Tuesday, August 11, 2020

Has your Internal Audit function tested positive for the irrelevance virus?

 By now, most of you have realized that the world as we knew it has changed forever! The change has affected almost everything in our lives at the personal and professional levels. Some of the changes could be opportunities in disguise, while others could bring devastating consequences to some businesses and certain functions within an organization.

Has your Internal Audit function tested positive for irrelevance?

While many Internal Audit functions have shined and demonstrated that they are indispensable during the crises, others were not so lucky! If your Internal Audit has failed to provide help, add real  value, and start the evolution process during the pandemic, it could be because it has been infected with the "irrelevance" virus! In this case, your Internal Audit is dying or most probably has been dead for a while!

On a more serious note, can the COVID 19 pandemic weaken internal audit in some organizations? The answer depends on many factors such as:

  • The performance of Internal Audit: if you have not proved your value to the organization during this crisis, it is unlikely that your Internal Audit function will emerge from it unscathed.
  • The performance of the organization: financial difficulties may lead to cuts in the Internal Audit budget, lay off of auditors, and/or other measures.
  • Some fear that management may attempt to use the crisis as an excuse to weaken Internal Audit to serve its agenda or in retaliation for previous actions by Internal Audit! I would like to believe that this scenario will not happen.

Get Vaccinated!

Yes. there is a vaccine against irrelevance and if you have not taken it yet, do that now. It is not too late. Here are some basic vaccine dose recommendations:
  • Leave your comfort zone immediately and be agile. At AdapGility Consulting we developed the motto " Be agile, be alive" because these days if your IA function is not agile it means it is paralyzed or dead!
  • Work on your mindset (that could be the hardest part). Become flexible and adaptable, it is essential to enable you to transform into agile internal auditing.
  • Understand the true meaning and intention of the internal audit independence concept. Don't hide behind it!
  • Do not wait for a seat at the table to be offered to you. Invite yourself to the party.
  • Keep your eyes, ears, and more importantly your mouth fully open! Real-time communication of what matters is the key to relevance.
  • Maintain up to date understanding of the company's objectives and business. This is a cornerstone for auditing what matters and adding value. Keep the conversation going with your stakeholders in these uncertain and unprecedented times.
  •  Understand what is the stakeholders' perspective of what adding value by IA means to them.
  • Take a tablespoon of the "courage syrup" three times a day!
  • Put serious efforts in developing your soft and technical skills. Invest in yourself.
  • Utilize available technology to its fullest potential.
The above is not rocket science and has been repeated time and time again by the IIA, the consulting firms, thought leaders, and others. Almost all internal auditors are familiar with it. However, there is still a gap between what internal auditors know and what they can successfully implement. Bridge the gap!

Can the world live without Internal Audit?

 How would the world look like If Internal Audit fails and is marginalized or eliminated?
In researching materials for this topic I came across an undated article questioning  "What if Internal Audit disappeared?". The conclusion was basically that it will not be the end of the world, and that    "key stakeholders would still demand some degree of checks and balances and that the other functions—second-line compliance and risk management, external audit, regulators—would naturally fill much of the void". The interesting thing is that the author's conclusion was based on discussions with his friends in Internal Audit who he described as pragmatic!

What do you think will happen if Internal Audit ceases to exist?

These are my thoughts, please share yours!


Monday, July 13, 2020

Internal Audit and Mental Health!

During the current difficult and uncertain times, people may not always be able to maintain proper mental wellness. This should not come as a surprise during these unprecedented times. People are worried about their health, their families, their jobs, and their financial situation.  In this post, I will briefly discuss how internal auditors can maintain their own mental wellness and what role they can play to help their organizations deal with mental health and safety plans in the workplace.

What is mental health?

The World Health Organization (WHO) defines mental health as: 

"a state of well-being in which every individual realizes his or her own potential can cope with the normal stresses of life, can work productively and fruitfully, and is able to make a contribution to her or his community."

With the current level of disruption, uncertainty, social distancing, remote working, fear, and stress it is of most importance to ensure that there are proper plans to deal with mental health issues as businesses start to prepare for workplace re-entry.

Although mental health awareness has gained ground in the last few years, there is still a long way for promoting it across businesses and communities worldwide.

