 5 key principles are meeting stakeholder needs, covering the enterprise end-to-end, applying a single integrated framework, enabling a holistic approach, and separating governance from management. Internal auditors can use COBIT to understand the nature of IT risks that are unique to their organization.

A Toxic Culture. A department leader creates a hostile work environment by promoting friends and abusing employees and company assets. When many employees leave, there could be a sign of a toxic culture. There was an inadequate internal control system as no one tracked expenses. Critically review turnover data as this is a big red flag. Exit interview results should be reviewed regularly. Access control over reports should be reviewed and approved.

On The Rise. Learning is the key to do well in IA. Get students involved early and you can volunteer as a guest speaker on internal auditing topics. IA an get involved in many projects and act as change agents for the organization. Projects can allow one to build and develop business relationships with stakeholders. One can use data analytics during audit engagements. IA can add as a trusted advisor and perform consulting work. One can learn SQL, which is a tool for managing data. One could take others under their wing and mentor them so that they can grow. Interaction between auditee and IA must be positive. Spread the good word that your team does. IA should be innovative in addressing solutions. It is helpful to distinguish the different roles of EA and IA too. Communication skills are the key for IA’s success.

Growth through challenge. Current and past emerging leaders discuss the tough assignments that helped propel their careers forward. Challenges faced in your career can propel you to be a better auditor. It is good to share with others what are some of the common mistakes. See auditors as people and go in with a customer first mentality. Be client centric. Be prepared when you go for meetings and interviews. Get a mentor, build relationships, learn from your mistakes and learn to network. It is important to preserve independence and objectivity. Influencing mindsets are tough. Building relationships with auditees can be tough when you are new. It is important to have a good audit methodology. The learning curve can be steep especially if the industry is new for you. Some departments are resistant to let the IA perform audits on operations. Talent auditors are always in demand. Once you are good, you can engage the C-suite management easily and without fear. Young auditors are always eager for more opportunities.

It’s all in the delivery. Sharing difficult messages is an unavoidable part of the job for internal auditors. Some audit observations can be difficult to convey. You should always build the relationship before telling the bad news. Telling the bad news right away is unlikely to work. Using weekly updates once the exceptions are noted is the key. Preparation is the key to accomplishing objectives. It is important to be fair and factual. Focus on the process as well as content. If you can, you can tailor the response to the personality of the recipient. During the discussion, one can seek opportunities, offer to help, make it clear and maintain open body language. ‘If the audit report is the first time a client is seeing something in writing, that is the first and biggest mistake. Verbal updates are great, but periodic written updates go a long way. Auditors might get into trouble over their poor soft skills. Focus on the problem, include some positives, have a face-to-face meeting etc. The key is not to beat around the bush. EQ is important in helping good delivery. The key is to deliver bad news but still build a good relationship with the auditee.

Breaking Through. Women in business are taking on the barriers to advancement, and that’s good news for everyone. Diversity is good for the workplace. More women need to be in leadership positions. However, women might face issues like lack of support, exclusion, apathy. There needs to be sufficient support from male leaders. Men should be interested in achieving gender equality. Be You. Seize the Moment. Integrate Your Life. Earn Respect. Stay Behind Facts. Be realistic and practical. Forget silos. Think context before issue. Rethink reporting. Aim at destination with gratitude. Women may also face the motherhood penalty.

Mapping Assurance. Internal auditors can facilitate efforts to document the organization’s combined assurance activities. There are a variety of assurance providers. CAE can use an assurance map to co-ordinate assurance activities. It can also aid to prevent gaps in coverage. IA is well positioned to provide combined assurance. The plan should start with the organization’s strategic plan and the key risks that are associated with the strategic objectives. There should be 3 tiers of defence to provide assurance. IA need to assess the quality and quantity of assurance received.

A Winning Pair. Governance and automated controls must work in tandem to achieve maximum results. Good governance is the key. IA needs to access the current risk profile, mitigation activities and residual risks. Good behaviour requires time and employees should receive reminders in order to conduct good behaviour. Desired behaviour ultimately stems from the top.

