IIA Magazine Oct 2016 issue

There needs to be reporting beyond just financial type. There is a need for a risk-based approach and to look at the major objectives of the organization. It is important to have a policy for conflict of interests. Do not simply give customers what we think we can deliver, but ask them what they need. Company culture is crucial in the employee rating of their CEO. Those CEOs who are the founders, have lower pay, have good profitability usually have better ratings. Some FIs are concerned by the staffing of their AML team and the adjustment needed for new regulations. The US is the most cyber aware country. However, there are some countries which are lacking in cybersecurity preparedness and that is a concern. Brexit might have the effect of changing the impact of globalization over time.

The Art of Recommending. Internal Auditors walk a fine line when presenting recommendations to management. IA needs to show how the recommendations fix gaps and mitigate risk. There needs to be a cost vs benefit analysis too. Recommendation can either be to address a gap or as a suggestion for improvement. There needs to be both internal and external sources of information. One needs to spend time documentation down potential recommendations. It should address the root cause. Avoid addressing a person. Indicate a repeat finding. Explain how the recommendation will mitigate the risk. For areas for improvement, list them separately from the gaps. Some external info could be ‘IIA research materials, professional literature, networking, procedures from other organizations.’

‘It is a good practice to jot down recommendation ideas as soon as they come to mind, even though they may not find a place in the final report. Even if internal audit testing does not result does not result in a finding, the auditor may still recommend improvements to the current process.’

‘It is internal audit’s prerogative to provide recommendations, regardless of whether management agrees with them. Persuasive and open-minded discussions with process owners are important to achieving agreeable and implementable recommendations.’

Big Data and IA. Today’s data analytics expand auditors’ ability to tap into all types of info generated by the organization. Auditors can mine data and analyse them. IA can use statistics or visualization tools to help them too. One can test all the transactions now. There is also a great variety of data available. Velocity of data now makes it possible for IA to perform continuous auditing. Learn to understand the data and acquire the analytics tools. It is also important to develop a road map too. Big data can be harnessed in a meaningful way.

Is IA in your Audit Universe? IA should seek to enhance and protect organizational value. IA should be audited via a QAR (quality assurance review). One can evaluate the IA’s conformance to the standards, code of ethics, efficiency and effectiveness of the IA activity. It must be conducted by someone who is objective in nature. An external assessment needs to be conducted once every 5 years.

Blurred Lines. Internal auditors need to have the skills and perspective to deal with frauds that don’t match the standard villain story. One needs to look for the motivations and benefits. IA needs a clear perspective on how to approach fraud. One needs to analyse why did the fraudster want to commit the crime.

Taking the Lead on Nonfinancial Reporting. Internal audit is well-positioned to examine how its organization reports on nonfinancial issues. European companies now need to disclose in the annual report how they are discharging social, environmental and ethical issues. Non-financial info is important to gauge the society’s impact. Management needs to be concerned over non-financial reporting. Sustainability reports should disclose how the company performs in some specific areas. You need good non-financial reporting systems. In the US, sustainability reporting is not mandated and not practiced by many companies. Non-financial data are often over-looked by IA. IA needs to have the right process competencies for effective non-financial reporting. There needs to decisions on materiality over nonfinancial reporting. Strong communication skills are the key. It is possible to create a multidisciplinary team that can provide combined assurance. IA needs to engage the first line of defense first.

Audit processes take flight. The updated COSO Internal Control-Integrated Framework is at the heart of Boeing’s internal audit work. The new COSO framework has 17 guiding principles across the 5 control components. The principles-based approach is being used. It is important to give weight to all of the COSO components. Keep the focus on inherent risks. Every audit requires a detailed process flowchart.

Privacy in the workplace. Organizations must find ways to accommodate employees’ personal technology use while also meeting regulatory and other requirements. Digital technology has changed a lot of things. Privacy issues are becoming more important. Employees tend to violate privacy risks more. IA should be able to understand where the risks lie. A lot of data is being collected and analysed. Some form of employee monitoring is necessary, but not excessively. Who is responsible for lost data on a cloud? In the US and Europe, there are a lot of acts that company must comply in relation to global privacy laws and regulations. In Europe or Japan, the privacy laws are more absolute. There needs to be a strong governance/ privacy framework in place. A risk assessment should be performed on a frequent basis to evaluate the impact of changes to regulation. If an organization expands, IA should make sure controls are in place to manage privacy. Training and awareness needs to be made at every level. Trust must be built between employers and employees.

