IIA Magazine Feb 2017 issue

IIA Feb 2017 Issue

Internal Auditors need to provide maximum return on investment and audit the right things. They need to understand the company’s strategic mission, objectives and KPIs. More auditors need to base their work on the International Standards for the Professional Practice of Internal Auditing.

The 5 emerging threats are (i) global economic uncertainty; (ii) increased regulatory burden; (iii) significant industry changes; (iv) business model disruption; (v) cybersecurity threats. Global economic uncertainty seems to a bigger risk in 2017 as compared to previous years. In the compliance space, with the new US administration, enforcement areas could see some change. Trump could change the legislative, regulatory and executive actions under Obama’s reign.

Although most companies feel that they could detect a sophisticated cyberattack, many of them do not have an adequate communication strategy in the event of a significant attack. Also, some of the BCP might be lacking. The continuous monitoring of cyberattacks is also a challenge.

Data Mining. By leveraging data, internal auditors can address issues beyond the reach of traditional analysis techniques. It involves making use of data which had previously no formulated relationships, patterns. Artificial intelligence, machine learning, statistics and database systems all come into play. Some of the techniques auditors can use are predictive modeling (IF), data segmentation (data clustering), neural networks (artificial intelligence), link analysis (links between records), deviation detection (red flags). The use of email mining can identify red flags in fraud etc. Social network analysis is also possible. IA should continue to look for ways to innovate their audit testing.

Intelligent Assessments. Use cognitive technology to help identify high-risk areas. These are intelligent computer systems that can aid in the performance of risk assessments. For instance, this tool can extract and analyze text from audit reports and analyze trends and high-risk areas. Natural language processing (NLP) has the power to tap into every sentence of every report to churn out more information. The machine will convert text to a certain structure and add meaning to the text and teach the computer to understand audit concepts. Words like ‘fraud’, ‘finding’, ‘auditee’ can be flagged out.

Turning Up the Heat on Fraud. A fraud risk assessment can help auditors take the organization’s ethical temperature. There are many ways to do it, example, through surveys, focus groups, workshops etc. The focus is mainly on fraud risk. It works best in small brainstorming sessions with operational management. Using the ACFE’s Fraud Risk Assessment Tool can be useful as it provides a structured approach. Risk assessment is about identifying where fraud might occur and the potential perpetrators. IA can do surveys to measure the ethical climate and voting can be anonymous. The results of the survey can be discussed with management. If there are high risk areas with fraud risks, IA can pay more attention to them.

The Accidental Discovery. Small or remote locations can be more susceptible to embezzlement, especially when they are not audited regularly. Confront someone after the facts have been reviewed. Look at the big picture. Controls that aren’t operating effectively are as good as them not being there.

Auditing what matters. Add value by selecting audits that contribute to achievement of strategic objectives. Auditors now should start looking at this area. Look at where the company spends the most money, what their main programmes are etc. Find out who is responsible for the strategy and make them IA’s stakeholders. Traditional audit activities can move towards strategy too. IA should use the COSO ERM framework in its entirety. The aim is for IA to a strategic partner to management. Don’t fear failure and find out more from the auditee by talking to them. The trick is to engage with processor owners easy and evaluate control design. IA should do the following: (i) Identify and define the risks; (ii) rate the risks; (iii) address risks in detail. Getting management buy-in is also important. The CAE must convince the AC to highlight the need for a strategic approach. Most IA wants to be a trusted advisor.

Core Principles and the QAIP. The new IPPF in 2015 can be incorporated into the QAIP to show that the IA is aligned with the mandatory IPPF elements. Learn to develop a concept and approach that is easy to understand. Core principles are a mandatory element of the IPPF. IA need to have general conformance with the Code of Ethics and Standards. The 5 steps are (i) establish a maturity framework (ineffective, partially effective, effective, sustainable, world class); (ii) map core principles with the standards and code of ethics; (iii) Define characteristics of maturity in 3 aspects of standards and QAIP characteristics, infrastructure and process characteristics, core principles and specific characteristics; (iv) perform internal and external assessment consistent with requirements of QAIP; (v) Evaluate and report maturity levels for core principles.