How to maintain your mental health?

For the same reason a person takes care of his/her physical health, he/she should also pay attention to his/her mental health. According to experts, mental wellness can be achieved and improved through different ways and techniques such as:
  • Get enough sleep and eat healthily.
  • Exercise for a minimum of 30 minutes a day. 
  • Develop a new hobby and/or skill.
  • Stay in touch with people.
  • Train your brain: play games, read, write.
  • Minimize the time you spend following the media.
  • Practice your choice of spirituality/ meditation/yoga.
  • Laugh. They say laughter is the best medicine.
  • Build a support network and be supportive of others.
  • Think more about today and less about tomorrow. Forget the past!

How can Internal Audit help?

Internal Audit can play a vital role in helping the organization promote and improve mental wellness  and provide assurance and insight by for example:
  • Assessing the mental health "culture" and the related" tone at the top". A candid discussion with management and the audit committee regarding their views on mental health and their plans to promote it within the organization is the starting point towards recognizing that mental health is an issue that should be considered and taken seriously. Not everyone is aware of how mental health in the workplace affects performance, productivity, collaboration, the ability to take the right decision, and even the reputation of the organization as a whole. Internal audit may have to take the initiative to provide education on the effects of mental health when needed.
  • Review the existing mental health policies and procedures and ensure that they cover issues such as identification of mental illness, confidentiality, privacy, equality, and access to available internal and external support and treatment.
  • Internal Audit needs also to ensure that there are appropriate policies and procedures covering anti-retaliation, anti-discrimination, anti-harassment, violence, and the flexibility to take time off or work from home for those affected by mental illness.
  • If no policies and procedures are in existence, Internal Audit can work with Human Resources and Legal Departments to provide insight and guidance on how to prepare them.
The above is only a general suggestion on how Internal Audit can help. If you have practical experience with mental health at your workplace please share as much as you can.

What do I do?

Because I, usually, practice what I preach, I am sharing with you what I do to maintain my mental wellness:

  • I read a lot!
  • I play brain games!
  • I have learned a new skill: cooking
  • I walk every day in the parks and trails.
  • I am rediscovering nature and wildlife.
  • I have developed a new hoppy: photography. Below are samples of my work.
Today's hoppy could be tomorrow's profession!

Please share your thoughts and your methods of maintaining your mental wellness.

Tuesday, May 12, 2020

Are you the same person you were before the COVID-19 crisis?

Now that you have stayed at home and working remotely for some weeks, it may be time to ask how this life-changing experience has affected you at the personal and professional levels?
Are you the same person you were before the crisis?
What has changed in your perspective of life, family, and your profession?
When you return to your office, hopefully in the near future, what would you be doing differently? Will you be doing audit planning, risk assessment the same way you used to do? How will your relationships with the stakeholders be reshaped? And more importantly, how your understanding of your role as an internal auditor has changed or evolved?
If you believe this experience has not changed you, can you share why you feel this way and what contributed to your status quo?
Please share your thoughts!

picture credit:https://liveboldandbloom.com

Sunday, April 5, 2020

How will Internal Audit look like after COVID-19?

There have been many articles and posts dealing with the Internal Audit's role during the COVID-19 crisis. These were useful, but now we need to plan for what happens next. The economic, social and financial implications of the crises are expected to be severe at least for the short term.

Eventually, this crisis will pass and most businesses will resume operations and will have to adapt to the new realities to survive. Changes to operations and mindset will need to be made at all levels including at Internal Audit Departments.

As most of you are at home during this difficult time and are probably bored, let's try to think about how the internal audit function at your organization will look like after the crises! For example:

  • Did the crisis change you as a person and how this will reflect on you as an internal auditor?
  • What lessons have you learned during the crises and what are you going to do about it?
  • What type of changes will you make to strengthen internal audit?
  • Do you anticipate an increase or decrease in the number of auditors within your department?
  • Do you anticipate management to change its perspective of internal audit (positive or negative)?
  • What would you do to be prepared for the next crisis?

I look forward to hearing your thoughts and feedback!

Tuesday, March 3, 2020

Can Internal Audit Apply Real-Time Quality Assurance?