A Unified Approach to Compliance. Failure to comply with regulation could lead to fines and reputational damage. There needs to be a co-ordination between IA and compliance function. IA needs to understand the business goals and how the compliance team plans to assist the business in achieving them. One can examine from both a macro and a micro level. The IA charter should clearly document the role of the IA team in compliance. We should focus on the foundations of the assessment. IA should sound out levels of residual risks that are greater than risk appetite. How does the organization ensure completeness in the assessment? IA can rely on the compliance team to update them on the regulations. Key compliance decisions must be documented. IA and compliance teams should meet to discuss once in a while. IA can share audit reports with the compliance teams. IA can leverage and use the compliance risk assessment. However, IA should check whether it is complete. To achieve the IA mission, IA needs to include compliance too.

The Power of Rhetoric. Understanding the powers of persuasion and applying key rhetorical skills can improve the work of any IA. IA needs to possess rhetoric to persuade the auditee to accept the recommendations. The key elements are speech, audience, text. The author is usually the engagement lead. All members and groups of audience needs to be considered. The audit report is the written text. The team selected must be capable and know how to perform the engagement. Logos appears to one’s logic and the supporting documents. Pathos focuses on the audience’s irrational modes of response and is an appeal to emotions. Design of slides must be beautiful and also simple to read. Word selection is important and IA should give a balanced view.

The Red Flags of Fraud. Internal auditors’ knowledge of the business makes them ideal candidates to detect unethical behaviour. Fraud affects the bottom line and active measures to detect it are better. Red flags are signs that it could occur. IA can do a red flag analysis. There are different types of fraud, financial statement fraud, employee fraud, tech fraud etc. For FS fraud, personal enrichment is common. IA can scan the GL to look out for unusual trends etc. Analytical procedures can be used too. Employee theft of cash is possible. Other types of fraud are employee expense reimbursement fraud, payroll fraud and kickback scheme. Most frauds usually happen only after a year of service, because the employee needs to learn of the internal controls first. The chance of fraud is greater if the person is in financial difficulty. Data analytics can help to review red flags. Anti-fraud training must be conducted. Early detection is the key as if the fraud persists, the loss will be even greater.

‘Ethos is established when the audience determines that the author is qualified, trustworthy, and believable.’

Anticipating Information Security Regulation. As threats and data breaches become more common, so will regulatory oversight. Data breaches are more common and the risk to consumers are growing. One needs to establish a security risk assessment process. IA can adopt ISO 270001 to enhance their information security program. An employee security awareness program is very important too. IA needs to validate and assess the control environment too.