Champion of Trust. By modelling high standards of ethical behaviour, IA can help shore up faith in the organizations they serve. How can IA be a trusted advisor that is well respected? One way is via ethical commitment. IA needs to model ethical conduct in everything they do. IA must have the courage to sound off before things get in trouble. Ethical commitment is the key to a well-functioning IA. Ethics should come naturally to all. We also need to build ethical resilience (integrity, courage, honesty, accountability, trustworthiness).

Infusing IT Auditing into Engagements via a three-phase approach. The tech sector is growing at a rapid rate. Internal auditors also need to develop IT-related capabilities. IA needs to think about the future of integrated auditing. For a start, IA can incorporate IT perspectives into current audit engagements. This can involve documenting down what are the IT automated controls. One can also read IT policies or those on change management. One should also identify resources and pinpoint where they are stored (example: servers). Map core IT resources and data to key business objectives. Respond to IT risks and identify audit objectives that can add value. An integrated audit can help in this. In the middle term, IA can build an IT audit team, understand the IT framework like COBIT, perform IT audits and also foster relationships with IT and management. In the long term, IA can leverage on data analytics and obtain professional certifications (like IIA and CISA).

Breaking Down The Standards. With the right strategy, practitioners can divide conformance into bite-size, easily digested portions. The standards consist of attribute standards (series 1000 to 1322) and performance standards (series 2000 to 2600). Some IA may neglect the attribute standards and focus on the performance standards instead. However, both are very important. IA should perform an assessment of how well they are conforming to the Standards. An external assessment must be conducted once every 5 years. The audit work program needs to be reviewed and approved by the CAE before engagement commencement. Ultimately, conforming and understanding the principles behind the Standards are important.

Auditing Organizational Governance. IA has an integral role to play in improving the organization’s strategic performance. This area is becoming increasingly important in recent years. Governance reviews can help prevent governance failures. Less than 1 in 6 IAs conduct reviews for their organization’s strategy. Sometimes, it might be difficult to conduct a separate governance review. Rather, it might be easier to incorporate it as part of routine audits. One can focus on both the governance structures as well as the organizational culture. Some of the soft controls can include management competence/style; mutual trust and openness; strong leadership; high performance and quality expectations; shared values and understanding; high ethical standards. However, for some of these measures, there are no hard data to analyse. Hence, it is important for IA to read the signs. IA can also provide a more advisory role, which is educating board about developments and trends in the industry and governance best practices. In terms of strategic reviews, IA has much to work on. There is a tendency to focus on weaknesses in financial reporting etc.

Good Governance is All About Quality. The 5 quality rules are (i) customer focus; (ii) management leadership; (iii) Teamwork; (iv) Measurement; (v) Total commitment to continuous improvement.




The Business Book (DK) (Part 2)

Culture is the way in which a group of people solves problems. Tradition, culture and structure are important for a company. Culture is a shared history of what the company has. It is a narrative. There are basically 5 dimensions of culture. They are 1) power distance; 2) individualism vs collectivism; 3) uncertainty avoidance; 4) masculinity vs femininity; 5) long vs short-term orientation. Power distance refers to distance in authority between managers and executives. Culture matters a lot. Organization culture is non-static and can change over time.

Emotional Intelligence is the intersection of heart and head. EQ is the ability to perceive, control and evaluate emotions. There are 5 domains to EQ. It is an essential trait in highly effective business leaders. They are 1) self-awareness; 2) self-regulation; 3) motivation; 4) empathy; 5) social skills. EQ can grow with age and experience. Emotional balance is a key factor in commercial success.