I have recently attended a KPMG webinar that discussed "Trends and tips for internal controls over financial reporting". The presenter mentioned that the PCAOP is now focusing its reviews of the work of the accounting firms on the system of quality control such firms employe to ensure their audits meet the requirements. In response to this new approach, the presenter said that the accounting firms are improving their quality control process by shifting from "after the fact" to "real-time" quality control.

 In theory, Internal auditors should be applying the "real-time" approach to quality assurance as the International Standards for the Professional Practice of Internal Auditing require that the CAE must develop and maintain a quality assurance and improvement program that covers all aspects of the internal audit activity ( standard 1300). Moreover, standard (1311) calls for internal assessments to include ongoing monitoring of the performance of the internal audit activity.

The interpretation of standard  1311 explains ongoing monitoring as:

"Ongoing monitoring is an integral part of the day-to-day supervision, review, and measurement of the internal audit activity. Ongoing monitoring is incorporated into the routine policies and practices used to manage the internal audit activity and uses processes, tools, and information considered necessary to evaluate conformance with the Code of Ethics and the Standards". 

Do you believe the ongoing monitoring as mentioned above is equivalent to real-time quality control?
In practice, are you really able to apply ongoing monitoring on a daily basis?

Please share your thoughts and experience!

Picture credit:http://foothilllockandkey.com

Saturday, February 29, 2020

هل للتدقيق الداخلي دور يؤديه خلال أزمة فيروس كورونا؟

إن تأثير أزمة فيروس كورونا التي يمر بها العالم حاليا لا تقتصر على الأثار الإنسانية والصحية بل تتجاوزها لتؤثر على جميع مناح الحياة بما فيها الأثار المالية والاقتصادية سواء على مستوى الشركة أو الدولة أو العالم.

أتابع ما يكتبه خبراء التدقيق الداخلي وإدارة المخاطر (وهو قليل) حول ما اذا كان هناك دورا للتدقيق الداخلي يؤديه خلال هذه الآزمة. سأستعرض في هذه المدونة ملخصا لما قرأت و بعضا من أفكاري حول هذا الدور:  

  • بداية و بديهيا على المدقق الداخلي القيام بواجبه الانساني في الحد من انتشار الفيروس عن طريق اتباع اجراءات الوقاية المطلوبة وابلاغ شركته فور الشك باصابته بالفيروس و الحرص على اتباع الاجراءات الصحية و الادارية للشركة و السلطات المختصة.
  •  أن لا يقف موقف المتفرج و يختبئ خلف حاجز " الاستقلالية و الحياد"  خلال هذه الازمة الحادة! المطلوب من التدقيق الداخلي ابداء المرونة و التصرف بواقعية خلال هذه الازمة التي قد تكون من اخطر ما واجهه العالم منذ عقود طويلة. اعجبني ما كتبه نورمان ماركس في مدونته الاخيرة حيث قال ان على التدقيق الداخلي عرض خدماته على الادارة لمساعدتها في ادارة الازمة واعطى امثلة على ذلك مثل مساعدتها بالقيام بالمهمات التنفذية (بشكل مؤقت) و المساعدة في جمع المعلومات و الاتصالات. انصح بقراءة المدونة لما تحوية من معلومات مفيدة.
  • باعتقادي ان اهم ما جاء بالمدونة سابقة الذكر هو ان لا يشغل التدقيق الداخلي الادارة بامور التدقيق الروتينية في هذا الوقت وان يفسح لها المجال للتعاطي مع ادارة الازمة. ويقول ان خطر هذه الازمة اهم من اي خطر تم تقييمه سابقا وبنيت عليه خطة التدقيق.
  • نشر معهد المدقيقن الداخليين منذ ايام نشرة  تحتوي على اسئلة على التدقيق الداخلي ايجاد اجابات لها فيما يتعلق باجراءات و سياسات الشركة الخاصة بادارة الكوارث و استمرارية العمل, منها على سبيل المثال التحقق من ان  هذه السياسات و الاجراءات قد تم تحديثها و التدرب عليها.  وغني عن الذكر  انه من المهم ان يكون التدقيق الداخلي قد قام بهذه المراجعة قبل وقوع الازمة بمدة حتى يتسنى اكمال النواقص بالوقت المناسب.
  • قد يطلب من التدقيق الداخلي زيادة تعاونه مع المدقق الخارجي بل و مساعدته بالقيام ببعض مهامه ان تعذر على المدقق الخارجي السفر و التنقل. تعطي مقالة في جريدة الوول ستريت جورنال مثالا على تعذر المدقق الخارجي  بالقيام بمهمات حساسة للوقت مثل جرد البضاعة.
  • على التدقيق الداخلي العمل على مراقبة المعلومات التي تنتشر في الشركة حول هذه الازمة والقدرة على تمييز المعلومة الصحيحة من الزائفة ولفت نظر الادارة الى اية معلومات خاطئة او اشاعات قد تضر بالشركة.
  • متابعة المستجدات عن الازمة وتاثيرها على اعمال الشركة و التأكد بان الادارة على علم كامل بها.
  • التقييم الدائم لما يستطيع التدقيق الداخلي تقديمه للمساعدة في تجاوز الازمة باقل الخسائر حسب اشتدادها او انحسارها.
  • تقديم الاقتراحات و البدئل التي قد تساهم في التخفيف من حدة الازمة على الشركة .
  هذه بعض الافكار التي طرحت وانا على يقين بان لديكم افكارا و اقتراحات اخرى فالرجاء مشاركتها معنا. 