Business related quotes 51 to 100

  1. ‘Most people with my kind of track record don’t look to change. But I always felt I couldn’t afford not to change. We had to be successful—there was no other option for me—and I would explore any means of improving. I continued to work hard. I treated every success as my first. My job was to give us the best possible chance of winning. That is what drove me.’ Sir Alex Ferguson
  2. ‘One of the things I’ve done well over the years is manage change. I believe that you control change by accepting it. That also means having confidence in the people you hire. The minute staff members are employed, you have to trust that they are doing their jobs. If you micromanage and tell people what to do, there is no point in hiring them.’ Sir Alex Ferguson
  3. ‘I don’t think many people fully understand the value of observing. I came to see observation as a critical part of my management skills. The ability to see things is key—or, more specifically, the ability to see things you don’t expect to see.’ Sir Alex Ferguson
  4. ‘My presence and ability to supervise were always there, and what you can pick up by watching is incredibly valuable. Once I stepped out of the bubble, I became more aware of a range of details, and my performance level jumped.’ Sir Alex Ferguson
  5. ‘Winning is in my nature. I’ve set my standards over such a long period of time that there is no other option for me—I have to win. I expected to win every time we went out there. Even if five of the most important players were injured, I expected to win. (Prepare to win)’ Sir Alex Ferguson
  6. ‘If you are too soft in your approach, you won’t be able to achieve good football tactics. Fear has to come into it. But you can be too hard; if players are fearful all the time, they won’t perform well either. As I’ve gotten older, I’ve come to see that showing your anger all the time doesn’t work. You have to pick your moments. As a manager, you play different roles at different times. Sometimes you have to be a doctor, or a teacher, or a father.’ Sir Alex Ferguson
  7. ‘I would tell them that having a work ethic is very important. It seemed to enhance their pride. I would remind them that it is trust in one another, not letting their mates down, that helps build the character of a team.’ Sir Alex Ferguson
  8. ‘No one likes to be criticized. Few people get better with criticism; most respond to encouragement instead. So I tried to give encouragement when I could. For a player—for any human being—there is nothing better than hearing “Well done.” Those are the two best words ever invented. You don’t need to use superlatives. (Match the message to the moment)’ Sir Alex Ferguson
  9. ‘It’s important to have confidence in yourself to make a decision and to move on once you have. It’s not about looking for adversity or for opportunities to prove power; it’s about having control and being authoritative when issues do arise.’ Sir Alex Ferguson
  10. ‘Some English clubs have changed managers so many times that it creates power for the players in the dressing room. That is very dangerous. If the coach has no control, he will not last.’ Sir Alex Ferguson
  11. ‘If the day came that the manager of Manchester United was controlled by the players—in other words, if the players decided how the training should be, what days they should have off, what the discipline should be, and what the tactics should be—then Manchester United would not be the Manchester United we know. (never ever cede control)’ Sir Alex Ferguson
  12. ‘I constantly told my squad that working hard all your life is a talent. But I expected even more from the star players. I expected them to work even harder.’ Sir Alex Ferguson
  13. ‘I had to lift players’ expectations. They should never give in. I said that to them all the time: “If you give in once, you’ll give in twice.” And the work ethic and energy I had seemed to spread throughout the club. (Set high standards and hold everyone to them)’ Sir Alex Ferguson
  14. ‘Although I was always trying to disprove it, I believe that the cycle of a successful team lasts maybe four years, and then some change is needed. So we tried to visualize the team three or four years ahead and make decisions accordingly. Because I was at United for such a long time, I could afford to plan ahead—no one expected me to go anywhere. I was very fortunate in that respect.’ (Dare to rebuild the team.)’ Sir Alex Ferguson
  15. ‘I always take great pride in seeing younger players develop. The job of a manager, like that of a teacher, is to inspire people to be better. Give them better technical skills, make them winners, make them better people, and they can go anywhere in life. When you give young people a chance, you not only create a longer life span for the team, you also create loyalty. They will always remember that you were the manager who gave them their first opportunity. Once they know you are batting for them, they will accept your way. You’re really fostering a sense of family. If you give young people your attention and an opportunity to succeed, it is amazing how much they will surprise you.’ Sir Alex Ferguson
  16. ‘From the moment I got to Manchester United, I thought of only one thing: building a football club. I wanted to build right from the bottom. That was in order to create fluency and a continuity of supply to the first team. With this approach, the players all grow up together, producing a bond that, in turn, creates a spirit.’ Sir Alex Ferguson (Building the foundation)
  17. ‘Am I getting enough challenges? Do I have a healthy work/life balance? Does my job give me a personal sense of fulfillment, of achievement? Do I have a sense of community? Do I feel appreciated?’ Irene Ross, on five questions you should ask yourself about your job once in a while