Management is a practice where art, science, and craft meet – Mintzberg’s management roles. Management roles fall into these 3 categories: 1) informational; 2) interpersonal; 3) decisional. Effective managers must use all three and know when to use them appropriately. Management is both an art and a science. Management is complex and multi-faceted.

A camel is a horse designed by a committee – Avoid Groupthink. We tend to nod in agreement even if we disagree. This is because we want to feel like we ‘belong’ to the others. Groupthink can be so strong that proper analysis might not be conducted at all. It encourages extreme risk taking. Managers must encourage all to talk and encourage dissent in order to avoid groupthink.

The art of thinking independently, together – the value of diversity. Males have the tendency to employ other males. Greater diversity means scope for creativity. Diversity can combat groupthink.

Making money work: Managing finances. Finance strategy has emerged in importance nowadays. Leverage is a double-edged sword. Is it the director who is responsible when things go wrong? Learn to ignore the herd instinct. There may be wisdom to listen to your customers. For instance, China has a huge potential. Management accountants work hard to derive accurate costing. ABC is a good way to do this. Financial accountants must play by the rules and abide by FRS and their principles. Often, companies are trying to make ‘money’ from ‘money’ rather than concentrate on their core operations.

Do not let yourself be involved in a fraudulent business. Learn to err on the side of caution. Consider rules plus morality as well. Do not inflate profit figures if you are an accountant. Prudent approaches must be made with regards to the provision of bad debt. Directors must be alert to any creative accounting being employed. IFRS relies more on principles as compared to rules-based US GAAP. Is mark-to-market accounting misleading in times of economic boom? No set of rules can govern ethical behaviour.

Executive Officers must be free from avarice. Managers can act in their own interests. They must not be opportunistic and simply interested in personal gain. Shareholders are now even more concerned about governance and gain.

If wealth is placed where it bears interest, it comes back to you redoubled – Investment and dividends. Dividends are more rare nowadays. Share buy backs are more common. In periods of high growth, companies should reinvest a great amount in order to grow the business. When growth is slow, companies should pay dividends. Apple only started paying dividends in 2013.

Borrow Short, Lend Long – Make Money from Money. However, this is a short term strategy. Invest in financial products. The treasury function emerged in the late 1970s. Speculation via derivatives can be risky indeed.

The Interests of the shareholders are our own – Accountability and Governance. Governance must be proactive and ethical in nature. Lines of responsibility are clear. Board members must be fully informed and work in the long term interests of business and shareholders. Board members must be alert. Many board members had no idea what risks the company faced. Good governance is necessary.

Make the Best quality of goods at the lowest cost paying the highest wages possible – your workers are your customers. Sale of stable groups are growing rapidly. Sometimes, your workers will also be your customers. This will be good. China is the biggest market for consumer spending. There is a lot of potential in this market. Bosses need to focus on workers’ delight and fulfilment more than ever. Encourage the workforce to manage themselves.

Utilize OPM other people’s money – Who bears the risk? In the event of liquidation, shareholders tend to lose out as they are the last to be paid. Staff might lose their job when the company fails. The pension funds might be wiped out and hence affecting employee welfare.

Swim upstream. Go the other way. Ignore the conventional wisdom. You need to have a contrarian view to make money. Public shareholders should not follow mass trends. Do not stampede to make takeover bids. This is because the company will tend to overpay. Do not buy other businesses for diversification sake when others are doing so. Avoid followership and imitate market innovators. Learn to swim upstream

Debt is the worst poverty – Leverage and excess risk. In the long run, taking leverage is not good. However, in the short term, it might help the company to grow. The optimal debt should be about 25 to 30%. Leveraged buy-outs exist in the market. For instance, LBOs rescued MGM Grand.

Cash is King. Profit vs Cash Flow. For fast growing companies, cash flow is more important than ever. Profit is an accounting concept. Those with weak cashflows can use overdrafts and supplier credit. However, in times of recession, cash is king. Companies must be able to tie over the period of negative cashflow in order to survive unscathed.