Monday, January 20, 2020

Can Internal Auditors Identify Corporate Identity Crisis?

According to a Globe and Mail article published a couple of days ago, Canada's favorite coffee shop chain ( Tim Hortons) is going through an identity crisis that could erode its long-established brand. I will not be discussing Tim Hortons's situation in this post even though the coffee shop is an important part of the life of almost every Canadian ( It serves 8 of every 10 cups of coffee consumed outside the home in Canada), but rather I will use it as an inspiration to discuss whether internal audit is equipped to identify corporate identity crisis before it impacts the organization's brand and reputation.

What is Corporate Identity Crisis?

In general, identity crisis in people describe a state of confusion about who they are, their role in society and what they want to achieve in life. When it comes to corporations it means that how the organization perceives itself and promotes itself is in conflict. This description was offered by Jeffery A. Jolton, Ph.D. and Tim L. Geisert of Kenexa in an article entitled "Corporate Identity Crises". They offer more explanation regarding the conflict:

"This conflict prevents the organization from being able to fully attain its goals. Some companies are well aware of the conflict, but either don’t see it as an obstacle (yet it is) or don’t know how to resolve it in order to move forward. Many companies, however, are clueless. Although it is something that others may see as obvious, the leadership isn’t aware there is a problem, and as a result, faces a wall in the company’s progress that it is unable to see"

There are many causes of identity crises in organizations such as a change in leadership, rapid growth, disruption, merger, and change in culture. The signs of identity crisis could be obvious and visible and in other times could be difficult to spot!

To identify the crisis. one should have a deep understanding of the organization's business, objectives, strategic plans, customers, competition and potential risks and disruptions.

Identity crisis could impact organizations negatively if not identified at an early stage and treated!

What Internal Audit Can Do?

Do you think internal auditors are capable of identifying the signs of corporate identity crises in their organizations? Were you personally involved in an identity crisis situation? If your answer is yes please share:

  • How you arrived at the conclusion that there may be an exposure to a crisis. What signs triggered your attention?
  • What audit steps and procedures did you employ to verify and measure the risk of identity crises?
  • What was the management reaction to your findings and recommendations?
  • Was the issue satisfactorily resolved?

In my opinion, the first step in identifying the issue is for internal audit to recognize that corporate identity crisis is a real risk that could happen to any organization! It should be part of the continuous risk assessment and audit planning.

Many techniques can be used to identify identity crisis such as observations, discussions with all levels within the organization, attending executive meetings, internal and external surveys, and culture audits.

These are my thoughts, please share yours!

Photo Credit: sdecoret/ Shutterstock)

Has your Internal Audit function tested positive for the irrelevance virus?

  By now, most of you have realized that the world as we knew it has changed forever! The change has affected almost everything in our lives...