  1. ‘Beijing is using a softline economic approach to groom Shanghai to compete with, or possibly, replace Hong Kong. The implicit message is clear if that Hong Kong continues to have political squabbles, its economic status will suffer greatly.’ Sonny Lo, on China’s idea of establishing a FTA in Shanghai
  2. ‘In terms of condition, the guys have to be honed athletes. They have to be strong, with good cardiovascular fitness. The need for strength is underestimated sometimes. You’re digging deep into your reserves in a race like that. It’s a mental as well as a physical challenge.’ Gerry Convy, on F1 drivers
  3. ‘It doesn’t seem as easy (start an IT firm in India) as Silicon Valley where you have an idea you can simply execute it with hard work. But I admire folks who are doing things in India. It requires a lot of grit and determination.’ Ruchi Sanghvi
  4. ‘I’d love to do something if it was easier to do it. It is difficult to do exciting things in India. There are a lot of issues and barriers, simple things like a good internet line to the office.’ Ruchi Sanghvi, on starting an IT firm in India
  5. ‘The solution to not having useless 25 [and] 30-year-olds living at home is not sending them out of the home, it’s making them do their own washing, pay their own way, pay towards the rent, pay towards the bills, to take responsibility for cleaning up their bedroom and not waiting on them hand and foot.’ Sarah Beeny
  6. ‘By working faithfully, eight hours a day, you may eventually get to be a boss…and get to work twelve hours a day.’ Robert Frost
  7. ‘Many people die at twenty five and aren’t buried until they are seventy five.’ Benjamin Franklin
  8. ‘Decide in your heart what really excites and challenges you and start moving your life in that direction. Every decision you make, from what you eat to what you do with your time tonight turns you into who you are tomorrow, and the day after that. Look at who you want to be, and start sculpting yourself into that person. You may not get exactly where you thought you’d be, but you will be doing things that suit you in a profession you believe in. Don’t let life randomly kick you into the adult you don’t want to become.’ Chris Hadfield
  9. ”If you’re opening a business just for the money, you’ll fail. There’s too much work before the money comes. Your heart needs to be in it.’ (from a random blog)
  10. ‘If you’re limiting yourself to what you experienced, you are going to be in trouble…I studied the Great Depression. I studied the Weimar Republic. I studied important events that didn’t happen to me.’ Ray Dalio
  11. ‘I hardly made any money, but I remembered I loved it. And that was great. Even back then, I was never really concerned with money past a certain point of utility. I was happy sleeping on a cot in a studio apartment. All I cared was having the freedom to do what I wanted to do.’ Ray Dalio
  12. ‘Above all else, I want you to think for yourself – to decide 1) what you want, 2) what is true and 3) what to do about it. I want you to do that in a clear-headed thoughtful way, so that you get what you want.’ Ray Dalio, a famous hedge fund manager
  13. ‘I didn’t really feel any anxiety about starting out on my own. I could pay the rent. I had free time to do what I wanted – I like the independence. And so I thought if it didn’t work out, I’d go get a job. And if it did work out, then I’m free.’ Ray Dalio
  14. ‘It’s strange. Bankers are so smart, yet they get this thing wrong. They spend their lives in an office when the only valuable thing in life is time. It is the only thing that is not replenishable. You can always make more money, but you can never get more time. Maybe it’s because death is such a taboo in our society, that people live in this illusion that their life will go on forever.’ (random banking product structurer)
  15. ‘The world of investment banking is a meritocracy. Nobody ever asked me what university I went to (I’m a drop-out). I never encountered racism, sexism or homophobia and the simple reason is that people just don’t give a fuck who you are. It’s what you can do.’ (random investment banker)
  16. ”I think ego stands in the way of a lot of people doing that (starting a business). It’s like learning how to ski…the sting of the fall hurts for about a minute but that’s how you learn.’ Ray Dalio, founder of Bridgewater Associates
  17. ‘Research shows that the life of a wild animal is mostly suffering; stress and fear and pain. Yet do we believe pets to be happier? For me the buzz that comes with the pressure for survival is attractive. I’d rather be the wild animal than the pet.’ (random investment banker)
  18. ‘It’s the competitive element which attracts me to banking and which makes me a happy banker. To know that those who don’t make the grade get cut. I have a lot to prove to myself. I’m the kind of person who wants to swim with sharks and see if I can survive… Happy bankers are those who don’t do it for the money but for the thrill.’ (a random banker)
  19. ‘The key to success is big vision and determination to achieve it. The lesson we have been taught is that you should always aim high. Once you have sorted your vision, execution is another important element in success. If something doesn’t work out just yet, make sure you pivot over and over again, and if it fails, celebrate failure early enough and start again.’ Audra Pakalnyte and Reda Stare
  20. ‘Using leverage is like playing Russian roulette. It means that you are inevitably going to get a bullet in your head.’ Ray Dalio
  21. ‘What has made Buffett successful, what has made other people very, very good, is their ability to see things in the available data that others don’t see.’ Marc Lasry
  22. ‘You have to be assertive and open minded at the same time. This is true in the markets; this is true in almost everything. You have to learn from your mistakes to keep getting better. And it’s through learning from those mistakes that you learn what reality is and how to deal with it, which is called principles. Knowing what is true, whether you like it or not, is a tremendous asset. There’s no sense in fighting reality.’ Ray Dalio
  23. ‘I wanted to be able to say whatever I wanted to say. I wanted to be able to do whatever I wanted to do.’ Bill Ackman, on his decision to start his own hedge fund
  24. ‘Raising money for a start-up hedge fund is a lot like blind dating. You meet someone you’ve never met before, you have a limited time in which to make the pitch, and then you try to close the deal. Charm matters.’ Bill Ackman
  25. ‘Warren Buffett said that one can immediately obtain the qualities that make for a good reputation by just making good everyday life decisions. He also reminded us that your reputation can be lost overnight and to therefore protect it with your life. I never forgot that.’ Bill Ackman, a hedge fund manager
  26. ‘We all understand that independent thinking is a necessity. We understand it better than other people because value-added alpha is zero-sum. So if you think about almost any career and any job, you can add value and it’s not zero-sum. If you’re a doctor and somebody breaks their leg, you can fix their leg, you can add that value.’ Ray Dalio
  27. ‘The stereotypical ways that Wall Streeters cope with pressure – they drink, they have affairs, they cultivate expensive hobbies like collecting cars – don’t work for me. Instead, I exercise maniacally.’ Mike Mayo
  28. ‘Failure is “an inherent part of entrepreneurship”. It’s difficult to learn and improve if you don’t take some risks.’ Judy Estrin
  29. ‘You can have mid-level success as an entrepreneur and you can still be having a lot of fun solving a lot of good problems, making money for your investors. Not every company is a Google or a Facebook.’ Judy Estrin, on the need to recognize different levels of success
  30. ‘Some people can be content lying on the beach indefinitely, but I can’t. I desperately wanted to keep working.’ Mike Mayo
  31. ‘My stepdad always said he’d rather live well with risks than play it safe and be bored. That’s something I’ve tried to apply to my own life and career, as well.’ Mike Mayo
  32. 100. ‘In our business (hedge fund) we’ve learned that it’s not so easy to have an opinion and be confident that opinion is right. I learned this at a very early age… I also know it’s not so easy to have an opinion that you’re confident in. Be careful of the opinion that you’re overconfident in.’ Ray Dalio