Only when the tide goes out do you discover who’s swimming naked. There is off-balance sheet risks. Not all liabilities may be reflected on the BS. Losses can be parked with subsidiaries or SPVs and not consolidated.

ROE is a financial goal that can become an own goal. ROE is vital. Share repurchases help to boost ROE. However, this results in a risky capital structure. Hence, ROE can be misleading at times.

As the role of private equity has grown, so have the risk it poses. PE involves loading debt onto the business, similar to LBO. Debt has inherent risk. Managers are pressured to perform to pay off the debt. Hence, there is more incentive for short term performance rather than long-term gain. Those who make PE purchases are usually institutional investors. The trick is to try to turn the company such that it becomes profitable.

Assign costs according to the resources consumed. Use ABC. Overhead costs can be vague in nature. ABC calculates the actual overhead costs. This allows the company to make better decisions. This is good for non-standard products. To do this, one needs to identify the cost drivers for each activity.

Working with a Vision – Strategy and Operations. Everyone should have a common objective. Strategy is vital. Companies must be nimble and change course if necessary. There is a need to balance long and short term objectives. Flexibility is important. Regulation is taking centre-stage now.

Turn every disaster into an opportunity. There are many success stories that emerged because of failure. There are opportunities in disasters. Analyze every failure and learn from them.

If I had asked people what they wanted, they would have said faster horses. The company that leads the way can dominate an industry even if they are copied. This is because people associate the concept with them first. This is known as first-mover advantage. Do things that no one else is willing to do. Being the first is everything. You need to get into the mind of your customer. Toyota created the Prius car.

The main thing to remember is, the main thing is the main thing. Protect the core business. Diversification usually does not bode well for companies. A business should focus only on what they are good at. Outsourcing some non-core functions is possible. The outsourced function must be managed well.

You don’t need a huge company – Just a computer and a part-time person (Small is beautiful). Internet had disruptive power. Google was phenomenal. eBay is a very successful auction house. Anyone can sell unique items on such platforms. Internet allows business to be run at a much cheaper cost. Cost and speed of delivery are important too. Customer service is increasingly important in this modern age. Feedback is always useful for business owners. Customization is possible for small businesses.

Don’t get caught in the middle – Porter’s Generic Strategies. Companies generally choose between cost leadership or differentiation. This is how companies develop a competitive advantage. For low cost strategy, companies might be worried that their idea will be copied. Bose is a company that pursues a differentiation strategy. A focus strategy is good to target a niche market. Ryanair is a typical low cost carrier. SIA pursues a differentiation strategy.

The essence of strategy is choosing what not to do – Good and bad strategy. Choosing what not to do is as important as choosing what to do. Good strategy should be developed from SWOT. Kodak is an example of a company which used bad strategy. They neglected the potential of the digital camera.

Synergy and Other Lies – Why takeovers disappoint. The purpose of merger and acquisition is to create synergy. The most reason why things don’t work is because the two companies cannot agree on a common strategy. There might be a mismatch in organizational culture.

The Chinese word ‘crisis’ is composed of two characters: ‘danger’ and ‘opportunity’. Crises can strike anywhere. Crisis management is important. Leadership must be swift and decisive. It is always crucial to care for the well-being of your customers. Sometimes, product recalls are necessary.

You can’t grow long term if you can’t eat short-term. There is a need to balance the two. It is a delicate balance. If you only think long term, you might not have the immediate capital to fund your business. It is important to preserve the core of the business and yet stimulate progress.

Market attractiveness, business attractiveness. MABA is a business framework. It is also known as the GE-McKinsey Matrix. This helps to plot the relative profitability of business units or products.