The High-Performance Audit Team. Today’s complex, evolving business environment demands more of internal auditors. The world is changing and stakeholder expectations are increasing. IA can also rotate and fill other operational positions. An integrated internal audit function can boost performance. There is a strong need to invest in training and learning. Verbal, leadership, communication skills are very important. A high performance team can evolve to meet new challenges and reinvent itself. We also welcome constructive feedback from staff.


Lean and Six Sigma for Beginners by G Harver

A Quickstart Beginner’s Guide to Lean Six Sigma

Learn to involve everyone in the organization’s processes. Six Sigma is one of the best ways to cut cost. The Six Sigma certificate is very valuable indeed. This is about finding confidence in your business and learning how to streamline processes. Six Sigma can also be applied in the government setting. Learn to adopt a six sigma approach. Your business’ performance should improve as a result.

What exactly is Lean Six Sigma? Six Sigma is focused on minimizing waste. It also about reducing poor performance and monitoring processes to know how well you are doing. It is simple and it is about consistent delivery to the customer. Your performance should be measured well. You want to achieve your intended specifications. Your actual results must be as close to your planned ones as possible. Learn to align projects with your strategic objectives and be able to assess them. You want every input to drive revenue creation. There should be no bottlenecks or downtime. It is about clearing everything that slows you down. Look out for 1) downtime. The projects should be clear and every employee’s efforts should be measured so that they fall in line with organization’s objectives. It will keep employees on their toes.

How Lean Six Sigma Works on a Daily Basis. You must aim for 100% quality. We all want as much profit as we can make. Motorola used Six Sigma back in 1986. Both quality, quantity and speed of production are the key. You should avoid any wastage that leads to poor workmanship. Please avoid overproduction. Low consumption is a bad sign. Time is money. Any time that your employees are not working or slacking is a loss to the company. Utilize your talents and make them multi-task even if necessary. There must be no wastage in transportation. Inventory storage cost must be factored in. Just-in-time inventory is the best. The key is that inventory must be processed once it arrives and without any undue delay. Do not over-process as it is time consuming and eats into your profits.

The fact is that you are just wasting time walking here, there and everywhere; in the process, you are adversely influencing other people towards your bandwagon. That is why you need to minimize aimless movements during working time. You need to appreciate that idle movements do not constitute leisure. Scheduled leisure time is helpful but idling about is not. – G Harver

Beneficiaries of Lean Six Sigma. Employees will feel challenged and drive in the same direction as the company. Motivated and healthier employees rarely take leave or absent themselves. Technology can help to improve efficiency and productivity. Time taken to attract customers is reduced. It is an efficient tool throughout the industry. People who are skilled in Six Sigma are employable and can work as consultants in a big company. For example, you could work as a lead manufacturing engineer. You can work as a business process analyst etc. There are many roles in an organization that seeks to improve company performance.

Salaries Associated with Lean Six Sigma. The roles are unique and command good salaries. A Green Belt certification will boost your credentials. Lean Six Sigma trainers earn even more. You can consult for IT companies, F&B companies etc. The master black belts are the best paid. Try to get the company to sponsor you for your training.

Things for CEO to note in readiness to implement Lean Six Sigma. Do not wait till you are making losses before implementing six sigma. Make improvements that will get you to 100% perfection. It is a structured approach. Decisions are based on accurate data. Success is based on a small margin of error. It is highly dependent on accurate data. It is important to have strict discipline when implementing six sigma. Analyzing data and looking at it from the right perspective is the most important thing you can do. Learn to take each project one at a time. Embrace solutions only when there is conclusive evidence that it will work. You need everyone on-board if you want to implement Six Sigma effectively. Senior Management must also be kept in the loop and updated. Empower people to carry out new initiatives even if it means eliminating paperwork. Bring an expert who can conduct training for your staff. Always be receptive to feedback.

Tying Lean to Six Sigma Method for Best Performance. Lean means travelling light. You must deliver your product or services fast. Delivery must be of high quality too. The cycle should be fast. There may be internal problems in your team that affect delivery, such as low morale, work too complex, multi-tasking, correcting of product defects, lack of flexibility, inefficient systems etc. How do you overcome the above? Understand your customers’ demands. Reduce number of tasks people do at the same time. Work towards smaller deliveries rather than a huge one. Develop a routine and expectations with your customer. Take orders only if you have the capacity to fulfil them.