Boomerang by Michael Lewis

This book is about how several hedge fund investors, including Kyle Bass from Hayman Capital engaged in credit default swaps to make a fortune during the subprime crisis in 2008. This meant betting against the subprime mortgage bond market. First, the crisis hit banks like Bear Stearns. Later, it hit countries like Iceland. Governments can actually default. The warning signs were clear. Kyle analyzed the countries which he thought would default, including Iceland, and placed bets against them.

Iceland went bust in October 2008. Their debt at the height of the crisis amounted to 850% of their GDP. When the Icelandic Krona was strong and interest rates were high, people started to borrow in Yen or Swiss Francs. Once the krona plunged, citizens were in for a lot of trouble. During the crisis, the streets were empty and so were the stores. Prices shot up when the krona plunged as shops had to import goods from overseas. Their biggest mistake was to buy as much assets as possible using borrowed money. This was ok as long as asset prices kept rising. Banks traded fake capital at inflated asset valuations. The Icelandic investment bankers made inappropriate and risky decisions and didn’t know what they were doing. Iceland ignored reports from other countries, like Denmark. The banks sold each other stuff, borrowing huge sums of money and relending them to the public. The public, in turn, bought all messy assets as well. Icelandic people are generally very ambitious. Iceland ignored help. PhD holders don’t want to fish or smelt aluminum for a living.

I have never in my life slept so little, because I was so eager to learn. I slept two or three hours a night because I was sitting beside him (fishing legend). .. The reach of the trawler. The most efficient angle of the net. How do you act on the sea. If you have a bad day, what do you do? If you’re not fishing at this depth, what do you do? If it’s not working, do you move in depth or space? In the end it’s just so much feel. In this time I learned infinitely more than I learned in school. Because how do you learn to fish in school? – Stefan Alfsson, an Icelandic fisherman

The author visited Greece. Greece bonds were rated as junk and had to be bailed out by IMF and the other members of the European Union. The government borrowed 30 billion euros of money and spent it on areas like paying the civil servants excessive salaries, pension schemes etc. The education system is very inefficient as well. Bribery is also prevalent throughout the country. In the case of Iceland, it was the banks sinking the country. In the case of Greece, it was the country sinking the banks. Many items were kept of the government’s balance sheet. There was no statistics department or independent check on the government finances. People were not fined for not paying taxes. The authorities take about 7 to 8 years to resolve a case of bribery. Almost everyone in Greece engages in some form of bribery, cheating etc. The real structure of their society is akin to ‘every man for himself’. Greece joined the European Union in 2001 after being suspected of manipulating their figures in order to meet the EU requirements. They were eventually discovered in 2009, after a change in political ruling party.