Only the paranoid survive. RIM did not innovate. It is normal to relax when things are well. Every business faces change. Intel had to reposition themselves when Japanese companies could produce memory chips at a lower cost than them. This is known as a strategic inflexion point. Leaders must make the right decisions during inflexion points or the business has a high chance of failure. Leaders need to look out for black swan events that might hurt the business. Keep asking ‘why’ till you get to the root of the problem. Managers must question processes. They need to constantly ask whether there is a better way of doing things. Victorinox started selling watches after its business for pocket knives were hit.

To Excel, tap into people’s capacity to learn (The Learning Organization). Companies need to be devoted in development and education. The community will benefit as a whole. Peter Senge made headway in his research. The two traits are discipline are personal mastery and mental models. The other three are team learning, systems thinking and building a shared vision. Turnover is a big problem in major organizations. This could be due to poor management practices. Honda is an example of a good learning organization. Those organizations which focus on learning have better hope for the future.

The future of business is selling less of more (The Long Tail). This means low volumes of an increasing large number of products. Customers are now buying niche items from online sellers. iTunes offers a wide range of music that no one else can compete with them. Physical stores can only offer a limited variety of items.

To be an optimist, have a contingency plan for when all hell breaks loose – Contingency planning. One must have an adequate plan to tackle a crisis. It is important to be able to manage disasters well.

Plans are useless but planning is indispensable. Ask what is likely to happen the next few years. Shell managed to diversify into other energy sources when there was an oil embargo.

The strongest competitive forces determine the profitability of an industry. They are the power of suppliers, buyers, rivalry among existing firms, threat of new entrants and threat of substitutes.

If you don’t have a competitive advantage, don’t compete. Companies can add value at any stage of the value chain. Companies must know how to analyse their value chain.

If you don’t know where you are, a map won’t help (The capability maturity model). Processes must be proactively applied and then managed and monitored. Continuous process improvement is crucial.

Chaos brings uneasiness, but it also allows for creativity and growth. Companies need a flatter structure with more flexibility. A company has to re-visit its strategy frequently. Workshops and team briefings are important.

Always do what is right. It will gratify half of mankind and astonish the other. There is morality in business. Companies may cheap because they want to boost performance. Some companies engage in price fixing etc.

There is no such thing as a minor lapse in integrity – Collusion. There is a fine line between collaboration and collusion. Accountability is important and must be emphasized.

The Business Book

Eight Lessons for a Happier Marriage by William Glasser/ Carleen Glasser

The only person you can change is yourself. The more you try to change others, the more unhappy they will be. Only a few adjustments are needed to make a failing marriage work. The eight lessons are useful indeed.

Divorcing is not the only option. Often, things might turn for the better after a while. No one is responsible for making you happy, even your spouse. The ideas contained are simple and easy to understand. The ideas can be applied to other relationships as well.

Infatuation is not love and it won’t last. Some just go separate ways after the infatuation stage. The problems start after infatuation dies. Couples need to rekindle their romance. Even if you find someone else, the infatuation ain’t going to last long as well. This is the reason why many turn to affairs. The book focuses on the impact of choice theory. Do not expect to master all the 8 lessons at once. Try your best to limit external control in a marriage. Change the way you relate to one another.

External Control can Kill a Marriage. Be patient with your partner’s flaws. For instance, your partner might be untidy and messy. Sometimes, couples stay married because it is convenient and it beats the unknown of separation. As a psychiatrist, he doesn’t prescribe psychiatric medication. In an unhappy marriage, one partner tends to blame the other for their unhappiness. The main source of unhappiness is when people try to control one another. It is like coercing the others to behave in the way I want. There is no upside to this. This is exclusively used by humans to control others. If you threaten your spouse to do something, the effects could be worse in the long term. Ask yourself this question ‘If your mate continually tries to control you, what could you do that would help your marriage?’ Do not constantly have the need to correct your spouse. Be wary of control freaks.