Actual 6 Sigma Gauge. Some form of normal loss in the manufacturing process should be expected and this can be predicted at the start. This is pre-determined. Sigma Level 6 has a success rate of 99.99966%. The more you succeed, the higher you fair on the sigma scale. There are 6 sigma scales and each documents the defect level per 1 million units produced. Your ultimate business goal should be to reach only 3.4 defects in every 1 million units produced. This is known as the 6 sigma level.

Effective application of lean six sigma, including in profession. View your profession as a business. Serving your auditee fast means saving your organization’s time. Learn to offer high quality services. Learn to create projects that are well defined. Every move your organization takes has an impact on the bottom line. Train key personnel. Use DMAIC – Define, Measure, Analyze, Improve and Control. Define the problem. Use only individuals who are compatible. Set working parameters. Overhaul your processes if there is fraud present in your organization. Have an effective plan for data collection and system analysis. Analyze the problem. The next step is to improve the situation. Propose a solution and execute a plan. Your solution must have a clear cost-benefit analysis. Present your plan to the stakeholders of the project. Learn to control the situation. Communicate both your goals and achievements to your stakeholders and get their buy-in.

Lean 6 Sigma in Government Operations. Wastage is bad for the government and it can bring the house down. Governments can consider VSM (Value Stream Mapping). To do a VSM, present both alternatives and show both mappings. Show 1 for the current process and the other for the new process. In Kaizen, the changes are incremental in nature. There is a lot of red tape in government and should be addressed through kaizen improvement.

Challenges to Anticipate in Lean Six Sigma Implementation. Identification the correct process owner is the most important thing. However, some of them may not be very enthusiastic. Some of the departments may not be working well with one another. You might encounter barriers in language. You must obtain management buy-in. The trick is to display any small wins quickly so as to show others that the project is working well. Develop rapport with everyone concerned. Learn to resolve issues quickly together. Have charts to indicate progress. Ensure that you have a project implementing team.

Why adopt the Lean 6 Sigma Style? A black belt certification means that you are highly valued. There is even a body called International Association for Six Sigma Certification. Six Sigma is about enhancing efficiency, reducing waste and leading to an increase in revenue.

Lean 6 Sigma for SMEs. Downtime is not good for any organization, even SMEs. Many SMEs are at level 3 or 4 currently. This is eating into their revenues. You want to spend as little time as possible fighting fires. Small organizations are more nimble and can implement 6 sigma more easily.

How to embark on implementing lean six sigma. You need to identify a project champion. You need this person to be involved as soon as possible. Gauge your project against your organization’s strategic objectives. The project champion is concerned with the big picture.

Yellow and Green Belt Certification in Lean Six Sigma Training. There are yellow, green and black belts available. The yellow belt training takes 2 days. It will teach you how to calculate the sigma level, defects per million units of output, yield. The green belt requires takes 8 days.

Black Belt Level of Certification within Lean Six Sigma. The Black Belt training also takes 8 days. You will need green belt before you can take the black belt. This level involves statistical analysis. You will understand how to perform sampling. You will be able to compute metrics and control charts. You will be able to handle regression etc. There is also a master black belt certification which is available for use. The MBB exam is over 2.5 hours long.

How does 6 Sigma Compare to Total Quality Management. TQM improvement is on a gradual basis. It involves more statistics and not so much on behavioural change. Six Sigma is not about ruthless cost cutting.

Details of Waste Eliminated by Lean 6 Sigma. Cutting waste in the transport area is important. Do not store unnecessary inventory as it is heavy. Unnecessary non-value adding work is also a waste of time. Excessive waiting time should be eliminated. Overproduction is bad. Underutilizing skills and defects are also undesirable and are a type of waste.

Lean and 6 Sigma above quality assurance. Quality assurance is good and system is important. Get rid of business steps which are redundant.

Why Companies Are not Taking Advantage of Lean Six Sigma. Six Sigma is one of the best ways to cut costs. The key benefits are 1) improving quality of products/services; 2) improving customer experience; 3) Increasing bottom line. Sometimes, there a lack of information hindering companies from applying 6 sigma. Some people believe it is a fad. There are also costs associated with 6 sigma implementation. Some people feel their business is too small for 6 sigma to be effective. A group of people might feel it is too mathematical.