This is the secret of success for anywhere in the world, not just the monastery. The idiot is bound by his pride. It always has to be his way. This is also true of the person who is deceptive or doing things wrong: he always tries to justify himself. A person who is bright in regard to his spiritual life is humble. He accepts what others tell him – criticism, ideas – and he works with them. – Father Arsenios

The Irish banks went bust. The banks borrowed foreign money to conquer Ireland, buying up property in their own country. As a result, hoards of people are leaving the country. Unemployment rates spiked. Interest rate spiked. Budget is a severe deficit position. Ireland was tremendously successful from the 1990s to the early 2000s. The young, immature bankers didn’t realize that a housing bubble was emerging. The housing prices kept rising and were bound to fall one day. Banks started offering loans without performing adequate customer due diligence checks. The important people in Ireland went down with their banks. Their housing bubble was also not as complex as America’s. There were loads of unoccupied new property projects. The Irish government created ‘TARP’ and nationalized Anglo Irish bank, thereby guaranteeing depositors and bondholders of their investments. There was a major issue with the government paying off foreign bondholders using money borrowed from the ECB. Unlike Greece, there was hardly any public unrest. The big property developers were spared from bankruptcy and instead could aid the government in resolving the crisis.

Are Germans willing to bail out countries like Greece? There is a feeling of rage, indignation among Germans on the European financial crisis. The two main options for Greece is firstly to slash their size of the government or undergo major structural reform. To the Germans, it is politically unacceptable to bail out other countries in the EU. Public dissatisfaction is at an all-time high. Germany have become so powerful that the rest are relying on their financial power. The people are very frugal and will not live beyond their means. Living beyond their means is seen as unacceptable and unbecoming.

The German government gives money to the European Union rescue fund so that it can give money to the Irish government so that the Irish government can give money to Irish banks, so the Irish banks can repay their loans to the German banks. They are playing billiards. – Henrik Enderlein


Why should you pay twenty million to a thirty-two-year old trader? He uses the office space, the IT, the business card with a first-class name on it. If I take the business card away from that guy he would probably sell hot dogs. – Klaus-Peter Muller, Commerzbank chairman

Even the US government bonds was not triple A rated at one point. Municipal bonds are not doing well and state treasurers are not aware of how their situation. Different municipals performed differently, and some were a lot worse than the others. The state of California had excessive pension schemes and sacrificed on other important areas of the economy, like the education system. The amount of tax collected could not sustain the pension scheme. Eventually, parks had their funding cut. The cities pay eventually when the state as a whole is not performing well. The people of San Jose refused to believe the state they were in, even though the state was flirting with bankruptcy. The state was in so much debt that even forcing public workers to take pay cuts won’t work. Service-level insolvency or cultural bankruptcy is when the libraries and communities centres are closed because they can’t afford to open. Greed was the main problem. Americans look at short term reward, neglecting the long term consequences. They are tempted by the chocolate cake that appears before their eyes. Self-regulation is hard as humans are generally greedy. Self-regulation can work if the environment punishes the institution/people for being greedy.

My approach has been I don’t care who is to blame. We needed to change. It’s got to be about the people. Teach them respect for each other, integrity and how to strive for excellence. Cultures change. But people need to want to change. People convinced against their will are of the same opinion still. – City Manager of Vallejo, Phil Batchelor


There was once a lone pheasant in the gardens of Blenheim Palace who avoided being killed by the hunters. He was affectionately known as Henry by the tourists. Being the only survivor in an unregulated environment, he faced no competition for food. Henry kept eating till he was fat. Even when he was fat, he just ate and ate. Eventually he became too fat to fly. Then one day, a fox ate him. – Peter Whybrow, a neuroscientist, on the greed of Americans