External control is a psychology in which people who practice it always know what is right for other people. – William and Carleen Glasser

We choose all our behavior. Learn to move towards choice theory. We all choose what we do. Replace external control with choice theory. Use this axiom ‘All we do from birth to death is behave, and every behavior is chosen.’ No one can make you do anything. No one can control you unless you let them. There are 5 basic needs. The five basic needs are 1) survival; 2) love and belonging; 3) freedom; 4) fun; 5) power. Humans need one another and strive to procreate. Control leads to the need for power. Some people value freedom and don’t like to be controlled. The evidence shows that more men tend to go astray as compared to married women. Fun can be divisive as well. Power is also largely only applicable to humans. External control is a chosen behavior and there is no need for that. Opposites attract isn’t true. Ask yourself this question ‘How compatible is the way you are attempting to satisfy your basic needs with the way your partner is choosing to get his or her needs met?’

The basic needs have a lot to do with marital compatibility. For example, couples who share a high need for love and a low need for power tend to be happier together. – William and Carleen Glasser

Never Use the Seven Deadly Habits. The first and the worst is criticism. The next is blaming your spouse for everything. The third is complaining. The fourth is nagging. The rest are threatening, punishing and bribing. If you can eliminate the above, your marriage will be much happier. Supporting is a good strategy. Encouraging each other is important. The third good habit is active listening. Accept what your partner sees in you. Accept each others’ imperfections. Trust your partner. Respect one another. Negotiate to win-win situations if possible. Which of the caring habits do you need to work on first?

Get Acquainted with each other’s quality world. Understand the quality world concept. People play a very important part in a ‘Quality World’. This is based from our most pleasurable experiences. Understand your spouse’s quality world. Care for one another and exhibit caring habits. If differences exist, negotiation and compromise must take place. Usually, the people we love are placed in our quality world. Our good friends might also be included as well. We also put people who are similar to us in our Quality World. To have a long lasting marriage, we need to satisfy each other. We can tolerate external control from our boss. Things can also be contained in someone’s Quality World. Addictions usually emerge because of unhappiness in a marriage. There might also be religious or political beliefs that might be different. In this case, there are things that need to ironed out. Work together to build a common Quality World. Ask yourself ‘What do you need to negotiate to make your Quality Worlds more compatible?’

Understand Total Behavior. Focuses on feelings alone can be bad. One should focus on acting and thinking as well. Think in ways that make you feel good. Total behavior consists of ‘thinking, acting, feeling, and physiology’. You only have voluntary control over your thinking and acting. You do not have direct control over your feelings. It is what you think that will influence how you feel. Thinking and acting influence feeling and physiology and control its direction. Steer the marriage towards a choice theory one. The idea to keep your marriage moving and do something fun together. Ask yourself, ‘which wheels are in control of your marriage, front or rear?’

A Little Creativity can save your marriage. We are all creative. We are often the most creative when we are asleep. Try to resolve differences and suggest improvements which both of you can do together. Having fun is a great way to spice up a marriage. Stop threading on old ground. A new marriage idea needs to be new and supported. Flush boredom out of your marriage. Show appreciation for one another. Refer to the marriage as ‘our marriage’. This is very important indeed. Keep the level of humor high and learn from them. Marriage is supposed to have its lighthearted moments. Ask yourself, ‘When is the last time we used our creativity to have a real good time together?’

Treat your partner as he or she would like to be treated, regardless of whether he or she treats you that way. – William and Carleen Glasser

At your discretion, share what you are doing for your marriage with your children. Your children might want to be involved too. Do not expect too much from a partner. Do not treat your pets better than you treat your own children. Before you engage in any of the 7 deadly habits, ask yourself ‘Is what I am about to do going to harm our marriage?’ Never put yourself what you want ahead of your marriage. Humans always like to feel right. However, there is no issue with admitting being wrong sometimes.

Try New Ways to Improve Your Sexual Intimacy. Some men can have orgasms in their mind. You can have an orgasm without an erection. Sexual performance should not be associated with pressure to perform. Orgasm is a gift for the relationship. Sex is one way for your relationship to feel intimate and connected.